Analysis Overview
SHA256
c715dc7767d42aacc4b18f0e08f0a7f82d0d54bb72b9df438630ed36c3242dce
Threat Level: Shows suspicious behavior
The file CSC SERVICE JOIN.apk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 23:00
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 23:00
Reported
2024-06-13 23:31
Platform
android-x64-arm64-20240611.1-en
Max time kernel
8s
Max time network
1811s
Command Line
Signatures
Processes
com.example.smsread
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.16.238:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.40:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp | |
| GB | 142.250.180.2:443 | tcp | |
| GB | 216.58.204.67:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| BE | 142.251.5.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
Files
/data/misc/profiles/cur/0/com.example.smsread/primary.prof
| MD5 | 9a6a54252b72bfa0ea252ab8483fc07f |
| SHA1 | c90154853f3f288900adc62550e9244056ed1f4a |
| SHA256 | 31e53c5a9e125f0dd40a697994eadc2786fb58d369a8f35f7ccc22ab20646579 |
| SHA512 | 45d98780c0e53fb8dfdbff25140b8fcdb282e3ab49548974e7c9b38d630b1c3f3950519a6e4bbaf7a867c337f566e95e5c4b9573318cadf2544828c81f4ebf5b |
/data/data/com.example.smsread/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 1f505bd134713410304f743e9790f7ba |
| SHA1 | c06da290ef254d43a137a423c4c1796b07a63f05 |
| SHA256 | 2ba5059ee0b2a161969f6cfd56bfa362c2aafea1e6b240af8c3c4168d0023eea |
| SHA512 | 1214bedace23627ebe33ecf396ee10915fe503778625010e03ba8fae4b9d6ef23d860c30118874fbad446858a115cc2c37fca0561459cc1ce9831edde8176198 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-13 23:00
Reported
2024-06-13 23:31
Platform
android-33-x64-arm64-20240611.1-en
Max time kernel
9s
Max time network
1690s
Command Line
Signatures
Processes
com.example.smsread
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.68:443 | udp | |
| GB | 172.217.169.68:443 | udp | |
| BE | 142.250.110.188:5228 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| GB | 142.250.187.195:443 | tcp | |
| US | 172.64.41.3:443 | udp | |
| GB | 142.250.187.195:443 | udp | |
| GB | 172.217.169.68:443 | udp | |
| GB | 172.217.169.68:443 | tcp | |
| GB | 216.58.212.227:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.200.40:443 | tcp | |
| GB | 142.250.178.2:443 | tcp | |
| GB | 142.250.178.2:443 | tcp | |
| GB | 172.217.169.6:80 | tcp | |
| GB | 172.217.169.6:443 | tcp | |
| GB | 142.250.178.2:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| GB | 216.58.212.206:443 | tcp | |
| US | 216.239.34.36:443 | tcp | |
| GB | 216.58.212.227:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.213.4:443 | www.google.com | udp |
| US | 172.64.41.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| GB | 216.58.212.227:443 | tcp | |
| GB | 216.58.212.227:443 | tcp | |
| GB | 216.58.212.227:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
Files
/data/misc/profiles/cur/0/com.example.smsread/primary.prof
| MD5 | 066db89af2f9780d039df27ef3789a49 |
| SHA1 | 89f85259ddce8f23a86647cf13a3b9d020cda336 |
| SHA256 | 96d8ad4adbeb89d2df56df316dd8186a65bd384759e56ba3ea1f281581a3aa17 |
| SHA512 | 5497d20df3220d5c6bfbef7d82aa85fb0a29733640553b2e40e0b85fbeb4852b4be793a42d619b0daf7b020edf7dcbaa58803b97aeb45a765a3649349b617672 |
/data/data/com.example.smsread/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | a67c55bd2438ca6195efcb01a06e0ae0 |
| SHA1 | 051dc4a64d99f2960e1fb833967742148f062a3c |
| SHA256 | 370827c9566b0a717a9e4752f8b52673c59cbda4b0c0db499532bbd6fdcd5fa6 |
| SHA512 | bc465a2a55eb2b256ce8bdae01e052d23b04eb7f3d8508b55127902228c67bb8731689418a4d0871b058b342be5aab03825b2250ffe999dd960c45a1e4900b42 |
/data/data/com.example.smsread/files/profileInstalled
| MD5 | 5881559e2abe68a77e857a693f0039b7 |
| SHA1 | 90f569aa26dbc16a87b46ec7e924096589680070 |
| SHA256 | f3a899c8a4c3e5ccfa46b8db6fc6f2e90615c213bc5e0204411d76f28a4072b9 |
| SHA512 | b28cd17a09f1ee0a6262e6a471cb9aa385483b51b55d9dd4d82aff682809c3544dbba6b836f13aba41fda712eb5d9aa60a2dc4a6a43edcaf5a979ac3a92d93b7 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-13 23:00
Reported
2024-06-13 23:31
Platform
android-x86-arm-20240611.1-en
Max time kernel
8s
Max time network
1829s
Command Line
Signatures
Processes
com.example.smsread
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| GB | 216.58.201.99:80 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 172.217.169.34:443 | tcp | |
| GB | 142.250.187.227:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| GB | 142.250.187.227:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| GB | 142.250.187.227:443 | tcp | |
| GB | 142.250.187.227:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| BE | 74.125.206.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 216.58.212.238:443 | tcp |
Files
/data/misc/profiles/cur/0/com.example.smsread/primary.prof
| MD5 | 9a6a54252b72bfa0ea252ab8483fc07f |
| SHA1 | c90154853f3f288900adc62550e9244056ed1f4a |
| SHA256 | 31e53c5a9e125f0dd40a697994eadc2786fb58d369a8f35f7ccc22ab20646579 |
| SHA512 | 45d98780c0e53fb8dfdbff25140b8fcdb282e3ab49548974e7c9b38d630b1c3f3950519a6e4bbaf7a867c337f566e95e5c4b9573318cadf2544828c81f4ebf5b |
/data/data/com.example.smsread/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 043d9446088313919c011109e6eae121 |
| SHA1 | 61a01ef8de681942b9f7b7c02439624f5d3d5dd9 |
| SHA256 | 2705467d5eb79c6cf64a53dec850cb2dc79ab05be698b987c83cbf6e1f410cfd |
| SHA512 | c6778a4f70673999e32c070487456de308a6aa60922759a1bb51d796f403e5b9ba9cb75be774006be02b720860e5ff5f1974007ab58e6df9f208f8d6c53e603f |
/data/data/com.example.smsread/files/profileInstalled
| MD5 | ac5319797f11f584c66ae23e2d235189 |
| SHA1 | 7eda989011ec211add0efe6f696c061d159765b5 |
| SHA256 | 72c4182ffdad7a0bea7f9c056fe0da0d439d3d42d89df3d848e478e44746d73d |
| SHA512 | dac5c29bf55a789a909b6255eaf36bfc2a737a9a064b7c24b8080ef1d3949f5eb48a8322b3e5bfc6d0da2bfe6ca6e485312a53b96aa713c77ba9510719ef95f3 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 23:00
Reported
2024-06-13 23:07
Platform
android-x64-arm64-20240611.1-en
Max time kernel
379s
Max time network
414s
Command Line
Signatures
Processes
com.example.smsread
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.10:443 | tcp | |
| GB | 142.250.200.10:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.200.2:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.212.227:443 | tcp | |
| US | 1.1.1.1:53 | rcs-acs-tmobile-us.jibe.google.com | udp |
| US | 216.239.36.155:443 | rcs-acs-tmobile-us.jibe.google.com | tcp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | sticker-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | sticker-pa.googleapis.com | tcp |
| US | 216.239.36.155:443 | rcs-acs-tmobile-us.jibe.google.com | tcp |
Files
/data/misc/profiles/cur/0/com.example.smsread/primary.prof
| MD5 | 9a6a54252b72bfa0ea252ab8483fc07f |
| SHA1 | c90154853f3f288900adc62550e9244056ed1f4a |
| SHA256 | 31e53c5a9e125f0dd40a697994eadc2786fb58d369a8f35f7ccc22ab20646579 |
| SHA512 | 45d98780c0e53fb8dfdbff25140b8fcdb282e3ab49548974e7c9b38d630b1c3f3950519a6e4bbaf7a867c337f566e95e5c4b9573318cadf2544828c81f4ebf5b |
/data/data/com.example.smsread/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 2773f3d43841c1f285860554293a2023 |
| SHA1 | deab3ba90cea3f86bf609c160b05604e869a975c |
| SHA256 | 415382b831c26173154f21d773c7bdcfd76ad06eb02ff3483aa424841dc4eeee |
| SHA512 | d4fe5f151977bb209d40dd342843f12a8c4545efecd502e714e4769605efa6eb7354906b2682f03edfc23401fb7a79505b196966834a36d061876551e97d6eaf |
/data/misc/profiles/cur/0/com.example.smsread/primary.prof
| MD5 | f92b929789df6181897d5219c1d8aa56 |
| SHA1 | 7cea1bb851568598b20d77501fac67124fa83d20 |
| SHA256 | dc1815791a016c4c133d8e6613e88d543cfb6ca5328d9603f09c6bc23330bafa |
| SHA512 | 9306e83ef41e8a7993dabc79d85e55b96e94657fa921400142eed12931a4d8930fd7d54c4b55383b283fd9d32c16232bf4778c260a21d3d11c6e68eff74c510e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 23:00
Reported
2024-06-13 23:31
Platform
android-x64-20240611.1-en
Max time kernel
1122s
Max time network
1791s
Command Line
Signatures
Processes
com.example.smsread
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.234:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| GB | 172.217.169.66:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.212.234:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | g.tenor.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| BE | 64.233.184.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
Files
/data/misc/profiles/cur/0/com.example.smsread/primary.prof
| MD5 | 9a6a54252b72bfa0ea252ab8483fc07f |
| SHA1 | c90154853f3f288900adc62550e9244056ed1f4a |
| SHA256 | 31e53c5a9e125f0dd40a697994eadc2786fb58d369a8f35f7ccc22ab20646579 |
| SHA512 | 45d98780c0e53fb8dfdbff25140b8fcdb282e3ab49548974e7c9b38d630b1c3f3950519a6e4bbaf7a867c337f566e95e5c4b9573318cadf2544828c81f4ebf5b |
/data/data/com.example.smsread/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 5638242657975d6576a3f50de9f1447b |
| SHA1 | 8abe69e52637a3aab486be19b9143ff8583eaa32 |
| SHA256 | 8aeebbc4e356b2d3b21b407f62a7742329a75715826742bba35dd2e1aa214584 |
| SHA512 | 0eb8a8a7f1bf2881be14081ae466f7e61aa48c5f461842dceb3b92452a87fd305676c851599d3a4ded018fb027d38a6680a67060151e0a08b7015f96324961ef |
/data/data/com.example.smsread/files/profileInstalled
| MD5 | 27d3926691f0cae7926442d801b4205e |
| SHA1 | 9b02a18a09061c8f06a37abdf210e3e9a23d0afc |
| SHA256 | 7197547474062fa928b3c6ea95c0206406553f2b28ebdcc702febde2d4603a18 |
| SHA512 | 24069121ca4d3b864f52a3d82ea65a49db8d028a9265814a6b5472f5fbfa3dd195aca6a325ec58dda8ff4198004e38b46432f1259ad6e90c84d6b95ee7862113 |
/data/misc/profiles/cur/0/com.example.smsread/primary.prof
| MD5 | 2fa8aecdb091eff5067a919dc7ac303c |
| SHA1 | 7d5bc846b04ffa7d699b3bfa62b565b892c8b2f2 |
| SHA256 | 6cc829af8c9049e2f75e6667d813e9c5973fa1333296d141da33435da3ed4a0f |
| SHA512 | 81dfb4c6e71849c21e9ac3d4d9545c9319340f8ce23399b69f9c7aba51452b9fff67590ede9d96aa165ace4f957f17ca861e3bc9c25d92bb5955e2dfeccd4ff2 |