Analysis Overview
SHA256
6b704420fd6578444089c28bc744b5bb2dff56bae1e2660bcdaa2d87c61f60e4
Threat Level: Shows suspicious behavior
The file 6b704420fd6578444089c28bc744b5bb2dff56bae1e2660bcdaa2d87c61f60e4.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Requests dangerous framework permissions
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 22:58
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 22:58
Reported
2024-06-13 23:02
Platform
android-x64-arm64-20240611.1-en
Max time kernel
27s
Max time network
132s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
yes.debug.yesbnak
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.234:443 | tcp | |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
/data/misc/profiles/cur/0/yes.debug.yesbnak/primary.prof
| MD5 | 590ccebcb35cb0cfc5707fa579c60be4 |
| SHA1 | 818f7bbc56ce07c87fd0098b1013b4ad072e71ca |
| SHA256 | 76de1b06f1964dc8719c65feb5fe26c7d07e4763177d524849b5eee068017242 |
| SHA512 | dd028c7212aa6cb7df5ebd0f87affc7eb972e3986eff641d42d53e232c158a3b1bb5389253924b211ff1fad56d2ea6ec035054f92a8029da1b67180fa1587488 |
/data/data/yes.debug.yesbnak/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 7bfaf2628fafd8628ca93d288b2d57ce |
| SHA1 | fb712484cabf354c648e2b66d2e953574144fe29 |
| SHA256 | c926cb60a6869bbadfa6062375d2b96e630d92271ced4cfcb8aa75acdbac7754 |
| SHA512 | b9bca68560482b4fab03cd38ddf468c22beb82d8d8047fd2599ae1bfbbf1ec04c8ba47e2175b218da95ba4440d30156079eba57e9332c59e323cbbc680010d6e |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 22:58
Reported
2024-06-13 23:02
Platform
android-x86-arm-20240611.1-en
Max time kernel
47s
Max time network
131s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
yes.debug.yesbnak
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 104.18.186.31:443 | cdn.jsdelivr.net | tcp |
| US | 104.18.186.31:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
Files
/data/misc/profiles/cur/0/yes.debug.yesbnak/primary.prof
| MD5 | 590ccebcb35cb0cfc5707fa579c60be4 |
| SHA1 | 818f7bbc56ce07c87fd0098b1013b4ad072e71ca |
| SHA256 | 76de1b06f1964dc8719c65feb5fe26c7d07e4763177d524849b5eee068017242 |
| SHA512 | dd028c7212aa6cb7df5ebd0f87affc7eb972e3986eff641d42d53e232c158a3b1bb5389253924b211ff1fad56d2ea6ec035054f92a8029da1b67180fa1587488 |
/data/data/yes.debug.yesbnak/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | eb962e32fd38c5de1900e0dee583b87c |
| SHA1 | b58a8124655a57b77833a351a2f91eef0107561c |
| SHA256 | 36aa677e4aebb058a0918ee3643679f26a193048b69527a7096fb20b38357ee3 |
| SHA512 | 91144bd3cc715da2a53f0f54ece6ea6b3e4f2fdf88401621cc970148db7b00471e8b9dfb9fdda891f1723931d0b0104fc7c6972bb8bee15bdd9b6656530ef953 |
/data/data/yes.debug.yesbnak/files/profileInstalled
| MD5 | c9223151aa382772f7d40501466066d2 |
| SHA1 | 3e06b12470c88770026c12b8b0e85f419f058204 |
| SHA256 | 5bca9c01856c6e1c86399d818557fd163a878838f13c85dacfd9b20d683fad0a |
| SHA512 | 34569cba341eaee63268fe060eb3dc310db293ab7bb10269c01dded94c1415f9cc071c9bf29485aa79f46a22e0449c36aa29eb4f7394564520ed41850564e2b9 |
/data/misc/profiles/cur/0/yes.debug.yesbnak/primary.prof
| MD5 | 3a1a32ecc8ae161b5a374a2b270f5110 |
| SHA1 | 3cc899c38ac8b17f22ddb24c42a558ebdfb26b3f |
| SHA256 | a518cc4a8e4b427067b2ea9cf5bfa44b80194dccfc8fe6cda93569a76b1bd385 |
| SHA512 | 7647c3e3859e08c9b3175b3925a2fe8f65422f73eab8cee24d99b7fd5fa58f538e8f5e218b3810c2750251254cc1ec23a4f8df029b35f59850bbd356197460e2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 22:58
Reported
2024-06-13 23:02
Platform
android-x64-20240611.1-en
Max time kernel
49s
Max time network
159s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
yes.debug.yesbnak
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| GB | 172.217.16.226:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 172.217.169.46:443 | tcp |
Files
/data/misc/profiles/cur/0/yes.debug.yesbnak/primary.prof
| MD5 | 590ccebcb35cb0cfc5707fa579c60be4 |
| SHA1 | 818f7bbc56ce07c87fd0098b1013b4ad072e71ca |
| SHA256 | 76de1b06f1964dc8719c65feb5fe26c7d07e4763177d524849b5eee068017242 |
| SHA512 | dd028c7212aa6cb7df5ebd0f87affc7eb972e3986eff641d42d53e232c158a3b1bb5389253924b211ff1fad56d2ea6ec035054f92a8029da1b67180fa1587488 |
/data/data/yes.debug.yesbnak/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | a71e63b01507e246f6a3922e7444cafe |
| SHA1 | f5df7fc1dc020a92b38a90c54ecaee33a7bd8b23 |
| SHA256 | 25176e905fa5376ce7c3c8592dec16edd4e65db5771cea2f27b8792503bcff7a |
| SHA512 | 08c80dfd38b4eb2ff9199515321b92414621f857e5fa00dcbee16e3e1be9b25c0967b6d6c01b8408c8df78c1a7d4893b7a011d985e4042a6828e175d9e5b0db4 |
/data/data/yes.debug.yesbnak/files/profileInstalled
| MD5 | b2195d8710a4dc10fe456e68b8d6e78a |
| SHA1 | 9c0865b3464fb99bcb98f0baca9a66cdaeba2d89 |
| SHA256 | 4aeb88f753b85cc561367913386436576be4b1e202644e59476dac1e78fdc062 |
| SHA512 | 414953ff202f7540fb37d22889184e2f6bfaeee65d5b2a5d5b712d949e2e1ab0b6f23f527849ec52e168fd28464972ab768ab08f033848c3b01eafd39072c458 |