Analysis Overview
SHA256
02670a1d2bbd0630adb39b475121ccc8dc04da6849b6b1dc3812f88e3fd0282a
Threat Level: Shows suspicious behavior
The file 02670a1d2bbd0630adb39b475121ccc8dc04da6849b6b1dc3812f88e3fd0282a.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 05:52
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 05:52
Reported
2024-06-13 05:56
Platform
android-x86-arm-20240611.1-en
Max time kernel
7s
Max time network
168s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.jemsh.free/app_ded/z0JJddZj259tN0QVnrBdVs5T5U8hh2nB.dex | N/A | N/A |
| N/A | /data/user/0/com.jemsh.free/app_ded/z0JJddZj259tN0QVnrBdVs5T5U8hh2nB.dex | N/A | N/A |
| N/A | /data/user/0/com.jemsh.free/app_ded/dIpg5vZnZVs3FUgafaXkxfgLwZ6rcmfo.dex | N/A | N/A |
| N/A | /data/user/0/com.jemsh.free/app_ded/dIpg5vZnZVs3FUgafaXkxfgLwZ6rcmfo.dex | N/A | N/A |
| N/A | /data/user/0/com.jemsh.free/app_ded/icQgD9GI0NytIU9j9IBtOl6nhi8e3ZYH.dex | N/A | N/A |
| N/A | /data/user/0/com.jemsh.free/app_ded/icQgD9GI0NytIU9j9IBtOl6nhi8e3ZYH.dex | N/A | N/A |
| N/A | /data/user/0/com.jemsh.free/app_ded/XRYVm2wdHxWnSpyZUmj3XNxkibIT8GoS.dex | N/A | N/A |
| N/A | /data/user/0/com.jemsh.free/app_ded/XRYVm2wdHxWnSpyZUmj3XNxkibIT8GoS.dex | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.jemsh.free
rm -r/data/user/0/com.jemsh.free/app_ded/z0JJddZj259tN0QVnrBdVs5T5U8hh2nB.dex
rm -r/data/user/0/com.jemsh.free/app_ded/icQgD9GI0NytIU9j9IBtOl6nhi8e3ZYH.dex
rm -r/data/user/0/com.jemsh.free/app_ded/dIpg5vZnZVs3FUgafaXkxfgLwZ6rcmfo.dex
rm -r/data/user/0/com.jemsh.free/app_ded/XRYVm2wdHxWnSpyZUmj3XNxkibIT8GoS.dex
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.238:443 | tcp | |
| GB | 172.217.169.34:443 | tcp | |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
Files
/data/data/com.jemsh.free/app_ded/z0JJddZj259tN0QVnrBdVs5T5U8hh2nB.dex
| MD5 | 92bdf8fc9165fd128d6b4de076530a0d |
| SHA1 | 8241e12361e920e09e7cf1c6f2a95dc30a4609c3 |
| SHA256 | 70f65a5dc2d9eea731effe48acbbfdd2f1a7efe151b647f30e4a124691fcdc30 |
| SHA512 | ac01a9b4924bd364692cd9ae6b6370a0de918988c5c56c2770b60258c3dfab6f5dfa0380d30964ecf3d371f4e4f2375a57173728aa34a4be06a32954480bff6e |
/data/data/com.jemsh.free/app_ded/dIpg5vZnZVs3FUgafaXkxfgLwZ6rcmfo.dex
| MD5 | 8a610d71591ce233b2fda4260313ecfe |
| SHA1 | 27bda0bf4dee7cf23ab12a786630649c85bbbd11 |
| SHA256 | 3c0918348be9bede254aea12ef0f7c4bca181a22ffe505fb031ef36b96ceabdd |
| SHA512 | 95cca7adff7758335f39a7143550dc9d6ad95ae5c538ae20f654bc8f8dc0a68d9690c23edc9d58e6f574e6e804c328295a7ae06e45ead7107c7d5f8eecaf9e79 |
/data/data/com.jemsh.free/app_ded/icQgD9GI0NytIU9j9IBtOl6nhi8e3ZYH.dex
| MD5 | 9fda3b0a57bfb4e7d8862110c80f563c |
| SHA1 | e3314be3b1d5186be3ae7fbbc02ad4920d3877be |
| SHA256 | 5e93007951d1652bd8358087056db6acea8c28b5a390703d0c4da3f0e5825604 |
| SHA512 | 0a3d6a845a9bef18be62d05238684d6fabdaa653b2d8cfac8403f538f8aaf5c53daade2871ff0e91357a0b02482665aaa59fb177537db47a44c62a125f96d39c |
/data/data/com.jemsh.free/app_ded/XRYVm2wdHxWnSpyZUmj3XNxkibIT8GoS.dex
| MD5 | 1e26fc3cfa4c024e83625ed753024437 |
| SHA1 | 67c617b299d9d0125565cf44cbf852157d30ab79 |
| SHA256 | d3f35116d81f178e4be762c170fb08f47b264779674a365b536a8984aabdc6b4 |
| SHA512 | 7f6c90211b426b80db0640ff72b9bf7603e93e47a2deb171b55e9cc5c4c82cdaf26dd4786337c26da52315f0a08ca9931e3a3585a419ce43ee2027a6e2ddfd41 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 05:52
Reported
2024-06-13 05:56
Platform
android-x64-20240611.1-en
Max time kernel
7s
Max time network
150s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.jemsh.free/app_ded/FHVt9qqjUODljlHLPPwkpMr7BGlN09JY.dex | N/A | N/A |
| N/A | /data/user/0/com.jemsh.free/app_ded/FHVt9qqjUODljlHLPPwkpMr7BGlN09JY.dex | N/A | N/A |
| N/A | /data/user/0/com.jemsh.free/app_ded/K6UwUYA6Co2Bzsp1O6QmQ8C41laFgYOJ.dex | N/A | N/A |
| N/A | /data/user/0/com.jemsh.free/app_ded/K6UwUYA6Co2Bzsp1O6QmQ8C41laFgYOJ.dex | N/A | N/A |
| N/A | /data/user/0/com.jemsh.free/app_ded/TMIbqFSfRj2GyqvSFKEk5mNIjDoyd1JG.dex | N/A | N/A |
| N/A | /data/user/0/com.jemsh.free/app_ded/TMIbqFSfRj2GyqvSFKEk5mNIjDoyd1JG.dex | N/A | N/A |
| N/A | /data/user/0/com.jemsh.free/app_ded/qGO1UFcjDZx9eLcSqSsMpgDixqVO9MZg.dex | N/A | N/A |
| N/A | /data/user/0/com.jemsh.free/app_ded/qGO1UFcjDZx9eLcSqSsMpgDixqVO9MZg.dex | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.jemsh.free
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.187.226:443 | tcp |
Files
/data/data/com.jemsh.free/app_ded/FHVt9qqjUODljlHLPPwkpMr7BGlN09JY.dex
| MD5 | 92bdf8fc9165fd128d6b4de076530a0d |
| SHA1 | 8241e12361e920e09e7cf1c6f2a95dc30a4609c3 |
| SHA256 | 70f65a5dc2d9eea731effe48acbbfdd2f1a7efe151b647f30e4a124691fcdc30 |
| SHA512 | ac01a9b4924bd364692cd9ae6b6370a0de918988c5c56c2770b60258c3dfab6f5dfa0380d30964ecf3d371f4e4f2375a57173728aa34a4be06a32954480bff6e |
/data/data/com.jemsh.free/app_ded/K6UwUYA6Co2Bzsp1O6QmQ8C41laFgYOJ.dex
| MD5 | 8a610d71591ce233b2fda4260313ecfe |
| SHA1 | 27bda0bf4dee7cf23ab12a786630649c85bbbd11 |
| SHA256 | 3c0918348be9bede254aea12ef0f7c4bca181a22ffe505fb031ef36b96ceabdd |
| SHA512 | 95cca7adff7758335f39a7143550dc9d6ad95ae5c538ae20f654bc8f8dc0a68d9690c23edc9d58e6f574e6e804c328295a7ae06e45ead7107c7d5f8eecaf9e79 |
/data/data/com.jemsh.free/app_ded/TMIbqFSfRj2GyqvSFKEk5mNIjDoyd1JG.dex
| MD5 | 9fda3b0a57bfb4e7d8862110c80f563c |
| SHA1 | e3314be3b1d5186be3ae7fbbc02ad4920d3877be |
| SHA256 | 5e93007951d1652bd8358087056db6acea8c28b5a390703d0c4da3f0e5825604 |
| SHA512 | 0a3d6a845a9bef18be62d05238684d6fabdaa653b2d8cfac8403f538f8aaf5c53daade2871ff0e91357a0b02482665aaa59fb177537db47a44c62a125f96d39c |
/data/data/com.jemsh.free/app_ded/qGO1UFcjDZx9eLcSqSsMpgDixqVO9MZg.dex
| MD5 | 1e26fc3cfa4c024e83625ed753024437 |
| SHA1 | 67c617b299d9d0125565cf44cbf852157d30ab79 |
| SHA256 | d3f35116d81f178e4be762c170fb08f47b264779674a365b536a8984aabdc6b4 |
| SHA512 | 7f6c90211b426b80db0640ff72b9bf7603e93e47a2deb171b55e9cc5c4c82cdaf26dd4786337c26da52315f0a08ca9931e3a3585a419ce43ee2027a6e2ddfd41 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 05:52
Reported
2024-06-13 05:56
Platform
android-x64-arm64-20240611.1-en
Max time kernel
8s
Max time network
133s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.jemsh.free/app_ded/yQ5qisrMYOggHnnawWe2uGDeRk3NL7HB.dex | N/A | N/A |
| N/A | /data/user/0/com.jemsh.free/app_ded/yQ5qisrMYOggHnnawWe2uGDeRk3NL7HB.dex | N/A | N/A |
| N/A | /data/user/0/com.jemsh.free/app_ded/FcM8oOGhID32IVxvMgQgFDjTdeD9LyCw.dex | N/A | N/A |
| N/A | /data/user/0/com.jemsh.free/app_ded/FcM8oOGhID32IVxvMgQgFDjTdeD9LyCw.dex | N/A | N/A |
| N/A | /data/user/0/com.jemsh.free/app_ded/3WlS1o0KC7zrf1Ktmo7rIswzrnPN4N8Q.dex | N/A | N/A |
| N/A | /data/user/0/com.jemsh.free/app_ded/3WlS1o0KC7zrf1Ktmo7rIswzrnPN4N8Q.dex | N/A | N/A |
| N/A | /data/user/0/com.jemsh.free/app_ded/zy0d2bBF5dKETHDNpkp4XKD9EV4jiMoi.dex | N/A | N/A |
| N/A | /data/user/0/com.jemsh.free/app_ded/zy0d2bBF5dKETHDNpkp4XKD9EV4jiMoi.dex | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.jemsh.free
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp |
Files
/data/user/0/com.jemsh.free/app_ded/yQ5qisrMYOggHnnawWe2uGDeRk3NL7HB.dex
| MD5 | 92bdf8fc9165fd128d6b4de076530a0d |
| SHA1 | 8241e12361e920e09e7cf1c6f2a95dc30a4609c3 |
| SHA256 | 70f65a5dc2d9eea731effe48acbbfdd2f1a7efe151b647f30e4a124691fcdc30 |
| SHA512 | ac01a9b4924bd364692cd9ae6b6370a0de918988c5c56c2770b60258c3dfab6f5dfa0380d30964ecf3d371f4e4f2375a57173728aa34a4be06a32954480bff6e |
/data/user/0/com.jemsh.free/app_ded/FcM8oOGhID32IVxvMgQgFDjTdeD9LyCw.dex
| MD5 | 8a610d71591ce233b2fda4260313ecfe |
| SHA1 | 27bda0bf4dee7cf23ab12a786630649c85bbbd11 |
| SHA256 | 3c0918348be9bede254aea12ef0f7c4bca181a22ffe505fb031ef36b96ceabdd |
| SHA512 | 95cca7adff7758335f39a7143550dc9d6ad95ae5c538ae20f654bc8f8dc0a68d9690c23edc9d58e6f574e6e804c328295a7ae06e45ead7107c7d5f8eecaf9e79 |
/data/user/0/com.jemsh.free/app_ded/3WlS1o0KC7zrf1Ktmo7rIswzrnPN4N8Q.dex
| MD5 | 9fda3b0a57bfb4e7d8862110c80f563c |
| SHA1 | e3314be3b1d5186be3ae7fbbc02ad4920d3877be |
| SHA256 | 5e93007951d1652bd8358087056db6acea8c28b5a390703d0c4da3f0e5825604 |
| SHA512 | 0a3d6a845a9bef18be62d05238684d6fabdaa653b2d8cfac8403f538f8aaf5c53daade2871ff0e91357a0b02482665aaa59fb177537db47a44c62a125f96d39c |
/data/user/0/com.jemsh.free/app_ded/zy0d2bBF5dKETHDNpkp4XKD9EV4jiMoi.dex
| MD5 | 1e26fc3cfa4c024e83625ed753024437 |
| SHA1 | 67c617b299d9d0125565cf44cbf852157d30ab79 |
| SHA256 | d3f35116d81f178e4be762c170fb08f47b264779674a365b536a8984aabdc6b4 |
| SHA512 | 7f6c90211b426b80db0640ff72b9bf7603e93e47a2deb171b55e9cc5c4c82cdaf26dd4786337c26da52315f0a08ca9931e3a3585a419ce43ee2027a6e2ddfd41 |