Malware Analysis Report

2024-09-09 17:51

Sample ID 240613-gk6jsszgqk
Target 02670a1d2bbd0630adb39b475121ccc8dc04da6849b6b1dc3812f88e3fd0282a.bin
SHA256 02670a1d2bbd0630adb39b475121ccc8dc04da6849b6b1dc3812f88e3fd0282a
Tags
evasion impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

02670a1d2bbd0630adb39b475121ccc8dc04da6849b6b1dc3812f88e3fd0282a

Threat Level: Shows suspicious behavior

The file 02670a1d2bbd0630adb39b475121ccc8dc04da6849b6b1dc3812f88e3fd0282a.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion impact

Loads dropped Dex/Jar

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 05:52

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 05:52

Reported

2024-06-13 05:56

Platform

android-x86-arm-20240611.1-en

Max time kernel

7s

Max time network

168s

Command Line

com.jemsh.free

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.jemsh.free/app_ded/z0JJddZj259tN0QVnrBdVs5T5U8hh2nB.dex N/A N/A
N/A /data/user/0/com.jemsh.free/app_ded/z0JJddZj259tN0QVnrBdVs5T5U8hh2nB.dex N/A N/A
N/A /data/user/0/com.jemsh.free/app_ded/dIpg5vZnZVs3FUgafaXkxfgLwZ6rcmfo.dex N/A N/A
N/A /data/user/0/com.jemsh.free/app_ded/dIpg5vZnZVs3FUgafaXkxfgLwZ6rcmfo.dex N/A N/A
N/A /data/user/0/com.jemsh.free/app_ded/icQgD9GI0NytIU9j9IBtOl6nhi8e3ZYH.dex N/A N/A
N/A /data/user/0/com.jemsh.free/app_ded/icQgD9GI0NytIU9j9IBtOl6nhi8e3ZYH.dex N/A N/A
N/A /data/user/0/com.jemsh.free/app_ded/XRYVm2wdHxWnSpyZUmj3XNxkibIT8GoS.dex N/A N/A
N/A /data/user/0/com.jemsh.free/app_ded/XRYVm2wdHxWnSpyZUmj3XNxkibIT8GoS.dex N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.jemsh.free

rm -r/data/user/0/com.jemsh.free/app_ded/z0JJddZj259tN0QVnrBdVs5T5U8hh2nB.dex

rm -r/data/user/0/com.jemsh.free/app_ded/icQgD9GI0NytIU9j9IBtOl6nhi8e3ZYH.dex

rm -r/data/user/0/com.jemsh.free/app_ded/dIpg5vZnZVs3FUgafaXkxfgLwZ6rcmfo.dex

rm -r/data/user/0/com.jemsh.free/app_ded/XRYVm2wdHxWnSpyZUmj3XNxkibIT8GoS.dex

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 tcp
GB 172.217.169.34:443 tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

/data/data/com.jemsh.free/app_ded/z0JJddZj259tN0QVnrBdVs5T5U8hh2nB.dex

MD5 92bdf8fc9165fd128d6b4de076530a0d
SHA1 8241e12361e920e09e7cf1c6f2a95dc30a4609c3
SHA256 70f65a5dc2d9eea731effe48acbbfdd2f1a7efe151b647f30e4a124691fcdc30
SHA512 ac01a9b4924bd364692cd9ae6b6370a0de918988c5c56c2770b60258c3dfab6f5dfa0380d30964ecf3d371f4e4f2375a57173728aa34a4be06a32954480bff6e

/data/data/com.jemsh.free/app_ded/dIpg5vZnZVs3FUgafaXkxfgLwZ6rcmfo.dex

MD5 8a610d71591ce233b2fda4260313ecfe
SHA1 27bda0bf4dee7cf23ab12a786630649c85bbbd11
SHA256 3c0918348be9bede254aea12ef0f7c4bca181a22ffe505fb031ef36b96ceabdd
SHA512 95cca7adff7758335f39a7143550dc9d6ad95ae5c538ae20f654bc8f8dc0a68d9690c23edc9d58e6f574e6e804c328295a7ae06e45ead7107c7d5f8eecaf9e79

/data/data/com.jemsh.free/app_ded/icQgD9GI0NytIU9j9IBtOl6nhi8e3ZYH.dex

MD5 9fda3b0a57bfb4e7d8862110c80f563c
SHA1 e3314be3b1d5186be3ae7fbbc02ad4920d3877be
SHA256 5e93007951d1652bd8358087056db6acea8c28b5a390703d0c4da3f0e5825604
SHA512 0a3d6a845a9bef18be62d05238684d6fabdaa653b2d8cfac8403f538f8aaf5c53daade2871ff0e91357a0b02482665aaa59fb177537db47a44c62a125f96d39c

/data/data/com.jemsh.free/app_ded/XRYVm2wdHxWnSpyZUmj3XNxkibIT8GoS.dex

MD5 1e26fc3cfa4c024e83625ed753024437
SHA1 67c617b299d9d0125565cf44cbf852157d30ab79
SHA256 d3f35116d81f178e4be762c170fb08f47b264779674a365b536a8984aabdc6b4
SHA512 7f6c90211b426b80db0640ff72b9bf7603e93e47a2deb171b55e9cc5c4c82cdaf26dd4786337c26da52315f0a08ca9931e3a3585a419ce43ee2027a6e2ddfd41

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 05:52

Reported

2024-06-13 05:56

Platform

android-x64-20240611.1-en

Max time kernel

7s

Max time network

150s

Command Line

com.jemsh.free

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.jemsh.free/app_ded/FHVt9qqjUODljlHLPPwkpMr7BGlN09JY.dex N/A N/A
N/A /data/user/0/com.jemsh.free/app_ded/FHVt9qqjUODljlHLPPwkpMr7BGlN09JY.dex N/A N/A
N/A /data/user/0/com.jemsh.free/app_ded/K6UwUYA6Co2Bzsp1O6QmQ8C41laFgYOJ.dex N/A N/A
N/A /data/user/0/com.jemsh.free/app_ded/K6UwUYA6Co2Bzsp1O6QmQ8C41laFgYOJ.dex N/A N/A
N/A /data/user/0/com.jemsh.free/app_ded/TMIbqFSfRj2GyqvSFKEk5mNIjDoyd1JG.dex N/A N/A
N/A /data/user/0/com.jemsh.free/app_ded/TMIbqFSfRj2GyqvSFKEk5mNIjDoyd1JG.dex N/A N/A
N/A /data/user/0/com.jemsh.free/app_ded/qGO1UFcjDZx9eLcSqSsMpgDixqVO9MZg.dex N/A N/A
N/A /data/user/0/com.jemsh.free/app_ded/qGO1UFcjDZx9eLcSqSsMpgDixqVO9MZg.dex N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.jemsh.free

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.204.78:443 tcp
GB 142.250.178.14:443 tcp
GB 142.250.187.226:443 tcp

Files

/data/data/com.jemsh.free/app_ded/FHVt9qqjUODljlHLPPwkpMr7BGlN09JY.dex

MD5 92bdf8fc9165fd128d6b4de076530a0d
SHA1 8241e12361e920e09e7cf1c6f2a95dc30a4609c3
SHA256 70f65a5dc2d9eea731effe48acbbfdd2f1a7efe151b647f30e4a124691fcdc30
SHA512 ac01a9b4924bd364692cd9ae6b6370a0de918988c5c56c2770b60258c3dfab6f5dfa0380d30964ecf3d371f4e4f2375a57173728aa34a4be06a32954480bff6e

/data/data/com.jemsh.free/app_ded/K6UwUYA6Co2Bzsp1O6QmQ8C41laFgYOJ.dex

MD5 8a610d71591ce233b2fda4260313ecfe
SHA1 27bda0bf4dee7cf23ab12a786630649c85bbbd11
SHA256 3c0918348be9bede254aea12ef0f7c4bca181a22ffe505fb031ef36b96ceabdd
SHA512 95cca7adff7758335f39a7143550dc9d6ad95ae5c538ae20f654bc8f8dc0a68d9690c23edc9d58e6f574e6e804c328295a7ae06e45ead7107c7d5f8eecaf9e79

/data/data/com.jemsh.free/app_ded/TMIbqFSfRj2GyqvSFKEk5mNIjDoyd1JG.dex

MD5 9fda3b0a57bfb4e7d8862110c80f563c
SHA1 e3314be3b1d5186be3ae7fbbc02ad4920d3877be
SHA256 5e93007951d1652bd8358087056db6acea8c28b5a390703d0c4da3f0e5825604
SHA512 0a3d6a845a9bef18be62d05238684d6fabdaa653b2d8cfac8403f538f8aaf5c53daade2871ff0e91357a0b02482665aaa59fb177537db47a44c62a125f96d39c

/data/data/com.jemsh.free/app_ded/qGO1UFcjDZx9eLcSqSsMpgDixqVO9MZg.dex

MD5 1e26fc3cfa4c024e83625ed753024437
SHA1 67c617b299d9d0125565cf44cbf852157d30ab79
SHA256 d3f35116d81f178e4be762c170fb08f47b264779674a365b536a8984aabdc6b4
SHA512 7f6c90211b426b80db0640ff72b9bf7603e93e47a2deb171b55e9cc5c4c82cdaf26dd4786337c26da52315f0a08ca9931e3a3585a419ce43ee2027a6e2ddfd41

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-13 05:52

Reported

2024-06-13 05:56

Platform

android-x64-arm64-20240611.1-en

Max time kernel

8s

Max time network

133s

Command Line

com.jemsh.free

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.jemsh.free/app_ded/yQ5qisrMYOggHnnawWe2uGDeRk3NL7HB.dex N/A N/A
N/A /data/user/0/com.jemsh.free/app_ded/yQ5qisrMYOggHnnawWe2uGDeRk3NL7HB.dex N/A N/A
N/A /data/user/0/com.jemsh.free/app_ded/FcM8oOGhID32IVxvMgQgFDjTdeD9LyCw.dex N/A N/A
N/A /data/user/0/com.jemsh.free/app_ded/FcM8oOGhID32IVxvMgQgFDjTdeD9LyCw.dex N/A N/A
N/A /data/user/0/com.jemsh.free/app_ded/3WlS1o0KC7zrf1Ktmo7rIswzrnPN4N8Q.dex N/A N/A
N/A /data/user/0/com.jemsh.free/app_ded/3WlS1o0KC7zrf1Ktmo7rIswzrnPN4N8Q.dex N/A N/A
N/A /data/user/0/com.jemsh.free/app_ded/zy0d2bBF5dKETHDNpkp4XKD9EV4jiMoi.dex N/A N/A
N/A /data/user/0/com.jemsh.free/app_ded/zy0d2bBF5dKETHDNpkp4XKD9EV4jiMoi.dex N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.jemsh.free

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp

Files

/data/user/0/com.jemsh.free/app_ded/yQ5qisrMYOggHnnawWe2uGDeRk3NL7HB.dex

MD5 92bdf8fc9165fd128d6b4de076530a0d
SHA1 8241e12361e920e09e7cf1c6f2a95dc30a4609c3
SHA256 70f65a5dc2d9eea731effe48acbbfdd2f1a7efe151b647f30e4a124691fcdc30
SHA512 ac01a9b4924bd364692cd9ae6b6370a0de918988c5c56c2770b60258c3dfab6f5dfa0380d30964ecf3d371f4e4f2375a57173728aa34a4be06a32954480bff6e

/data/user/0/com.jemsh.free/app_ded/FcM8oOGhID32IVxvMgQgFDjTdeD9LyCw.dex

MD5 8a610d71591ce233b2fda4260313ecfe
SHA1 27bda0bf4dee7cf23ab12a786630649c85bbbd11
SHA256 3c0918348be9bede254aea12ef0f7c4bca181a22ffe505fb031ef36b96ceabdd
SHA512 95cca7adff7758335f39a7143550dc9d6ad95ae5c538ae20f654bc8f8dc0a68d9690c23edc9d58e6f574e6e804c328295a7ae06e45ead7107c7d5f8eecaf9e79

/data/user/0/com.jemsh.free/app_ded/3WlS1o0KC7zrf1Ktmo7rIswzrnPN4N8Q.dex

MD5 9fda3b0a57bfb4e7d8862110c80f563c
SHA1 e3314be3b1d5186be3ae7fbbc02ad4920d3877be
SHA256 5e93007951d1652bd8358087056db6acea8c28b5a390703d0c4da3f0e5825604
SHA512 0a3d6a845a9bef18be62d05238684d6fabdaa653b2d8cfac8403f538f8aaf5c53daade2871ff0e91357a0b02482665aaa59fb177537db47a44c62a125f96d39c

/data/user/0/com.jemsh.free/app_ded/zy0d2bBF5dKETHDNpkp4XKD9EV4jiMoi.dex

MD5 1e26fc3cfa4c024e83625ed753024437
SHA1 67c617b299d9d0125565cf44cbf852157d30ab79
SHA256 d3f35116d81f178e4be762c170fb08f47b264779674a365b536a8984aabdc6b4
SHA512 7f6c90211b426b80db0640ff72b9bf7603e93e47a2deb171b55e9cc5c4c82cdaf26dd4786337c26da52315f0a08ca9931e3a3585a419ce43ee2027a6e2ddfd41