Malware Analysis Report

2024-09-09 16:01

Sample ID 240614-27fbcazepc
Target 9446e2a547e3462a67f3a006a999c8c000ab1c007beec3bef8d23470ee9dd93b.bin
SHA256 9446e2a547e3462a67f3a006a999c8c000ab1c007beec3bef8d23470ee9dd93b
Tags
discovery persistence collection credential_access impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

9446e2a547e3462a67f3a006a999c8c000ab1c007beec3bef8d23470ee9dd93b

Threat Level: Shows suspicious behavior

The file 9446e2a547e3462a67f3a006a999c8c000ab1c007beec3bef8d23470ee9dd93b.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence collection credential_access impact

Obtains sensitive information copied to the device clipboard

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 23:13

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 23:13

Reported

2024-06-14 23:16

Platform

android-x86-arm-20240611.1-en

Max time kernel

27s

Max time network

141s

Command Line

com.smsreceiver.dhruv2

Signatures

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.smsreceiver.dhruv2

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 cdn.jsdelivr.net udp
US 1.1.1.1:53 code.jquery.com udp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 151.101.66.137:443 code.jquery.com tcp
US 1.1.1.1:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp

Files

/data/misc/profiles/cur/0/com.smsreceiver.dhruv2/primary.prof

MD5 29a7471c6771af7439691a9426549124
SHA1 d1ecd035fbc00b3ea34b528f0982d16823ace6ef
SHA256 2a711f9452d9be592bf353efaee9436bce28aefbca532633f4217574923559a0
SHA512 e6a30a49529cc7a496645a89b3ead5dd1cbfb500b95646abbf497e8844b7cfc82282607deba5d3f481d95ed3a116b74cebed62ec66f53a611028c4837ae12c5e

/data/data/com.smsreceiver.dhruv2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 5cf3e4eca59192cc89d44d58ebfd0b06
SHA1 e1a519bcfdc4fdb898725109071dc4d449ffd4bb
SHA256 2a12dbca4777ddfa51fa6bed7ca911c1ec779ea2a277e65e82ff6950bbc70724
SHA512 284f31aea0d528a0a334e3b3ce66a39d3e579c0a0bf12c5a43da17c004f20f3f68f251641f141d0220da22f3f3d21032640dcf9895f593f796eec2d6663b3f11

/data/data/com.smsreceiver.dhruv2/files/profileInstalled

MD5 a56f5d4add3c1aebb8c4429894423fc1
SHA1 285f251b7ec7a4d105fcabe6d03b97acb77ec373
SHA256 fc77ab7e65dd93ff23aa4fa125ede86731f4603a1baf72c90bffbd7705d663fc
SHA512 a247f2a362ae5ed5c8a183f0f332ee61c7e0b3909f98898099d032e3d7cbe20e5cc2f2ef6aa00afb74cb25d543bc5f1ba4cde4bde943d3d7f909e8a847769aa0

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 23:13

Reported

2024-06-14 23:16

Platform

android-x64-20240611.1-en

Max time kernel

26s

Max time network

131s

Command Line

com.smsreceiver.dhruv2

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.smsreceiver.dhruv2

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 code.jquery.com udp
US 1.1.1.1:53 cdn.jsdelivr.net udp
US 151.101.194.137:443 code.jquery.com tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 1.1.1.1:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 142.250.187.226:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.204.78:443 tcp

Files

/data/misc/profiles/cur/0/com.smsreceiver.dhruv2/primary.prof

MD5 29a7471c6771af7439691a9426549124
SHA1 d1ecd035fbc00b3ea34b528f0982d16823ace6ef
SHA256 2a711f9452d9be592bf353efaee9436bce28aefbca532633f4217574923559a0
SHA512 e6a30a49529cc7a496645a89b3ead5dd1cbfb500b95646abbf497e8844b7cfc82282607deba5d3f481d95ed3a116b74cebed62ec66f53a611028c4837ae12c5e

/data/data/com.smsreceiver.dhruv2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 5f84e12a6f7fbee055b558113e9bb61c
SHA1 5245bf9f069a9ce0e86b9d76851677b910e93575
SHA256 4c1c8491c3d8d2f83e5461b37ee0172f2b0ef8c8de860a8f480b1f8a25ca70ac
SHA512 44439468c910708bb10950c9207bcbe473d92a447cd1280e98e92ae58a99e2c3529b39a732a45ee38774e3d6073e9b0e5b501f479b9dca4c78d0faa620a25049

/data/data/com.smsreceiver.dhruv2/files/profileInstalled

MD5 35ac6dede698b57844eb2d8a7deea8fb
SHA1 e7edd905b8ae5f5dfc358b31035671b35e432b26
SHA256 5ada08f73f77813b2a7ac213c3d6c95833a3037fe0d6570c32cfc039055b3925
SHA512 f2f0603dd4b5c4eab1c4d93688e8dd948b3d84596698225f8c1ffadbc071913f2289e0bc52e09d6c40ffde6356cd7e33fbbbb29915b3d55d1c084d55e6bc379c

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 23:13

Reported

2024-06-14 23:16

Platform

android-x64-arm64-20240611.1-en

Max time kernel

26s

Max time network

132s

Command Line

com.smsreceiver.dhruv2

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.smsreceiver.dhruv2

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 tcp
GB 142.250.179.234:443 tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 cdn.jsdelivr.net udp
US 1.1.1.1:53 code.jquery.com udp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 151.101.2.137:443 code.jquery.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

/data/misc/profiles/cur/0/com.smsreceiver.dhruv2/primary.prof

MD5 29a7471c6771af7439691a9426549124
SHA1 d1ecd035fbc00b3ea34b528f0982d16823ace6ef
SHA256 2a711f9452d9be592bf353efaee9436bce28aefbca532633f4217574923559a0
SHA512 e6a30a49529cc7a496645a89b3ead5dd1cbfb500b95646abbf497e8844b7cfc82282607deba5d3f481d95ed3a116b74cebed62ec66f53a611028c4837ae12c5e

/data/data/com.smsreceiver.dhruv2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 b9320b19387e64642923c540278fc52f
SHA1 96ddbf35c8f68705662dce68f1542aed4730f13c
SHA256 c2f3ba7f3872a3eeab00710d04c231eb362972c79ca47c406516c1b26c6cf4e4
SHA512 784020119084f338935b88aa2bc8394e0fcae29ba3f265c0ce064a945343551e1e5d1e22b80b48ef2ae73571e1df998a733b9c7931f501f31403fd4ef7b907df