Analysis Overview
SHA256
9446e2a547e3462a67f3a006a999c8c000ab1c007beec3bef8d23470ee9dd93b
Threat Level: Shows suspicious behavior
The file 9446e2a547e3462a67f3a006a999c8c000ab1c007beec3bef8d23470ee9dd93b.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Requests dangerous framework permissions
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-14 23:13
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 23:13
Reported
2024-06-14 23:16
Platform
android-x86-arm-20240611.1-en
Max time kernel
27s
Max time network
141s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.smsreceiver.dhruv2
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
Files
/data/misc/profiles/cur/0/com.smsreceiver.dhruv2/primary.prof
| MD5 | 29a7471c6771af7439691a9426549124 |
| SHA1 | d1ecd035fbc00b3ea34b528f0982d16823ace6ef |
| SHA256 | 2a711f9452d9be592bf353efaee9436bce28aefbca532633f4217574923559a0 |
| SHA512 | e6a30a49529cc7a496645a89b3ead5dd1cbfb500b95646abbf497e8844b7cfc82282607deba5d3f481d95ed3a116b74cebed62ec66f53a611028c4837ae12c5e |
/data/data/com.smsreceiver.dhruv2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 5cf3e4eca59192cc89d44d58ebfd0b06 |
| SHA1 | e1a519bcfdc4fdb898725109071dc4d449ffd4bb |
| SHA256 | 2a12dbca4777ddfa51fa6bed7ca911c1ec779ea2a277e65e82ff6950bbc70724 |
| SHA512 | 284f31aea0d528a0a334e3b3ce66a39d3e579c0a0bf12c5a43da17c004f20f3f68f251641f141d0220da22f3f3d21032640dcf9895f593f796eec2d6663b3f11 |
/data/data/com.smsreceiver.dhruv2/files/profileInstalled
| MD5 | a56f5d4add3c1aebb8c4429894423fc1 |
| SHA1 | 285f251b7ec7a4d105fcabe6d03b97acb77ec373 |
| SHA256 | fc77ab7e65dd93ff23aa4fa125ede86731f4603a1baf72c90bffbd7705d663fc |
| SHA512 | a247f2a362ae5ed5c8a183f0f332ee61c7e0b3909f98898099d032e3d7cbe20e5cc2f2ef6aa00afb74cb25d543bc5f1ba4cde4bde943d3d7f909e8a847769aa0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 23:13
Reported
2024-06-14 23:16
Platform
android-x64-20240611.1-en
Max time kernel
26s
Max time network
131s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.smsreceiver.dhruv2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| GB | 142.250.187.226:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 216.58.204.78:443 | tcp |
Files
/data/misc/profiles/cur/0/com.smsreceiver.dhruv2/primary.prof
| MD5 | 29a7471c6771af7439691a9426549124 |
| SHA1 | d1ecd035fbc00b3ea34b528f0982d16823ace6ef |
| SHA256 | 2a711f9452d9be592bf353efaee9436bce28aefbca532633f4217574923559a0 |
| SHA512 | e6a30a49529cc7a496645a89b3ead5dd1cbfb500b95646abbf497e8844b7cfc82282607deba5d3f481d95ed3a116b74cebed62ec66f53a611028c4837ae12c5e |
/data/data/com.smsreceiver.dhruv2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 5f84e12a6f7fbee055b558113e9bb61c |
| SHA1 | 5245bf9f069a9ce0e86b9d76851677b910e93575 |
| SHA256 | 4c1c8491c3d8d2f83e5461b37ee0172f2b0ef8c8de860a8f480b1f8a25ca70ac |
| SHA512 | 44439468c910708bb10950c9207bcbe473d92a447cd1280e98e92ae58a99e2c3529b39a732a45ee38774e3d6073e9b0e5b501f479b9dca4c78d0faa620a25049 |
/data/data/com.smsreceiver.dhruv2/files/profileInstalled
| MD5 | 35ac6dede698b57844eb2d8a7deea8fb |
| SHA1 | e7edd905b8ae5f5dfc358b31035671b35e432b26 |
| SHA256 | 5ada08f73f77813b2a7ac213c3d6c95833a3037fe0d6570c32cfc039055b3925 |
| SHA512 | f2f0603dd4b5c4eab1c4d93688e8dd948b3d84596698225f8c1ffadbc071913f2289e0bc52e09d6c40ffde6356cd7e33fbbbb29915b3d55d1c084d55e6bc379c |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-14 23:13
Reported
2024-06-14 23:16
Platform
android-x64-arm64-20240611.1-en
Max time kernel
26s
Max time network
132s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.smsreceiver.dhruv2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.234:443 | tcp | |
| GB | 142.250.179.234:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp |
Files
/data/misc/profiles/cur/0/com.smsreceiver.dhruv2/primary.prof
| MD5 | 29a7471c6771af7439691a9426549124 |
| SHA1 | d1ecd035fbc00b3ea34b528f0982d16823ace6ef |
| SHA256 | 2a711f9452d9be592bf353efaee9436bce28aefbca532633f4217574923559a0 |
| SHA512 | e6a30a49529cc7a496645a89b3ead5dd1cbfb500b95646abbf497e8844b7cfc82282607deba5d3f481d95ed3a116b74cebed62ec66f53a611028c4837ae12c5e |
/data/data/com.smsreceiver.dhruv2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | b9320b19387e64642923c540278fc52f |
| SHA1 | 96ddbf35c8f68705662dce68f1542aed4730f13c |
| SHA256 | c2f3ba7f3872a3eeab00710d04c231eb362972c79ca47c406516c1b26c6cf4e4 |
| SHA512 | 784020119084f338935b88aa2bc8394e0fcae29ba3f265c0ce064a945343551e1e5d1e22b80b48ef2ae73571e1df998a733b9c7931f501f31403fd4ef7b907df |