Malware Analysis Report

2024-09-09 15:58

Sample ID 240614-2cb1fasdkm
Target fa901b7aab4cf67890db7befd84a8d336967ff949641f9df056a39bf333cb6c1.bin
SHA256 fa901b7aab4cf67890db7befd84a8d336967ff949641f9df056a39bf333cb6c1
Tags
discovery persistence collection credential_access impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

fa901b7aab4cf67890db7befd84a8d336967ff949641f9df056a39bf333cb6c1

Threat Level: Shows suspicious behavior

The file fa901b7aab4cf67890db7befd84a8d336967ff949641f9df056a39bf333cb6c1.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence collection credential_access impact

Obtains sensitive information copied to the device clipboard

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 22:25

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 22:25

Reported

2024-06-14 22:28

Platform

android-x86-arm-20240611.1-en

Max time kernel

25s

Max time network

140s

Command Line

com.insta.sbisms2

Signatures

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.insta.sbisms2

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 code.jquery.com udp
US 151.101.66.137:443 code.jquery.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp

Files

/data/misc/profiles/cur/0/com.insta.sbisms2/primary.prof

MD5 76edc465fac8d8a9fbb358dcdda5dc18
SHA1 3b83cce523accee6b55582876551c3a03384d5a3
SHA256 148c7edf0f8a7299804ccbe37fc0ee1dc998158e9d107cc7160bb876bac63db5
SHA512 1c455b9f9db4c85adc4cb0dcfa365df4fd9ed6febf17f5079b71a23d7636ab0afb8d19d08298256543a4159e574a8695929b856af33a29918689428f1b408cdd

/data/data/com.insta.sbisms2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 033b12a1ebd169e2914878c5fcf3bf52
SHA1 6012d748929abff0556dcb8ad16e6cdccec4647a
SHA256 160374698128e5c69c5964690f58cd675cccb41382d0573ffe54427e647c9598
SHA512 9a71ec879bd402cad29f7fcac0e958d382d7df70edafe46cecb42b996acb946ef9c76079f912ddebaeca7a6f9801694d64711d2bb45bee917a325ed975f8d09d

/data/data/com.insta.sbisms2/files/profileInstalled

MD5 cdae41005c1d91e43f30c818105c0f52
SHA1 cc6875185ecf7169c5ad25b3950c1489834146e5
SHA256 ffa8b1712706da5fcced862787330f80a05438a636ed58a80208bf114072f216
SHA512 baea37c2643a6460cf84a6397a9b6f7723fdf21ad96f0a17df164070f16835c22e79a1bf1592e9249c1aea1dec7c8659e86f0afcf1926db4860037fb14fc9481

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 22:25

Reported

2024-06-14 22:28

Platform

android-x64-20240611.1-en

Max time kernel

48s

Max time network

151s

Command Line

com.insta.sbisms2

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.insta.sbisms2

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 code.jquery.com udp
US 151.101.194.137:443 code.jquery.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 142.250.178.14:443 tcp
GB 216.58.201.98:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.213.14:443 tcp

Files

/data/misc/profiles/cur/0/com.insta.sbisms2/primary.prof

MD5 76edc465fac8d8a9fbb358dcdda5dc18
SHA1 3b83cce523accee6b55582876551c3a03384d5a3
SHA256 148c7edf0f8a7299804ccbe37fc0ee1dc998158e9d107cc7160bb876bac63db5
SHA512 1c455b9f9db4c85adc4cb0dcfa365df4fd9ed6febf17f5079b71a23d7636ab0afb8d19d08298256543a4159e574a8695929b856af33a29918689428f1b408cdd

/data/data/com.insta.sbisms2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 94d944c8b86e4e4f59985a0931325de7
SHA1 64ab9d35e2d4d5b455b7285ec86c046f7aa211a2
SHA256 c8f5ac4c2cef208779cc1bf3584af363f29ad9bf6f532e304a26117be8cd7e14
SHA512 6f047fff073e1cbd2ec39ebf93a097ae1d49dc802317c2e7b3737c087c412d95c3a011331f709be16649a06b71fd6a777cd91e4c94562d2eebfed6506227744f

/data/data/com.insta.sbisms2/files/profileInstalled

MD5 e0b673aa250d96e7c9cdb0f5694eb103
SHA1 fae725552d98bd5ca40d191884f88247533bb577
SHA256 35e5d8d44ad0458e7245a3ed8fd6fe131d4e18cad648aea36d7be12c2c6c5764
SHA512 38bcb25f6319e3bc2ff298d3823a89a88f7cb58de121c10ca1c340a06894105389b5adc28105ddea0654381f618e4b729e95848defd98b3591f024dc30919253

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 22:25

Reported

2024-06-14 22:28

Platform

android-x64-arm64-20240611.1-en

Max time kernel

107s

Max time network

133s

Command Line

com.insta.sbisms2

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.insta.sbisms2

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 code.jquery.com udp
US 151.101.66.137:443 code.jquery.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/misc/profiles/cur/0/com.insta.sbisms2/primary.prof

MD5 76edc465fac8d8a9fbb358dcdda5dc18
SHA1 3b83cce523accee6b55582876551c3a03384d5a3
SHA256 148c7edf0f8a7299804ccbe37fc0ee1dc998158e9d107cc7160bb876bac63db5
SHA512 1c455b9f9db4c85adc4cb0dcfa365df4fd9ed6febf17f5079b71a23d7636ab0afb8d19d08298256543a4159e574a8695929b856af33a29918689428f1b408cdd

/data/data/com.insta.sbisms2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 91934d823ac5f73c23c8b13b82b18baa
SHA1 0cf160f822f509adaa0cb070ebd098fb81826b13
SHA256 8631884ae8a42aaf39f6115f3716702ead379ccbd3db68e25ff9632ff283571a
SHA512 69e507adc20c953ab83dfbcf464f26172bd8d1f9ad2bf901df1614633b3243d23ca5b837cab1d9006d7219adeffced9ab82c2e2ef97be77db7a3d65fc6f335b3