Analysis Overview
SHA256
fa901b7aab4cf67890db7befd84a8d336967ff949641f9df056a39bf333cb6c1
Threat Level: Shows suspicious behavior
The file fa901b7aab4cf67890db7befd84a8d336967ff949641f9df056a39bf333cb6c1.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Requests dangerous framework permissions
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-14 22:25
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 22:25
Reported
2024-06-14 22:28
Platform
android-x86-arm-20240611.1-en
Max time kernel
25s
Max time network
140s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.insta.sbisms2
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
Files
/data/misc/profiles/cur/0/com.insta.sbisms2/primary.prof
| MD5 | 76edc465fac8d8a9fbb358dcdda5dc18 |
| SHA1 | 3b83cce523accee6b55582876551c3a03384d5a3 |
| SHA256 | 148c7edf0f8a7299804ccbe37fc0ee1dc998158e9d107cc7160bb876bac63db5 |
| SHA512 | 1c455b9f9db4c85adc4cb0dcfa365df4fd9ed6febf17f5079b71a23d7636ab0afb8d19d08298256543a4159e574a8695929b856af33a29918689428f1b408cdd |
/data/data/com.insta.sbisms2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 033b12a1ebd169e2914878c5fcf3bf52 |
| SHA1 | 6012d748929abff0556dcb8ad16e6cdccec4647a |
| SHA256 | 160374698128e5c69c5964690f58cd675cccb41382d0573ffe54427e647c9598 |
| SHA512 | 9a71ec879bd402cad29f7fcac0e958d382d7df70edafe46cecb42b996acb946ef9c76079f912ddebaeca7a6f9801694d64711d2bb45bee917a325ed975f8d09d |
/data/data/com.insta.sbisms2/files/profileInstalled
| MD5 | cdae41005c1d91e43f30c818105c0f52 |
| SHA1 | cc6875185ecf7169c5ad25b3950c1489834146e5 |
| SHA256 | ffa8b1712706da5fcced862787330f80a05438a636ed58a80208bf114072f216 |
| SHA512 | baea37c2643a6460cf84a6397a9b6f7723fdf21ad96f0a17df164070f16835c22e79a1bf1592e9249c1aea1dec7c8659e86f0afcf1926db4860037fb14fc9481 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 22:25
Reported
2024-06-14 22:28
Platform
android-x64-20240611.1-en
Max time kernel
48s
Max time network
151s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.insta.sbisms2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 216.58.213.14:443 | tcp |
Files
/data/misc/profiles/cur/0/com.insta.sbisms2/primary.prof
| MD5 | 76edc465fac8d8a9fbb358dcdda5dc18 |
| SHA1 | 3b83cce523accee6b55582876551c3a03384d5a3 |
| SHA256 | 148c7edf0f8a7299804ccbe37fc0ee1dc998158e9d107cc7160bb876bac63db5 |
| SHA512 | 1c455b9f9db4c85adc4cb0dcfa365df4fd9ed6febf17f5079b71a23d7636ab0afb8d19d08298256543a4159e574a8695929b856af33a29918689428f1b408cdd |
/data/data/com.insta.sbisms2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 94d944c8b86e4e4f59985a0931325de7 |
| SHA1 | 64ab9d35e2d4d5b455b7285ec86c046f7aa211a2 |
| SHA256 | c8f5ac4c2cef208779cc1bf3584af363f29ad9bf6f532e304a26117be8cd7e14 |
| SHA512 | 6f047fff073e1cbd2ec39ebf93a097ae1d49dc802317c2e7b3737c087c412d95c3a011331f709be16649a06b71fd6a777cd91e4c94562d2eebfed6506227744f |
/data/data/com.insta.sbisms2/files/profileInstalled
| MD5 | e0b673aa250d96e7c9cdb0f5694eb103 |
| SHA1 | fae725552d98bd5ca40d191884f88247533bb577 |
| SHA256 | 35e5d8d44ad0458e7245a3ed8fd6fe131d4e18cad648aea36d7be12c2c6c5764 |
| SHA512 | 38bcb25f6319e3bc2ff298d3823a89a88f7cb58de121c10ca1c340a06894105389b5adc28105ddea0654381f618e4b729e95848defd98b3591f024dc30919253 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-14 22:25
Reported
2024-06-14 22:28
Platform
android-x64-arm64-20240611.1-en
Max time kernel
107s
Max time network
133s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.insta.sbisms2
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.234:443 | tcp | |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp |
Files
/data/misc/profiles/cur/0/com.insta.sbisms2/primary.prof
| MD5 | 76edc465fac8d8a9fbb358dcdda5dc18 |
| SHA1 | 3b83cce523accee6b55582876551c3a03384d5a3 |
| SHA256 | 148c7edf0f8a7299804ccbe37fc0ee1dc998158e9d107cc7160bb876bac63db5 |
| SHA512 | 1c455b9f9db4c85adc4cb0dcfa365df4fd9ed6febf17f5079b71a23d7636ab0afb8d19d08298256543a4159e574a8695929b856af33a29918689428f1b408cdd |
/data/data/com.insta.sbisms2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 91934d823ac5f73c23c8b13b82b18baa |
| SHA1 | 0cf160f822f509adaa0cb070ebd098fb81826b13 |
| SHA256 | 8631884ae8a42aaf39f6115f3716702ead379ccbd3db68e25ff9632ff283571a |
| SHA512 | 69e507adc20c953ab83dfbcf464f26172bd8d1f9ad2bf901df1614633b3243d23ca5b837cab1d9006d7219adeffced9ab82c2e2ef97be77db7a3d65fc6f335b3 |