Analysis Overview
SHA256
4c1ec1816a1f85d5547bc9b5076367aa056a85fac35bc4d76198589054a1841b
Threat Level: Shows suspicious behavior
The file 4c1ec1816a1f85d5547bc9b5076367aa056a85fac35bc4d76198589054a1841b.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Requests dangerous framework permissions
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-14 22:36
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 22:36
Reported
2024-06-14 22:39
Platform
android-x86-arm-20240611.1-en
Max time kernel
24s
Max time network
152s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.insta.sbisms2
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.234:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
/data/misc/profiles/cur/0/com.insta.sbisms2/primary.prof
| MD5 | df932af2bdcc14de18f553739228602d |
| SHA1 | 5c56b6e028ad7927e61b8f61cd1be7106a72fbfe |
| SHA256 | 2de6d71fb21f8fbfbb4acb5fa2a6dc5773a874a7d0ca2e1fb11694df00a639c4 |
| SHA512 | 5d468d82a180d0a12af1c5d711201559cc1969ed4486885b5c0448c1f8cdc43b43e44324f70e95dd1aafa87d1af8c56c20b45d8378fc9af8718282919f1831f2 |
/data/data/com.insta.sbisms2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 8bfa56c239dfbf4a992636ddaaa4e983 |
| SHA1 | b9cc7e9cdff19fb98b01ab6a8872844e2a603dad |
| SHA256 | 64a1434a2d857b293809be7d7da3eae0de505b33a8d6bc149b76c651c0890414 |
| SHA512 | 2a81b828f80971f980c9bc653bdef29563d3c7b53e829abd14cd34a3ee5322e67b48ae4eecb0cdac1ff75ef4d2e2fa2e55cd046437c748bc1ca228fd3eb1de72 |
/data/data/com.insta.sbisms2/files/profileInstalled
| MD5 | 9ca837d092530d16ff642bead25a020d |
| SHA1 | acf1cebae4ce0ca757e7fa8237ec7905e59ff2b6 |
| SHA256 | 01998d93d6ec7afd737260b5ed68b215d1c157b6dc132d6fb44bfe19475bc7b8 |
| SHA512 | d5cefb0f778cf4eb04e6be569ec83e692a38cc111321427fae504d04b24eef1c83b61e85f2d3680c4524fbfdfec0480e725aba196f0a5e2b6e06a033240a98e8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 22:36
Reported
2024-06-14 22:39
Platform
android-x64-20240611.1-en
Max time kernel
25s
Max time network
149s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.insta.sbisms2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.187.226:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 216.58.204.78:443 | tcp |
Files
/data/misc/profiles/cur/0/com.insta.sbisms2/primary.prof
| MD5 | df932af2bdcc14de18f553739228602d |
| SHA1 | 5c56b6e028ad7927e61b8f61cd1be7106a72fbfe |
| SHA256 | 2de6d71fb21f8fbfbb4acb5fa2a6dc5773a874a7d0ca2e1fb11694df00a639c4 |
| SHA512 | 5d468d82a180d0a12af1c5d711201559cc1969ed4486885b5c0448c1f8cdc43b43e44324f70e95dd1aafa87d1af8c56c20b45d8378fc9af8718282919f1831f2 |
/data/data/com.insta.sbisms2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | f6bee617242afa2ec1d62a4e5b62798c |
| SHA1 | 928a9654dee201e5bd1fa72f960133485cfea242 |
| SHA256 | b5d22f180062410ad7ada444952c9f2f37e8134c29ee653b49823aeb2b5a80d0 |
| SHA512 | f5229cefa9970321ffd8ee152eb454cca43c771e98af7d7acc08e72c7eb2abd14e85a8c3250a1f97c4587836f85cedffd798c34b34298867111ab9f38d4fc273 |
/data/data/com.insta.sbisms2/files/profileInstalled
| MD5 | 39acbea1ce9a6d6b71d8f16d1a09d679 |
| SHA1 | 9dd5e3830d6df4138c943dfbce18cb1ea69a2dd6 |
| SHA256 | 7a9f5ec91dc77b203eff8781eba073854af06aa33ec23302feecde0b255caa5b |
| SHA512 | 91642073839f8411dacf729884bc96d156a793b74847007e75527d9233a5da559730a91277b462ed4445a6c040c48b641ea2a46f5c48b1480b0d16646661624a |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-14 22:36
Reported
2024-06-14 22:39
Platform
android-x64-arm64-20240611.1-en
Max time kernel
25s
Max time network
132s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.insta.sbisms2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp |
Files
/data/misc/profiles/cur/0/com.insta.sbisms2/primary.prof
| MD5 | df932af2bdcc14de18f553739228602d |
| SHA1 | 5c56b6e028ad7927e61b8f61cd1be7106a72fbfe |
| SHA256 | 2de6d71fb21f8fbfbb4acb5fa2a6dc5773a874a7d0ca2e1fb11694df00a639c4 |
| SHA512 | 5d468d82a180d0a12af1c5d711201559cc1969ed4486885b5c0448c1f8cdc43b43e44324f70e95dd1aafa87d1af8c56c20b45d8378fc9af8718282919f1831f2 |
/data/data/com.insta.sbisms2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 42cda95d7a23257c16c36c26609a169a |
| SHA1 | a062419dba2097a3ebccadab3d01765c5677efd6 |
| SHA256 | d54e9a799bb4a623441f134e4ce4edd279639d3462c76fec12b4786307da4715 |
| SHA512 | 1ed4bca3fc146a8a5ed9b4ecc29606b81db3fd47a5f4cfccc59276089d6747e2827f7736c68735d0aabfc0488cf76e99a21fa874735098ecf6e6d16791fbcc47 |