Malware Analysis Report

2024-09-09 16:01

Sample ID 240614-2je1nssflm
Target 4c1ec1816a1f85d5547bc9b5076367aa056a85fac35bc4d76198589054a1841b.bin
SHA256 4c1ec1816a1f85d5547bc9b5076367aa056a85fac35bc4d76198589054a1841b
Tags
discovery persistence collection credential_access impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

4c1ec1816a1f85d5547bc9b5076367aa056a85fac35bc4d76198589054a1841b

Threat Level: Shows suspicious behavior

The file 4c1ec1816a1f85d5547bc9b5076367aa056a85fac35bc4d76198589054a1841b.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence collection credential_access impact

Obtains sensitive information copied to the device clipboard

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 22:36

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 22:36

Reported

2024-06-14 22:39

Platform

android-x86-arm-20240611.1-en

Max time kernel

24s

Max time network

152s

Command Line

com.insta.sbisms2

Signatures

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.insta.sbisms2

Network

Country Destination Domain Proto
GB 142.250.187.234:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 code.jquery.com udp
US 151.101.2.137:443 code.jquery.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/misc/profiles/cur/0/com.insta.sbisms2/primary.prof

MD5 df932af2bdcc14de18f553739228602d
SHA1 5c56b6e028ad7927e61b8f61cd1be7106a72fbfe
SHA256 2de6d71fb21f8fbfbb4acb5fa2a6dc5773a874a7d0ca2e1fb11694df00a639c4
SHA512 5d468d82a180d0a12af1c5d711201559cc1969ed4486885b5c0448c1f8cdc43b43e44324f70e95dd1aafa87d1af8c56c20b45d8378fc9af8718282919f1831f2

/data/data/com.insta.sbisms2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 8bfa56c239dfbf4a992636ddaaa4e983
SHA1 b9cc7e9cdff19fb98b01ab6a8872844e2a603dad
SHA256 64a1434a2d857b293809be7d7da3eae0de505b33a8d6bc149b76c651c0890414
SHA512 2a81b828f80971f980c9bc653bdef29563d3c7b53e829abd14cd34a3ee5322e67b48ae4eecb0cdac1ff75ef4d2e2fa2e55cd046437c748bc1ca228fd3eb1de72

/data/data/com.insta.sbisms2/files/profileInstalled

MD5 9ca837d092530d16ff642bead25a020d
SHA1 acf1cebae4ce0ca757e7fa8237ec7905e59ff2b6
SHA256 01998d93d6ec7afd737260b5ed68b215d1c157b6dc132d6fb44bfe19475bc7b8
SHA512 d5cefb0f778cf4eb04e6be569ec83e692a38cc111321427fae504d04b24eef1c83b61e85f2d3680c4524fbfdfec0480e725aba196f0a5e2b6e06a033240a98e8

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 22:36

Reported

2024-06-14 22:39

Platform

android-x64-20240611.1-en

Max time kernel

25s

Max time network

149s

Command Line

com.insta.sbisms2

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.insta.sbisms2

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 code.jquery.com udp
US 151.101.194.137:443 code.jquery.com tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.178.14:443 tcp
GB 142.250.187.226:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.204.78:443 tcp

Files

/data/misc/profiles/cur/0/com.insta.sbisms2/primary.prof

MD5 df932af2bdcc14de18f553739228602d
SHA1 5c56b6e028ad7927e61b8f61cd1be7106a72fbfe
SHA256 2de6d71fb21f8fbfbb4acb5fa2a6dc5773a874a7d0ca2e1fb11694df00a639c4
SHA512 5d468d82a180d0a12af1c5d711201559cc1969ed4486885b5c0448c1f8cdc43b43e44324f70e95dd1aafa87d1af8c56c20b45d8378fc9af8718282919f1831f2

/data/data/com.insta.sbisms2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 f6bee617242afa2ec1d62a4e5b62798c
SHA1 928a9654dee201e5bd1fa72f960133485cfea242
SHA256 b5d22f180062410ad7ada444952c9f2f37e8134c29ee653b49823aeb2b5a80d0
SHA512 f5229cefa9970321ffd8ee152eb454cca43c771e98af7d7acc08e72c7eb2abd14e85a8c3250a1f97c4587836f85cedffd798c34b34298867111ab9f38d4fc273

/data/data/com.insta.sbisms2/files/profileInstalled

MD5 39acbea1ce9a6d6b71d8f16d1a09d679
SHA1 9dd5e3830d6df4138c943dfbce18cb1ea69a2dd6
SHA256 7a9f5ec91dc77b203eff8781eba073854af06aa33ec23302feecde0b255caa5b
SHA512 91642073839f8411dacf729884bc96d156a793b74847007e75527d9233a5da559730a91277b462ed4445a6c040c48b641ea2a46f5c48b1480b0d16646661624a

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 22:36

Reported

2024-06-14 22:39

Platform

android-x64-arm64-20240611.1-en

Max time kernel

25s

Max time network

132s

Command Line

com.insta.sbisms2

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.insta.sbisms2

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 code.jquery.com udp
US 151.101.130.137:443 code.jquery.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp

Files

/data/misc/profiles/cur/0/com.insta.sbisms2/primary.prof

MD5 df932af2bdcc14de18f553739228602d
SHA1 5c56b6e028ad7927e61b8f61cd1be7106a72fbfe
SHA256 2de6d71fb21f8fbfbb4acb5fa2a6dc5773a874a7d0ca2e1fb11694df00a639c4
SHA512 5d468d82a180d0a12af1c5d711201559cc1969ed4486885b5c0448c1f8cdc43b43e44324f70e95dd1aafa87d1af8c56c20b45d8378fc9af8718282919f1831f2

/data/data/com.insta.sbisms2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 42cda95d7a23257c16c36c26609a169a
SHA1 a062419dba2097a3ebccadab3d01765c5677efd6
SHA256 d54e9a799bb4a623441f134e4ce4edd279639d3462c76fec12b4786307da4715
SHA512 1ed4bca3fc146a8a5ed9b4ecc29606b81db3fd47a5f4cfccc59276089d6747e2827f7736c68735d0aabfc0488cf76e99a21fa874735098ecf6e6d16791fbcc47