Analysis Overview
SHA256
f425f0797379cf627c28da00b54e981d61f6b58e638c872bdcd19914f58144f2
Threat Level: Shows suspicious behavior
The file f425f0797379cf627c28da00b54e981d61f6b58e638c872bdcd19914f58144f2.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Makes use of the framework's Accessibility service
Declares services with permission to bind to the system
Requests dangerous framework permissions
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-14 23:49
Signatures
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 23:49
Reported
2024-06-14 23:52
Platform
android-x86-arm-20240611.1-en
Max time kernel
163s
Max time network
132s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 46.226.160.5:8080 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | e019191dbadb50b27cb053e64dc32f44 |
| SHA1 | 1719052d22f642fcb09e1925b604e7068084d653 |
| SHA256 | 1356dcf2407df2b3183cb9e8b54d277bc4c690d0838f8724b28aee5b68b47ae6 |
| SHA512 | f9172c1ea3b4875c93ba62c3cefc0220a4deeebfc4435f02913c8a5a92ffacd681242f22b40663532de43d6b7aa3a225d8af8935c57a1d23aff0160d9c792aaa |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | e2e2374537bfab6b427b5582b815fb0d |
| SHA1 | 78f6e09dd70780445fc3c27ecde682958d3ce821 |
| SHA256 | 1a352f3a9e6453ca9e9d76475beb106ae2d3b97c030f2b48a6e65f860ec29b5b |
| SHA512 | 2146117be73c0ca9c80cc5b846f5ce64f134a8ba577a344949e2f82e86210afe4e6e8d540f387c9b13ecc2231930bd9167bc209b577b09495057234e52f5a1c3 |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | 3a40017b697a413f11bbc6cfddf14427 |
| SHA1 | c2a1c88bf749438e9456eef195a20f738268f445 |
| SHA256 | a4c3e5e71f5d1f49fad3f32150d449530a8d10053ea239268a9965035a24b9f1 |
| SHA512 | d8eb4e387436015043d5b137429cac54d85bd419eeb9231b172ce8ad24a7f612b6873f55ff672928f21549425f54f99af281d9f960c6bf118392d6116c161fca |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 87fa637f3469a4afba0aa66266e26e63 |
| SHA1 | 412f1ac750f8d1a6ae3e6edd4017a9f1a1cb10d4 |
| SHA256 | 62669acd0c109e09e5da3ff1c0cbbf574322da7b63a70160284c645af095c38c |
| SHA512 | c8919a0867a94a9ed63e61c0103e93440ff665280eb7c8275a55e0bfb0a31ace07fde04976d4e356d7407fc833e937a033f9a6021b5587d4da83f9fae08c2bc6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 23:49
Reported
2024-06-14 23:52
Platform
android-x64-20240611.1-en
Max time kernel
168s
Max time network
188s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 46.226.160.5:8080 | tcp | |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.187.226:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 216.58.204.78:443 | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | e019191dbadb50b27cb053e64dc32f44 |
| SHA1 | 1719052d22f642fcb09e1925b604e7068084d653 |
| SHA256 | 1356dcf2407df2b3183cb9e8b54d277bc4c690d0838f8724b28aee5b68b47ae6 |
| SHA512 | f9172c1ea3b4875c93ba62c3cefc0220a4deeebfc4435f02913c8a5a92ffacd681242f22b40663532de43d6b7aa3a225d8af8935c57a1d23aff0160d9c792aaa |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | caffe8477c8fe78fd858fc582414b3a7 |
| SHA1 | ac989f102de547324384d7f4eda3bfba6c33bada |
| SHA256 | ab19a45d1bb6a76b03b02b83de833f2793cd3f80eefecca0d65fada4ac10dee5 |
| SHA512 | b4b40c245da16723d730c6ddf2e8d6f4eefa0242f7a08b27c47299f60e47c5863e14dc83883ea43bab74caadb915f92632dc305a3335cbe55213260dcb087b50 |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | 9cc04692d7716e6cebca1741dde88c79 |
| SHA1 | e23bd240359a863832f84e8b16384b9fe719efde |
| SHA256 | 3adca9b705aa28c01a96e15b195cb80bf2f5892e9a7f74b85fd701beaf02b3d1 |
| SHA512 | 11a9ba1b3f243654c51150915390f2a76e62b5a5b229ce52322547ee81f8c9586e50f4c3dc05f6b77c8ec1f6d948ff5d37236f122ee7385d2091bbdf38a13651 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 2cc5c6b4eeb492357a32c6914a7077cb |
| SHA1 | aaf00093681ee0a8443db0429d64d7746911408e |
| SHA256 | e23dee0b9f8564bbb9e9fda7eeda16a6b03b23e23d3b0d513cab43c2c9d119a8 |
| SHA512 | ed24eb37b1f72ada4842c6003cdf8019066ba8ce9f464780a296a1f71b2932e39c9096b418d0730bee9028ba204e188fc5d082ebaeaaacf016d26cbbf0c3eb03 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-14 23:49
Reported
2024-06-14 23:52
Platform
android-x64-arm64-20240611.1-en
Max time kernel
163s
Max time network
134s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 46.226.160.5:8080 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | e019191dbadb50b27cb053e64dc32f44 |
| SHA1 | 1719052d22f642fcb09e1925b604e7068084d653 |
| SHA256 | 1356dcf2407df2b3183cb9e8b54d277bc4c690d0838f8724b28aee5b68b47ae6 |
| SHA512 | f9172c1ea3b4875c93ba62c3cefc0220a4deeebfc4435f02913c8a5a92ffacd681242f22b40663532de43d6b7aa3a225d8af8935c57a1d23aff0160d9c792aaa |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 2be24ac0166bc5d1d4b99b2cb72e5f97 |
| SHA1 | 28525ae664dbd33a11f518cad3311421cf3f9ae2 |
| SHA256 | b46a1a73f2d4e482d4825d31bde68d6385cf8164eca2a59a58caa79880111933 |
| SHA512 | 05608020da6f43f3538d95294ae9abff62b10f2c3d22733eed5c3317942a1f68df2293065a13d1c6a3708575254eff53b10490508c540f96bbee51c4d9f784bf |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 4bdcfaf79bf1508cde7d00409d0d81f2 |
| SHA1 | 11b2b470ae943085a063a4e0e6e7f28fe5641624 |
| SHA256 | b7f813e6c3a45366d149a1e70b263f44d68830819986e7db618066982768aaa6 |
| SHA512 | 01225ef8f0460d340ddd7732dcac1bff63ee2d311e27ab695a625e7c8077ec654c094658a89a9f15453313f5896005730a42587c88133b18bc4149ab3c76516c |