Malware Analysis Report

2024-07-28 11:22

Sample ID 240614-bkz45ayhlc
Target bcbd96862c31b894b7daa1c9f6f34600a81fcb6789f5135ba685b795b505a9a1.bin
SHA256 bcbd96862c31b894b7daa1c9f6f34600a81fcb6789f5135ba685b795b505a9a1
Tags
collection credential_access impact discovery persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

bcbd96862c31b894b7daa1c9f6f34600a81fcb6789f5135ba685b795b505a9a1

Threat Level: Shows suspicious behavior

The file bcbd96862c31b894b7daa1c9f6f34600a81fcb6789f5135ba685b795b505a9a1.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection credential_access impact discovery persistence

Obtains sensitive information copied to the device clipboard

Declares services with permission to bind to the system

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:12

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 01:12

Reported

2024-06-14 01:16

Platform

android-x64-arm64-20240611.1-en

Max time kernel

142s

Max time network

132s

Command Line

com.google.massagg

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.google.massagg

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/data/com.google.massagg/logs/20240614011311031.log

MD5 eb091299b529719573b457f8e583a310
SHA1 bf8499baea14a3cc202189673e8fed7257b5e3a9
SHA256 a6cc05127334e7ff72167bcca7aaf0696f0e258b8ad0106a3ba03536b0a22bec
SHA512 e1c40666973e8cfad02e4b0cc6f9c2dd0e19b8d0b1ed974a074a910c9c9b27a2ebe292c4e33e7401d002687a4861d45f7de777c822006eb57f33b7829a283fe4

/data/data/com.google.massagg/logs/20240614011311033.log

MD5 e7a1e58c69384d9f057d601283f0b89c
SHA1 5ddc6f54626eeafffe1a809b5b3ad1e59829b39f
SHA256 de84196613d681022fdabf6a58e4d7285c5c3d8650f782c566233a74fb08ff68
SHA512 8e2a4b15f1e1c30158a1b1390c612b2b1a19cd0784d6dd2ce23c3ba545826c3982ffd465340d5ac3d249193c0ec16e32be824823f58b19b4d56b1cb0e340f63c

/data/data/com.google.massagg/no_backup/androidx.work.workdb-journal

MD5 50dfcbd653830d818936998b0ae147cc
SHA1 703664e25805e706826a9ba723c3dae84dd91d9e
SHA256 6fc871402be95abda9522af6a3cedd2e9ef0a7d6c475c5357943cb359993afc6
SHA512 e8377d1bb95b1b5b52ab6a6bb11f9835c3248adbc7bab1ee4f42ed6c588d9ec77f91339ec8e813a8e7c299674cb7439d0b758131624bcf67548f211bec132577

/data/data/com.google.massagg/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/data/com.google.massagg/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.google.massagg/no_backup/androidx.work.workdb-wal

MD5 acffc488c24c910505c76da369027da9
SHA1 ef64510f6c3b8d178c9e117a6ed70e03e115c102
SHA256 97113a9db12e106055ef0bda116c5771044df117e6207c42ce76d164731f449e
SHA512 3b8ad851851d5c12de1c52fbd7d1fa46e690cd1d4092ce7654600811dbd4a3d01acfcb7031ad3d078835e01d617ca993a850ff16a8b3eca4d389fdb518b7d037

/data/data/com.google.massagg/no_backup/androidx.work.workdb-wal

MD5 ff4be0887f278b2ad0e580231cfb3f75
SHA1 f62bc6b7b105a628663798b38aace56e3f10583b
SHA256 3c2f6594e860f5fdc62e6673f785afe50847917283b5d86c087ab6164064bbb2
SHA512 b89886dc8a96eed6d79b88d8125da7ad0824e63143e3e08a9d5386d836c879db68d4d56599e59855b8dc6b2b1acbfcdccf4d2b5f11a0911677e55a3488e41a8c

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:12

Reported

2024-06-14 01:16

Platform

android-x86-arm-20240611.1-en

Max time kernel

22s

Max time network

171s

Command Line

com.google.massagg

Signatures

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.google.massagg

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp

Files

/data/data/com.google.massagg/logs/20240614011308040.log

MD5 bcaadc0d35028b4b7edbdb2eff0a394b
SHA1 da0e16be8dbd24c25563ac88f422740019d4f1f3
SHA256 87475c5eab0cdc29162c07e8d3d8118feab01122664da144aad4382646c35e79
SHA512 b103d098615a72f6f2b9603c0e6b05610f2aa8b352b43a983f07aade5af3d9de655e70837e3f9feac90b48d4cc3f111cdfb87b760b8c7856c6c0793b99d74441

/data/data/com.google.massagg/logs/20240614011308051.log

MD5 5a29f41f7176a32c8c9b77871a2c1ac1
SHA1 b4f12091c64a39f128425ccf04aefbe0e3e9adb4
SHA256 4e659b73c3232f136b8090fca412070506b4784a0fe711425469b55abdbfb895
SHA512 7ed4b21567b98573f8f10d487157ec6215af7f990b69cb56faf1842f66417892bfd0da9ce0d74e7e94b32db86730be9ae8f4cadcf9395ac219bd6604a653e433

/data/data/com.google.massagg/no_backup/androidx.work.workdb-journal

MD5 2d52a481cb63b18d2241d6196b223a66
SHA1 2463b4e32c58d9d13ce191b0a0420c3789d2f3ee
SHA256 5ef1f9268ea8f1f995ec0b5c886c47a98d1e5e09269fa962569a0e60dedec7d2
SHA512 0e833be012e0732d0ae3e401b48ae8236fa1269a8cf1c4162835ee26a4b7e6cf2b7201e413de6a14b1d962771f7ed5be19d6ffcef41ec70f39fbf402635206e8

/data/data/com.google.massagg/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.google.massagg/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.google.massagg/no_backup/androidx.work.workdb-wal

MD5 1e141aa218526a32f18391316eaad25c
SHA1 81ad500ba68059cad871f8dfe7f711694ee0ee9a
SHA256 dc28127e29cc6f6d9fff064a9dd5750a5aad68e154562a199d65074825986efb
SHA512 d938ff8e28097bb767d8e48f99eee971cd1876217f5f4455af75b3129f86a65f206a8f63d4846e379554c142ac709b5d7f016dd21a37dbccd16ef22ce5e2524f

/data/data/com.google.massagg/no_backup/androidx.work.workdb-wal

MD5 d3d0508ebe541350e4fcea73e0971b37
SHA1 a0b1a0bfdf4aaa5c23033e28e59907ff98ed3e66
SHA256 557c48b5f4357f4334a9292734ce86365c7ea5d9e5f970d5bd1df6318c502ec1
SHA512 0de80dce3c5c1638d33a306974143fe25345feff6f76962cca09741bdca2eee902bb6e3a35b4c13e33c70a8f080307c7ce1e79a6aeb31dce47bff2df34bed4d0

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:12

Reported

2024-06-14 01:16

Platform

android-x64-20240611.1-en

Max time kernel

51s

Max time network

150s

Command Line

com.google.massagg

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.google.massagg

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
GB 142.250.178.14:443 tcp
GB 216.58.201.98:443 tcp
GB 216.58.213.14:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/data/com.google.massagg/logs/20240614011307699.log

MD5 75d4fc0fbc87179d9e8cf4c877186bc7
SHA1 f13e14650015915250bd153c67897fc272dc0ed5
SHA256 8d1a4540105d18af445e7f8a29278f8d627dc9bfc71ba8f77e79b11cba077437
SHA512 d9426482c0850f0da0baf0bbb6d25aa797f0e72c7638b039af0dbfef7452d1f8beb02d66493ce4cb1b6e42ad9f641746f7778b54ad57809b3aa928d92e167b03

/data/data/com.google.massagg/logs/20240614011307707.log

MD5 4b82322500b80449a524c12574018b27
SHA1 3566473bd04c1296fe72ff8053a01f03fa96e1e1
SHA256 9bc4044731d27fb6e6453b5d1677b72eb590af9505af157977b1d392befe0f69
SHA512 ad934fc03ac82908c0b131a3cb367c4e83d0a10239a237a3a47ca2ecd15a4da16b5b3a5ca5684557a5057f0b61db86b50cacacfc24c84ffedbac215de4df5856

/data/data/com.google.massagg/no_backup/androidx.work.workdb-journal

MD5 93aa6ebd3cd3ed861e4506e34d819d57
SHA1 cd4f140656619da6b46881e5456f1ccc7bc65b19
SHA256 d2f03f781e2227cf3f3f338d7308a735eeb980a02d1fb9d309b8ee1fa7e00664
SHA512 6f303ef527098ca6361db55ebd12af3dbe58f22908a4539c12c21038ced2869439d1d9b7af0a5d0afe57e0481d36d05847ae0543e4eec2ada1e904071a3f35b3

/data/data/com.google.massagg/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.google.massagg/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.google.massagg/no_backup/androidx.work.workdb-wal

MD5 0c613bc9744de59f57bd49991be8ff07
SHA1 dcb21abb300679a55a71a1b8dadc1a3a3054a185
SHA256 e4ea17ec854baeb8aac0ab29565a386977bced74dcc570ee13fe401194eb8183
SHA512 c08497b99fa67242ef9030313274c7f1fa87f7ec97861cec3ebefdbfd950dcc532b90bda7c9b6b6d9f4de9acde008d1e90e3f5b5ef2dd1068dd62de84c63e0d7

/data/data/com.google.massagg/no_backup/androidx.work.workdb-wal

MD5 01247e2454e63e1de03c5f70102c9b2d
SHA1 3064160bcc9bc6e79d354adf2b673fc8a66abde8
SHA256 dd81ebd87b8a9c2d8c15de70d14a11fd20205b955c06756a6e2eb9f98826f874
SHA512 dd15e9f5274d038dbb3d5fc7135201b2cb4b94233a02a6126391cd6c1074a7a6dcab9c7464668d5b8255da5c3ab9826fe49bc55f6f17bfd7e339548d6dfb630a