Analysis Overview
SHA256
944d0e1b3e5c04ca10493860f3eace651dea6f3dfa2f5d80860f784d40567d9e
Threat Level: Shows suspicious behavior
The file app-release-BE61yqic.apk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads the content of SMS inbox messages.
Reads the content of outgoing SMS messages.
Loads dropped Dex/Jar
Acquires the wake lock
Makes use of the framework's foreground persistence service
Requests dangerous framework permissions
Checks CPU information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-14 06:06
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows applications to use exact alarm APIs. | android.permission.SCHEDULE_EXACT_ALARM | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 06:06
Reported
2024-06-14 06:09
Platform
android-33-x64-arm64-20240611.1-en
Max time kernel
110s
Max time network
120s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /system_ext/framework/androidx.window.extensions.jar | N/A | N/A |
| N/A | /system_ext/framework/androidx.window.extensions.jar | N/A | N/A |
| N/A | /system_ext/framework/androidx.window.sidecar.jar | N/A | N/A |
| N/A | /system_ext/framework/androidx.window.sidecar.jar | N/A | N/A |
Reads the content of SMS inbox messages.
| Description | Indicator | Process | Target |
| URI accessed for read | content://sms/inbox | N/A | N/A |
Reads the content of outgoing SMS messages.
| Description | Indicator | Process | Target |
| URI accessed for read | content://sms/sent | N/A | N/A |
| URI accessed for read | content://sms/draft | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Makes use of the framework's foreground persistence service
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.rms.induia
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.36:443 | udp | |
| GB | 172.217.169.36:443 | udp | |
| GB | 172.217.16.228:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | firebasestorage.googleapis.com | udp |
| US | 1.1.1.1:53 | firebasestorage.googleapis.com | udp |
| GB | 216.58.212.195:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | udp | |
| GB | 172.217.169.36:443 | udp | |
| GB | 172.217.169.36:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| US | 1.1.1.1:53 | induskct-default-rtdb.firebaseio.com | udp |
| US | 35.201.97.85:443 | induskct-default-rtdb.firebaseio.com | tcp |
Files
/system_ext/framework/androidx.window.extensions.jar
| MD5 | 3056e1bdb7d4e19789d0319eff484bd0 |
| SHA1 | 6791ae47aa9466fe0bca27ad6643f846853bbee4 |
| SHA256 | 8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0 |
| SHA512 | c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658 |
/system_ext/framework/androidx.window.sidecar.jar
| MD5 | 29469324e59dfcc052f24b5af4e7b2c4 |
| SHA1 | 10c1e17ac6f598037bb51baa07945663645de4eb |
| SHA256 | 9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a |
| SHA512 | 5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2 |
anon_inode:[eventfd]
| MD5 | 33cdeccccebe80329f1fdbee7f5874cb |
| SHA1 | 3da89ee273be13437e7ecf760f3fbd4dc0e8d1fe |
| SHA256 | 7c9fa136d4413fa6173637e883b6998d32e1d675f88cddff9dcbcf331820f4b8 |
| SHA512 | 991294f43425a5b80f8a5907ca7cdbb611401282585a58bb415077005428e3b4c0f661fc07ba5c45f627bd8bdcb172389ce2fda461c029b837abc70f0abbea20 |