Malware Analysis Report

2025-01-19 07:43

Sample ID 240615-ah6y8awbpq
Target 1b7e568e69574c89ecebed54a50c15aa5de9157f14dab329f954adcd489c4ff4.bin
SHA256 1b7e568e69574c89ecebed54a50c15aa5de9157f14dab329f954adcd489c4ff4
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

1b7e568e69574c89ecebed54a50c15aa5de9157f14dab329f954adcd489c4ff4

Threat Level: Shows suspicious behavior

The file 1b7e568e69574c89ecebed54a50c15aa5de9157f14dab329f954adcd489c4ff4.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary


Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-15 00:13

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 00:13

Reported

2024-06-15 00:17

Platform

android-x86-arm-20240611.1-en

Max time kernel

5s

Max time network

147s

Command Line

com.jasonblack.son

Signatures

N/A

Processes

com.jasonblack.son

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 a8p.net udp
US 1.1.1.1:53 www.firebaseapis.com udp
DE 64.227.112.222:443 a8p.net tcp
BG 185.82.216.210:443 www.firebaseapis.com tcp
BG 185.82.216.210:443 www.firebaseapis.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp

Files

/data/data/com.jasonblack.son/cache/volley/-18176451961105624216

MD5 784aec3623554360559cd2298993aeff
SHA1 6f56c9ba8402933515c8284e274e278a8193e7a2
SHA256 98f2681b7f94cf16955f01746c8ca7dfc2063c261870846fde0f028099b3d585
SHA512 7b606fbcdbe13cbf36abe924ba1b7864b9a0784b4c0d8334236339d968ce657bafec119bfe438205265d67fa81759a5ead725b811b5bfb8e62da86c8a0632727

/data/data/com.jasonblack.son/cache/volley/387934722-891508764

MD5 a17dcc438aed40690fc00f1e62224db2
SHA1 c34a169a081d38c677e3b28a05a96a1c4fbe90d8
SHA256 06f33a8e2c9034bec02c70e93844b81678806eb246f759c1616e0b06e1c6ba40
SHA512 0858e4cc145a5a86a2981365d495c0662b7aca1413e79e59b6dd1d0f92a4770537c879065b720d7887c01857af949804ff7957d19f06951a54c07c12bf6ce84f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 00:13

Reported

2024-06-15 00:17

Platform

android-x64-20240611.1-en

Max time kernel

10s

Max time network

147s

Command Line

com.jasonblack.son

Signatures

N/A

Processes

com.jasonblack.son

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 a8p.net udp
US 1.1.1.1:53 www.firebaseapis.com udp
BG 185.82.216.210:443 www.firebaseapis.com tcp
BG 185.82.216.210:443 www.firebaseapis.com tcp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
DE 64.227.112.222:443 a8p.net tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 216.58.212.238:443 tcp
GB 142.250.200.2:443 tcp

Files

/data/data/com.jasonblack.son/cache/volley/387934722-891508764

MD5 36f5a0bb7ca2d82a9f0ce1fcf9ec6723
SHA1 7b007f7d1ffb1a818478826460d4ad43dae21821
SHA256 6c30216290f693db490d60443cec894c35ef9ecb03890a4b7afe520c1bb793e6
SHA512 2f9966d0b03c4b40447fa4cf19661eb1ca84425206aadd5f676ae625aa752b076d197289f1944d35a8174902063d05826b8060c63b21a9fad5174c27cf53f77b

/data/data/com.jasonblack.son/cache/volley/-18176451961105624216

MD5 7bce08d0f5d4928fddbe9d6a13f73482
SHA1 7e8ef1cca622d2ef1a3647b82b8bf2e3ce748bae
SHA256 cb1ec0e77be6533cfb3c0e961d105cd8bf6cca617ea76d07c7b244ee187d6752
SHA512 ef47fe3df023ef762c4ffc573aeae0f61dbd178b6953c53a7202cd7d342c12cb9c9ffb816e52ac59c6522b2924abe582d80187dfb76b4b54edf3b22c1024d303

/data/data/com.jasonblack.son/cache/volley/-18176451961105624216

MD5 0e80a94f1aabc8e7d99edd2da9e88f18
SHA1 382c441c5c22651ee526c19b7b5bddf2ed4375cf
SHA256 6449ec6df26fcd1ee3490e70615e1bb0650837f81d614d2742e9370598a8d75c
SHA512 b31f61b05017bfe282f3b84e8aa6dbf052e26078ef51d59e76be11e9223278821acee31efa07620d4c9e6b4d9e1b5e41c95723e544355fab39c42537565a2403

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-15 00:13

Reported

2024-06-15 00:17

Platform

android-x64-arm64-20240611.1-en

Max time kernel

8s

Max time network

132s

Command Line

com.jasonblack.son

Signatures

N/A

Processes

com.jasonblack.son

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.234:443 tcp
GB 216.58.212.234:443 tcp
US 1.1.1.1:53 a8p.net udp
DE 64.227.112.222:443 a8p.net tcp
US 1.1.1.1:53 www.firebaseapis.com udp
BG 185.82.216.210:443 www.firebaseapis.com tcp
BG 185.82.216.210:443 www.firebaseapis.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
DE 64.227.112.222:443 a8p.net tcp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp

Files

/data/data/com.jasonblack.son/cache/volley/-18176451961105624216

MD5 e8ba6916b67da50f9827da22cf078fd5
SHA1 2c6a9dd60ae1f8f7ac7066c1ddba469f493d04a2
SHA256 42a31eae3dec6341d93476fe5d1b04688101ef7aef43d170c2d17f75c6ff2e8b
SHA512 8fc36f96eae721138008ebf2a75408f1a92b88b8453e0245d53e0593f994ee6b9ae9407e9a4925c6ea4215c436de1cd0f93452a2bc4d0eff585197286a361206

/data/data/com.jasonblack.son/cache/volley/387934722-891508764

MD5 1ebf4f4cf69601d8ff5c78f0d3c7aa44
SHA1 37a4ac6779dc624c8bc6eda688c4a693e2d15493
SHA256 5694d0c1648875c830617b241387f2343c1150326f4e69aa7a7f64aaebb81950
SHA512 57e382074ad7c41e2b88a778ec82b23e1ccbf06b15f016dbaeed1d133ace18288d7d51a07d3c425f9e74404f383e028610e53c1c82c694ae02134b115e7de49a