Analysis Overview
SHA256
1b7e568e69574c89ecebed54a50c15aa5de9157f14dab329f954adcd489c4ff4
Threat Level: Shows suspicious behavior
The file 1b7e568e69574c89ecebed54a50c15aa5de9157f14dab329f954adcd489c4ff4.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-15 00:13
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 00:13
Reported
2024-06-15 00:17
Platform
android-x86-arm-20240611.1-en
Max time kernel
5s
Max time network
147s
Command Line
Signatures
Processes
com.jasonblack.son
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.202:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | a8p.net | udp |
| US | 1.1.1.1:53 | www.firebaseapis.com | udp |
| DE | 64.227.112.222:443 | a8p.net | tcp |
| BG | 185.82.216.210:443 | www.firebaseapis.com | tcp |
| BG | 185.82.216.210:443 | www.firebaseapis.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
Files
/data/data/com.jasonblack.son/cache/volley/-18176451961105624216
| MD5 | 784aec3623554360559cd2298993aeff |
| SHA1 | 6f56c9ba8402933515c8284e274e278a8193e7a2 |
| SHA256 | 98f2681b7f94cf16955f01746c8ca7dfc2063c261870846fde0f028099b3d585 |
| SHA512 | 7b606fbcdbe13cbf36abe924ba1b7864b9a0784b4c0d8334236339d968ce657bafec119bfe438205265d67fa81759a5ead725b811b5bfb8e62da86c8a0632727 |
/data/data/com.jasonblack.son/cache/volley/387934722-891508764
| MD5 | a17dcc438aed40690fc00f1e62224db2 |
| SHA1 | c34a169a081d38c677e3b28a05a96a1c4fbe90d8 |
| SHA256 | 06f33a8e2c9034bec02c70e93844b81678806eb246f759c1616e0b06e1c6ba40 |
| SHA512 | 0858e4cc145a5a86a2981365d495c0662b7aca1413e79e59b6dd1d0f92a4770537c879065b720d7887c01857af949804ff7957d19f06951a54c07c12bf6ce84f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-15 00:13
Reported
2024-06-15 00:17
Platform
android-x64-20240611.1-en
Max time kernel
10s
Max time network
147s
Command Line
Signatures
Processes
com.jasonblack.son
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | a8p.net | udp |
| US | 1.1.1.1:53 | www.firebaseapis.com | udp |
| BG | 185.82.216.210:443 | www.firebaseapis.com | tcp |
| BG | 185.82.216.210:443 | www.firebaseapis.com | tcp |
| GB | 142.250.200.10:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| DE | 64.227.112.222:443 | a8p.net | tcp |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp | |
| GB | 216.58.212.238:443 | tcp | |
| GB | 142.250.200.2:443 | tcp |
Files
/data/data/com.jasonblack.son/cache/volley/387934722-891508764
| MD5 | 36f5a0bb7ca2d82a9f0ce1fcf9ec6723 |
| SHA1 | 7b007f7d1ffb1a818478826460d4ad43dae21821 |
| SHA256 | 6c30216290f693db490d60443cec894c35ef9ecb03890a4b7afe520c1bb793e6 |
| SHA512 | 2f9966d0b03c4b40447fa4cf19661eb1ca84425206aadd5f676ae625aa752b076d197289f1944d35a8174902063d05826b8060c63b21a9fad5174c27cf53f77b |
/data/data/com.jasonblack.son/cache/volley/-18176451961105624216
| MD5 | 7bce08d0f5d4928fddbe9d6a13f73482 |
| SHA1 | 7e8ef1cca622d2ef1a3647b82b8bf2e3ce748bae |
| SHA256 | cb1ec0e77be6533cfb3c0e961d105cd8bf6cca617ea76d07c7b244ee187d6752 |
| SHA512 | ef47fe3df023ef762c4ffc573aeae0f61dbd178b6953c53a7202cd7d342c12cb9c9ffb816e52ac59c6522b2924abe582d80187dfb76b4b54edf3b22c1024d303 |
/data/data/com.jasonblack.son/cache/volley/-18176451961105624216
| MD5 | 0e80a94f1aabc8e7d99edd2da9e88f18 |
| SHA1 | 382c441c5c22651ee526c19b7b5bddf2ed4375cf |
| SHA256 | 6449ec6df26fcd1ee3490e70615e1bb0650837f81d614d2742e9370598a8d75c |
| SHA512 | b31f61b05017bfe282f3b84e8aa6dbf052e26078ef51d59e76be11e9223278821acee31efa07620d4c9e6b4d9e1b5e41c95723e544355fab39c42537565a2403 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-15 00:13
Reported
2024-06-15 00:17
Platform
android-x64-arm64-20240611.1-en
Max time kernel
8s
Max time network
132s
Command Line
Signatures
Processes
com.jasonblack.son
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.234:443 | tcp | |
| GB | 216.58.212.234:443 | tcp | |
| US | 1.1.1.1:53 | a8p.net | udp |
| DE | 64.227.112.222:443 | a8p.net | tcp |
| US | 1.1.1.1:53 | www.firebaseapis.com | udp |
| BG | 185.82.216.210:443 | www.firebaseapis.com | tcp |
| BG | 185.82.216.210:443 | www.firebaseapis.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| DE | 64.227.112.222:443 | a8p.net | tcp |
| GB | 216.58.212.196:443 | tcp | |
| GB | 216.58.212.196:443 | tcp |
Files
/data/data/com.jasonblack.son/cache/volley/-18176451961105624216
| MD5 | e8ba6916b67da50f9827da22cf078fd5 |
| SHA1 | 2c6a9dd60ae1f8f7ac7066c1ddba469f493d04a2 |
| SHA256 | 42a31eae3dec6341d93476fe5d1b04688101ef7aef43d170c2d17f75c6ff2e8b |
| SHA512 | 8fc36f96eae721138008ebf2a75408f1a92b88b8453e0245d53e0593f994ee6b9ae9407e9a4925c6ea4215c436de1cd0f93452a2bc4d0eff585197286a361206 |
/data/data/com.jasonblack.son/cache/volley/387934722-891508764
| MD5 | 1ebf4f4cf69601d8ff5c78f0d3c7aa44 |
| SHA1 | 37a4ac6779dc624c8bc6eda688c4a693e2d15493 |
| SHA256 | 5694d0c1648875c830617b241387f2343c1150326f4e69aa7a7f64aaebb81950 |
| SHA512 | 57e382074ad7c41e2b88a778ec82b23e1ccbf06b15f016dbaeed1d133ace18288d7d51a07d3c425f9e74404f383e028610e53c1c82c694ae02134b115e7de49a |