Malware Analysis Report

2024-09-09 16:00

Sample ID 240615-bg71kaxdqj
Target 0d2521fe4a3276db3b4046c4c75f37aa1b7a011cde53a129c7c2a0e70e5a2470.bin
SHA256 0d2521fe4a3276db3b4046c4c75f37aa1b7a011cde53a129c7c2a0e70e5a2470
Tags
discovery evasion persistence collection credential_access impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

0d2521fe4a3276db3b4046c4c75f37aa1b7a011cde53a129c7c2a0e70e5a2470

Threat Level: Shows suspicious behavior

The file 0d2521fe4a3276db3b4046c4c75f37aa1b7a011cde53a129c7c2a0e70e5a2470.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion persistence collection credential_access impact

Obtains sensitive information copied to the device clipboard

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Checks the presence of a debugger

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-15 01:08

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 01:08

Reported

2024-06-15 01:11

Platform

android-x86-arm-20240611.1-en

Max time kernel

24s

Max time network

159s

Command Line

com.iuuytoonline.android

Signatures

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.iuuytoonline.android

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 216.58.212.202:443 semanticlocation-pa.googleapis.com tcp
GB 216.58.212.202:443 semanticlocation-pa.googleapis.com tcp

Files

/data/misc/profiles/cur/0/com.iuuytoonline.android/primary.prof

MD5 d5091ec8d20afb57a356d12d5c359463
SHA1 8424c143a9f4ea90bd6f443380990714967ba02a
SHA256 91eaac3ec4b7fafa203b3a866f1fc44e78effeb8f8f4d28baac919d6696f8ca3
SHA512 99298ec40df37b6c41173799dfbb4e3b4b7458bcd9c9d45749783d90926ab52d13ba087678fc4bc4adef338bdf67fc68b454bbb4c6209bc81029e918e1157404

/data/data/com.iuuytoonline.android/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 274bc5900c97d4b73f9f4ccbcaf507e0
SHA1 d45b096b9b4928a828d37001b1e1a9efae3290e7
SHA256 33568c67f76e4264d3c5f4ac188cb037e3ccf662ac36981752882d333112e278
SHA512 3bfa8de8a649ec8a2c01668b19904acce56045eb0d49e7750e24fb3ebaaa80b8eba47dd16c8d7547c989101cb260479a3f0a13cd0fbbceea4cb74c45e8175c1b

/data/data/com.iuuytoonline.android/files/profileInstalled

MD5 444a5d6d5876dd5d0da72f193f147ece
SHA1 4d712166733821ac9c94d2172eb1fda2b11e4255
SHA256 ede1cf45e989f3ea71024c8a2470805993217f711d5c4f7f07a83c89b3e6ab58
SHA512 b137aef021a2c5972d72f228d2c758bc1742b072012495e0483cc09a3a705dae5548af3dd3d486d4456266d533be36fafe4a5338a7935752a793612ab1400b60

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 01:08

Reported

2024-06-15 01:11

Platform

android-x64-20240611.1-en

Max time kernel

25s

Max time network

148s

Command Line

com.iuuytoonline.android

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.iuuytoonline.android

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.42:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
GB 172.217.169.42:443 tcp
GB 142.250.187.206:443 tcp
GB 142.250.187.194:443 tcp
GB 172.217.169.42:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 142.250.179.238:443 tcp

Files

/data/misc/profiles/cur/0/com.iuuytoonline.android/primary.prof

MD5 d5091ec8d20afb57a356d12d5c359463
SHA1 8424c143a9f4ea90bd6f443380990714967ba02a
SHA256 91eaac3ec4b7fafa203b3a866f1fc44e78effeb8f8f4d28baac919d6696f8ca3
SHA512 99298ec40df37b6c41173799dfbb4e3b4b7458bcd9c9d45749783d90926ab52d13ba087678fc4bc4adef338bdf67fc68b454bbb4c6209bc81029e918e1157404

/data/data/com.iuuytoonline.android/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 019b96f99894040a77bc15a36b56daaa
SHA1 1d3818fc0b392634ec13f27001dd93ca2822d06e
SHA256 dce018d7fe3d05f43cccacdd966bd0e2918b281e969d1ae9070ab384649e7f56
SHA512 8d237301de988b80e690cc79040a535f1b1597b0932dcb129f3a9c33c5e7ace798b87bae06d755d6f968e5ee442319ce079768ad90529573c7305099e2588d71

/data/data/com.iuuytoonline.android/files/profileInstalled

MD5 fa8bcd94877a2e26ffae71fa2f5ab053
SHA1 9e2a86846e39ad7751c74220c108d7a35b5af1c4
SHA256 d1f967223a0bf38747f35e358baec32c1f05719ca77651d17281f016072bab52
SHA512 587447917ccefa0fb43165f1028207bdf00b717d851d01738f12c6579adc3fb9281a67cdcbd65636a63b717c1fe11d8d7e4311b1265f63c3083c4caf5c9e8273

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-15 01:08

Reported

2024-06-15 01:11

Platform

android-x64-arm64-20240611.1-en

Max time kernel

5s

Max time network

132s

Command Line

com.iuuytoonline.android

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Checks the presence of a debugger

evasion

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.iuuytoonline.android

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

N/A