Analysis Overview
SHA256
0d2521fe4a3276db3b4046c4c75f37aa1b7a011cde53a129c7c2a0e70e5a2470
Threat Level: Shows suspicious behavior
The file 0d2521fe4a3276db3b4046c4c75f37aa1b7a011cde53a129c7c2a0e70e5a2470.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Requests dangerous framework permissions
Queries the mobile country code (MCC)
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-15 01:08
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 01:08
Reported
2024-06-15 01:11
Platform
android-x86-arm-20240611.1-en
Max time kernel
24s
Max time network
159s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.iuuytoonline.android
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 216.58.212.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.212.202:443 | semanticlocation-pa.googleapis.com | tcp |
Files
/data/misc/profiles/cur/0/com.iuuytoonline.android/primary.prof
| MD5 | d5091ec8d20afb57a356d12d5c359463 |
| SHA1 | 8424c143a9f4ea90bd6f443380990714967ba02a |
| SHA256 | 91eaac3ec4b7fafa203b3a866f1fc44e78effeb8f8f4d28baac919d6696f8ca3 |
| SHA512 | 99298ec40df37b6c41173799dfbb4e3b4b7458bcd9c9d45749783d90926ab52d13ba087678fc4bc4adef338bdf67fc68b454bbb4c6209bc81029e918e1157404 |
/data/data/com.iuuytoonline.android/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 274bc5900c97d4b73f9f4ccbcaf507e0 |
| SHA1 | d45b096b9b4928a828d37001b1e1a9efae3290e7 |
| SHA256 | 33568c67f76e4264d3c5f4ac188cb037e3ccf662ac36981752882d333112e278 |
| SHA512 | 3bfa8de8a649ec8a2c01668b19904acce56045eb0d49e7750e24fb3ebaaa80b8eba47dd16c8d7547c989101cb260479a3f0a13cd0fbbceea4cb74c45e8175c1b |
/data/data/com.iuuytoonline.android/files/profileInstalled
| MD5 | 444a5d6d5876dd5d0da72f193f147ece |
| SHA1 | 4d712166733821ac9c94d2172eb1fda2b11e4255 |
| SHA256 | ede1cf45e989f3ea71024c8a2470805993217f711d5c4f7f07a83c89b3e6ab58 |
| SHA512 | b137aef021a2c5972d72f228d2c758bc1742b072012495e0483cc09a3a705dae5548af3dd3d486d4456266d533be36fafe4a5338a7935752a793612ab1400b60 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-15 01:08
Reported
2024-06-15 01:11
Platform
android-x64-20240611.1-en
Max time kernel
25s
Max time network
148s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.iuuytoonline.android
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.42:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.213.14:443 | android.apis.google.com | tcp |
| GB | 172.217.169.42:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.194:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 142.250.179.238:443 | tcp |
Files
/data/misc/profiles/cur/0/com.iuuytoonline.android/primary.prof
| MD5 | d5091ec8d20afb57a356d12d5c359463 |
| SHA1 | 8424c143a9f4ea90bd6f443380990714967ba02a |
| SHA256 | 91eaac3ec4b7fafa203b3a866f1fc44e78effeb8f8f4d28baac919d6696f8ca3 |
| SHA512 | 99298ec40df37b6c41173799dfbb4e3b4b7458bcd9c9d45749783d90926ab52d13ba087678fc4bc4adef338bdf67fc68b454bbb4c6209bc81029e918e1157404 |
/data/data/com.iuuytoonline.android/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 019b96f99894040a77bc15a36b56daaa |
| SHA1 | 1d3818fc0b392634ec13f27001dd93ca2822d06e |
| SHA256 | dce018d7fe3d05f43cccacdd966bd0e2918b281e969d1ae9070ab384649e7f56 |
| SHA512 | 8d237301de988b80e690cc79040a535f1b1597b0932dcb129f3a9c33c5e7ace798b87bae06d755d6f968e5ee442319ce079768ad90529573c7305099e2588d71 |
/data/data/com.iuuytoonline.android/files/profileInstalled
| MD5 | fa8bcd94877a2e26ffae71fa2f5ab053 |
| SHA1 | 9e2a86846e39ad7751c74220c108d7a35b5af1c4 |
| SHA256 | d1f967223a0bf38747f35e358baec32c1f05719ca77651d17281f016072bab52 |
| SHA512 | 587447917ccefa0fb43165f1028207bdf00b717d851d01738f12c6579adc3fb9281a67cdcbd65636a63b717c1fe11d8d7e4311b1265f63c3083c4caf5c9e8273 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-15 01:08
Reported
2024-06-15 01:11
Platform
android-x64-arm64-20240611.1-en
Max time kernel
5s
Max time network
132s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks the presence of a debugger
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.iuuytoonline.android
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp |