Malware Analysis Report

2025-01-19 07:45

Sample ID 240615-cxw4nszekj
Target 1a4684d5feb0f9691193460ce3fbed6df42b21cdb4ff4d39c89477e26481d3e9
SHA256 1a4684d5feb0f9691193460ce3fbed6df42b21cdb4ff4d39c89477e26481d3e9
Tags
evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

1a4684d5feb0f9691193460ce3fbed6df42b21cdb4ff4d39c89477e26481d3e9

Threat Level: Shows suspicious behavior

The file 1a4684d5feb0f9691193460ce3fbed6df42b21cdb4ff4d39c89477e26481d3e9 was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion

Loads dropped Dex/Jar

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-15 02:27

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-15 02:27

Reported

2024-06-15 02:31

Platform

android-x64-arm64-20240611.1-en

Max time kernel

9s

Max time network

132s

Command Line

org.traccar.client

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A

Processes

org.traccar.client

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/system_ext/framework/androidx.window.sidecar.jar

MD5 bdf3529e80318eb14e53a5bf3720c10d
SHA1 25c9ace4b1af6e80ebb2572345972c56505969ba
SHA256 bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b
SHA512 48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

/data/misc/profiles/cur/0/org.traccar.client/primary.prof

MD5 ebe4600df2c966f72564a01fb71d6988
SHA1 93b01353c5aaaa47a80cc762234a828f6254f35d
SHA256 fedde5ce82dc6a8e57d5d5095785fe4e83c9096c28cbd4684bf39083ce978bb6
SHA512 e6db8b4ca55573dbb9cbce5c0dfeaae1502420fd7796ec0b9a1634ba325217bae12bce8c2c8bbd237e45eccd8e9dff5d5a97332749576ab42501dcc2b23c92bd

/data/data/org.traccar.client/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 9f7d92a00cac56f245bf7655d1f5189c
SHA1 7bf6277d51070d7cf48c90c71e1e89829fc3e63e
SHA256 d55cc44865e9750895ab3b382c59073567eba9aecbbcf8399559a714c6545693
SHA512 510b175d9f91c1701a43c2c1506fc796becccbfcbb4a9b77a67acbb07f82a444894859b23cab95a64ac71f6eae21995e2b98a93dd54eb35851dd8af08f8a5757

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 02:27

Reported

2024-06-15 02:31

Platform

android-x86-arm-20240611.1-en

Max time kernel

8s

Max time network

130s

Command Line

org.traccar.client

Signatures

N/A

Processes

org.traccar.client

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/misc/profiles/cur/0/org.traccar.client/primary.prof

MD5 ebe4600df2c966f72564a01fb71d6988
SHA1 93b01353c5aaaa47a80cc762234a828f6254f35d
SHA256 fedde5ce82dc6a8e57d5d5095785fe4e83c9096c28cbd4684bf39083ce978bb6
SHA512 e6db8b4ca55573dbb9cbce5c0dfeaae1502420fd7796ec0b9a1634ba325217bae12bce8c2c8bbd237e45eccd8e9dff5d5a97332749576ab42501dcc2b23c92bd

/data/data/org.traccar.client/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 9ee075dd5163768c3312c5d74d142601
SHA1 a47228f6c29cbd0515cecc4cc208c9356755148f
SHA256 2c52fb6542644ad694308657f1a25d9d58ea5ba6d7a3abf3d7a2fd8fe7500ca2
SHA512 36bfa54ad8bdfcbe77292d595c868e9ec90ac3cb960941615e1673f67faf8e31fadd2eb563878d1f3dcf857211c721728de55333cc990d7a5c4923553d04124a

/data/data/org.traccar.client/files/profileInstalled

MD5 710ace6a4be48473e47b83224129b7ac
SHA1 6e04ca84c8380230d279781b9eb48a161d834c23
SHA256 7ff2921123ba20f84219c1baf4bea31092fdc6e895d858dad4496e84ab7d6c1b
SHA512 0a1933a34cefa198a6802c1015bee0ed7888a3dd651d78185e3bebc27dfbbc32b1136b38b06cd3555e0bb9e5af2626d139d99e6c7655b9742c43be528858157e

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 02:27

Reported

2024-06-15 02:31

Platform

android-x64-20240611.1-en

Max time kernel

47s

Max time network

149s

Command Line

org.traccar.client

Signatures

N/A

Processes

org.traccar.client

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.42:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
GB 142.250.187.206:443 tcp
GB 142.250.187.194:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 142.250.179.238:443 tcp

Files

/data/misc/profiles/cur/0/org.traccar.client/primary.prof

MD5 ebe4600df2c966f72564a01fb71d6988
SHA1 93b01353c5aaaa47a80cc762234a828f6254f35d
SHA256 fedde5ce82dc6a8e57d5d5095785fe4e83c9096c28cbd4684bf39083ce978bb6
SHA512 e6db8b4ca55573dbb9cbce5c0dfeaae1502420fd7796ec0b9a1634ba325217bae12bce8c2c8bbd237e45eccd8e9dff5d5a97332749576ab42501dcc2b23c92bd

/data/data/org.traccar.client/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 971baf3772771608ff72ef965f17d63a
SHA1 c564eeadc202a304b1e4d2dd55e62d0c754f1d52
SHA256 75cb58a82ec7b51a537251d106e53d4206f568bff16e0e3ab10776fe9d292da0
SHA512 bce81b0cd8cecfc5007c23b4dfa452a6e34895cd902318fcf3ed7d16025d2f6fdf5406468d647dce38fa6fd03cb22d45651f812fa7a392bd6e0612ada6ae8c5b

/data/data/org.traccar.client/files/profileInstalled

MD5 a94db2f871e7396328b06cdab59bcb07
SHA1 f999bc1ca42aa9a97c33369a844fde3214d9fd03
SHA256 89aa850e38591464cab28e337742a8b9df45bcac7e8db5000bdeb42a2d79cb0b
SHA512 b371bfd57b67ebf0796960cdcd6485b363f5a788f38806cae3f31b534c73ef928e63ebbbd5cb4b2f58fcd08aed0b0850ac2e8fa8243cf41b0bf3220c6d3e6b4e

/data/misc/profiles/cur/0/org.traccar.client/primary.prof

MD5 f3643fb125bff2202349e87c368d1e6c
SHA1 fe9dca69a9ae8b873191748993fce95cbb9f2587
SHA256 773a51da6ed8eb708cd15227a73872ad13f8a4d214751dc60b822c8f1e9673aa
SHA512 3a3be910fe8c906aa45e4255e45798edc70c6f946ed2bae4a7d44235a9328bddca33f94fbe6cb62f908879907b5f5bd7d81fea82a0d44959d1cc342f02be9f8e