Malware Analysis Report

2024-09-09 16:01

Sample ID 240615-j6he7stdnc
Target unionbank statement.apk
SHA256 933e823fcac69434b507369868aac534cd097d8d4b2d2fb20c0f2937c9ffd5e8
Tags
collection credential_access impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

933e823fcac69434b507369868aac534cd097d8d4b2d2fb20c0f2937c9ffd5e8

Threat Level: Shows suspicious behavior

The file unionbank statement.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection credential_access impact

Obtains sensitive information copied to the device clipboard

Requests dangerous framework permissions

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-15 08:16

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 08:16

Reported

2024-06-15 08:20

Platform

android-x64-arm64-20240611.1-en

Max time kernel

92s

Max time network

130s

Command Line

com.smsreceiver.dhruv2

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.smsreceiver.dhruv2

Network

Country Destination Domain Proto
GB 172.217.16.238:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
GB 216.58.201.106:443 tcp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 cdn.jsdelivr.net udp
US 1.1.1.1:53 code.jquery.com udp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 151.101.194.137:443 code.jquery.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp

Files

/data/misc/profiles/cur/0/com.smsreceiver.dhruv2/primary.prof

MD5 a5012cad2232c9f963f1d90cde29c739
SHA1 499ba125fb441ca3a90399d5f3b8311583df7c09
SHA256 1c49f2e969073c0fc77852512b0b1642aea26260e421c9bf1ffc93134ff06202
SHA512 664ca07f4425e5cafc9b49d2a7c407c35fc349539ba620b080a3ee0635b92c839dd981da2d2d65403e25f59556b71e33b85a9607f86942b1d93d1e9490abccb2

/data/data/com.smsreceiver.dhruv2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 dfdda2bf8581af0c8fd5948116d7f415
SHA1 3900e07676c596663a743f5d1d0b33bd011619e5
SHA256 be6fb89910d62ab5c89255794d8a5cb6cc288e462b7d905c27917b0e34b19f3f
SHA512 10ce3a4e4d46470934e766405cffbb3e9123c04c7c9d02a35fa43aef58fee8a69f748e7bbfeec6b9e7ce319d335ce57c5ae942b4c6c680e9d64816d8c17346e3

/data/misc/profiles/cur/0/com.smsreceiver.dhruv2/primary.prof

MD5 6d09383e748e19fb9f21380270786b8a
SHA1 88d603779efb7e60651b66ec3b9df4d6e1398ccb
SHA256 d1fa49224c984c4af7d0ee1140d384f3c74edde9710159e7844a43228b32de25
SHA512 05feac80f7e1c43c22893f49aaf934985297a8881e11a29cbc48e6339efe4e33b6657b9dd850dc08d5aa502ea16305a33aa9dc17030c39f3578e207d89be8f89