Analysis Overview
SHA256
933e823fcac69434b507369868aac534cd097d8d4b2d2fb20c0f2937c9ffd5e8
Threat Level: Shows suspicious behavior
The file unionbank statement.apk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Queries the mobile country code (MCC)
Requests dangerous framework permissions
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-15 08:24
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 08:24
Reported
2024-06-15 08:27
Platform
android-x86-arm-20240611.1-en
Max time kernel
26s
Max time network
149s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.smsreceiver.dhruv2
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.74:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
Files
/data/misc/profiles/cur/0/com.smsreceiver.dhruv2/primary.prof
| MD5 | a5012cad2232c9f963f1d90cde29c739 |
| SHA1 | 499ba125fb441ca3a90399d5f3b8311583df7c09 |
| SHA256 | 1c49f2e969073c0fc77852512b0b1642aea26260e421c9bf1ffc93134ff06202 |
| SHA512 | 664ca07f4425e5cafc9b49d2a7c407c35fc349539ba620b080a3ee0635b92c839dd981da2d2d65403e25f59556b71e33b85a9607f86942b1d93d1e9490abccb2 |
/data/data/com.smsreceiver.dhruv2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 78810d6ddb4e2f5638636fff2b9cf374 |
| SHA1 | f9f78320044fe9f88283daa51e2ab632d9a01d94 |
| SHA256 | 30bdddb386bd15e5b76a5ff2212aaef90ac85e0c09487ee40c5e261af54a597a |
| SHA512 | 138e1420f805b73f2ddf430778391b79a97a5907b3a22228bc7ca4f84c772c0c6722d0f46a20a22bacbd842c911640c976fc1bd90390a8ed320a7bd0e7a2552a |
/data/data/com.smsreceiver.dhruv2/files/profileInstalled
| MD5 | e8872f1fdde8018891368f4c9ae2d9f8 |
| SHA1 | 6efc8507578f7aa3c91f88c1425e31c00b3b9edf |
| SHA256 | ad2d5cd7bb9ad5e1ddba02e2455740a2b84f83f2a929ff8e862b6ef77dddf12f |
| SHA512 | 5c28e3ae7a3735b66c220999823522a20242ccd88977ae85f557ebb3c62b76417a496a6c74d2cf7a1592666e9f6ff2cd32492c18a8b69e67485849ae5f7dc883 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-15 08:24
Reported
2024-06-15 08:27
Platform
android-x64-20240611.1-en
Max time kernel
48s
Max time network
149s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.smsreceiver.dhruv2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| GB | 142.250.200.10:443 | tcp | |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 216.58.212.238:443 | tcp | |
| GB | 142.250.200.2:443 | tcp | |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp |
Files
/data/misc/profiles/cur/0/com.smsreceiver.dhruv2/primary.prof
| MD5 | a5012cad2232c9f963f1d90cde29c739 |
| SHA1 | 499ba125fb441ca3a90399d5f3b8311583df7c09 |
| SHA256 | 1c49f2e969073c0fc77852512b0b1642aea26260e421c9bf1ffc93134ff06202 |
| SHA512 | 664ca07f4425e5cafc9b49d2a7c407c35fc349539ba620b080a3ee0635b92c839dd981da2d2d65403e25f59556b71e33b85a9607f86942b1d93d1e9490abccb2 |
/data/data/com.smsreceiver.dhruv2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 3d7c92e8726e900db680b5d44c0ea017 |
| SHA1 | 1d2df87fb47a10d906584dcb66725784b652c33d |
| SHA256 | 4db0d0b5507badc62c077135631a936c03e64430732cb7001c0c1c896180160d |
| SHA512 | 3e4b66c555c6c69f21ee9aeb92bc3377e3fbfd11e0c3ab04f3214c86adc23b3ce0527aa957984e38bfede5df07f73c0957fc9c1972a483e2745c8f9c4a227501 |
/data/data/com.smsreceiver.dhruv2/files/profileInstalled
| MD5 | e802c755af9c63ab7e387a1c0ff334bb |
| SHA1 | 61fba6aae44723a3a607470b995e8b186d03e904 |
| SHA256 | 229536c9461445cd2edc997efb3440807c66b1adf9784e80883d6a697c962dec |
| SHA512 | 8a1470b7d418c4826d6f1e6d7e40ecc1c110f2da128c6ff75c7f63332571881c590d60de5ef4d8301dc885530095a2ffdf59f9e396ef383feb11015c24f98fab |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-15 08:24
Reported
2024-06-15 08:27
Platform
android-x64-arm64-20240611.1-en
Max time kernel
27s
Max time network
132s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.smsreceiver.dhruv2
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.234:443 | tcp | |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp |
Files
/data/misc/profiles/cur/0/com.smsreceiver.dhruv2/primary.prof
| MD5 | a5012cad2232c9f963f1d90cde29c739 |
| SHA1 | 499ba125fb441ca3a90399d5f3b8311583df7c09 |
| SHA256 | 1c49f2e969073c0fc77852512b0b1642aea26260e421c9bf1ffc93134ff06202 |
| SHA512 | 664ca07f4425e5cafc9b49d2a7c407c35fc349539ba620b080a3ee0635b92c839dd981da2d2d65403e25f59556b71e33b85a9607f86942b1d93d1e9490abccb2 |
/data/data/com.smsreceiver.dhruv2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 48d6ebbf62af62cc19188bd1c82360db |
| SHA1 | ca1479ff687095df1b79816ed88d194085cab0c7 |
| SHA256 | 032cd8b2ef310192dd3c2705cb62ca43da8d14dd7e59972c2b6b10e083df07fc |
| SHA512 | 1b5b82774b905d370e1c9d382bde7302f87d21c71e2002a08c0c4a4042997ecae0356b126a1364318f6f1be21332822b1b552877341d9c193b9c95c4ee46e856 |