Malware Analysis Report

2024-10-19 13:11

Sample ID 240617-2pypzaxdpf
Target app1.apk
SHA256 eafa989bd8ecb790e2da622af152ea6138ce314d16cca7b96ba3b09f96b3c2b4
Tags
collection credential_access discovery evasion impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

eafa989bd8ecb790e2da622af152ea6138ce314d16cca7b96ba3b09f96b3c2b4

Threat Level: Shows suspicious behavior

The file app1.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection credential_access discovery evasion impact

Loads dropped Dex/Jar

Obtains sensitive information copied to the device clipboard

Requests dangerous framework permissions

Queries information about active data network

Reads information about phone network operator.

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-17 22:46

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 22:46

Reported

2024-06-17 22:47

Platform

android-33-x64-arm64-20240611.1-en

Max time kernel

46s

Max time network

62s

Command Line

com.milo.quest1

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /system_ext/framework/androidx.window.extensions.jar N/A N/A
N/A /system_ext/framework/androidx.window.extensions.jar N/A N/A
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.milo.quest1

Network

Country Destination Domain Proto
GB 172.217.169.68:443 udp
GB 172.217.169.68:443 udp
GB 172.217.16.228:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.234:443 udp
GB 216.58.212.234:443 tcp
US 1.1.1.1:53 ingress-firstsession.buildbox.com udp
US 1.1.1.1:53 ingress-config.buildbox.com udp
US 107.20.65.254:443 ingress-firstsession.buildbox.com tcp
US 1.1.1.1:53 sdks.api.8cell.com udp
GB 143.204.176.119:443 sdks.api.8cell.com tcp
US 1.1.1.1:53 ms.applovin.com udp
US 34.102.162.219:443 ms.applovin.com tcp
US 1.1.1.1:53 rt.applovin.com udp
US 1.1.1.1:53 d.applovin.com udp
US 34.110.179.88:443 d.applovin.com tcp
US 34.117.147.68:443 rt.applovin.com tcp
US 1.1.1.1:53 a.applovin.com udp
US 34.117.147.68:443 a.applovin.com tcp
US 1.1.1.1:53 ingress-adzoneattempt.buildbox.com udp
US 107.20.65.254:443 ingress-adzoneattempt.buildbox.com tcp
US 1.1.1.1:53 ingress-adattempt.buildbox.com udp
US 107.20.65.254:443 ingress-adattempt.buildbox.com tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 142.250.178.10:443 remoteprovisioning.googleapis.com tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 142.250.200.3:443 tcp
US 172.64.41.3:443 udp
GB 142.250.200.3:443 udp
GB 172.217.169.68:443 udp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 142.250.179.228:443 udp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.212.227:443 tcp

Files

/data/data/com.milo.quest1/files/.aob/session-reporter/reporting/installation.json

MD5 2a60193850443542eac79e42d4c58d54
SHA1 ee42ee1fccd7e473206eb45c2f13860e144aee57
SHA256 4a69bc31122b1669266308f86628d568c331b4623505f1afd8f3fe8afc43b4b6
SHA512 d5791c5f327c6a2325da3bae4efee23bb4a1ec0b32b13465b4f37638619322c777cebf1a07e3e724c71e999e192a03dc92a5b51209d4012080e7154a3e663894

/data/data/com.milo.quest1/files/.aob/session-reporter/reporting/installation.json

MD5 b443f2687e3a602dd614c4659028f66c
SHA1 c88b7d83563f0f7618f20481adef3b779189c4e5
SHA256 fe96e637bffa6d238e456f2bb1c21e35562206948ce807b23d9d89ecf95424be
SHA512 903562ff046b0839c3758e4cd806432d84dc8b4061df9f88fe46d10728ea05618c95dcbafc439354220db529d56a93cac48b435303fcad27bf335da9bc42435e

/data/data/com.milo.quest1/files/.aob/session-reporter/reporting/installation.json

MD5 8090a1922b009687dfae3481417a9b49
SHA1 698f8bf5c1ca210941c37a1b742d75eefdb766db
SHA256 d0f9a24bb925081e9fc84ba47a6600514820647ca6722a22b6691c0937a88406
SHA512 70d6aba6cc852bb74479856595b034f19a071d41198c7c6893eb13c8595537e27bf763a8878c91cf0f3fbe8873c8d2d1316898bedff356c34c0092693ebb73e3

/data/data/com.milo.quest1/files/.aob/session-reporter/reporting/reports.json

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/system_ext/framework/androidx.window.extensions.jar

MD5 3056e1bdb7d4e19789d0319eff484bd0
SHA1 6791ae47aa9466fe0bca27ad6643f846853bbee4
SHA256 8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0
SHA512 c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

/system_ext/framework/androidx.window.sidecar.jar

MD5 29469324e59dfcc052f24b5af4e7b2c4
SHA1 10c1e17ac6f598037bb51baa07945663645de4eb
SHA256 9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a
SHA512 5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2