Malware Analysis Report

2024-10-19 13:10

Sample ID 240618-mpyyeazcph
Target 968bbe5ed71c0d6f147d5767443dcf77.apk
SHA256 71dd39a34507859c5ee4459c6d2bb70772040a1868a3d5da7848abe8e868f9cf
Tags
discovery persistence collection credential_access impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

71dd39a34507859c5ee4459c6d2bb70772040a1868a3d5da7848abe8e868f9cf

Threat Level: Shows suspicious behavior

The file 968bbe5ed71c0d6f147d5767443dcf77.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence collection credential_access impact

Obtains sensitive information copied to the device clipboard

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-18 10:39

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 10:39

Reported

2024-06-18 10:41

Platform

android-x86-arm-20240611.1-en

Max time kernel

95s

Max time network

101s

Command Line

com.insta.sbisms2

Signatures

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.insta.sbisms2

Network

Country Destination Domain Proto
GB 142.250.178.10:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 code.jquery.com udp
US 151.101.130.137:443 code.jquery.com tcp
US 1.1.1.1:53 retail.onlinesbi.sbi udp
IN 103.68.221.191:443 retail.onlinesbi.sbi tcp
IN 103.68.221.191:443 retail.onlinesbi.sbi tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 mjkh4n.fun udp
ES 185.199.53.63:443 mjkh4n.fun tcp
ES 185.199.53.63:443 mjkh4n.fun tcp
US 1.1.1.1:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
GB 142.250.178.10:443 semanticlocation-pa.googleapis.com tcp

Files

/data/misc/profiles/cur/0/com.insta.sbisms2/primary.prof

MD5 350d5fadb802e2ff6bb8d9c78ee233ec
SHA1 cce40c8ab7d37c80b037ba82efae48bf3c3585ab
SHA256 a40b2b2538bd20c6bd8a2f9c8292583541026bfb8b47b656eab4e992cbcbcf95
SHA512 481c45394a1118bbe727c836195619191b68f0e8b536c0bc48e0274e129241d32ec099c828f550234ea12360f2372fbd6f5f8a4b2c4743a8c25f4af2c426bbf4

/data/data/com.insta.sbisms2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 1dfa5dcfbe67f1b51e843ab808996b09
SHA1 f9dfb91d45a0cefdaabfcb9807b097429ab65bcc
SHA256 b7a551fa7149082f677ce468f84559340a78eae91fb466f8bbe2a13a760b7cb2
SHA512 e3a4a9ce0a671cbb87c8853032d75c3615112d7dcc9aee234bd536c7358911d9d0bce69d0e157835723f2bceae775abec02339e377980dea2238705fb8e57a4c

/data/data/com.insta.sbisms2/files/profileInstalled

MD5 3069fb4022baf6c9cf2455285788722b
SHA1 64a0e09970a43ababeac55ddb5678dfdf41bab42
SHA256 55ee9fa93abc8249bf02700c45c537611b0060910b5097523c92acd545f826b0
SHA512 091dc599b658dff4eace287aac6a85c1018b9ae3d98a15677cc57e5e560a4347aa69129d84257b593c10f0dc1223f605c14857d45e79ec2bc99e27b3177b38dc

/data/misc/profiles/cur/0/com.insta.sbisms2/primary.prof

MD5 c874812c592d56ce8c7290fd8767a6d2
SHA1 583f9ec05aa8d92685bcb0182145b49571972961
SHA256 4aabb4e41a7f31b8e3a32f2601ecd1b5195dbc9ec5ddb17af57bc0265430a4fc
SHA512 48a26fc9bac4c729985d53fa1def66f15358dd0d7151f460353f7db7c3e18c89dd9f38c5fd0d00467082999b9722354893aa1d2ef4f38da56af8513ee3b63e67

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-18 10:39

Reported

2024-06-18 10:42

Platform

android-x64-20240611.1-en

Max time kernel

178s

Max time network

149s

Command Line

com.insta.sbisms2

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.insta.sbisms2

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 code.jquery.com udp
US 151.101.130.137:443 code.jquery.com tcp
US 1.1.1.1:53 retail.onlinesbi.sbi udp
IN 103.68.221.191:443 retail.onlinesbi.sbi tcp
IN 103.68.221.191:443 retail.onlinesbi.sbi tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 216.58.204.78:443 tcp
GB 142.250.178.14:443 tcp
GB 142.250.187.226:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/misc/profiles/cur/0/com.insta.sbisms2/primary.prof

MD5 350d5fadb802e2ff6bb8d9c78ee233ec
SHA1 cce40c8ab7d37c80b037ba82efae48bf3c3585ab
SHA256 a40b2b2538bd20c6bd8a2f9c8292583541026bfb8b47b656eab4e992cbcbcf95
SHA512 481c45394a1118bbe727c836195619191b68f0e8b536c0bc48e0274e129241d32ec099c828f550234ea12360f2372fbd6f5f8a4b2c4743a8c25f4af2c426bbf4

/data/data/com.insta.sbisms2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 1a51b74ef6f089a387cd59ecfd13b633
SHA1 9f0b2e7e5ac982dc2f0c147df0ede274f3a89009
SHA256 8326f9df12a6625735cf29b0de46fbb6345a496960b44ce405138026612d8d29
SHA512 f85af0e9f02da3649dd84d9dd8348df563bea4cea2b1ad7e7cc2a1590a7dcc05617520309a7d1fadd1303435d135759aff04b3656ca792716c6c729f83f5d906

/data/data/com.insta.sbisms2/files/profileInstalled

MD5 d0a428a6a2a3620fd00de0aa4b616485
SHA1 38753492183262668f9a08a3a52bbdc065631468
SHA256 1f025e6d94e89c093f2473356d0fcba1ff6eddb165f716c8aa4c05269db5aaef
SHA512 bbcf1e14232dda42462660e3a657dd6d3dc8eb905561a4989e400f99cb589dc3e4a1883104f71a68a575293522cc439589709f6d6b1eeda379ece06c51f4bd4a

/data/misc/profiles/cur/0/com.insta.sbisms2/primary.prof

MD5 4b8029d5b1020f65744ee0cc907194cc
SHA1 e3895980835290fafb2b85da28891f0038bac9c0
SHA256 02cfa3639dca4a67c27820b1278996e6d68873a4427b4515816d8ea2d2ddd51f
SHA512 f1121b8d8e0469bb99e04cca388e16f9fd6b7c92b64ac043623174f55c7bca96744c7557374fcb9fed8fb496f52995723f7b69136844363262bda347ad7ff90b

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-18 10:39

Reported

2024-06-18 10:42

Platform

android-x64-arm64-20240611.1-en

Max time kernel

47s

Max time network

132s

Command Line

com.insta.sbisms2

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.insta.sbisms2

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 tcp
GB 142.250.179.234:443 tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 code.jquery.com udp
US 151.101.66.137:443 code.jquery.com tcp
US 1.1.1.1:53 retail.onlinesbi.sbi udp
IN 103.68.221.191:443 retail.onlinesbi.sbi tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

/data/misc/profiles/cur/0/com.insta.sbisms2/primary.prof

MD5 350d5fadb802e2ff6bb8d9c78ee233ec
SHA1 cce40c8ab7d37c80b037ba82efae48bf3c3585ab
SHA256 a40b2b2538bd20c6bd8a2f9c8292583541026bfb8b47b656eab4e992cbcbcf95
SHA512 481c45394a1118bbe727c836195619191b68f0e8b536c0bc48e0274e129241d32ec099c828f550234ea12360f2372fbd6f5f8a4b2c4743a8c25f4af2c426bbf4

/data/data/com.insta.sbisms2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 8930badae076d905046ce4381fb7c668
SHA1 51245d3931080da3deba071d697307bb3d2db198
SHA256 3a2f3f839010ebe57d23ec5db68a3a07790373c63362033b875d7be3908e2ca3
SHA512 ff71216674a8eaf70fef1e50b1f2c23d479623e05e52cc25b762077cef692bb5d0eacc44d6a694eddbb4dd5ce465fda54ca624ebbad381e24351f11b6eacad3e

/data/misc/profiles/cur/0/com.insta.sbisms2/primary.prof

MD5 61fdf1cc53fefdf2d1f93e75bbe40eba
SHA1 1efeb2d02b194248f95e5cc1dcbe0595643bb2f0
SHA256 80f02791defc57313db288a1b782edb161c1ccb017d7abc9d96d584290dda43c
SHA512 9a87a833168f3acb375319e923f5c700f07311e645eca58fb782cf8563699d39735dd87af1ce46e9cabe5c1eb48050647b8c28b0bd97fb7c70c12a5832760fed