Analysis Overview
SHA256
71dd39a34507859c5ee4459c6d2bb70772040a1868a3d5da7848abe8e868f9cf
Threat Level: Shows suspicious behavior
The file 968bbe5ed71c0d6f147d5767443dcf77.apk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Requests dangerous framework permissions
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks memory information
Checks CPU information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-18 10:39
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-18 10:39
Reported
2024-06-18 10:41
Platform
android-x86-arm-20240611.1-en
Max time kernel
95s
Max time network
101s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.insta.sbisms2
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.178.10:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 1.1.1.1:53 | retail.onlinesbi.sbi | udp |
| IN | 103.68.221.191:443 | retail.onlinesbi.sbi | tcp |
| IN | 103.68.221.191:443 | retail.onlinesbi.sbi | tcp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | mjkh4n.fun | udp |
| ES | 185.199.53.63:443 | mjkh4n.fun | tcp |
| ES | 185.199.53.63:443 | mjkh4n.fun | tcp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 142.250.178.10:443 | semanticlocation-pa.googleapis.com | tcp |
Files
/data/misc/profiles/cur/0/com.insta.sbisms2/primary.prof
| MD5 | 350d5fadb802e2ff6bb8d9c78ee233ec |
| SHA1 | cce40c8ab7d37c80b037ba82efae48bf3c3585ab |
| SHA256 | a40b2b2538bd20c6bd8a2f9c8292583541026bfb8b47b656eab4e992cbcbcf95 |
| SHA512 | 481c45394a1118bbe727c836195619191b68f0e8b536c0bc48e0274e129241d32ec099c828f550234ea12360f2372fbd6f5f8a4b2c4743a8c25f4af2c426bbf4 |
/data/data/com.insta.sbisms2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 1dfa5dcfbe67f1b51e843ab808996b09 |
| SHA1 | f9dfb91d45a0cefdaabfcb9807b097429ab65bcc |
| SHA256 | b7a551fa7149082f677ce468f84559340a78eae91fb466f8bbe2a13a760b7cb2 |
| SHA512 | e3a4a9ce0a671cbb87c8853032d75c3615112d7dcc9aee234bd536c7358911d9d0bce69d0e157835723f2bceae775abec02339e377980dea2238705fb8e57a4c |
/data/data/com.insta.sbisms2/files/profileInstalled
| MD5 | 3069fb4022baf6c9cf2455285788722b |
| SHA1 | 64a0e09970a43ababeac55ddb5678dfdf41bab42 |
| SHA256 | 55ee9fa93abc8249bf02700c45c537611b0060910b5097523c92acd545f826b0 |
| SHA512 | 091dc599b658dff4eace287aac6a85c1018b9ae3d98a15677cc57e5e560a4347aa69129d84257b593c10f0dc1223f605c14857d45e79ec2bc99e27b3177b38dc |
/data/misc/profiles/cur/0/com.insta.sbisms2/primary.prof
| MD5 | c874812c592d56ce8c7290fd8767a6d2 |
| SHA1 | 583f9ec05aa8d92685bcb0182145b49571972961 |
| SHA256 | 4aabb4e41a7f31b8e3a32f2601ecd1b5195dbc9ec5ddb17af57bc0265430a4fc |
| SHA512 | 48a26fc9bac4c729985d53fa1def66f15358dd0d7151f460353f7db7c3e18c89dd9f38c5fd0d00467082999b9722354893aa1d2ef4f38da56af8513ee3b63e67 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-18 10:39
Reported
2024-06-18 10:42
Platform
android-x64-20240611.1-en
Max time kernel
178s
Max time network
149s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.insta.sbisms2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 1.1.1.1:53 | retail.onlinesbi.sbi | udp |
| IN | 103.68.221.191:443 | retail.onlinesbi.sbi | tcp |
| IN | 103.68.221.191:443 | retail.onlinesbi.sbi | tcp |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.187.226:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp |
Files
/data/misc/profiles/cur/0/com.insta.sbisms2/primary.prof
| MD5 | 350d5fadb802e2ff6bb8d9c78ee233ec |
| SHA1 | cce40c8ab7d37c80b037ba82efae48bf3c3585ab |
| SHA256 | a40b2b2538bd20c6bd8a2f9c8292583541026bfb8b47b656eab4e992cbcbcf95 |
| SHA512 | 481c45394a1118bbe727c836195619191b68f0e8b536c0bc48e0274e129241d32ec099c828f550234ea12360f2372fbd6f5f8a4b2c4743a8c25f4af2c426bbf4 |
/data/data/com.insta.sbisms2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 1a51b74ef6f089a387cd59ecfd13b633 |
| SHA1 | 9f0b2e7e5ac982dc2f0c147df0ede274f3a89009 |
| SHA256 | 8326f9df12a6625735cf29b0de46fbb6345a496960b44ce405138026612d8d29 |
| SHA512 | f85af0e9f02da3649dd84d9dd8348df563bea4cea2b1ad7e7cc2a1590a7dcc05617520309a7d1fadd1303435d135759aff04b3656ca792716c6c729f83f5d906 |
/data/data/com.insta.sbisms2/files/profileInstalled
| MD5 | d0a428a6a2a3620fd00de0aa4b616485 |
| SHA1 | 38753492183262668f9a08a3a52bbdc065631468 |
| SHA256 | 1f025e6d94e89c093f2473356d0fcba1ff6eddb165f716c8aa4c05269db5aaef |
| SHA512 | bbcf1e14232dda42462660e3a657dd6d3dc8eb905561a4989e400f99cb589dc3e4a1883104f71a68a575293522cc439589709f6d6b1eeda379ece06c51f4bd4a |
/data/misc/profiles/cur/0/com.insta.sbisms2/primary.prof
| MD5 | 4b8029d5b1020f65744ee0cc907194cc |
| SHA1 | e3895980835290fafb2b85da28891f0038bac9c0 |
| SHA256 | 02cfa3639dca4a67c27820b1278996e6d68873a4427b4515816d8ea2d2ddd51f |
| SHA512 | f1121b8d8e0469bb99e04cca388e16f9fd6b7c92b64ac043623174f55c7bca96744c7557374fcb9fed8fb496f52995723f7b69136844363262bda347ad7ff90b |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-18 10:39
Reported
2024-06-18 10:42
Platform
android-x64-arm64-20240611.1-en
Max time kernel
47s
Max time network
132s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.insta.sbisms2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.234:443 | tcp | |
| GB | 142.250.179.234:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 1.1.1.1:53 | retail.onlinesbi.sbi | udp |
| IN | 103.68.221.191:443 | retail.onlinesbi.sbi | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp |
Files
/data/misc/profiles/cur/0/com.insta.sbisms2/primary.prof
| MD5 | 350d5fadb802e2ff6bb8d9c78ee233ec |
| SHA1 | cce40c8ab7d37c80b037ba82efae48bf3c3585ab |
| SHA256 | a40b2b2538bd20c6bd8a2f9c8292583541026bfb8b47b656eab4e992cbcbcf95 |
| SHA512 | 481c45394a1118bbe727c836195619191b68f0e8b536c0bc48e0274e129241d32ec099c828f550234ea12360f2372fbd6f5f8a4b2c4743a8c25f4af2c426bbf4 |
/data/data/com.insta.sbisms2/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 8930badae076d905046ce4381fb7c668 |
| SHA1 | 51245d3931080da3deba071d697307bb3d2db198 |
| SHA256 | 3a2f3f839010ebe57d23ec5db68a3a07790373c63362033b875d7be3908e2ca3 |
| SHA512 | ff71216674a8eaf70fef1e50b1f2c23d479623e05e52cc25b762077cef692bb5d0eacc44d6a694eddbb4dd5ce465fda54ca624ebbad381e24351f11b6eacad3e |
/data/misc/profiles/cur/0/com.insta.sbisms2/primary.prof
| MD5 | 61fdf1cc53fefdf2d1f93e75bbe40eba |
| SHA1 | 1efeb2d02b194248f95e5cc1dcbe0595643bb2f0 |
| SHA256 | 80f02791defc57313db288a1b782edb161c1ccb017d7abc9d96d584290dda43c |
| SHA512 | 9a87a833168f3acb375319e923f5c700f07311e645eca58fb782cf8563699d39735dd87af1ce46e9cabe5c1eb48050647b8c28b0bd97fb7c70c12a5832760fed |