Analysis Overview
SHA256
f824655a2c2dc26cb021bd246abec9d99fe753b5980261c7e24be0f73f264762
Threat Level: Known bad
The file f824655a2c2dc26cb021bd246abec9d99fe753b5980261c7e24be0f73f264762.bin was found to be: Known bad.
Malicious Activity Summary
Ajina
Makes use of the framework's Accessibility service
Declares services with permission to bind to the system
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-02 22:06
Signatures
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-02 22:06
Reported
2024-10-02 22:09
Platform
android-x86-arm-20240910-en
Max time kernel
92s
Max time network
154s
Command Line
Signatures
Ajina
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 77.105.166.215:8080 | tcp | |
| US | 1.1.1.1:53 | www.zoplay.com | udp |
| US | 172.67.166.102:443 | www.zoplay.com | tcp |
| GB | 142.250.200.2:443 | tcp |
Files
/data/data/org.zzzz.aaa/cache/image_manager_disk_cache/journal.tmp
| MD5 | 8c92de9ce46d41a22f3b20f77404cc1d |
| SHA1 | 8671a6dca00edb72be47363a7071be65cf270373 |
| SHA256 | 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274 |
| SHA512 | 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56 |
/data/data/org.zzzz.aaa/cache/image_manager_disk_cache/journal
| MD5 | 4fddcf79f41c74090652408caf261ca5 |
| SHA1 | 91759364e8e7fb63676a061b60466934fd61ae15 |
| SHA256 | 5fa9fc9d6b559776729fa7deb286432b87dfcebb80739b87e39166df193bbe78 |
| SHA512 | e2b59878077ebcdfc1d9c8a686a2c96e2aef08f73977fd4b1fdcccbe3010c313725c30fe8df87c14380d0c8dcd981200b42d406361e7c177fa3937d900581aa3 |
/data/data/org.zzzz.aaa/cache/image_manager_disk_cache/746c0412cdc0b104efafc74f829fa9fa77f5549b034decd2882460e60cbc768f.0.tmp
| MD5 | 9629d97a50bb1adb24d1b558132b3e20 |
| SHA1 | f8e095f7f3b119d350ee7e5888bde15d38c15b2b |
| SHA256 | a2c80460147cdd5d255f405c4968bc96099dd5a4325103035965989590d2bc03 |
| SHA512 | 2a4160b22e9d93ca00de67ab651cc30e771c05eb7f8b6a1ab5ac539f28c7d6eaa7d30558f3646802f55a1433a820497221cbc2036828a0d54cdb3f5d10c0e705 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | a0291463bc7d124f09c0e226226ebc6c |
| SHA1 | 8cc15bafbbee0aaf89411c76137650a6313a8712 |
| SHA256 | 04ff6955aca4a51b48828c4963f1f3a5f59cca944fe819439e0dddebb187acd9 |
| SHA512 | 503d625fc93d623d426f98523e11a0b3890963a7a4856c96d48b5cd227d5dee842bba0255cd383d3189138c4cd511703103d2396ffc77ff5b1d135993f6d0617 |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 78ac25dab1732d420c78c38049ed7f11 |
| SHA1 | 5a0afd5bf8bcf6db451adfb403453c3bc0480ad0 |
| SHA256 | a0b5f69d8684d27ff24de88384e7c17642a7cb95eebd3aa720609a25b0de90b3 |
| SHA512 | 5786d86fee1508b8568df9ed25564b8a31dc62abce4f10fa75880afae6f114e157a5406de80deae4eee056a4ede4ca58224752532190f47c4cfcc88aff3297f8 |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | b7d6213c68757fbc87dc77f8d03df8c2 |
| SHA1 | 080d3a92bbc899ff6fc0ff3d79a35b9c4c2b3888 |
| SHA256 | 0f1c9db731f777a3a2f48842ccae7b3ad21e969be6ce3964c71a70649f29e7e4 |
| SHA512 | a93f49802fce3c00c4a8e82cba72d69bef8a0c0c5dba690f059ce2e2ad620cd9456a6299f416eef37d510b3f79555609554f51a10009bc181aa0ea94579876f5 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | e4e79ec6cd60cc2a1f78d0561ee74554 |
| SHA1 | 667b46f267467cb36603208c77331cb0705255e7 |
| SHA256 | 54e88975cb8defefac7150560e20d221ebe3e7a72a5687d3954ea5349db41a7b |
| SHA512 | a167920a0f2d081a13d79f01ceacc51dcc013df1733f4740606083f3aea51000b705b984005b0dcca73b14dea65bf753fbc811344baf1aba41e7580f9684f6e7 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-02 22:06
Reported
2024-10-02 22:08
Platform
android-x64-20240910-en
Max time kernel
108s
Max time network
151s
Command Line
Signatures
Ajina
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.42:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| FR | 77.105.166.215:8080 | tcp | |
| US | 1.1.1.1:53 | www.zoplay.com | udp |
| US | 104.21.16.49:443 | www.zoplay.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.2:443 | tcp |
Files
/data/data/org.zzzz.aaa/cache/image_manager_disk_cache/journal.tmp
| MD5 | 8c92de9ce46d41a22f3b20f77404cc1d |
| SHA1 | 8671a6dca00edb72be47363a7071be65cf270373 |
| SHA256 | 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274 |
| SHA512 | 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56 |
/data/data/org.zzzz.aaa/cache/image_manager_disk_cache/journal
| MD5 | 4fddcf79f41c74090652408caf261ca5 |
| SHA1 | 91759364e8e7fb63676a061b60466934fd61ae15 |
| SHA256 | 5fa9fc9d6b559776729fa7deb286432b87dfcebb80739b87e39166df193bbe78 |
| SHA512 | e2b59878077ebcdfc1d9c8a686a2c96e2aef08f73977fd4b1fdcccbe3010c313725c30fe8df87c14380d0c8dcd981200b42d406361e7c177fa3937d900581aa3 |
/data/data/org.zzzz.aaa/cache/image_manager_disk_cache/746c0412cdc0b104efafc74f829fa9fa77f5549b034decd2882460e60cbc768f.0.tmp
| MD5 | 9629d97a50bb1adb24d1b558132b3e20 |
| SHA1 | f8e095f7f3b119d350ee7e5888bde15d38c15b2b |
| SHA256 | a2c80460147cdd5d255f405c4968bc96099dd5a4325103035965989590d2bc03 |
| SHA512 | 2a4160b22e9d93ca00de67ab651cc30e771c05eb7f8b6a1ab5ac539f28c7d6eaa7d30558f3646802f55a1433a820497221cbc2036828a0d54cdb3f5d10c0e705 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | a0291463bc7d124f09c0e226226ebc6c |
| SHA1 | 8cc15bafbbee0aaf89411c76137650a6313a8712 |
| SHA256 | 04ff6955aca4a51b48828c4963f1f3a5f59cca944fe819439e0dddebb187acd9 |
| SHA512 | 503d625fc93d623d426f98523e11a0b3890963a7a4856c96d48b5cd227d5dee842bba0255cd383d3189138c4cd511703103d2396ffc77ff5b1d135993f6d0617 |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | f150bebb45f96eaba17f90e5a7b3cf19 |
| SHA1 | db687d1cb428e32d7b7e643968bef0386db53419 |
| SHA256 | 6bf81e4b2fcc6207cc71656eadbba62e197ee2febda2a14ac38925840b0d6b55 |
| SHA512 | 133bff3f327021f71df3a3ed356e2b25d60b1c1f54d7c165d84f8292cf2eb7105f70e5952f056cd55ce961b711e385ca4dcef6f74a5636e2245bb1a2555e6ffd |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | 8cf8226ff8056bcf3012286a4e305940 |
| SHA1 | e32133910f0b229d3da6226979bd8c1f679014e2 |
| SHA256 | 056f915046fb8db7fb2791397f77193eb62dd94ca87a76a8016d26e9ec80c98c |
| SHA512 | d299741f05e93fc6f0428eb517226619dd4698880978cbc61351d5fd8b112c2fe94d3fed2d950d520645cd7a0ecedf3388beb4d6c4a4137b68d2e7dffa1e0cbf |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | bc2719509feaf64cbd7db0220b245529 |
| SHA1 | e67fac0b1eb82c1de7a8c7ce6839f8ae07427e89 |
| SHA256 | 24816ffa0f033dd889e7b27c7c495a1d73c406d79e7446e749aa4cd728661261 |
| SHA512 | ea809e1f43e3ebfe230ad44b3003e554be56600583b3d381b4535cd76aa94bfffb767c47961c1debcd8cb1d74d86eb3db6daa2bb3c8795538eb385ef8007e254 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-02 22:06
Reported
2024-10-02 22:08
Platform
android-x64-arm64-20240624-en
Max time kernel
103s
Max time network
131s
Command Line
Signatures
Ajina
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| GB | 216.58.213.10:443 | tcp | |
| GB | 216.58.213.10:443 | tcp | |
| FR | 77.105.166.215:8080 | tcp | |
| US | 1.1.1.1:53 | www.zoplay.com | udp |
| US | 172.67.166.102:443 | www.zoplay.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp |
Files
/data/data/org.zzzz.aaa/cache/image_manager_disk_cache/journal.tmp
| MD5 | 8c92de9ce46d41a22f3b20f77404cc1d |
| SHA1 | 8671a6dca00edb72be47363a7071be65cf270373 |
| SHA256 | 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274 |
| SHA512 | 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56 |
/data/data/org.zzzz.aaa/cache/image_manager_disk_cache/journal
| MD5 | 4fddcf79f41c74090652408caf261ca5 |
| SHA1 | 91759364e8e7fb63676a061b60466934fd61ae15 |
| SHA256 | 5fa9fc9d6b559776729fa7deb286432b87dfcebb80739b87e39166df193bbe78 |
| SHA512 | e2b59878077ebcdfc1d9c8a686a2c96e2aef08f73977fd4b1fdcccbe3010c313725c30fe8df87c14380d0c8dcd981200b42d406361e7c177fa3937d900581aa3 |
/data/data/org.zzzz.aaa/cache/image_manager_disk_cache/746c0412cdc0b104efafc74f829fa9fa77f5549b034decd2882460e60cbc768f.0.tmp
| MD5 | 9629d97a50bb1adb24d1b558132b3e20 |
| SHA1 | f8e095f7f3b119d350ee7e5888bde15d38c15b2b |
| SHA256 | a2c80460147cdd5d255f405c4968bc96099dd5a4325103035965989590d2bc03 |
| SHA512 | 2a4160b22e9d93ca00de67ab651cc30e771c05eb7f8b6a1ab5ac539f28c7d6eaa7d30558f3646802f55a1433a820497221cbc2036828a0d54cdb3f5d10c0e705 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | a0291463bc7d124f09c0e226226ebc6c |
| SHA1 | 8cc15bafbbee0aaf89411c76137650a6313a8712 |
| SHA256 | 04ff6955aca4a51b48828c4963f1f3a5f59cca944fe819439e0dddebb187acd9 |
| SHA512 | 503d625fc93d623d426f98523e11a0b3890963a7a4856c96d48b5cd227d5dee842bba0255cd383d3189138c4cd511703103d2396ffc77ff5b1d135993f6d0617 |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | f3ed390f47c53a17c357f40986fc2916 |
| SHA1 | 62cba95d2274997d8343416bd682a7785803f531 |
| SHA256 | f5894245dac611ec8866d94426fdc4eba7afe55e069e2cc1cfd4a65db2cfb2d8 |
| SHA512 | fa755c5f66a160d2628c5d6be958987571840a5876156e5a522c0a741e63d95f38ae72d1cf199b1215c860d732d51df7a57e03d3de90212be4ee32ab27c40208 |