Analysis Overview
SHA256
59a60aa90fbc7fb8dd6b4f2b9b60c6c70fd57cda68c584d045813d2e6b1414a1
Threat Level: Known bad
The file 59a60aa90fbc7fb8dd6b4f2b9b60c6c70fd57cda68c584d045813d2e6b1414a1.bin was found to be: Known bad.
Malicious Activity Summary
Ajina family
Ajina
Makes use of the framework's Accessibility service
Declares services with permission to bind to the system
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-12 22:03
Signatures
Ajina family
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-12 22:03
Reported
2024-10-12 22:06
Platform
android-x86-arm-20240624-en
Max time kernel
149s
Max time network
131s
Command Line
Signatures
Ajina
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.10:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| SE | 77.221.136.21:8080 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 823d51b198f663453291d3f30bc4b175 |
| SHA1 | 1eff274dd30ca18597c375f38edc50b8cb4bc5c6 |
| SHA256 | 3688c05b04398eb3316a32163868f4070d7cfff641a2563372b58062dea8cd70 |
| SHA512 | 838edc238acf051d97f40d3311aba017c00e4693ab8b1cea5c89c932b19204e53184b44b4ac8a2f00410a3070e27121079ac7ec897af2b8fdabf452b1639b804 |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 5dc8c4215216b962589d3f007ca3f658 |
| SHA1 | aa9411709bd3450be130e0bd08b717d480db317c |
| SHA256 | 57de2250df20c0205517730fd018212181bc0a644bfad9220f93f093a7021d62 |
| SHA512 | ff903fdd20211841fb80019d6917d225cc9e6066482103cd332155e17338d06e5740bf9180e3141820e3b81517ee19b2b95b093835dedf02475e52696a737762 |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | 2670fc4947b7a7ec2119891b3864d84c |
| SHA1 | f27f7dc9c9c6d4c55a5cd580b2138f15d763cb28 |
| SHA256 | a52b7ff7a49d6621850c43504c8773903cf8308d7f7ab797d6970f591bdd3610 |
| SHA512 | 7d7f1fa8c386124afe2f33b1872b414c0fdaee5b6815040fc6d23f6f4b20e7e3b51632f8cb7e143cee160b1c3c4742b4445766cdf8582f5877800d570ebba5bf |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 6adbff2138750f656628ed05b6154702 |
| SHA1 | 9fab6fa174bfafd70d642acd280a08d6762988dd |
| SHA256 | 0dd9b76c63450913dc75bf30b8071e711fcbd4a0ac6d85f7e74bb66a7fbcd266 |
| SHA512 | da0770983a29a1bee621aa526d096d067a925aba6dcaad7ccfe1db0e6b59d4cd60b1168788f331eff77a761989c85bdf38bc3799697d8faa34bb6c1832126d45 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-12 22:03
Reported
2024-10-12 22:06
Platform
android-x64-20240910-en
Max time kernel
97s
Max time network
150s
Command Line
Signatures
Ajina
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.234:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.213.14:443 | android.apis.google.com | tcp |
| SE | 77.221.136.21:8080 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.232:443 | ssl.google-analytics.com | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 823d51b198f663453291d3f30bc4b175 |
| SHA1 | 1eff274dd30ca18597c375f38edc50b8cb4bc5c6 |
| SHA256 | 3688c05b04398eb3316a32163868f4070d7cfff641a2563372b58062dea8cd70 |
| SHA512 | 838edc238acf051d97f40d3311aba017c00e4693ab8b1cea5c89c932b19204e53184b44b4ac8a2f00410a3070e27121079ac7ec897af2b8fdabf452b1639b804 |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | df3e7c0e6d7c6a25f4ef60badd62b914 |
| SHA1 | 7a24404ecf49fb8c224c85fcb27008cfd1cf052f |
| SHA256 | 048e0e846599edd4225fb091d725f3d58c8ae904cbb840c9672483813fad5bb5 |
| SHA512 | a4397645432a5f3a25ea4781ad945af0cef11a45ae40bc602f782e1dc65c9da3f2776fff2404946e6325d86dc371d00367ea10c5b972098dc4da56d269139ee0 |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | bd9026be937c73011e4d42b1d930c682 |
| SHA1 | e38b2f222f1546687d70afe3ba00c04db7986a34 |
| SHA256 | ecdbc1fdad24ae19302172ff7828f24baffd6f286048bb60cf548b1c7251509d |
| SHA512 | b4895ed93158e9674ce98d71de54db6eeeb8e9c055d18302e5a1bde3d5781a990455b20320e149284acb0dcc35dfcc3d98a5cbef15c2156e0c4d0b21846347e4 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 95dcfe6457b51757d03572b62e02f9fa |
| SHA1 | 5732f066a7ec78b01021e7156f423149e7bea199 |
| SHA256 | 4f6d3206e27bf2c27038889948cb918f570d434545e91692b6f8d475015986a1 |
| SHA512 | d4e908531d721ad4ae3eff0b58dd620df90464c1d51e3164c084eaf462a1684a333cd867cf358319f4141596a67bdaadb739b39cb5320b21c87797b2033af4e9 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-12 22:03
Reported
2024-10-12 22:06
Platform
android-x64-arm64-20240624-en
Max time kernel
147s
Max time network
132s
Command Line
Signatures
Ajina
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| SE | 77.221.136.21:8080 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 823d51b198f663453291d3f30bc4b175 |
| SHA1 | 1eff274dd30ca18597c375f38edc50b8cb4bc5c6 |
| SHA256 | 3688c05b04398eb3316a32163868f4070d7cfff641a2563372b58062dea8cd70 |
| SHA512 | 838edc238acf051d97f40d3311aba017c00e4693ab8b1cea5c89c932b19204e53184b44b4ac8a2f00410a3070e27121079ac7ec897af2b8fdabf452b1639b804 |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 4fe9fbc920c67714664d412077cd881d |
| SHA1 | 1d9404c0e601f74ef92478d742a63fea85532231 |
| SHA256 | 7eafec6f586c8d827c4bbd7ac9bd4aa2b7e58ef3c94bb756c518cc62f93941ef |
| SHA512 | cbdfd5669a76f5120df71e3520e42b08c7e4d6d1058d4235b23e17a57dc5b6f4efa9002dad0c0a40809873252afa81db65f98081dd00978dedba49d39bbdbe98 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | f7f207887b3f55f2bf58dc56bebe8c8c |
| SHA1 | f66571026da82b146f5efa2ed5520ba25ec53242 |
| SHA256 | b21cf48e2df1de0d3420167ee523d3ceac8f0612d045fa8fd726c56f7d7a6d2b |
| SHA512 | da40fda0842c4b98e61967cbeaaf6d6e2fd5a64bf9dde6906049d229a1b440afdb72f020a2753043932139513bcea1ce83a80f54cbade94ba5dea38a265b124f |