Analysis Overview
SHA256
72fcc0c96ef682744ff99ec4313bd7c7da90fed4ab027903f7d750f5412ec77f
Threat Level: Shows suspicious behavior
The file 72fcc0c96ef682744ff99ec4313bd7c7da90fed4ab027903f7d750f5412ec77f.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Obtains sensitive information copied to the device clipboard
Attempts to obfuscate APK file format
Requests dangerous framework permissions
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-15 22:05
Signatures
Attempts to obfuscate APK file format
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-15 22:05
Reported
2024-10-15 22:07
Platform
android-x86-arm-20240910-en
Max time kernel
146s
Max time network
152s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.dhruv.smsrecevier/app_mph_dex/apk.jiagu-v1.pro.so | N/A | N/A |
| N/A | /data/user/0/com.dhruv.smsrecevier/app_mph_dex/apk.jiagu-v1.pro.so | N/A | N/A |
| N/A | /data/user/0/com.dhruv.smsrecevier/app_mph_dex/apk.jiagu-v1.pro.so | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.dhruv.smsrecevier
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dhruv.smsrecevier/app_mph_dex/apk.jiagu-v1.pro.so --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.dhruv.smsrecevier/app_mph_dex/oat/x86/apk.jiagu-v1.pro.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | e57.mrback.in | udp |
| US | 147.79.65.149:443 | e57.mrback.in | tcp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 1.1.1.1:53 | registercomplain.in | udp |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 172.217.169.10:443 | tcp |
Files
/data/data/com.dhruv.smsrecevier/app_mph_dex/apk.jiagu-v1.pro.so
| MD5 | e4a57c1bf62c8d08e8dadf4f3e240b58 |
| SHA1 | d31a278d64aaf108f9246461e5ea9ea9e59711ee |
| SHA256 | feee787c0d85762249ff10b1749d8e468cd2ca122c355cbc5022e001dd218b8d |
| SHA512 | fded42394c257401308e44e0ac68c47d85c366fb6fa41e3e0eaebcb60805828ddd7f12a605262f6411e9a2563c158eee31508f1a788ad329d214b39538e5f4d7 |
/data/user/0/com.dhruv.smsrecevier/app_mph_dex/apk.jiagu-v1.pro.so
| MD5 | 1d8f93aa373a4b88322731b3f3fef178 |
| SHA1 | 4e6253973a0bf3290ebb12636470cd35d6925ac3 |
| SHA256 | e974dd9e2578eeeba06e3c828118e28e88127c3e1c67073af7a60bc01c4b9f12 |
| SHA512 | 1cf4d35d143a9733e476733d48e7a6aff44e1dafd881ca4c8005ffdc97957e8513185ef95b6890aff7aebc70fd0fdd759d85bfd63f681b1c26a2ce5bce4a3dc4 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-15 22:05
Reported
2024-10-15 22:07
Platform
android-x64-20240910-en
Max time kernel
145s
Max time network
152s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.dhruv.smsrecevier/app_mph_dex/apk.jiagu-v1.pro.so | N/A | N/A |
| N/A | /data/user/0/com.dhruv.smsrecevier/app_mph_dex/apk.jiagu-v1.pro.so | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.dhruv.smsrecevier
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.42:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | e57.mrback.in | udp |
| US | 147.79.65.149:443 | e57.mrback.in | tcp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 1.1.1.1:53 | registercomplain.in | udp |
| GB | 142.250.200.2:443 | tcp |
Files
/data/data/com.dhruv.smsrecevier/app_mph_dex/apk.jiagu-v1.pro.so
| MD5 | e4a57c1bf62c8d08e8dadf4f3e240b58 |
| SHA1 | d31a278d64aaf108f9246461e5ea9ea9e59711ee |
| SHA256 | feee787c0d85762249ff10b1749d8e468cd2ca122c355cbc5022e001dd218b8d |
| SHA512 | fded42394c257401308e44e0ac68c47d85c366fb6fa41e3e0eaebcb60805828ddd7f12a605262f6411e9a2563c158eee31508f1a788ad329d214b39538e5f4d7 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-15 22:05
Reported
2024-10-15 22:07
Platform
android-x64-arm64-20240910-en
Max time kernel
142s
Max time network
151s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.dhruv.smsrecevier/app_mph_dex/apk.jiagu-v1.pro.so | N/A | N/A |
| N/A | /data/user/0/com.dhruv.smsrecevier/app_mph_dex/apk.jiagu-v1.pro.so | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.dhruv.smsrecevier
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| GB | 216.58.212.238:443 | www.youtube.com | tcp |
| US | 216.239.32.223:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.213.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | e57.mrback.in | udp |
| US | 147.79.65.149:443 | e57.mrback.in | tcp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 1.1.1.1:53 | registercomplain.in | udp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| GB | 142.250.187.225:443 | tcp | |
| US | 216.239.32.223:443 | tcp | |
| GB | 142.250.178.1:443 | tcp | |
| US | 216.239.32.223:443 | tcp |
Files
/data/data/com.dhruv.smsrecevier/app_mph_dex/apk.jiagu-v1.pro.so
| MD5 | e4a57c1bf62c8d08e8dadf4f3e240b58 |
| SHA1 | d31a278d64aaf108f9246461e5ea9ea9e59711ee |
| SHA256 | feee787c0d85762249ff10b1749d8e468cd2ca122c355cbc5022e001dd218b8d |
| SHA512 | fded42394c257401308e44e0ac68c47d85c366fb6fa41e3e0eaebcb60805828ddd7f12a605262f6411e9a2563c158eee31508f1a788ad329d214b39538e5f4d7 |