Malware Analysis Report

2025-08-05 11:53

Sample ID 241015-1zgzjatepp
Target 72fcc0c96ef682744ff99ec4313bd7c7da90fed4ab027903f7d750f5412ec77f.bin
SHA256 72fcc0c96ef682744ff99ec4313bd7c7da90fed4ab027903f7d750f5412ec77f
Tags
discovery evasion persistence collection credential_access impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

72fcc0c96ef682744ff99ec4313bd7c7da90fed4ab027903f7d750f5412ec77f

Threat Level: Shows suspicious behavior

The file 72fcc0c96ef682744ff99ec4313bd7c7da90fed4ab027903f7d750f5412ec77f.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion persistence collection credential_access impact

Loads dropped Dex/Jar

Obtains sensitive information copied to the device clipboard

Attempts to obfuscate APK file format

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-15 22:05

Signatures

Attempts to obfuscate APK file format

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-15 22:05

Reported

2024-10-15 22:07

Platform

android-x86-arm-20240910-en

Max time kernel

146s

Max time network

152s

Command Line

com.dhruv.smsrecevier

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.dhruv.smsrecevier/app_mph_dex/apk.jiagu-v1.pro.so N/A N/A
N/A /data/user/0/com.dhruv.smsrecevier/app_mph_dex/apk.jiagu-v1.pro.so N/A N/A
N/A /data/user/0/com.dhruv.smsrecevier/app_mph_dex/apk.jiagu-v1.pro.so N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.dhruv.smsrecevier

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dhruv.smsrecevier/app_mph_dex/apk.jiagu-v1.pro.so --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.dhruv.smsrecevier/app_mph_dex/oat/x86/apk.jiagu-v1.pro.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 e57.mrback.in udp
US 147.79.65.149:443 e57.mrback.in tcp
US 1.1.1.1:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 1.1.1.1:53 registercomplain.in udp
GB 216.58.201.110:443 tcp
GB 216.58.201.110:443 tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 142.250.187.196:443 tcp
GB 172.217.169.10:443 tcp

Files

/data/data/com.dhruv.smsrecevier/app_mph_dex/apk.jiagu-v1.pro.so

MD5 e4a57c1bf62c8d08e8dadf4f3e240b58
SHA1 d31a278d64aaf108f9246461e5ea9ea9e59711ee
SHA256 feee787c0d85762249ff10b1749d8e468cd2ca122c355cbc5022e001dd218b8d
SHA512 fded42394c257401308e44e0ac68c47d85c366fb6fa41e3e0eaebcb60805828ddd7f12a605262f6411e9a2563c158eee31508f1a788ad329d214b39538e5f4d7

/data/user/0/com.dhruv.smsrecevier/app_mph_dex/apk.jiagu-v1.pro.so

MD5 1d8f93aa373a4b88322731b3f3fef178
SHA1 4e6253973a0bf3290ebb12636470cd35d6925ac3
SHA256 e974dd9e2578eeeba06e3c828118e28e88127c3e1c67073af7a60bc01c4b9f12
SHA512 1cf4d35d143a9733e476733d48e7a6aff44e1dafd881ca4c8005ffdc97957e8513185ef95b6890aff7aebc70fd0fdd759d85bfd63f681b1c26a2ce5bce4a3dc4

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-15 22:05

Reported

2024-10-15 22:07

Platform

android-x64-20240910-en

Max time kernel

145s

Max time network

152s

Command Line

com.dhruv.smsrecevier

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.dhruv.smsrecevier/app_mph_dex/apk.jiagu-v1.pro.so N/A N/A
N/A /data/user/0/com.dhruv.smsrecevier/app_mph_dex/apk.jiagu-v1.pro.so N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.dhruv.smsrecevier

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 e57.mrback.in udp
US 147.79.65.149:443 e57.mrback.in tcp
US 1.1.1.1:53 cdn.jsdelivr.net udp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 1.1.1.1:53 registercomplain.in udp
GB 142.250.200.2:443 tcp

Files

/data/data/com.dhruv.smsrecevier/app_mph_dex/apk.jiagu-v1.pro.so

MD5 e4a57c1bf62c8d08e8dadf4f3e240b58
SHA1 d31a278d64aaf108f9246461e5ea9ea9e59711ee
SHA256 feee787c0d85762249ff10b1749d8e468cd2ca122c355cbc5022e001dd218b8d
SHA512 fded42394c257401308e44e0ac68c47d85c366fb6fa41e3e0eaebcb60805828ddd7f12a605262f6411e9a2563c158eee31508f1a788ad329d214b39538e5f4d7

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-15 22:05

Reported

2024-10-15 22:07

Platform

android-x64-arm64-20240910-en

Max time kernel

142s

Max time network

151s

Command Line

com.dhruv.smsrecevier

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.dhruv.smsrecevier/app_mph_dex/apk.jiagu-v1.pro.so N/A N/A
N/A /data/user/0/com.dhruv.smsrecevier/app_mph_dex/apk.jiagu-v1.pro.so N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.dhruv.smsrecevier

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 216.239.32.223:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 e57.mrback.in udp
US 147.79.65.149:443 e57.mrback.in tcp
US 1.1.1.1:53 cdn.jsdelivr.net udp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 1.1.1.1:53 registercomplain.in udp
GB 172.217.16.238:443 www.youtube.com tcp
GB 142.250.187.225:443 tcp
US 216.239.32.223:443 tcp
GB 142.250.178.1:443 tcp
US 216.239.32.223:443 tcp

Files

/data/data/com.dhruv.smsrecevier/app_mph_dex/apk.jiagu-v1.pro.so

MD5 e4a57c1bf62c8d08e8dadf4f3e240b58
SHA1 d31a278d64aaf108f9246461e5ea9ea9e59711ee
SHA256 feee787c0d85762249ff10b1749d8e468cd2ca122c355cbc5022e001dd218b8d
SHA512 fded42394c257401308e44e0ac68c47d85c366fb6fa41e3e0eaebcb60805828ddd7f12a605262f6411e9a2563c158eee31508f1a788ad329d214b39538e5f4d7