Analysis Overview
SHA256
3a30f69f429724a5034e3304eb57cab41bb96b9f15d5d18daa5bea76de04d8fe
Threat Level: Known bad
The file 3a30f69f429724a5034e3304eb57cab41bb96b9f15d5d18daa5bea76de04d8fe.bin was found to be: Known bad.
Malicious Activity Summary
Ajina
Makes use of the framework's Accessibility service
Declares services with permission to bind to the system
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-17 22:05
Signatures
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-17 22:05
Reported
2024-10-17 22:08
Platform
android-x86-arm-20240910-en
Max time kernel
126s
Max time network
151s
Command Line
Signatures
Ajina
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 77.105.166.215:8080 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 142.250.200.2:443 | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 704e449913aeeb9475823f2d3d94d3e4 |
| SHA1 | d994a30f597d846b235d7b1f651025c15115ed3d |
| SHA256 | 59ca077e825c0d23ebc48e281be6569e2d4818e0d3251e3d449dfccf22cde956 |
| SHA512 | a6615ffc775dd978ea81e5806828e97c7054dae024d8c8851975cd578d5fdc8fa6a6a832b99fdbf33e54075180039be93e9c907b9310bc50fffbf9d4fc2bf92d |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 171c364a60ecde6ae04e420e13506ff2 |
| SHA1 | 8ea32784f0693c3ff742455d4d6826b8a0ad29c4 |
| SHA256 | a86081e13912c924e9bbd46a878ac59f5339963ea4b4375a66d9955f3eb7d7c9 |
| SHA512 | 9676c7710e160eb2493ec193b99f1bdf203b05d37e0d6ca3f7df2707e7318c9e3184d858a3bd26f9107723e8ec7a90750a7a009a7f07d9bc6c9a5014e6c6ce3e |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | e467a2d2db4d543d64a266ec8e1be0df |
| SHA1 | fc597decebb0f906c66a23a17c965ab493312171 |
| SHA256 | 99e28c653554703dd563e24eda5df0190300a260a26010f694b9d28b93feeaa1 |
| SHA512 | fbb06b3a7d7a478da0966676b0bd31457f33bca680dcbccbf72252f56e9f8cc23b7a2f11e558a226df7d588aa20be06ed5d29702cafe4e23409b8c29e7d0c463 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | da02788c71e606f1d14c5efb96777bba |
| SHA1 | f90ab852a123c98ff82d9af0dfb5066239282691 |
| SHA256 | 4579cb749d659eae068896ef39377fe7651b859ed3f9215eb585850fe25a8a5c |
| SHA512 | 0cf296754e0d1d90578f37f76af4b76071a9e900bcd64bd36a93537c3036ac720a6a05e52b180ba9d9c37be270f587102aaef0d752cf15e7105242c61856693a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-17 22:05
Reported
2024-10-17 22:08
Platform
android-x64-20240910-en
Max time kernel
117s
Max time network
155s
Command Line
Signatures
Ajina
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.234:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| FR | 77.105.166.215:8080 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 704e449913aeeb9475823f2d3d94d3e4 |
| SHA1 | d994a30f597d846b235d7b1f651025c15115ed3d |
| SHA256 | 59ca077e825c0d23ebc48e281be6569e2d4818e0d3251e3d449dfccf22cde956 |
| SHA512 | a6615ffc775dd978ea81e5806828e97c7054dae024d8c8851975cd578d5fdc8fa6a6a832b99fdbf33e54075180039be93e9c907b9310bc50fffbf9d4fc2bf92d |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 61fc59f5ed8930d57d77850f8583f687 |
| SHA1 | 1863e8c5ceafc4527f9e472aa88cc2c02bbe6e94 |
| SHA256 | 66998f8c533873fc6a7b788a7900839b75c94caeec05b00f732d9fedcd98d853 |
| SHA512 | 082cbfbc94894f0719f37fc3790fb92da98e9b45b7e524637199d9e2b8a78136ed4a050c9acba17765e9486557a51d4505ea6531b038c832d18faef1494ede9d |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | 90ce2f4374c74acb36fa46deb7c4b8ec |
| SHA1 | 4b2c81fa1e54f46028ad36a205bdcc2e9ba8cdd9 |
| SHA256 | f466591064ad9cfb32325d1e97e1a03dbb49ac121be66e22bf1125c98f0049f6 |
| SHA512 | eb69c6b13a407a67556d28542c86d49a2dc8ce22c472c13a962616ba21676b228d2b00510a1a880f1152e1559d3675c0c395d5f71967f35baabcd5424c45d7d8 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | abb9e65208945c970913ca9ddf2a9634 |
| SHA1 | 7273c4ad56fcab66c92cc23bb2dc80d212f40463 |
| SHA256 | ca45dfd2f909ac288807838da6d75f2755968c0d9c8267688ff624d717fd07b5 |
| SHA512 | 3dd3d471cef0478896bcf707b1840963fc8a4e4c701c1f7f1f9cc955055aa68946f600ba60a15b4b42e53150e3a2ee7db3c4a2c40cc2815ca69e36da7621f008 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-17 22:05
Reported
2024-10-17 22:08
Platform
android-x64-arm64-20240910-en
Max time kernel
125s
Max time network
154s
Command Line
Signatures
Ajina
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| US | 216.239.36.223:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| FR | 77.105.166.215:8080 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.225:443 | tcp | |
| GB | 142.250.179.225:443 | tcp | |
| US | 216.239.32.223:443 | tcp | |
| US | 216.239.32.223:443 | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 704e449913aeeb9475823f2d3d94d3e4 |
| SHA1 | d994a30f597d846b235d7b1f651025c15115ed3d |
| SHA256 | 59ca077e825c0d23ebc48e281be6569e2d4818e0d3251e3d449dfccf22cde956 |
| SHA512 | a6615ffc775dd978ea81e5806828e97c7054dae024d8c8851975cd578d5fdc8fa6a6a832b99fdbf33e54075180039be93e9c907b9310bc50fffbf9d4fc2bf92d |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 86d3ee08d14870d80cb8490ee83f4788 |
| SHA1 | b24301544aedd99beb54e27f1739fe0eadb0fda4 |
| SHA256 | 1755899f898c877e9ee75d908462d681bdf492b2188474883f9e95ae3d69a426 |
| SHA512 | 21e9c70bde5b599b9b5f7db71e854cf0e22696e4d4381a27748b771526ff25c5c9c858fc9053fffc0d3cb74825aae85685c8e373fa35995ec6516187585f0ca2 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 6ba01750b751685edda63f40a16d1a83 |
| SHA1 | 0d3cf40fb01bfa0161e02478d756e672140d0141 |
| SHA256 | 9d4fa67df6c52d78353565f6323108c39ab395fe1f96523676f1550931aeb5f8 |
| SHA512 | 0bd35222ea58493525c0b484de69925cae7383de361636972af946e87f63f28682557dc35b18e70b5ecc749faf73a4b8dcf0496d5b9e3576de0cc75a498dbf0d |