Malware Analysis Report

2025-04-03 14:13

Sample ID 241104-11hx8aybnc
Target ad57501cb7ce356467589cea47d8ae86a1421ee50b33cc8388969340e3f96008.bin
SHA256 ad57501cb7ce356467589cea47d8ae86a1421ee50b33cc8388969340e3f96008
Tags
banker discovery impact persistence collection credential_access
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

ad57501cb7ce356467589cea47d8ae86a1421ee50b33cc8388969340e3f96008

Threat Level: Shows suspicious behavior

The file ad57501cb7ce356467589cea47d8ae86a1421ee50b33cc8388969340e3f96008.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker discovery impact persistence collection credential_access

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Queries the mobile country code (MCC)

Queries the unique device ID (IMEI, MEID, IMSI)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-04 22:06

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-04 22:06

Reported

2024-11-04 22:09

Platform

android-x86-arm-20240624-en

Max time kernel

76s

Max time network

153s

Command Line

boss9000.email

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

boss9000.email

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.213.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:443 1.1.1.1 tcp
US 172.67.207.232:443 9000boss.email tcp
US 1.1.1.1:53 zserver.top udp
GB 142.250.200.46:443 tcp
HK 8.210.175.127:8080 zserver.top tcp
US 1.1.1.1:53 9000boss.email udp
HK 8.210.175.127:8080 zserver.top tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
HK 8.210.175.127:8080 zserver.top tcp
US 172.67.207.232:443 9000boss.email tcp
US 1.1.1.1:53 www.9000boss.email udp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.178.10:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 1.1.1.1:53 sock2.source-cdn.com udp
US 104.21.23.22:443 sock2.source-cdn.com tcp
US 104.21.23.22:443 sock2.source-cdn.com tcp

Files

/data/data/boss9000.email/no_backup/androidx.work.workdb-journal

MD5 4a0b6cf1939221e97abe640e307c3185
SHA1 6e6348233d06935d80e3c82bb1be9026f01abcf4
SHA256 6b063083d9bed495e646e03e08e530f72d19a6fd37906a6d72a53dc4b36926e3
SHA512 be32cce9f7c310652bcf6afb25ed653ca9c37742f872b538bcb3580bf9d8e3cbf97e619aad21c881a9edaa917816e10ce082806c4fe0b2d954a985513335b856

/data/data/boss9000.email/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/boss9000.email/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/boss9000.email/no_backup/androidx.work.workdb-wal

MD5 defbebce25468b53441b224c0e951acf
SHA1 c883925dbfc0c2d8a4cc474edd78f3ce17cc0b38
SHA256 5bf3826d95692f9ba2db8c83275c3be271733d93dc59ff675caa28e1ddce0f88
SHA512 c276a76af6664882d02571d9c29b1d7b7d7fab5d8b5cd8c3de2d7e9312a9439e33ac71e3aae8b5d8d673b4fcf22c803287b7e4c123643a3b0c6fad857516a85b

/data/data/boss9000.email/no_backup/androidx.work.workdb-wal

MD5 a7f618768f29f9d61e7cffa5e7796389
SHA1 d3f439565464e553db9db8ce9f27cc5aa48f5234
SHA256 491cfa53c5075c58100b1e471da63443024e7d1feacefd968b2a7448f823eba6
SHA512 b0c0c4408330c25bb8f74269f39f3a14d1dbe365a042c28dae619fae6a64178d1fd89613f74564d4bc5dfccd9a92cf7fbdf57261e37b4af116988ef672b1415c

/data/data/boss9000.email/databases/com.google.android.datatransport.events-journal

MD5 b9d443a22548bf8fb1b15b13a128ee21
SHA1 d120f29bd6ea30851f25f728e3b91726b103de0d
SHA256 2138014377779aa2a44059ceecffa2382d5562b042326d1cc26e05bd3200516c
SHA512 35f3a4e87e63e90e9dbe436e6d284cc811aed7fc588d41dc55ff0b6cf0e6973f6c93d19a9314c64d10eb639fd8dabd4da6f3211457a7722ee884dc6b35efb2bb

/data/data/boss9000.email/databases/com.google.android.datatransport.events-wal

MD5 2e861a0b4f77b10c7f9cdb793f845824
SHA1 50fab8b09544a4485618751da7797bf446b8d31d
SHA256 c9893a66c05a45fd6bfbc3acaac2c2cf2b7be54df2728aca20cc530edffe6d0c
SHA512 a680d4e4a29b4b4351d815e4c41be1b0a861df365f98e4518d429d834afa11dd4c58e4a59fac088c65a91afc33c3e14c13ab9a66d480db8c2d32a5cdeef92a2b

/data/data/boss9000.email/files/PersistedInstallation1687337256483633938tmp

MD5 5e875fd5658458dc18d9bb16cf302fbd
SHA1 d278c0a830d2c5afc84eb49e8ba9068c6d83bdec
SHA256 80d6cebaaa557865c6db5a6293e9eee3f44d18982095a1f31052f1a1d3c47992
SHA512 73efb1d5567ade0a1b2932ad49ab62c3343715667a03c001df2d82dc5cc67a8e47123da2abda574edef7a39b80817223e2005d7ba1d75a0d867652405104cde7

/data/data/boss9000.email/databases/stats.db-journal

MD5 2b3f370c2879d3ccbb17a2ebde4e4a3b
SHA1 6073de01af35bd0243f401d35c70b22617cfcb5e
SHA256 461c16f8353045469c179ad106676d7152fe8003b2b2fc4cc38973a70d6b680b
SHA512 47944f11dfb202415b389440f97f9374853c549d4d1ce910dc24467df0b8182dd35eb18efd8f5a57c9796b7e7193f5ada7101c5863f1a067c8c0dc9d6349f55f

/data/data/boss9000.email/databases/stats.db-wal

MD5 1217575a32e288673e8be54ebe9bfb03
SHA1 80335f9389da14cf2e26fcceaea427596b672045
SHA256 40674f6f9eb56e1c4cc595b3f3904d9920b44fd7cfd26d060ebd1053571d4a01
SHA512 13bf0646e4593f8b67c9c29557bc40cc8cfe25b87ee51a8ba37e4ff6ace3205ee3f106713cd98aa460a856cbc0a44e827fbcb262fee0eb72313a862f740efd29

/data/data/boss9000.email/files/PersistedInstallation4542417190194429386tmp

MD5 73392da19d8b2198317ed370c557d92b
SHA1 0afbaabbcaa930adf7461c7e7f07b12808596361
SHA256 019262ac85007b7bb64bf91a11d7f215ee35dd17573ad46e9d0816313694b9bd
SHA512 ddaf69c9df51fde35f10cedbca4222c8943f4b6852942bc022a3cd3477f2fc58aa80c51ed3ba38ae78001167a204403ba9184a60d143f02983e2f4b78c105d1e

/data/misc/profiles/cur/0/boss9000.email/primary.prof

MD5 746ef52685ff0248865a2aad19666830
SHA1 3954f8650a50e5507d8a376d209e026e26b446cb
SHA256 c8177f6ea2005e1502dd772d8d6f15bb1f0967856b43dfab92384cb16fb69afe
SHA512 9163712d0c8a4819a57b1f51a72c07bb51a715ac19699ae23bebde25070f60c24e431ec225f9595cb95a75158744eaf80e46a54bbe5540e4488fe476e271f4c4

/data/data/boss9000.email/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 431fcd6911fde357f954e548c870c1f9
SHA1 99b8f6d05a717c884c9a1253830e5ddc5d40aac3
SHA256 dbb8417ace9ba5cbdf9b0760992d27f72de0dba9bfb188f3c887aa5079c0e9e0
SHA512 d384eba7a7e1321eba21e60f43c7b78dba20d405ca74cf403ecfbdff9ae711600688ef469177e091979b0fda85f5c317c3c92ceb6cf6f551e4504f7fc4ed6385

/data/data/boss9000.email/files/profileInstalled

MD5 014acf74d8ca58cdbdf6a321fdc676d5
SHA1 063cd61cdcaf4606cc8003a0b2afaf6de63c9185
SHA256 397982ff4e4d75ecb854dfd658e17706535e49739c2ac3f6cb67f5c5b2a1b0e3
SHA512 18d2a0a1e7596399ee8cbe0b3843de7f7ff9cd0d756e93fc64bcea4c62a88cd7d62fb084a69399e2458b0b82581019e6324b8bc55e672367a0a5f408d690fc88

/data/misc/profiles/cur/0/boss9000.email/primary.prof

MD5 520108651adfe8c40139a91b1bd2a60b
SHA1 ed908bf45e180edbab8946f65f3cdd2f4c5b9988
SHA256 534350fbe33f282b68eb4f32f20e374c72e8af8038700828231182df4790b3f6
SHA512 81fb3a35c9c3c4e1d79ae3ba7454fccd875d2f9960b52b44fde45d4e3f173822ebf9426ec675138b63514b72b09e3d6cdd6ff4a68453640a79b9ce6ed7bd8768

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-04 22:06

Reported

2024-11-04 22:09

Platform

android-x64-20240624-en

Max time kernel

81s

Max time network

156s

Command Line

boss9000.email

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

boss9000.email

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:443 1.1.1.1 tcp
US 172.67.207.232:443 9000boss.email tcp
US 1.1.1.1:53 zserver.top udp
US 1.1.1.1:53 9000boss.email udp
US 172.67.207.232:443 9000boss.email tcp
HK 8.210.175.127:8080 zserver.top tcp
HK 8.210.175.127:8080 zserver.top tcp
US 1.1.1.1:53 www.9000boss.email udp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
HK 8.210.175.127:8080 zserver.top tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
GB 216.58.212.206:443 android.apis.google.com tcp
US 1.1.1.1:53 www.9000boss.email udp
US 1.1.1.1:53 cdnjs.cloudflare.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 1.1.1.1:53 sock1.source-cdn.com udp
US 172.67.208.109:443 sock1.source-cdn.com tcp
US 172.67.208.109:443 sock1.source-cdn.com tcp
US 172.67.208.109:443 sock1.source-cdn.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 172.217.16.238:443 tcp
GB 216.58.201.98:443 tcp

Files

/data/data/boss9000.email/no_backup/androidx.work.workdb-journal

MD5 6ca3895c08ab31b8bf183db11c086b83
SHA1 bb17842e2d634dfb13ac5bdd93596b31d9051b7c
SHA256 6ba849d00028c2d5cd81f8046d3930ecf6cfa3f9ca1a522ee4421663d6dc15be
SHA512 4eda32981f2af4a25288694bbf25b26cdcaadcb28ef5ff9f9f27bf6b9bd8ae37fb690213311c2a75e8939f28311d8eded624fa10639350fa8f1564385eded21c

/data/data/boss9000.email/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/boss9000.email/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/boss9000.email/no_backup/androidx.work.workdb-wal

MD5 03091b1240eed51309603ffe9436a978
SHA1 ba6ac9bd4a3a292f9a3c65b27cf2b80bf2bb1be8
SHA256 458e6b83bab3ef3bc8b413409a1e6fa98ab7ff3a745919bfce9ad2b3e089e900
SHA512 8b9a8092210d118be59954a20aede13b452334b45bd80948bcf7f2cab116ed37af2083f4f3b453a603851e46da57cefeaa7c107d4dc6c7f2eae4411439276b03

/data/data/boss9000.email/no_backup/androidx.work.workdb-wal

MD5 6f0d956e595c97607c5bbb20d4b09105
SHA1 d300b0828cbe9bf8771821b06b098551b52cd86a
SHA256 f4236fbaf2161edbb1855a6eb61885ee674969ea2cd88810efeb6a73249e4fc1
SHA512 b53c479e143677f6778348fad292e2c99ba7ee0524f16e37fa35203d11eb30c39f65a61a9bb177c188e4988a594560f2f9256eacab5e489a6291bc21baa1a0bd

/data/data/boss9000.email/databases/com.google.android.datatransport.events-journal

MD5 793e2c73dfa045b1985ad5fe3b1e6000
SHA1 bded4377aaede8cbfa6d0ac968f199835791d664
SHA256 f8cd1c5e6497b4d3e24c57d5021194ab17fb384f63a240153b28d5bd437c1576
SHA512 f11e95d586a6e8f32d18ced974a1a5f529cf1bc99252dc785a22b6b3a85884cca61ad79f203f7912981e35abb247c4a2cd9bf67ab670eccff2bcfd06d8f8cb93

/data/data/boss9000.email/databases/com.google.android.datatransport.events

MD5 ffd5f1a79ce2909c11faed324a67557c
SHA1 b0c8029452784b67cae4221a06bb931bfe05cc01
SHA256 41e132c061f29c0fa830ad98bc45cbfa7038f507f310bfe801e83f07f61483b5
SHA512 98ec3d8c0e8538a70dfff0d1e768fb36f56c24b0be594e8f009227c1e6ecb0bea58392d15e19e3a05b91dfe2e08318410124efd911dbe9a97e80c42db4372f9c

/data/data/boss9000.email/databases/com.google.android.datatransport.events-journal

MD5 ccb492ccd34eaa293ac4f6570ded998e
SHA1 e00a1d6ad032c87237a5713e311c526a6526fc76
SHA256 848b2a770f52eef4a92e62e82dfb32a4e0b9b45a4a8646bd42ca389af1244b31
SHA512 4742ee7fc02f116885ac898f7a2d722deef68bd63d89bdf4b74b3441a9f9f5dff94ca58932d47f1c751cf9a8fde02ee40282f4c9bc5c056fa69d1d29b3d714d2

/data/data/boss9000.email/databases/com.google.android.datatransport.events-journal

MD5 0d8a1c8c997b00fd7855b38a825efbc1
SHA1 aa57746e250795c3721b0dc922d130c326992360
SHA256 7773bfcc3e857a0541837149914181d2e5c0311f14a3c1aacb3281099e0e9742
SHA512 90f3f36378464bfe42f7f62b039a3ecc503129d9512159c5120aeb8291ee2e101c0d7e87997418f6bfc01812ea4ce2f3ed2d4f0e0334f6dde55340910069bf8e

/data/data/boss9000.email/files/PersistedInstallation2233647464729160797tmp

MD5 25a446fdb0c9b754001732cc37d9ee32
SHA1 c60ee302c6592d54c9366bc67415f9d15939a89a
SHA256 994856ad8e4b4c0e4ab4f403b602e95a976124e940f9dd453c098e6447f9d265
SHA512 20be0e6c249f028e2c394df17545bb577815fe4fc9e75618cd16013a1ff22ce1119477f0a4e6a73303e33fa1020a8e814e94c40e3e4f7f104ce24a8e8010cc38

/data/data/boss9000.email/databases/stats.db-journal

MD5 39f0e164772206ed718445ad3b56eb2f
SHA1 8756b6e6be743cb074031f0613a682c9882fc42b
SHA256 9be5a0bed55e1e04814fe5f38d5454582d5cacfb5cb6b55b9bcba77a0d7a98cb
SHA512 ea4416f1c48da0ad8c3b8e619c2a83f0f489c40c5f16652ed3eda471e3994695029cbbad60730e3515f867c58a0a3d2033c67e3d77a38c3a11b4f41b37b42fa5

/data/data/boss9000.email/databases/stats.db

MD5 6645276ab1270570c1868428d3351686
SHA1 be617ace2ee2f55ffff459cea3df40cf186c9290
SHA256 4b8e33d24aaeb1d859e9f141b97bdf38c70ec692c544001910a12015ae9c9e2a
SHA512 1a6e6e139d8923b9ff3b5aba60828d00283d797b77e1e5798fe23e34baa95cd41f7e184752a0557fb2f91d453ce55ddce1a6d8917409d1e1ec63a95f835ec5f3

/data/data/boss9000.email/databases/stats.db-journal

MD5 9f4ee67b764f4095a938894edc2121bf
SHA1 f939ea83ac74d4ab9c7c8df0fa546874ed1e9a49
SHA256 d86f6392b736df33c19f92d45013099f2a1bec216a94e21ae7b8088e93ac0e5a
SHA512 d964235ec1fb7237846a87c0357c35e7cedc4a543d2f92118dd6ef9fa756d4e78509fbc7dde313ed9468b2d694e3adf4faf44b0d84cc106e517c7163aad978b7

/data/data/boss9000.email/databases/stats.db-journal

MD5 8a7e505c2b384298a8e2e38714ddea64
SHA1 f8a187c9e1dc152ad69a6f1649696217cdaa917b
SHA256 a58e968e667600be405de7bd74bae8f1a1d2b237a56bef5f3cc1246b2664c121
SHA512 3ffea0665edf4c2a6db3f77e7c5ab5c3f06c5f1174a8e6a9b3961fb9f5e0a57787f8b2568d642e080d5d29ce2e3ff5ec8782052debdcea37030cc952e3f645ca

/data/data/boss9000.email/databases/stats.db-journal

MD5 97011a2c2948c0be133fe543cebd273e
SHA1 1de21fa13fea2ec60ef54bc44fe195ffeae6ac86
SHA256 00a75e66ff64c4033db4ff10541a8e1ea440513b17a3cf4851e6f23056afb2b8
SHA512 ee2c69a5dfa9cc4caa0b21c7c29fa932e7026643e4e5273c4225ff796a71790f3a2942d962a12c6fd8ee80b5efb273ff47ccd9e5248641756c72f32baca8f365

/data/data/boss9000.email/databases/stats.db-journal

MD5 ac48bd79cf65d8b272cac40dbcfb9ff3
SHA1 2778dd7a2ed69d88b69051fc427e80767a00e486
SHA256 3dbd1339f1022aecb5ddbba18be529ce412654420a71a2cdf93acd5ed82f708a
SHA512 00fe30365f251dc31286102ad8ee7416cc6fdf22617c64c507862cd28efafe219d3c288ed169fee38428f85661bf71da085d214118ae97d6434142703a805c5f

/data/data/boss9000.email/databases/stats.db-journal

MD5 c67dcbfa3ad95e9c0ef2455832785ec6
SHA1 f1f8dbd00327bce488c2788242033f54349ff50d
SHA256 08e857dfcf999af3914b50f738296d4b23f34ea51b41c73dca568504ed31f4fa
SHA512 e87339a7fa59e25efcc425d14ccf8ef5fa7c2de1c8bca9311eaa5fe7ccde7b76ee42ce9cfd9a2e4d9645ec52f8e255c6e9875ed846daa84e2c40db31e5d3c735

/data/misc/profiles/cur/0/boss9000.email/primary.prof

MD5 746ef52685ff0248865a2aad19666830
SHA1 3954f8650a50e5507d8a376d209e026e26b446cb
SHA256 c8177f6ea2005e1502dd772d8d6f15bb1f0967856b43dfab92384cb16fb69afe
SHA512 9163712d0c8a4819a57b1f51a72c07bb51a715ac19699ae23bebde25070f60c24e431ec225f9595cb95a75158744eaf80e46a54bbe5540e4488fe476e271f4c4

/data/data/boss9000.email/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 c47933f784d0c4539a9614f86334a12c
SHA1 bcdd1d4f14830e47d222a9f94fe0e18875e7756e
SHA256 936a35d457df56946380b39166d25928693dab475bb94703a36e38e9a5945921
SHA512 52abecd3e5f19f44604179b48dcf7ebbc8c96eb0614aba1ed0b9dba8fbc15cbe99019e50d9d05218338235adc5d2fc90e9c14259d06aa72b7885b01a3154568c

/data/data/boss9000.email/files/profileInstalled

MD5 40573a66628fddd88c987afd45d11018
SHA1 5befdb7b96d143671a6c92b5f9fd4c28fee2e49f
SHA256 b981718bd0f640805c14ab34d62307bde6bb8194d742816e6308e4d18cd7254e
SHA512 fbaf6b9f3eeb6af957df9208cee30d6c80f99be0cbbd040fcb572a3da4b182b89b24d81a92e9c7b2576859413fe90c235db94b0ecea57ae1f2ae4e3800a18f0c

/data/data/boss9000.email/files/PersistedInstallation5154298081203885053tmp

MD5 ad758b1163f7aea670819abe2cf904d8
SHA1 8ca28f0848756309e89c736287bfc6ce3e252bb5
SHA256 97a4386c5b53351328fa1aeceb3ef9f9df4a755d468a636a5fa759673b5d1bb2
SHA512 bebd092638c55e2d3a71454e5efc2864ab73eb5cd645b157f8c030a45be950318eb86be84dd2ef398aa7db7c5e0044cc59647397e30f41e3dca5eac1092a808e

/data/misc/profiles/cur/0/boss9000.email/primary.prof

MD5 fbac3569f6742d337db168cfbbaa4ebc
SHA1 437775c564d2734a5c9eab418125d0a5a554ea74
SHA256 472aebbdc9c7ddbe8cb08c46d0211a5e246b728bae030efd3eb9421bafe7f8e5
SHA512 34bf620115cd1c2d3d59ae1569eee71e6927a0bde398f8829fbf3ba2d04c712516343df7650148646a9b492045aab73f471cb314877edc101c54f1343a672b4d

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-04 22:06

Reported

2024-11-04 22:09

Platform

android-x64-arm64-20240910-en

Max time kernel

79s

Max time network

152s

Command Line

boss9000.email

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

boss9000.email

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
US 216.239.32.223:443 tcp
US 1.1.1.1:443 1.1.1.1 tcp
US 104.21.15.221:443 9000boss.email tcp
US 1.1.1.1:53 zserver.top udp
US 1.1.1.1:53 9000boss.email udp
HK 8.210.175.127:8080 zserver.top tcp
HK 8.210.175.127:8080 zserver.top tcp
US 104.21.15.221:443 9000boss.email tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 www.9000boss.email udp
US 1.1.1.1:53 cdnjs.cloudflare.com udp
HK 8.210.175.127:8080 zserver.top tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 1.1.1.1:53 sock1.source-cdn.com udp
US 172.67.208.109:443 sock1.source-cdn.com tcp
US 172.67.208.109:443 sock1.source-cdn.com tcp
GB 142.250.187.193:443 tcp
GB 142.250.187.225:443 tcp
US 216.239.32.223:443 tcp

Files

/data/data/boss9000.email/no_backup/androidx.work.workdb-journal

MD5 6a22f1d8730004f6ea3fda6dea8bc4d8
SHA1 26b564febd07c4a67d0dc5f91b2006ce4cd1fdff
SHA256 f62d2edfcea63f8c0772ae147934cf9fdf504297032beacc26d72ca7a498be6b
SHA512 207d7972a646ef08fd762595939db7cc3c019a83423e8489a250f2f13f5db09fedb496e1f438872b32aa8dcf2234ef79458d027c43b7fc72b227a6b842f3b9dc

/data/data/boss9000.email/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/data/boss9000.email/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/boss9000.email/no_backup/androidx.work.workdb-wal

MD5 5660b7c0c0b2cbce067e534db940feeb
SHA1 2f7fee5d5e3c773bba45dd5e5faaa27d4a976768
SHA256 5310fcbc76f1351082525c8ca35b1bf989117a0a276a9df946e78182ea0f0656
SHA512 69a2e28c28efdc93ebe8589688aa4991edb91dc92c98ccc1afa550f946386651ec04e3fe3430dc6592459c82cf6d0392e4ac0a1ed18f81ae9a4e8dce59cf1b65

/data/data/boss9000.email/no_backup/androidx.work.workdb-wal

MD5 375e26b9d37ebc61c3492615c17210f1
SHA1 db94398a91669925f3e1666cb942d7c656275d1a
SHA256 ca90bb3597155b662c4905c83a3f21c0ddc3e21bd94c979aeb0f6c2343b4c9a1
SHA512 8e260ab6816fee6f6f4e74816a27a758ffc3825f888d26634d1b4eb7085d33fdf7a5f96fba5889d24edf9f725be2db4ab7c2747963c0ff0d15da995b7ce7b0ad

/data/data/boss9000.email/databases/com.google.android.datatransport.events-journal

MD5 31a8df2f952a2794fdc43bedf98bb1a4
SHA1 6b38b957288c6c24393bdb3ea8049148849fed08
SHA256 bc2a7090a99d5b0400fdb7efdfb0b5d3867f9224809792c105fb799e15de2cea
SHA512 998bb0da4d63915345324c8ced055439ba04fffaf1bd6450f5890514152c3bb43f10c7927ad6aa67e658b0aeaa7f317b1c5d52866c57f1e80e4d554383ffc41e

/data/data/boss9000.email/databases/com.google.android.datatransport.events

MD5 5fb8a6c92be42435c22fd9b68b383b52
SHA1 4d1d3b2a94a5a63c338af1b30dd9804f3fadcfa3
SHA256 9be94af1070f2827d3b1848caa21a1991b0f161aaa2ac0924c702442183cac03
SHA512 ed3ec11d75969253c907b5ef6fe537262b0e2fb6a936873c234df1f2c655a42148722e61bdce70a0c49503d6632f7ca114fdf45c7dbbc44862ab45172aec4a37

/data/data/boss9000.email/databases/com.google.android.datatransport.events-journal

MD5 cd4e736df140eeb2a99685cca68a8d4b
SHA1 737d351dc5d4580a259b54fb5481e4eb6cd320e4
SHA256 14d9c8912f8044d0eca268a206dc6aa2a632ba907585f7c10ff4d7aac444158b
SHA512 1c4f214f8e562170248b6abd4fafe26540d7732f6712f41a9ada5d94968fa3c8cdfa1b891d80ea47568fe388eb9bb06f1148154b7c1925a248b7d3f00b20f152

/data/data/boss9000.email/databases/com.google.android.datatransport.events-journal

MD5 e75057f83871de887f06dfd1b865e05d
SHA1 208da76b87abcf382f0621bc25e264095de836fe
SHA256 e0c61d2d9a05b1e6385b9fa163cd450406377be551c433a7acd2ec47f5787d34
SHA512 5c4b6e07e00da90b0acde8b0336fb53c132183c4de1ad770ea0e24339358d098952486d1d89bcdb4864a25539251286ae68d3b9b5f13f7690e562662784e1afd

/data/data/boss9000.email/files/PersistedInstallation2682605076494717811tmp

MD5 bd02cbe8ad712ec9548ee406c90c11e3
SHA1 675ff29757bffc7d45edd1c3a2fbb9009ad8fda1
SHA256 9467f59753275faac2bd9795bddc58fe97de71da08279712cd7012d599e49159
SHA512 414d671791dbeca6b2ebdb843c3644a1cf16ba04e1e41e2bd6b5b1d94f80a20c6e03fc27f1b11558df7a723a8a8050e3452c78b6a181385a3c509256715fa37b

/data/data/boss9000.email/databases/stats.db-journal

MD5 13db8ad828ce82d1f9c1773f16392462
SHA1 eb40a5eaa921d085b87e3e55fec06ed80cdddec8
SHA256 263f325ebed1780178f5a6d91cb7d8a20fd28505e6d75c9b7b1cf3596b06bff5
SHA512 7209489bbb8a7b638325ecabdd0fe27dbabe190f7efdf58a68e357519e2161566314403ffa3fa8d1f5bf485699e19b35f749f25980ec00cc58ab818a0ba89f46

/data/data/boss9000.email/databases/stats.db

MD5 eb82778aad8ff15551c9a121b5fb824e
SHA1 63e25554de7ad2d364acac87f24e561f880767ec
SHA256 75fae26e9a932766796f2d04a936e6c794ba5e6ae7a4c23f23660abed8d7c820
SHA512 77e66f23ea12064bbc528b710bc48534d3922cba150b23e1a00bf993b06384d13fe68be4258164c591f5cda764d32c34b073eb4ec634942b8fe4e89bf4bc17e6

/data/data/boss9000.email/databases/stats.db-journal

MD5 acac0ee862db559fdb84b209f9903514
SHA1 47c935487bdb391c9a2627ed1ccf55692e527f86
SHA256 a178974629867b0acc381f9eb46189167f65eb90b2e70d585a30835b0b672e3a
SHA512 37cd092916619858f79f487eafce9b3881ec18efabfccc0850fc09c5a7d8e2ef56bb19075096fecf44f5e38f9799195d811c20ea1adb5e18fa2e35e8f63d7712

/data/data/boss9000.email/databases/stats.db-journal

MD5 86ce1c2e72f2ce39889e2f74e2525242
SHA1 04148ce02411786720301aa764f26f7757e4b371
SHA256 53c136141bc4455c862249fad963d7a2ca89ded165ca0360477adbe4ceb7a5c4
SHA512 4f516042d3a083986a7b75ec37a33c57f5ee38d8ad77f74c67cc182aca9438648b116307c6b932fbcf2664beffc637e8492c90434095a81abd6f76340a15befd

/data/data/boss9000.email/databases/stats.db-journal

MD5 749add58ccdfff8cd5d4f2c8052f2762
SHA1 91ea41e82ce217841cacdc01f2dd14ebff9fecaf
SHA256 42c2cb94b4385394195910d716fb3ad0fd9e91870fad72734fa4658d6b4db0a7
SHA512 3198c53e1dfd10ad29246b44b81e28d9a6eb11858e3b450764d0cdee7df65c98c41fefde188c3e66c192cb6c78b8f9f65fb34fdce0347627a946779859bdbf91

/data/data/boss9000.email/databases/stats.db-journal

MD5 4d06fc5b85f10aa6139c501961636711
SHA1 c1e9182cd2acacbf9b113545b16a64ab0ef2c039
SHA256 35cf99f7de41be2782baa84a1ad617133319ecca35bcaa594093787e22ae478f
SHA512 7ec469f64f120ed9c5acfe60443e9ac7a82ce1f84358bc923e10b739818b158a2eae19903e684be9b6de559afefc6c3cbe6f68b41bed9845e43b25c11ac47830

/data/data/boss9000.email/databases/stats.db-journal

MD5 669a2913dea5eeeacef6ad6083d22500
SHA1 81bbc6ba3882cf66eb27955570ace300e80df9f5
SHA256 aa89e8b25ea3a7812305ebc8dd3a99501c29fdf807e978a1eab5b84939c2dfdf
SHA512 689bdb934df0de6e9dbe9b6b17b76cccaf513e72030657a1214c5ec8f522a7c0d8c4c5c876bdbde9927320bb03cb9065ca6e0ca99c56090fd10bb912629c9f7b

/data/data/boss9000.email/files/PersistedInstallation4433072662888404147tmp

MD5 a89594891b0726ee43cfb6421a21ef9a
SHA1 6c0a695e106effb31f5e4da45d1c40b3d4982844
SHA256 5ae1e61b8856d948c75cab75f039c4b1a6c620b1d079dbbb2c5c5371ba35e5ff
SHA512 9b56823153ea738cb78eb91b373246c64473d07975a4eed5099e140dd55b12d403c60e221a331858f8b4a8b207d709a9064a1c3c51d46784c9cbf43412f7ca32

/data/misc/profiles/cur/0/boss9000.email/primary.prof

MD5 746ef52685ff0248865a2aad19666830
SHA1 3954f8650a50e5507d8a376d209e026e26b446cb
SHA256 c8177f6ea2005e1502dd772d8d6f15bb1f0967856b43dfab92384cb16fb69afe
SHA512 9163712d0c8a4819a57b1f51a72c07bb51a715ac19699ae23bebde25070f60c24e431ec225f9595cb95a75158744eaf80e46a54bbe5540e4488fe476e271f4c4

/data/data/boss9000.email/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 208eb324dda634889684d88d7f73bd59
SHA1 8ad489c749998d0404475a91f635de494343ab7d
SHA256 acf8563d92f4b6a08ce9dab22ab42468499dbce36c571d32bd39c8033235e140
SHA512 65dc0cb6aa10cd0d2225f6d834b9f73f5ec82547c48aad4308edefdfabb6593d2b4b8aa9154e35edecf442057822671ff2750c8a42e81923de23dab57b22eb20

/data/misc/profiles/cur/0/boss9000.email/primary.prof

MD5 1d9b3e45b54e5b770698f407ecede286
SHA1 a13f5be8ecbc281140f4ee47a5be485646a00389
SHA256 1548a5107388036bc56c3f388afc42ef2afb89695c758f1ac2329e55b9980540
SHA512 864a716960bc0e8cc7a019c962bfc953c1d1ac9618b16af175d55d8e6f2144fa0926960c51f07e2f2d83cf109f3ffd65bdb8ff6c6c00d5e286ecd944e63b8767