Malware Analysis Report

2024-12-01 03:01

Sample ID 241107-1xbdzasjcq
Target 7bcc6b909b5086e45a9ef71fed046c407a59371fdbb4e5cd26cec55b5fca4bea.bin
SHA256 7bcc6b909b5086e45a9ef71fed046c407a59371fdbb4e5cd26cec55b5fca4bea
Tags
collection credential_access discovery impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

7bcc6b909b5086e45a9ef71fed046c407a59371fdbb4e5cd26cec55b5fca4bea

Threat Level: Shows suspicious behavior

The file 7bcc6b909b5086e45a9ef71fed046c407a59371fdbb4e5cd26cec55b5fca4bea.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection credential_access discovery impact persistence

Obtains sensitive information copied to the device clipboard

Queries information about active data network

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 22:01

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-07 22:01

Reported

2024-11-07 22:03

Platform

android-x64-arm64-20240910-en

Max time kernel

33s

Max time network

151s

Command Line

com.renova.energia

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.renova.energia

Network

Country Destination Domain Proto
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 www.youtube.com udp
GB 172.217.169.78:443 www.youtube.com udp
GB 172.217.169.78:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 renovaenergia.vip udp
US 104.21.15.100:443 renovaenergia.vip tcp
US 216.239.36.223:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 216.239.36.223:443 tcp
GB 142.250.200.1:443 tcp
GB 216.58.212.193:443 tcp
US 216.239.36.223:443 tcp
US 216.239.36.223:443 tcp

Files

/data/misc/profiles/cur/0/com.renova.energia/primary.prof

MD5 00b5d6cd9525b197574740da918f528e
SHA1 fa9c5bf6682b1043cb8cc2385463bdeec607d5c7
SHA256 d8cc5057018400e2c4474758c7ad569ebee7046e656c934f750636cee7191d60
SHA512 0c0df6863b4cfe56c914e054c279b72afc3440d72612adfd1df5ea121e3e70afeaf4d5d1216f36b0e8813469fbe01d5e41478d67208f098c861648c8af405132

/data/data/com.renova.energia/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 47abde48e5a24b61ff9bd51181bdb443
SHA1 81f913b5a046d0affd6d2d7d1463a7c2ab68d32f
SHA256 a167e7fdcfe0b0d4b047ffd01beb0dbfdc8e3ae3ed8a31438579dad25742552a
SHA512 9dde968a35ace1f0041156828c1c64744c6cb502a65798432657df9ac574bfe8735243e30d8892523e6beba15d627815720aafd52759b987b6c608ec1a11f3fe

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 22:01

Reported

2024-11-07 22:03

Platform

android-x86-arm-20240624-en

Max time kernel

36s

Max time network

131s

Command Line

com.renova.energia

Signatures

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.renova.energia

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 renovaenergia.vip udp
US 172.67.162.39:443 renovaenergia.vip tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp

Files

/data/misc/profiles/cur/0/com.renova.energia/primary.prof

MD5 00b5d6cd9525b197574740da918f528e
SHA1 fa9c5bf6682b1043cb8cc2385463bdeec607d5c7
SHA256 d8cc5057018400e2c4474758c7ad569ebee7046e656c934f750636cee7191d60
SHA512 0c0df6863b4cfe56c914e054c279b72afc3440d72612adfd1df5ea121e3e70afeaf4d5d1216f36b0e8813469fbe01d5e41478d67208f098c861648c8af405132

/data/data/com.renova.energia/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 b06fdb0801aaaf5afd42828d49e57d7e
SHA1 5f3483235014933f3ff0587a4816c73ccf34222b
SHA256 5b5ae6614bd9b44dd197c2be40e31e15c943f12b3351eeb430c1bdf4647baa92
SHA512 0cd187536bb274fd3a9757ff1db9c77ccdd439a8982694b8fc0d37b7db891545ffb8b059fdd8defd76ae945d71e10045aeb0182b5e004e399b943e97a81e5b23

/data/data/com.renova.energia/files/profileInstalled

MD5 2a1d3aaf5cae9c2b662c04664a151ec9
SHA1 c23de6c0da9e0f157c2960cda61be5a7a8a69264
SHA256 e9c257c4be1a00b020154a73bb2271232cb442c32da3d859cbb0c2ac408d3a18
SHA512 06880e25d67010f1e0eb3650a845d82945a44cd451f4985f4ffcba42e4fb62dc69bb829dd6db5bf5795eea20ec7badfeeba0ef81a031cb666f635a9fc3946a74

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-07 22:01

Reported

2024-11-07 22:03

Platform

android-x64-20240910-en

Max time kernel

45s

Max time network

142s

Command Line

com.renova.energia

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.renova.energia

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 renovaenergia.vip udp
US 104.21.15.100:443 renovaenergia.vip tcp
US 104.21.15.100:443 renovaenergia.vip tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.187.234:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 142.250.187.195:443 tcp

Files

/data/misc/profiles/cur/0/com.renova.energia/primary.prof

MD5 00b5d6cd9525b197574740da918f528e
SHA1 fa9c5bf6682b1043cb8cc2385463bdeec607d5c7
SHA256 d8cc5057018400e2c4474758c7ad569ebee7046e656c934f750636cee7191d60
SHA512 0c0df6863b4cfe56c914e054c279b72afc3440d72612adfd1df5ea121e3e70afeaf4d5d1216f36b0e8813469fbe01d5e41478d67208f098c861648c8af405132

/data/data/com.renova.energia/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 5b8fffddad5005c0a65ec023fe718222
SHA1 7b91d70214af3b954dc0c5c099927e356bf575a9
SHA256 4a89b29b72cb44fa3132edc2684d94df4991ec012e819a09e1e6af0a9c87b28e
SHA512 239f7f53e6fe678d983e2183b7346b3f59028f4747b62196bda4d3d0e9d5e68ba37b0786dabd40999309eb126aaef2f83af3253f1528bfbeec3d673885ec1ba6

/data/data/com.renova.energia/files/profileInstalled

MD5 051ded519aa3067db3cba161c1737dbc
SHA1 6f56b1715b0fc57db21e9da9c10374a859389b7a
SHA256 75a6716683287dfdba2b7a61fc6807a1b81a18704ca9987039e370606b9a23ee
SHA512 6d0d118b2e44c7dec878ef0f421ce95dfa6a6de5773a9f63ecdc90518e67e8e6e394da57256f9499bdfa91580954c191b60caf63eed1fa0d06297d487a44c015

/data/misc/profiles/cur/0/com.renova.energia/primary.prof

MD5 88533611c6344afdafc3ec371f22efec
SHA1 50286f6390383bf2c36555ab7071454e84bf3c9f
SHA256 961f77c1eb655cf61ac4ec7dbd27b3427fb139d2ac27872aca795b4a91434c93
SHA512 6e412359c5bb7b32735ef1bb7012bab57a63eb6620c68b0d8e30ef2928d3eb04d251ba260f8d5b57bc4d127ec891911b9529268f7772d691956933bd4a18661f