Analysis Overview
score
10/10
SHA256
bd1098db9c7dd0a7a58e6f8d268777f9898ab46833a563225a7f59653a1fd374
Threat Level: Known bad
The file FM_K263530_sh.apk was found to be: Known bad.
Malicious Activity Summary
Android Triada payload
Triada family
Declares services with permission to bind to the system
Requests dangerous framework permissions
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2024-11-07 02:56
Signatures
Android Triada payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Triada family
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by chooser target services to bind with the system. Allows apps to modify targets that handle user actions. | android.permission.BIND_CHOOSER_TARGET_SERVICE | N/A | N/A |
| Required by remote views services to bind with the system. Allows apps to share and display views across different processes. | android.permission.BIND_REMOTEVIEWS | N/A | N/A |
| Required by telecom connection services to bind with the system. Allows apps to manage phone call aspects such as call setup and notifications. | android.permission.BIND_TELECOM_CONNECTION_SERVICE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Required to be able to connect to paired Bluetooth devices. | android.permission.BLUETOOTH_CONNECT | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to access any geographic locations persisted in the user's shared collection. | android.permission.ACCESS_MEDIA_LOCATION | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows applications to use exact alarm APIs. | android.permission.SCHEDULE_EXACT_ALARM | N/A | N/A |
| Allows an application to write the user's contacts data. | android.permission.WRITE_CONTACTS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read audio files from external storage. | android.permission.READ_MEDIA_AUDIO | N/A | N/A |
| Allows an application to read image files from external storage. | android.permission.READ_MEDIA_IMAGES | N/A | N/A |
| Allows an application to read video files from external storage. | android.permission.READ_MEDIA_VIDEO | N/A | N/A |
| Allows an application to read image or video files from external storage that a user has selected via the permission prompt photo picker. | android.permission.READ_MEDIA_VISUAL_USER_SELECTED | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Required to be able to advertise and connect to nearby devices via Wi-Fi. | android.permission.NEARBY_WIFI_DEVICES | N/A | N/A |
| Required to be able to discover and pair nearby Bluetooth devices. | android.permission.BLUETOOTH_SCAN | N/A | N/A |
| Required to be able to advertise to nearby Bluetooth devices. | android.permission.BLUETOOTH_ADVERTISE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 02:56
Reported
2024-11-07 02:57
Platform
android-x86-arm-20240624-en
Max time kernel
2s
Max time network
37s
Command Line
com.freshmint.wsup
Signatures
N/A
Processes
com.freshmint.wsup
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.10:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| GB | 142.250.200.42:443 | digitalassetlinks.googleapis.com | tcp |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
Files
N/A