Analysis Overview
SHA256
934c686328aea5bddc4ff31be56a9697f9b8452b24874a4228ec7fdfd094f009
Threat Level: Shows suspicious behavior
The file 934c686328aea5bddc4ff31be56a9697f9b8452b24874a4228ec7fdfd094f009 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Obtains sensitive information copied to the device clipboard
Queries information about running processes on the device
Requests dangerous framework permissions
Makes use of the framework's foreground persistence service
Declares services with permission to bind to the system
Acquires the wake lock
Checks the application is allowed to request package installs through the package installer
Requests allowing to install additional applications from unknown sources.
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Schedules tasks to execute at a specified time
Checks memory information
Checks CPU information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 17:30
Signatures
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
| Required by in-call services to bind with the system. Allows apps to handle aspects of phone calls while they are in progress. | android.permission.BIND_INCALL_SERVICE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application a broad access to external storage in scoped storage. | android.permission.MANAGE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral7
Detonation Overview
Submitted
2024-11-07 17:30
Reported
2024-11-07 17:33
Platform
android-x86-arm-20240910-en
Max time kernel
1s
Max time network
150s
Command Line
Signatures
Processes
com.sthpphbui.skbheonr
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
Files
/data/data/com.sthpphbui.skbheonr/files/.ss/l5aeca345.so
| MD5 | 56c0b5563c66de286062dbb9856a1b97 |
| SHA1 | 260ac0dcf966a1fa741722dd555c665d078f177f |
| SHA256 | f194f5840b65a2f88acfe57e696166c4673fdc3fdfd06e30b13760c5df27b086 |
| SHA512 | 55046f16efe1eb5f5ff9147bec7695e3543cc494b6a905b8f7f39f46ef323249c07ecb2b8bea7a01298ad8e51c54df54c1bcab6dc30bacf817e271056a3a6028 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 17:30
Reported
2024-11-07 17:33
Platform
android-x86-arm-20240624-en
Max time kernel
147s
Max time network
138s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
| Required by in-call services to bind with the system. Allows apps to handle aspects of phone calls while they are in progress. | android.permission.BIND_INCALL_SERVICE | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Requests allowing to install additional applications from unknown sources.
| Description | Indicator | Process | Target |
| Intent action | android.settings.MANAGE_UNKNOWN_APP_SOURCES | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows the app to answer an incoming phone call. | android.permission.ANSWER_PHONE_CALLS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to write and read the user's call log data. | android.permission.WRITE_CALL_LOG | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to write the user's contacts data. | android.permission.WRITE_CONTACTS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. | android.permission.PROCESS_OUTGOING_CALLS | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access location in the background. | android.permission.ACCESS_BACKGROUND_LOCATION | N/A | N/A |
| Allows an application a broad access to external storage in scoped storage. | android.permission.MANAGE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.kohsqtsik.kkbdgmpf
chmod 755 /data/user/0/com.kohsqtsik.kkbdgmpf/files/.ss/l2c452656.so
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.10:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.232:443 | ssl.google-analytics.com | tcp |
Files
/data/data/com.kohsqtsik.kkbdgmpf/files/.ss/l2c452656.so
| MD5 | 80e35aef95212e8b988a562e2e14aae9 |
| SHA1 | 8eb117537327ffd7a3aea18be1b1ec910a290238 |
| SHA256 | 997717e27e59bd025221c77e74a20baaee3426ec4a37840da0d1bb5bdda4a83d |
| SHA512 | e6a17ed6a8e4343f977526fac2aee80d496355067b37365fb0329aaf2e89008604ffaa1e8f165b8c7a0f30951f7e16bbb4acda3dca2a8516cba2f71ef37e495d |
/storage/emulated/0/Download/kbyroill.apk
| MD5 | 03c49a3572d13053d3c564b2b3c97506 |
| SHA1 | 1ded708d53c143cffb6942422866dd135278450f |
| SHA256 | e71a32170c93f257acc7276a4b0cdca025568599eba2ef9a62e141e4327f551e |
| SHA512 | 5ee920ef7006cb35435c2705557d564df5b6dc2ea0566cc386260cfb9e98ff9eb381ee63a77cc8e61b273101dd0ba1466dec9f2a127155e7411e9a69b9c9673b |
/storage/emulated/0/Download/kbyroill.apk
| MD5 | 638672db7fe864404ba9140224267b53 |
| SHA1 | 4c87d93bb9346cea5496ffc84d4518dc388a2c07 |
| SHA256 | b0d56c8a2751f651a468c5b85430494ee5b17271b405869d3296da56b96aa1c3 |
| SHA512 | 1303241b7cdce078508238653f9c211f281cca457d0f0a944be5370e885a0bfb7dd5bd85fe69a1934b97e74925841eaea1904add9383f04d5279f80a4f9d11bd |
/storage/emulated/0/Download/kbyroill.apk
| MD5 | eec90db03e3c0e274ffde36d19306c4a |
| SHA1 | 3c920a1c882971d8b87cb38b393cb262231085e2 |
| SHA256 | 17f7ca5c39948e2f6399aa8b85d169dc030176502552e9fba24493c833f974d0 |
| SHA512 | 4a38fd257ecce4a5d1c1826f0d1f17f6e77a69e850912729e76feee299c6282c99e927485f2b947f0a80716785f3ea04dfa56c8ce7e44cf088f28c4da25bdaa3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 17:30
Reported
2024-11-07 17:33
Platform
android-x64-20240624-en
Max time kernel
49s
Max time network
134s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Checks the application is allowed to request package installs through the package installer
| Description | Indicator | Process | Target |
| Framework service call | android.content.pm.IPackageManager.canRequestPackageInstalls | N/A | N/A |
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
| Required by in-call services to bind with the system. Allows apps to handle aspects of phone calls while they are in progress. | android.permission.BIND_INCALL_SERVICE | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows the app to answer an incoming phone call. | android.permission.ANSWER_PHONE_CALLS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to write and read the user's call log data. | android.permission.WRITE_CALL_LOG | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to write the user's contacts data. | android.permission.WRITE_CONTACTS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. | android.permission.PROCESS_OUTGOING_CALLS | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access location in the background. | android.permission.ACCESS_BACKGROUND_LOCATION | N/A | N/A |
| Allows an application a broad access to external storage in scoped storage. | android.permission.MANAGE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.kohsqtsik.kkbdgmpf
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.200.34:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 216.58.201.99:443 | tcp | |
| GB | 216.58.201.99:443 | tcp | |
| GB | 216.58.201.99:443 | tcp | |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| BE | 142.251.173.188:5228 | tcp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 142.251.168.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | g.tenor.com | udp |
| GB | 216.58.204.74:443 | g.tenor.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.179.234:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
Files
/data/data/com.kohsqtsik.kkbdgmpf/files/.ss/l2c452656.so
| MD5 | d9d962bef0a619356baedbb775c66a7a |
| SHA1 | 51cfd692ae653bcaf0b378b9a8c15528b6edaddc |
| SHA256 | 84327487e57833ac0f4c5bda991dbf6f241d1742bae641fece74579b787c392a |
| SHA512 | 4b169fe255e69e4842230f361ed4aa0f2c371e0aaa49402833b85027b21b8ddddd84819a3e1f4a65fffd5f411adfbabb3aa425dd2d7e0fdd4445c680dbbf2212 |
/storage/emulated/0/Download/kbyroill.apk
| MD5 | 03c49a3572d13053d3c564b2b3c97506 |
| SHA1 | 1ded708d53c143cffb6942422866dd135278450f |
| SHA256 | e71a32170c93f257acc7276a4b0cdca025568599eba2ef9a62e141e4327f551e |
| SHA512 | 5ee920ef7006cb35435c2705557d564df5b6dc2ea0566cc386260cfb9e98ff9eb381ee63a77cc8e61b273101dd0ba1466dec9f2a127155e7411e9a69b9c9673b |
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-07 17:30
Reported
2024-11-07 17:33
Platform
android-x64-arm64-20240624-en
Max time kernel
92s
Max time network
159s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Checks the application is allowed to request package installs through the package installer
| Description | Indicator | Process | Target |
| Framework service call | android.content.pm.IPackageManager.canRequestPackageInstalls | N/A | N/A |
Requests allowing to install additional applications from unknown sources.
| Description | Indicator | Process | Target |
| Intent action | android.settings.MANAGE_UNKNOWN_APP_SOURCES | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.kohsqtsik.kkbdgmpf
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 216.58.204.66:443 | tcp | |
| GB | 216.58.212.206:443 | tcp |
Files
/data/user/0/com.kohsqtsik.kkbdgmpf/files/.ss/l2c452656.so
| MD5 | d9d962bef0a619356baedbb775c66a7a |
| SHA1 | 51cfd692ae653bcaf0b378b9a8c15528b6edaddc |
| SHA256 | 84327487e57833ac0f4c5bda991dbf6f241d1742bae641fece74579b787c392a |
| SHA512 | 4b169fe255e69e4842230f361ed4aa0f2c371e0aaa49402833b85027b21b8ddddd84819a3e1f4a65fffd5f411adfbabb3aa425dd2d7e0fdd4445c680dbbf2212 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-07 17:30
Reported
2024-11-07 17:33
Platform
android-x86-arm-20240910-en
Max time kernel
34s
Max time network
151s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Makes use of the framework's foreground persistence service
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
com.sthpphbui.skbheonr
chmod 755 /data/user/0/com.sthpphbui.skbheonr/files/.ss/l5aeca345.so
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.sthpphbui.skbheonr/files/.ss/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.sthpphbui.skbheonr/files/.ss/oat/x86/classes2.odex --compiler-filter=quicken --class-loader-context=&
com.sthpphbui.skbheonr:remote
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.180.2:443 | tcp | |
| GB | 142.250.179.228:80 | tcp |
Files
/data/data/com.sthpphbui.skbheonr/files/.ss/l5aeca345.so
| MD5 | 6eebc87c33ccbad69dea6f85420ad8a2 |
| SHA1 | b06d500699360c312a3c3da8ada8216cb4fdc6af |
| SHA256 | 2a57f84141082e9f22cb500b4953471cb6ded55fe8e55711583761b0b5061338 |
| SHA512 | 68cced9cdd28dd795a8a0bdc5dff3327cc7efd365e34a33dfc44f1d3958a90ad23cc627d56a065c66b875ae525ea2bfa7ec66b82366bdf4e0940a754d10345ac |
/data/data/com.sthpphbui.skbheonr/files/.ss/classes.dex
| MD5 | 4dd8db19a5cd0a2c00e41f757ca9bf40 |
| SHA1 | aa5bbbbc09b9511c0d6e318e235bd10132d3346a |
| SHA256 | 63c53f08f8c885b50c83b81aa9effe2cd574f812bf29022a738d949de0213283 |
| SHA512 | 89715673b52321a34f3315ed5fdaa2a59bd197f0e443f7ef18452e6c32277f44949da1999114406e356e20f5991a57e3157ea04f8ab651ba113bfce93905aa2c |
/data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex
| MD5 | b1b4e92b867715a23496d5c299d6aab9 |
| SHA1 | 7ab69d213f5a8c083cc290067bc8b762312f1b93 |
| SHA256 | ed022b38a39cbda23ce73f77ad03fce2b5b097f40075e7458dbd413f5991b069 |
| SHA512 | 87c1f8e5268923018f24cb7b8c80c672627060b8bc2fe531442fae3d6e9aa113f5907ddde265a225734702039b631908f3947cbdb8c2f1e4e8c8ccc312fc98ae |
/data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex
| MD5 | 5f992ec85c6081de6ab2da8bcd8ac664 |
| SHA1 | 79b3aa2f5de59f3e9b36f5b7861668b53e6175b3 |
| SHA256 | 0afcb04334f8e55bca5d325adeaa519a32a3a1d9946346134aadc4a986a1d8ee |
| SHA512 | 1dd5efe88d59122c27d3d15920a1110da8cb7565b5722271a51d423d88b4c0e41ad6a734c157c23ffacbf11f643c916079b8703953576b33f6bac18392641f82 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-11-07 17:30
Reported
2024-11-07 17:33
Platform
android-x64-20240910-en
Max time kernel
35s
Max time network
150s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Makes use of the framework's foreground persistence service
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
com.sthpphbui.skbheonr
com.sthpphbui.skbheonr:remote
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.206:443 | android.apis.google.com | tcp |
Files
/data/data/com.sthpphbui.skbheonr/files/.ss/l5aeca345.so
| MD5 | eb5d37ec0d149d2fa30c7d90511e80c5 |
| SHA1 | 1519e47b0e7e550608f859ab5f6833d953c01b99 |
| SHA256 | 1515b1deca848a8eaa9b1178623563a7bc2ec3ee7351d34761aaaed8850800a9 |
| SHA512 | 1ea3d9a9c27bf89a5187a5fdbedcba986a40998121e3755002d9f743a9d01477a3e05d58c515376e81221a97810ffd0b698acfc754e150e70f07668b0a6a10c8 |
/data/data/com.sthpphbui.skbheonr/files/.ss/classes.dex
| MD5 | 4dd8db19a5cd0a2c00e41f757ca9bf40 |
| SHA1 | aa5bbbbc09b9511c0d6e318e235bd10132d3346a |
| SHA256 | 63c53f08f8c885b50c83b81aa9effe2cd574f812bf29022a738d949de0213283 |
| SHA512 | 89715673b52321a34f3315ed5fdaa2a59bd197f0e443f7ef18452e6c32277f44949da1999114406e356e20f5991a57e3157ea04f8ab651ba113bfce93905aa2c |
/data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex
| MD5 | b1b4e92b867715a23496d5c299d6aab9 |
| SHA1 | 7ab69d213f5a8c083cc290067bc8b762312f1b93 |
| SHA256 | ed022b38a39cbda23ce73f77ad03fce2b5b097f40075e7458dbd413f5991b069 |
| SHA512 | 87c1f8e5268923018f24cb7b8c80c672627060b8bc2fe531442fae3d6e9aa113f5907ddde265a225734702039b631908f3947cbdb8c2f1e4e8c8ccc312fc98ae |
/data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex
| MD5 | 5f992ec85c6081de6ab2da8bcd8ac664 |
| SHA1 | 79b3aa2f5de59f3e9b36f5b7861668b53e6175b3 |
| SHA256 | 0afcb04334f8e55bca5d325adeaa519a32a3a1d9946346134aadc4a986a1d8ee |
| SHA512 | 1dd5efe88d59122c27d3d15920a1110da8cb7565b5722271a51d423d88b4c0e41ad6a734c157c23ffacbf11f643c916079b8703953576b33f6bac18392641f82 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-11-07 17:30
Reported
2024-11-07 17:33
Platform
android-x64-arm64-20240624-en
Max time kernel
35s
Max time network
134s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex | N/A | N/A |
| N/A | /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Makes use of the framework's foreground persistence service
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
com.sthpphbui.skbheonr
com.sthpphbui.skbheonr:remote
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.78:443 | android.apis.google.com | tcp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp |
Files
/data/user/0/com.sthpphbui.skbheonr/files/.ss/l5aeca345.so
| MD5 | eb5d37ec0d149d2fa30c7d90511e80c5 |
| SHA1 | 1519e47b0e7e550608f859ab5f6833d953c01b99 |
| SHA256 | 1515b1deca848a8eaa9b1178623563a7bc2ec3ee7351d34761aaaed8850800a9 |
| SHA512 | 1ea3d9a9c27bf89a5187a5fdbedcba986a40998121e3755002d9f743a9d01477a3e05d58c515376e81221a97810ffd0b698acfc754e150e70f07668b0a6a10c8 |
/data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex
| MD5 | 4dd8db19a5cd0a2c00e41f757ca9bf40 |
| SHA1 | aa5bbbbc09b9511c0d6e318e235bd10132d3346a |
| SHA256 | 63c53f08f8c885b50c83b81aa9effe2cd574f812bf29022a738d949de0213283 |
| SHA512 | 89715673b52321a34f3315ed5fdaa2a59bd197f0e443f7ef18452e6c32277f44949da1999114406e356e20f5991a57e3157ea04f8ab651ba113bfce93905aa2c |
/data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex
| MD5 | b1b4e92b867715a23496d5c299d6aab9 |
| SHA1 | 7ab69d213f5a8c083cc290067bc8b762312f1b93 |
| SHA256 | ed022b38a39cbda23ce73f77ad03fce2b5b097f40075e7458dbd413f5991b069 |
| SHA512 | 87c1f8e5268923018f24cb7b8c80c672627060b8bc2fe531442fae3d6e9aa113f5907ddde265a225734702039b631908f3947cbdb8c2f1e4e8c8ccc312fc98ae |
/data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex
| MD5 | 5f992ec85c6081de6ab2da8bcd8ac664 |
| SHA1 | 79b3aa2f5de59f3e9b36f5b7861668b53e6175b3 |
| SHA256 | 0afcb04334f8e55bca5d325adeaa519a32a3a1d9946346134aadc4a986a1d8ee |
| SHA512 | 1dd5efe88d59122c27d3d15920a1110da8cb7565b5722271a51d423d88b4c0e41ad6a734c157c23ffacbf11f643c916079b8703953576b33f6bac18392641f82 |