Analysis Overview
SHA256
a880d496b35844ec1d2449576898f4834ba48fbb6a809677e9c9a193195ef84f
Threat Level: Shows suspicious behavior
The file 55975d0e6d18977989082f6ad9a1a2b8.apk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Requests dangerous framework permissions
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 18:46
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-07 18:46
Reported
2024-11-07 18:49
Platform
android-x64-arm64-20240624-en
Max time kernel
31s
Max time network
134s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
comhxhd.icdgdbdhdgic.apqDhdgdsgn
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.212.238:443 | tcp | |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | icuser.in | udp |
| DE | 162.55.25.67:443 | icuser.in | tcp |
| DE | 162.55.25.67:443 | icuser.in | tcp |
| US | 1.1.1.1:53 | use.fontawesome.com | udp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.228:443 | tcp |
Files
/data/data/comhxhd.icdgdbdhdgic.apqDhdgdsgn/logs/20241107184642543.log
| MD5 | 6f50918a5d12344185e8f16b6ebaebe2 |
| SHA1 | f0e0e243954dc6f33033f32b203912fc22f2eb17 |
| SHA256 | 8e8086cde100a992f4ad66004c4153afd069bc87af8a5ea959590e215c00a460 |
| SHA512 | 7070baa2a2e74fa75cc39b211e8398ace38d195a0f06ee801e091c9ae53a3650c26bf0bd33593f8ba7cbe578954d148f6f433b8cb359f34a777339a4a6eb6b45 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 18:46
Reported
2024-11-07 18:48
Platform
android-x86-arm-20240624-en
Max time kernel
58s
Max time network
132s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
comhxhd.icdgdbdhdgic.apqDhdgdsgn
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | icuser.in | udp |
| DE | 162.55.25.67:443 | icuser.in | tcp |
| US | 1.1.1.1:53 | use.fontawesome.com | udp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
Files
/data/data/comhxhd.icdgdbdhdgic.apqDhdgdsgn/logs/20241107184650412.log
| MD5 | 0f3a590408108424bb260d7f35aba8e1 |
| SHA1 | 1eaad685b0d62398e4c53af644ac711432af3563 |
| SHA256 | 546ce2bde5d41ed1d24bddaf647acb5437e47c905c9c515ed2df245dd208de2b |
| SHA512 | 6d42ee364d9875b132eaf983e9fa85fc6e2d9a829f3f34f7effb1e12365f41575a3f127c832a77ef38501584269489d53e36f2e12f777a2b53eafa93f4ce5a9f |
/data/data/comhxhd.icdgdbdhdgic.apqDhdgdsgn/files/profileInstalled
| MD5 | f6627117084a8f1a651aaa3a2c095245 |
| SHA1 | 2410092e57043b82adaf216bee15e04e0ef12c9c |
| SHA256 | a766d52e142628e75a6b2796438717fff74be95a41efedef7f40c419799f788f |
| SHA512 | eb6a397c5b3130c051bee6dd1d67e5b78ddd12c1b40b6939cb97a05b1d8f5e58115909a77826b96dd8fa12cc042a10abf6dd41268ebbc4f8bd24dcc853e1d944 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 18:46
Reported
2024-11-07 18:49
Platform
android-x64-20240910-en
Max time kernel
46s
Max time network
142s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
comhxhd.icdgdbdhdgic.apqDhdgdsgn
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.74:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 142.250.180.10:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | icuser.in | udp |
| DE | 162.55.25.67:443 | icuser.in | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 142.250.200.10:443 | safebrowsing.googleapis.com | tcp |
| US | 1.1.1.1:53 | use.fontawesome.com | udp |
| US | 172.67.142.245:443 | use.fontawesome.com | tcp |
| US | 172.67.142.245:443 | use.fontawesome.com | tcp |
Files
/data/data/comhxhd.icdgdbdhdgic.apqDhdgdsgn/logs/20241107184634637.log
| MD5 | c714fe9af9808aaa96beb01d758e14ba |
| SHA1 | d35d8e3f34f1bc0be9dd03d402587cf0aa794f8b |
| SHA256 | 65698adf857021a3ae31aee9783afb21ae903104e0cb2d339d009618712f0485 |
| SHA512 | 578e4ef59fd72465da42abc829e3bff48727eebc0c0ce5d9024d7327c4e73dee3d7aa685f957044c426e4afc40b877077b7b2120ee00e0dfddb086800bcc72e5 |
/data/data/comhxhd.icdgdbdhdgic.apqDhdgdsgn/files/profileInstalled
| MD5 | ae4bfb0085c16aa1fe28cb622d123a85 |
| SHA1 | a763524eb5b7b2a02c9781d11fb657566cfeb48d |
| SHA256 | 7a84b51b9860fbbc71b45887f2ec833ddcbff859cfdf2b6ba2c56d9cd66dad96 |
| SHA512 | 76b0f66433bbaa29dc83ab60e82dccd4fcf3bc4f313f90869c5782edc359678c4b36f57ce5364cc785f07d7fc3c844bba5cc5faf5f95a80042e7ed6c20e04d94 |