Malware Analysis Report

2024-12-01 03:01

Sample ID 241107-xepxvswqav
Target 55975d0e6d18977989082f6ad9a1a2b8.apk
SHA256 a880d496b35844ec1d2449576898f4834ba48fbb6a809677e9c9a193195ef84f
Tags
collection credential_access impact discovery persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

a880d496b35844ec1d2449576898f4834ba48fbb6a809677e9c9a193195ef84f

Threat Level: Shows suspicious behavior

The file 55975d0e6d18977989082f6ad9a1a2b8.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection credential_access impact discovery persistence

Obtains sensitive information copied to the device clipboard

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 18:46

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-07 18:46

Reported

2024-11-07 18:49

Platform

android-x64-arm64-20240624-en

Max time kernel

31s

Max time network

134s

Command Line

comhxhd.icdgdbdhdgic.apqDhdgdsgn

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

comhxhd.icdgdbdhdgic.apqDhdgdsgn

Network

Country Destination Domain Proto
GB 216.58.212.238:443 tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 icuser.in udp
DE 162.55.25.67:443 icuser.in tcp
DE 162.55.25.67:443 icuser.in tcp
US 1.1.1.1:53 use.fontawesome.com udp
US 104.21.27.152:443 use.fontawesome.com tcp
US 104.21.27.152:443 use.fontawesome.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp

Files

/data/data/comhxhd.icdgdbdhdgic.apqDhdgdsgn/logs/20241107184642543.log

MD5 6f50918a5d12344185e8f16b6ebaebe2
SHA1 f0e0e243954dc6f33033f32b203912fc22f2eb17
SHA256 8e8086cde100a992f4ad66004c4153afd069bc87af8a5ea959590e215c00a460
SHA512 7070baa2a2e74fa75cc39b211e8398ace38d195a0f06ee801e091c9ae53a3650c26bf0bd33593f8ba7cbe578954d148f6f433b8cb359f34a777339a4a6eb6b45

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 18:46

Reported

2024-11-07 18:48

Platform

android-x86-arm-20240624-en

Max time kernel

58s

Max time network

132s

Command Line

comhxhd.icdgdbdhdgic.apqDhdgdsgn

Signatures

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

comhxhd.icdgdbdhdgic.apqDhdgdsgn

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 icuser.in udp
DE 162.55.25.67:443 icuser.in tcp
US 1.1.1.1:53 use.fontawesome.com udp
US 104.21.27.152:443 use.fontawesome.com tcp
US 104.21.27.152:443 use.fontawesome.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp

Files

/data/data/comhxhd.icdgdbdhdgic.apqDhdgdsgn/logs/20241107184650412.log

MD5 0f3a590408108424bb260d7f35aba8e1
SHA1 1eaad685b0d62398e4c53af644ac711432af3563
SHA256 546ce2bde5d41ed1d24bddaf647acb5437e47c905c9c515ed2df245dd208de2b
SHA512 6d42ee364d9875b132eaf983e9fa85fc6e2d9a829f3f34f7effb1e12365f41575a3f127c832a77ef38501584269489d53e36f2e12f777a2b53eafa93f4ce5a9f

/data/data/comhxhd.icdgdbdhdgic.apqDhdgdsgn/files/profileInstalled

MD5 f6627117084a8f1a651aaa3a2c095245
SHA1 2410092e57043b82adaf216bee15e04e0ef12c9c
SHA256 a766d52e142628e75a6b2796438717fff74be95a41efedef7f40c419799f788f
SHA512 eb6a397c5b3130c051bee6dd1d67e5b78ddd12c1b40b6939cb97a05b1d8f5e58115909a77826b96dd8fa12cc042a10abf6dd41268ebbc4f8bd24dcc853e1d944

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-07 18:46

Reported

2024-11-07 18:49

Platform

android-x64-20240910-en

Max time kernel

46s

Max time network

142s

Command Line

comhxhd.icdgdbdhdgic.apqDhdgdsgn

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

comhxhd.icdgdbdhdgic.apqDhdgdsgn

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.180.10:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 icuser.in udp
DE 162.55.25.67:443 icuser.in tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.200.10:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 use.fontawesome.com udp
US 172.67.142.245:443 use.fontawesome.com tcp
US 172.67.142.245:443 use.fontawesome.com tcp

Files

/data/data/comhxhd.icdgdbdhdgic.apqDhdgdsgn/logs/20241107184634637.log

MD5 c714fe9af9808aaa96beb01d758e14ba
SHA1 d35d8e3f34f1bc0be9dd03d402587cf0aa794f8b
SHA256 65698adf857021a3ae31aee9783afb21ae903104e0cb2d339d009618712f0485
SHA512 578e4ef59fd72465da42abc829e3bff48727eebc0c0ce5d9024d7327c4e73dee3d7aa685f957044c426e4afc40b877077b7b2120ee00e0dfddb086800bcc72e5

/data/data/comhxhd.icdgdbdhdgic.apqDhdgdsgn/files/profileInstalled

MD5 ae4bfb0085c16aa1fe28cb622d123a85
SHA1 a763524eb5b7b2a02c9781d11fb657566cfeb48d
SHA256 7a84b51b9860fbbc71b45887f2ec833ddcbff859cfdf2b6ba2c56d9cd66dad96
SHA512 76b0f66433bbaa29dc83ab60e82dccd4fcf3bc4f313f90869c5782edc359678c4b36f57ce5364cc785f07d7fc3c844bba5cc5faf5f95a80042e7ed6c20e04d94