Malware Analysis Report

2024-12-01 03:05

Sample ID 241108-k7ameszdnd
Target 74537ce980a37de602a300d383764c68.apk
SHA256 2b252830988a1f726d9367b5a24b3e992b6b51681b441256ce413195bf595b1b
Tags
collection evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

2b252830988a1f726d9367b5a24b3e992b6b51681b441256ce413195bf595b1b

Threat Level: Shows suspicious behavior

The file 74537ce980a37de602a300d383764c68.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection evasion

Reads the content of SMS inbox messages.

Loads dropped Dex/Jar

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-08 09:14

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-08 09:14

Reported

2024-11-08 09:17

Platform

android-x86-arm-20240624-en

Max time kernel

9s

Max time network

131s

Command Line

com.example.finance

Signatures

Reads the content of SMS inbox messages.

collection
Description Indicator Process Target
URI accessed for read content://sms/inbox N/A N/A

Processes

com.example.finance

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/data/com.example.finance/files/profileInstalled

MD5 27e46182b018f69d5acc5fffdc278f13
SHA1 a88fcaf4ae323184c9e892e757083c2c9ce80e66
SHA256 f391cf5d2fa286eb95249b3427a0a9377a024bff40be669a9de8c8b960405557
SHA512 f3df842f71f145b4a71e9a3049d930c5390d8592d3aa0c7f2e18df18237d7c5af1bb7c74a5e03231eadb046af0be43f010831ac909ac955abac0076c7a65f5f3

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-08 09:14

Reported

2024-11-08 09:17

Platform

android-x64-20240624-en

Max time kernel

8s

Max time network

156s

Command Line

com.example.finance

Signatures

Reads the content of SMS inbox messages.

collection
Description Indicator Process Target
URI accessed for read content://sms/inbox N/A N/A

Processes

com.example.finance

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
GB 216.58.213.14:443 tcp
GB 142.250.178.2:443 tcp

Files

/data/data/com.example.finance/files/profileInstalled

MD5 aa0e9555a738ab32a21b8dcf535e4219
SHA1 b6be5ed7f4a686d721f50f476372b547cf71104b
SHA256 b49416792e5cdd88e82993dfdddc1c1ca30c4e0a85c3dd15b93caf09709698a8
SHA512 d0f78140d82e66be03d972f75deb47ca840c07cfa083381edd33447d41c473bafdea2a9a0fdd1184f6c278f24bb1256787ce2104658aeabab68a8b261e39bef2

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-08 09:14

Reported

2024-11-08 09:17

Platform

android-x64-arm64-20240624-en

Max time kernel

9s

Max time network

134s

Command Line

com.example.finance

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A

Reads the content of SMS inbox messages.

collection
Description Indicator Process Target
URI accessed for read content://sms/inbox N/A N/A

Processes

com.example.finance

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

/system_ext/framework/androidx.window.sidecar.jar

MD5 bdf3529e80318eb14e53a5bf3720c10d
SHA1 25c9ace4b1af6e80ebb2572345972c56505969ba
SHA256 bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b
SHA512 48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b