Malware Analysis Report

2024-11-13 17:37

Sample ID 241109-25a9lsthrd
Target 8502286b51db5ff919fc3f8189abfb3d0f998a35aa267387aad27aef3d5ecef4.bin
SHA256 8502286b51db5ff919fc3f8189abfb3d0f998a35aa267387aad27aef3d5ecef4
Tags
discovery evasion persistence collection credential_access impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

8502286b51db5ff919fc3f8189abfb3d0f998a35aa267387aad27aef3d5ecef4

Threat Level: Shows suspicious behavior

The file 8502286b51db5ff919fc3f8189abfb3d0f998a35aa267387aad27aef3d5ecef4.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion persistence collection credential_access impact

Obtains sensitive information copied to the device clipboard

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Checks the presence of a debugger

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 23:09

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 23:09

Reported

2024-11-09 23:12

Platform

android-x86-arm-20240624-en

Max time kernel

24s

Max time network

131s

Command Line

com.frsihsupport.android

Signatures

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.frsihsupport.android

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp

Files

/data/misc/profiles/cur/0/com.frsihsupport.android/primary.prof

MD5 403c4d600b299d733fc2f97348f83e6a
SHA1 6d7f0c585b864f02777d06bd52fe6ba74294e39a
SHA256 9c67e25c5c391fb947b3bcbc9118111669724bbb35d24f8a6fd73bf411f237a6
SHA512 488f2fe37985bcf69a9d98b6a5525136f1a4f477beb6e2011721a25835ad61a4d9d3d017d024a4c45f0684ace27d05b0086f1f91aa7bc6c25788e600684d3f86

/data/data/com.frsihsupport.android/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 50c1fc3e858bda4a240fda7023d5c54f
SHA1 b0ad8217ce7ba6e09bde1e2853e7ef02aa36cdf4
SHA256 0f5b979fe34608185bbd5f348db4601f7909b61bccdf35cc280d0739cb56fb56
SHA512 adbdd08740c015f01a2a90660d9436f15feb5944d8535b64e3003239ad80ae4843d45fcd67448da6de002ec384541761cd1c8be778805f4a48c3220dc27f7bcd

/data/data/com.frsihsupport.android/files/profileInstalled

MD5 9c53cf56b63fd5b26ba95f2bdb0dd18d
SHA1 38111cda9ff07ad7c3c2e75482d564f19946bb4d
SHA256 77716bfb8349a5f02e510e02e3fff5f454dcaa63dc44665714dd5a622a77e7d8
SHA512 32830256f90541afdb88f1a34276e734920f4d4b3c784e070b458225c3d9d252830ac07389ca9f1a7d2817198b291cac1c281947eeec7d633125204b2474b83d

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 23:09

Reported

2024-11-09 23:12

Platform

android-x64-20240910-en

Max time kernel

23s

Max time network

160s

Command Line

com.frsihsupport.android

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.frsihsupport.android

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
GB 216.58.212.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 172.217.169.10:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 216.58.204.66:443 tcp

Files

/data/misc/profiles/cur/0/com.frsihsupport.android/primary.prof

MD5 403c4d600b299d733fc2f97348f83e6a
SHA1 6d7f0c585b864f02777d06bd52fe6ba74294e39a
SHA256 9c67e25c5c391fb947b3bcbc9118111669724bbb35d24f8a6fd73bf411f237a6
SHA512 488f2fe37985bcf69a9d98b6a5525136f1a4f477beb6e2011721a25835ad61a4d9d3d017d024a4c45f0684ace27d05b0086f1f91aa7bc6c25788e600684d3f86

/data/data/com.frsihsupport.android/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 c9cf04f10e0c77c1517e57ab9e79b58b
SHA1 665f3219192b1b872540bb04ab659c812b44d74f
SHA256 51cebecab1a87aa0a3bb2bee3cfd6fd1644e3163b00b5f2052ad2266e0383fde
SHA512 5990dcc211e477cd46664af15e621a0f1a3794f6c04b02c92c1ca79b2cad54d6801df369ecc2f42e26c43a53823cd517ab4ea4642ca491d810f8dd57c4dd02bf

/data/data/com.frsihsupport.android/files/profileInstalled

MD5 3df33b8390bb509807225a70dc62e834
SHA1 9d9dc19ea2476f628c2beb154000c3f9d4ac7f50
SHA256 3b76840f2cc0bf6ec8d6292e9f68c8cfafce4ed03097f37be4b71ca300f9719c
SHA512 4bf70df9964c4aac720d14a2654a84ae64e57618e5070c5dca5aca5141f457e80057724178aae316777db4b0a6ecc393a5318bcc150350f29a037871ff5ea847

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-09 23:09

Reported

2024-11-09 23:12

Platform

android-x64-arm64-20240910-en

Max time kernel

22s

Max time network

150s

Command Line

com.frsihsupport.android

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Checks the presence of a debugger

evasion

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.frsihsupport.android

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 216.239.32.223:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.187.193:443 tcp
GB 142.250.187.225:443 tcp
US 216.239.32.223:443 tcp

Files

/data/misc/profiles/cur/0/com.frsihsupport.android/primary.prof

MD5 403c4d600b299d733fc2f97348f83e6a
SHA1 6d7f0c585b864f02777d06bd52fe6ba74294e39a
SHA256 9c67e25c5c391fb947b3bcbc9118111669724bbb35d24f8a6fd73bf411f237a6
SHA512 488f2fe37985bcf69a9d98b6a5525136f1a4f477beb6e2011721a25835ad61a4d9d3d017d024a4c45f0684ace27d05b0086f1f91aa7bc6c25788e600684d3f86

/data/data/com.frsihsupport.android/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 2d9ae76ecaa6c6b46df1c4b9d75441d7
SHA1 89c00f7b1ddc8652ac91c8f99d35700038645054
SHA256 a0497b139e2a376c167922b97aa676bace53e8bdf30d8f7161a3dd1605cd7b26
SHA512 1b678c5cb88d3218c7912ef162f7e15510966d0f0fa12f2c413ffffebfdd833dac3473bc44c42d28afe129f51ffc6b3b8139557c452b942e5db3b28f288ba86c