Analysis Overview
SHA256
8502286b51db5ff919fc3f8189abfb3d0f998a35aa267387aad27aef3d5ecef4
Threat Level: Shows suspicious behavior
The file 8502286b51db5ff919fc3f8189abfb3d0f998a35aa267387aad27aef3d5ecef4.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Requests dangerous framework permissions
Queries the mobile country code (MCC)
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 23:09
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 23:09
Reported
2024-11-09 23:12
Platform
android-x86-arm-20240624-en
Max time kernel
24s
Max time network
131s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.frsihsupport.android
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.14:443 | android.apis.google.com | tcp |
| GB | 216.58.204.74:443 | semanticlocation-pa.googleapis.com | tcp |
Files
/data/misc/profiles/cur/0/com.frsihsupport.android/primary.prof
| MD5 | 403c4d600b299d733fc2f97348f83e6a |
| SHA1 | 6d7f0c585b864f02777d06bd52fe6ba74294e39a |
| SHA256 | 9c67e25c5c391fb947b3bcbc9118111669724bbb35d24f8a6fd73bf411f237a6 |
| SHA512 | 488f2fe37985bcf69a9d98b6a5525136f1a4f477beb6e2011721a25835ad61a4d9d3d017d024a4c45f0684ace27d05b0086f1f91aa7bc6c25788e600684d3f86 |
/data/data/com.frsihsupport.android/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 50c1fc3e858bda4a240fda7023d5c54f |
| SHA1 | b0ad8217ce7ba6e09bde1e2853e7ef02aa36cdf4 |
| SHA256 | 0f5b979fe34608185bbd5f348db4601f7909b61bccdf35cc280d0739cb56fb56 |
| SHA512 | adbdd08740c015f01a2a90660d9436f15feb5944d8535b64e3003239ad80ae4843d45fcd67448da6de002ec384541761cd1c8be778805f4a48c3220dc27f7bcd |
/data/data/com.frsihsupport.android/files/profileInstalled
| MD5 | 9c53cf56b63fd5b26ba95f2bdb0dd18d |
| SHA1 | 38111cda9ff07ad7c3c2e75482d564f19946bb4d |
| SHA256 | 77716bfb8349a5f02e510e02e3fff5f454dcaa63dc44665714dd5a622a77e7d8 |
| SHA512 | 32830256f90541afdb88f1a34276e734920f4d4b3c784e070b458225c3d9d252830ac07389ca9f1a7d2817198b291cac1c281947eeec7d633125204b2474b83d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 23:09
Reported
2024-11-09 23:12
Platform
android-x64-20240910-en
Max time kernel
23s
Max time network
160s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.frsihsupport.android
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.42:443 | tcp | |
| GB | 216.58.212.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| GB | 172.217.169.10:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.204.66:443 | tcp |
Files
/data/misc/profiles/cur/0/com.frsihsupport.android/primary.prof
| MD5 | 403c4d600b299d733fc2f97348f83e6a |
| SHA1 | 6d7f0c585b864f02777d06bd52fe6ba74294e39a |
| SHA256 | 9c67e25c5c391fb947b3bcbc9118111669724bbb35d24f8a6fd73bf411f237a6 |
| SHA512 | 488f2fe37985bcf69a9d98b6a5525136f1a4f477beb6e2011721a25835ad61a4d9d3d017d024a4c45f0684ace27d05b0086f1f91aa7bc6c25788e600684d3f86 |
/data/data/com.frsihsupport.android/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | c9cf04f10e0c77c1517e57ab9e79b58b |
| SHA1 | 665f3219192b1b872540bb04ab659c812b44d74f |
| SHA256 | 51cebecab1a87aa0a3bb2bee3cfd6fd1644e3163b00b5f2052ad2266e0383fde |
| SHA512 | 5990dcc211e477cd46664af15e621a0f1a3794f6c04b02c92c1ca79b2cad54d6801df369ecc2f42e26c43a53823cd517ab4ea4642ca491d810f8dd57c4dd02bf |
/data/data/com.frsihsupport.android/files/profileInstalled
| MD5 | 3df33b8390bb509807225a70dc62e834 |
| SHA1 | 9d9dc19ea2476f628c2beb154000c3f9d4ac7f50 |
| SHA256 | 3b76840f2cc0bf6ec8d6292e9f68c8cfafce4ed03097f37be4b71ca300f9719c |
| SHA512 | 4bf70df9964c4aac720d14a2654a84ae64e57618e5070c5dca5aca5141f457e80057724178aae316777db4b0a6ecc393a5318bcc150350f29a037871ff5ea847 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-09 23:09
Reported
2024-11-09 23:12
Platform
android-x64-arm64-20240910-en
Max time kernel
22s
Max time network
150s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks the presence of a debugger
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.frsihsupport.android
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| GB | 172.217.169.46:443 | www.youtube.com | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| US | 216.239.32.223:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.193:443 | tcp | |
| GB | 142.250.187.225:443 | tcp | |
| US | 216.239.32.223:443 | tcp |
Files
/data/misc/profiles/cur/0/com.frsihsupport.android/primary.prof
| MD5 | 403c4d600b299d733fc2f97348f83e6a |
| SHA1 | 6d7f0c585b864f02777d06bd52fe6ba74294e39a |
| SHA256 | 9c67e25c5c391fb947b3bcbc9118111669724bbb35d24f8a6fd73bf411f237a6 |
| SHA512 | 488f2fe37985bcf69a9d98b6a5525136f1a4f477beb6e2011721a25835ad61a4d9d3d017d024a4c45f0684ace27d05b0086f1f91aa7bc6c25788e600684d3f86 |
/data/data/com.frsihsupport.android/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 2d9ae76ecaa6c6b46df1c4b9d75441d7 |
| SHA1 | 89c00f7b1ddc8652ac91c8f99d35700038645054 |
| SHA256 | a0497b139e2a376c167922b97aa676bace53e8bdf30d8f7161a3dd1605cd7b26 |
| SHA512 | 1b678c5cb88d3218c7912ef162f7e15510966d0f0fa12f2c413ffffebfdd833dac3473bc44c42d28afe129f51ffc6b3b8139557c452b942e5db3b28f288ba86c |