Analysis Overview
SHA256
e62d68ab13afd961ac3a7255130c5822b50cc5a0b6a7f80cceb46e217f3a95aa
Threat Level: Shows suspicious behavior
The file A.apk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Reads information about phone network operator.
Requests dangerous framework permissions
Queries the mobile country code (MCC)
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 09:55
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 09:55
Reported
2024-11-09 09:57
Platform
android-33-x64-arm64-20240624-en
Max time kernel
54s
Max time network
67s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Reads information about phone network operator.
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
web.browser
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.228:443 | udp | |
| GB | 142.250.187.228:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | google.com | udp |
| GB | 216.58.212.238:80 | google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.201.100:80 | www.google.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| US | 1.1.1.1:53 | apis.google.com | udp |
| GB | 142.250.187.238:443 | apis.google.com | tcp |
| US | 1.1.1.1:53 | play.google.com | udp |
| GB | 216.58.212.238:443 | play.google.com | tcp |
| US | 1.1.1.1:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.10:443 | content-autofill.googleapis.com | tcp |
| US | 1.1.1.1:53 | in.appcenter.ms | udp |
| US | 68.220.193.245:443 | in.appcenter.ms | tcp |
| US | 1.1.1.1:53 | rcs-acs-tmo-us.jibe.google.com | udp |
| US | 216.239.36.155:443 | rcs-acs-tmo-us.jibe.google.com | tcp |
| US | 1.1.1.1:53 | ogads-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | udp |
| GB | 216.58.212.238:443 | play.google.com | udp |
| GB | 142.250.187.238:443 | apis.google.com | tcp |
| GB | 142.250.187.238:443 | apis.google.com | tcp |
| US | 1.1.1.1:53 | consent.google.com | udp |
| GB | 216.58.201.110:443 | consent.google.com | tcp |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| GB | 216.58.201.110:443 | consent.google.com | udp |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| GB | 172.217.16.227:443 | tcp | |
| US | 162.159.61.3:443 | udp | |
| GB | 172.217.16.227:443 | udp | |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| US | 1.1.1.1:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.187.228:443 | udp | |
| US | 1.1.1.1:53 | encrypted-tbn3.gstatic.com | udp |
| US | 1.1.1.1:53 | encrypted-tbn2.gstatic.com | udp |
| GB | 142.250.187.206:443 | encrypted-tbn2.gstatic.com | tcp |
| US | 1.1.1.1:53 | cdn.ampproject.org | udp |
| GB | 142.250.200.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.1:443 | cdn.ampproject.org | tcp |
| US | 1.1.1.1:53 | www.tiktok.com | udp |
| GB | 104.77.118.88:443 | www.tiktok.com | tcp |
| US | 1.1.1.1:53 | sf16-website-login.neutral.ttwstatic.com | udp |
| NL | 2.18.121.75:443 | sf16-website-login.neutral.ttwstatic.com | tcp |
| NL | 2.18.121.75:443 | sf16-website-login.neutral.ttwstatic.com | tcp |
| NL | 2.18.121.75:443 | sf16-website-login.neutral.ttwstatic.com | tcp |
| NL | 2.18.121.75:443 | sf16-website-login.neutral.ttwstatic.com | tcp |
| NL | 2.18.121.75:443 | sf16-website-login.neutral.ttwstatic.com | tcp |
| NL | 2.18.121.75:443 | sf16-website-login.neutral.ttwstatic.com | tcp |
| NL | 2.18.121.75:443 | sf16-website-login.neutral.ttwstatic.com | tcp |
| US | 1.1.1.1:53 | storage.googleapis.com | udp |
| GB | 172.217.169.27:443 | storage.googleapis.com | tcp |
| GB | 172.217.169.27:443 | storage.googleapis.com | udp |
| US | 1.1.1.1:53 | lf16-tiktok-common.ibytedtos.com | udp |
| US | 1.1.1.1:53 | mon-i18n.tiktokv.com | udp |
| GB | 88.221.134.234:443 | lf16-tiktok-common.ibytedtos.com | tcp |
| GB | 88.221.134.234:443 | lf16-tiktok-common.ibytedtos.com | tcp |
| GB | 88.221.134.234:443 | lf16-tiktok-common.ibytedtos.com | tcp |
| GB | 139.177.227.225:443 | mon-i18n.tiktokv.com | tcp |
| US | 1.1.1.1:53 | libraweb.tiktokw.eu | udp |
| US | 1.1.1.1:53 | mcs-va-useast2a.tiktokv.com | udp |
| GB | 184.28.198.186:443 | mcs-va-useast2a.tiktokv.com | tcp |
| GB | 88.221.135.82:443 | libraweb.tiktokw.eu | tcp |
| GB | 139.177.227.225:443 | mon-i18n.tiktokv.com | tcp |
| GB | 184.28.198.186:443 | mcs-va-useast2a.tiktokv.com | tcp |
| GB | 184.28.198.186:443 | mcs-va-useast2a.tiktokv.com | tcp |
| GB | 184.28.198.186:443 | mcs-va-useast2a.tiktokv.com | tcp |
| GB | 184.28.198.186:443 | mcs-va-useast2a.tiktokv.com | tcp |
| GB | 184.28.198.186:443 | mcs-va-useast2a.tiktokv.com | tcp |
| GB | 184.28.198.186:443 | mcs-va-useast2a.tiktokv.com | tcp |
| GB | 184.28.198.186:443 | mcs-va-useast2a.tiktokv.com | tcp |
| US | 1.1.1.1:53 | mssdk-i18n.tiktok.com | udp |
| US | 1.1.1.1:53 | stun.l.google.com | udp |
| GB | 104.86.111.16:443 | mssdk-i18n.tiktok.com | tcp |
| US | 74.125.250.129:19302 | stun.l.google.com | udp |
| US | 1.1.1.1:53 | p16-sign-va.tiktokcdn.com | udp |
| DE | 2.16.62.11:443 | p16-sign-va.tiktokcdn.com | tcp |
| DE | 2.16.62.11:443 | p16-sign-va.tiktokcdn.com | tcp |
| US | 1.1.1.1:53 | p16-sign-useast2a.tiktokcdn.com | udp |
| DE | 2.16.62.26:443 | p16-sign-useast2a.tiktokcdn.com | tcp |
| DE | 2.16.62.26:443 | p16-sign-useast2a.tiktokcdn.com | tcp |
| US | 1.1.1.1:53 | p16-sign-sg.tiktokcdn.com | udp |
| NL | 2.18.121.83:443 | p16-sign-sg.tiktokcdn.com | tcp |
| US | 1.1.1.1:53 | v16-webapp-prime.tiktok.com | udp |
| GB | 88.221.134.160:443 | v16-webapp-prime.tiktok.com | tcp |
| GB | 216.58.204.67:443 | tcp | |
| US | 1.1.1.1:53 | mon.tiktokv.com | udp |
| GB | 88.221.134.153:443 | mon.tiktokv.com | tcp |
| GB | 184.28.198.186:443 | mcs-va-useast2a.tiktokv.com | tcp |
| GB | 184.28.198.186:443 | mcs-va-useast2a.tiktokv.com | tcp |
| US | 74.125.250.129:19302 | stun.l.google.com | udp |
| GB | 184.28.198.186:443 | mcs-va-useast2a.tiktokv.com | tcp |
| GB | 184.28.198.186:443 | mcs-va-useast2a.tiktokv.com | tcp |
Files
/data/data/web.browser/databases/com.microsoft.appcenter.persistence-journal
| MD5 | a21cc65e6d1dac307ece1ce04cb8f942 |
| SHA1 | 7dc942f9571b932cdc94bdbb6fcfd1f7d679c74c |
| SHA256 | b2c7688b1a000b2c341186716106dfac5020e1f78ec7932149dc61eee492ca02 |
| SHA512 | 3007d6af06ed32271761ccbb4685924bd4398f8fce456528c591005945e81d54b036ff423df67159f44b47a5aecbb1d2f734e1fb9d660b1d35a87e34e5619922 |
/data/data/web.browser/databases/com.microsoft.appcenter.persistence
| MD5 | 6476cb5e643ade61be63ca083f13501f |
| SHA1 | 43dcb47df77b63833b7941a241409e48d2a34118 |
| SHA256 | f08da305cd1f8b90b47cb03f34871343ef473b3c297298e99767ebcde7642072 |
| SHA512 | d06f2b8deaa47f2bb256775dacf5e29b5e0346a627beeba4718dd3cbaededdff09c553091d30716c4d7362c8d53e5468236c2a4e0bf568bf39f62f9764d5b3ed |
/data/data/web.browser/databases/com.microsoft.appcenter.persistence-journal
| MD5 | ed08721ac070480c59aab2d42e818fce |
| SHA1 | 3b23eb84bfff52abdc86ebbd6f2aaf603520cd15 |
| SHA256 | bf89bd8d62ed17a5d4b91bc999dae70fbf9bc9fe932b2fba9d2bfac1db0629a8 |
| SHA512 | f8774195140f022e3f8adda66b234db248993ee0b15fd33a001a2e9343d156fce58d973bd52852c3fadbb9584f9eb793051b0f0bb652772a242eed73edfd2bdc |
/data/data/web.browser/databases/com.microsoft.appcenter.persistence-journal
| MD5 | 87b1244d58a26e8a5aa2aeabc75d7aea |
| SHA1 | 6c4647e8407d6ec1d6de1f1d96a9a64af1041070 |
| SHA256 | 05e64e516823903f08e9bb18b0c45415fc44bfc56d641f9dc2f6ab99aeff2e5a |
| SHA512 | 85b2873e22c161476f38b631abae301cc764846486c004ca8f55c9658c2528455355f9c257bfe1d64634287cb01dc939500103f76a326756939fc63b6d3ba606 |
/data/data/web.browser/databases/com.microsoft.appcenter.persistence-journal
| MD5 | 8e586ca34758403edd25aebe18042dc0 |
| SHA1 | e71001cfabc68821b3a0bdb83ee945e7464da638 |
| SHA256 | e45e2ac1c037fe67e034fba540a370d65240ffd26835361b0b5ac0716005b607 |
| SHA512 | a52fb9c238a642067d871257c00201316adb476dae56af6eb558809a5206621a253bb89cb6a29938cd286a5785ad6d3e7b12b3e8d5bdade8e7da0007caf7e968 |
/data/data/web.browser/databases/com.microsoft.appcenter.persistence-journal
| MD5 | 950092045d1d577ec23d7e39cd76be3a |
| SHA1 | 39bfc880067e4c952ed26baea6bafa302d8fd969 |
| SHA256 | 9932b0391bff8da16d5e56233e6d9f7e59f4b7094e9bd658f77ae9a3d871fc62 |
| SHA512 | 01f3a200b3e2f60e2a4b0f4a74454a4801f574f3e93953141cbd12b5a59d412c595a9ae004b366f6ac3b3af19129dd276b9bc56b261d92616ceeed96d0238cbf |
/data/data/web.browser/databases/com.microsoft.appcenter.persistence-journal
| MD5 | 1571470362d1a734b5cd30104553147e |
| SHA1 | 06335ba362ecfba46f44a6e035efef89afa2ac46 |
| SHA256 | 6e933c4508e8178612a557ad620ca488b7a0a17073dfd3876e6bca3f0c7fecb1 |
| SHA512 | c2f8d39c705f123765b5eb3540195b2cf48d09649a536b4a3aee0f38df723d1a09679fb86aa1f496c537b8cb6c67ea9427ffb58ac6c7f124e0d376a8d7286bb7 |