Malware Analysis Report

2024-12-07 17:09

Sample ID 241112-11nhpsvrhq
Target d679f9b897b0e7b74ed61f49478f45af198939c48172a414e70a791a92e9bf97.bin
SHA256 d679f9b897b0e7b74ed61f49478f45af198939c48172a414e70a791a92e9bf97
Tags
discovery persistence collection credential_access impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d679f9b897b0e7b74ed61f49478f45af198939c48172a414e70a791a92e9bf97

Threat Level: Shows suspicious behavior

The file d679f9b897b0e7b74ed61f49478f45af198939c48172a414e70a791a92e9bf97.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence collection credential_access impact

Obtains sensitive information copied to the device clipboard

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 22:07

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 22:07

Reported

2024-11-12 22:09

Platform

android-x86-arm-20240910-en

Max time kernel

65s

Max time network

152s

Command Line

com.gurujifinder.mjpro

Signatures

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.gurujifinder.mjpro

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 limitcards.onrender.com udp
US 216.24.57.4:443 limitcards.onrender.com tcp
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 142.250.178.4:80 tcp
GB 142.250.200.35:80 clientservices.googleapis.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.200.34:443 tcp

Files

/data/misc/profiles/cur/0/com.gurujifinder.mjpro/primary.prof

MD5 516ccc16b750b46286fa6ddef7c0764b
SHA1 d249c808ef9b9bbef4222712fdeea95bae24b049
SHA256 5c32f33adbb88864a8f80043b3ef440978c43cd14fc6b8f8d8d6c411e10bcd77
SHA512 808fa4a27acd8f6d854bc1fdf34f3382dec70de54f4c12b499459f1d035bc57809adf6437d0c73c8224e80d7b54cd5e598e628a37b015e390fdaf19702a55c62

/data/data/com.gurujifinder.mjpro/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 be7497302e7419578acb48d33991d40a
SHA1 09bb75de09862cbded3f8b1345010be88c8627b3
SHA256 7922ba01b7bb159eac68f3ca678a8f9bf8a074bb8338c167f1cdd6e9aa418d8c
SHA512 9c2b132bdc81232aa5aea7ae39251325028e010b925d7527191724de5d00b7a37dd0325cd1d3f486cf669159a6a7759e1d106337118ed971d2cb2232d30e86dd

/data/data/com.gurujifinder.mjpro/files/profileInstalled

MD5 534ea7f982b598eca48e3ec7e22433ff
SHA1 e8392ca5d3ca518d9315850eea1e5008424f3715
SHA256 4b5abfd94ad29aad4d825a8f995e753402c77b3e1b852de4cf1e175b382b5964
SHA512 369af08a275cac0824f7a0fda4e83d52afc01146a3fe31f964bd80395b15977d8702750e7684ddfdbbd1463815b847e3ef5c747bc42a16eb8d501ddfff31479a

/data/misc/profiles/cur/0/com.gurujifinder.mjpro/primary.prof

MD5 1db7ebb9fc5329fb6db29f0012198db3
SHA1 d2e5daef75cd6a54168e5220c54c8f34955a0dc7
SHA256 f0ed2751507b8d4b2cdb9cff3375871f6c083ab262b36475ad07185318e5e28d
SHA512 a75edd1446f8d1c3b6d3a7fb4aa9435952ab57b851236d374e9e10d193d2a533b6d5ac8dedac9c906dd1bb42c3845f010dc3aa8d9f74c2a405c12f2d13112988

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-12 22:07

Reported

2024-11-12 22:09

Platform

android-x64-20240910-en

Max time kernel

65s

Max time network

149s

Command Line

com.gurujifinder.mjpro

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.gurujifinder.mjpro

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.202:443 tcp
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 216.58.212.234:443 tcp
US 1.1.1.1:53 limitcards.onrender.com udp
US 216.24.57.4:443 limitcards.onrender.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp

Files

/data/misc/profiles/cur/0/com.gurujifinder.mjpro/primary.prof

MD5 516ccc16b750b46286fa6ddef7c0764b
SHA1 d249c808ef9b9bbef4222712fdeea95bae24b049
SHA256 5c32f33adbb88864a8f80043b3ef440978c43cd14fc6b8f8d8d6c411e10bcd77
SHA512 808fa4a27acd8f6d854bc1fdf34f3382dec70de54f4c12b499459f1d035bc57809adf6437d0c73c8224e80d7b54cd5e598e628a37b015e390fdaf19702a55c62

/data/data/com.gurujifinder.mjpro/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 193e3d251075a80fb71317dbcdebe4a7
SHA1 6faec7c4708f0643a0cc3f9e94aa12c092ed13fb
SHA256 a966bc84c8fb5a4af9ed09de847ab905b3eb57f9a0c92c2e07d94f60821b0a2a
SHA512 001e666de34cad17b35dd6fb1244ab40e9f31c21b5d6c9ab498c6b23bb5905bf469a39ff7fd4bce1b98732a29aec36893f2e41767fa5390b0fee54efa75e992d

/data/data/com.gurujifinder.mjpro/files/profileInstalled

MD5 f0950abff1423163b0a691180c1eb14c
SHA1 dd84aed231d634c0f2087ea672969ff5f42b2e33
SHA256 f1d0d80b1ce18ac1121490e5ea76b7285d362441981cea2e2ed03e512623eb78
SHA512 6a91301445ebb7e25fe73716ff1542b55efec3e3bea94e41cee5e7a1831199e9fe7db3f112b79f69f70fcfd55e09c7f4aff7c41d91e4ca6b876a95e88c9faea5

/data/misc/profiles/cur/0/com.gurujifinder.mjpro/primary.prof

MD5 b61c01963db4dc2556ac33101de3ad34
SHA1 0566dfcb86fcdc6e7cfad93254d2b2f1df070f59
SHA256 54abfa222a3367ca9550f6fa85d33d38f0f775005d017774e8b83018f38112df
SHA512 60840d2ab10af3a16d6eddc62962fe989e0c582b88b9e71478ac664db70bfa78bf7a90d1857fcecde66fb058042b8e5bdaac1534677139c1a53f6a84b53a73c3

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-12 22:07

Reported

2024-11-12 22:09

Platform

android-x64-arm64-20240910-en

Max time kernel

63s

Max time network

151s

Command Line

com.gurujifinder.mjpro

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.gurujifinder.mjpro

Network

Country Destination Domain Proto
US 216.239.34.223:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 1.1.1.1:53 limitcards.onrender.com udp
US 216.24.57.4:443 limitcards.onrender.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 216.239.32.223:443 tcp
GB 142.250.200.46:443 www.youtube.com tcp
GB 142.250.179.225:443 tcp
GB 142.250.200.33:443 tcp
US 216.239.32.223:443 tcp
US 216.239.32.223:443 tcp

Files

/data/misc/profiles/cur/0/com.gurujifinder.mjpro/primary.prof

MD5 516ccc16b750b46286fa6ddef7c0764b
SHA1 d249c808ef9b9bbef4222712fdeea95bae24b049
SHA256 5c32f33adbb88864a8f80043b3ef440978c43cd14fc6b8f8d8d6c411e10bcd77
SHA512 808fa4a27acd8f6d854bc1fdf34f3382dec70de54f4c12b499459f1d035bc57809adf6437d0c73c8224e80d7b54cd5e598e628a37b015e390fdaf19702a55c62

/data/data/com.gurujifinder.mjpro/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 e47d92ba84e2ff8ab13568b8ab2fa16c
SHA1 884a9ae14970b251aa3d3977177d718303ea38c5
SHA256 4608a246f1494d49f1d61e6bfe70a44da734eb067e87af1c67dddeadfdde97b1
SHA512 09bb0df1f8f4fcba8e9921ac5f0353847e7820e8d13dbac826d20aca5f12dcc30f45fd6f7dd7be297e378503024a5743214bdb710c9a74e40297bef53eb3d1d0

/data/misc/profiles/cur/0/com.gurujifinder.mjpro/primary.prof

MD5 da5ff4975be65d9d0776cfcd1f48ad57
SHA1 210678ccb65f8c9bd254b18d89dcb638fb61a119
SHA256 13f12b5d6c5dfb4048590974dd566d03262f95d8199ed52e99e232fc300a310a
SHA512 9dfa0fbcacb788d5db18ef2cf35b8b0c3e4b8e394fdb7ca4bb2620e12eac21c22ecd2a503f3bf7e31c74fce2a6599e86bbd5ae72ca38ce6100684ecd0044911b