Analysis Overview
SHA256
d679f9b897b0e7b74ed61f49478f45af198939c48172a414e70a791a92e9bf97
Threat Level: Shows suspicious behavior
The file d679f9b897b0e7b74ed61f49478f45af198939c48172a414e70a791a92e9bf97.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Requests dangerous framework permissions
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-12 22:07
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-12 22:07
Reported
2024-11-12 22:09
Platform
android-x86-arm-20240910-en
Max time kernel
65s
Max time network
152s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.gurujifinder.mjpro
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | limitcards.onrender.com | udp |
| US | 216.24.57.4:443 | limitcards.onrender.com | tcp |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| GB | 142.250.178.4:80 | tcp | |
| GB | 142.250.200.35:80 | clientservices.googleapis.com | tcp |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.200.34:443 | tcp |
Files
/data/misc/profiles/cur/0/com.gurujifinder.mjpro/primary.prof
| MD5 | 516ccc16b750b46286fa6ddef7c0764b |
| SHA1 | d249c808ef9b9bbef4222712fdeea95bae24b049 |
| SHA256 | 5c32f33adbb88864a8f80043b3ef440978c43cd14fc6b8f8d8d6c411e10bcd77 |
| SHA512 | 808fa4a27acd8f6d854bc1fdf34f3382dec70de54f4c12b499459f1d035bc57809adf6437d0c73c8224e80d7b54cd5e598e628a37b015e390fdaf19702a55c62 |
/data/data/com.gurujifinder.mjpro/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | be7497302e7419578acb48d33991d40a |
| SHA1 | 09bb75de09862cbded3f8b1345010be88c8627b3 |
| SHA256 | 7922ba01b7bb159eac68f3ca678a8f9bf8a074bb8338c167f1cdd6e9aa418d8c |
| SHA512 | 9c2b132bdc81232aa5aea7ae39251325028e010b925d7527191724de5d00b7a37dd0325cd1d3f486cf669159a6a7759e1d106337118ed971d2cb2232d30e86dd |
/data/data/com.gurujifinder.mjpro/files/profileInstalled
| MD5 | 534ea7f982b598eca48e3ec7e22433ff |
| SHA1 | e8392ca5d3ca518d9315850eea1e5008424f3715 |
| SHA256 | 4b5abfd94ad29aad4d825a8f995e753402c77b3e1b852de4cf1e175b382b5964 |
| SHA512 | 369af08a275cac0824f7a0fda4e83d52afc01146a3fe31f964bd80395b15977d8702750e7684ddfdbbd1463815b847e3ef5c747bc42a16eb8d501ddfff31479a |
/data/misc/profiles/cur/0/com.gurujifinder.mjpro/primary.prof
| MD5 | 1db7ebb9fc5329fb6db29f0012198db3 |
| SHA1 | d2e5daef75cd6a54168e5220c54c8f34955a0dc7 |
| SHA256 | f0ed2751507b8d4b2cdb9cff3375871f6c083ab262b36475ad07185318e5e28d |
| SHA512 | a75edd1446f8d1c3b6d3a7fb4aa9435952ab57b851236d374e9e10d193d2a533b6d5ac8dedac9c906dd1bb42c3845f010dc3aa8d9f74c2a405c12f2d13112988 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-12 22:07
Reported
2024-11-12 22:09
Platform
android-x64-20240910-en
Max time kernel
65s
Max time network
149s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.gurujifinder.mjpro
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.202:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| GB | 216.58.212.234:443 | tcp | |
| US | 1.1.1.1:53 | limitcards.onrender.com | udp |
| US | 216.24.57.4:443 | limitcards.onrender.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
Files
/data/misc/profiles/cur/0/com.gurujifinder.mjpro/primary.prof
| MD5 | 516ccc16b750b46286fa6ddef7c0764b |
| SHA1 | d249c808ef9b9bbef4222712fdeea95bae24b049 |
| SHA256 | 5c32f33adbb88864a8f80043b3ef440978c43cd14fc6b8f8d8d6c411e10bcd77 |
| SHA512 | 808fa4a27acd8f6d854bc1fdf34f3382dec70de54f4c12b499459f1d035bc57809adf6437d0c73c8224e80d7b54cd5e598e628a37b015e390fdaf19702a55c62 |
/data/data/com.gurujifinder.mjpro/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 193e3d251075a80fb71317dbcdebe4a7 |
| SHA1 | 6faec7c4708f0643a0cc3f9e94aa12c092ed13fb |
| SHA256 | a966bc84c8fb5a4af9ed09de847ab905b3eb57f9a0c92c2e07d94f60821b0a2a |
| SHA512 | 001e666de34cad17b35dd6fb1244ab40e9f31c21b5d6c9ab498c6b23bb5905bf469a39ff7fd4bce1b98732a29aec36893f2e41767fa5390b0fee54efa75e992d |
/data/data/com.gurujifinder.mjpro/files/profileInstalled
| MD5 | f0950abff1423163b0a691180c1eb14c |
| SHA1 | dd84aed231d634c0f2087ea672969ff5f42b2e33 |
| SHA256 | f1d0d80b1ce18ac1121490e5ea76b7285d362441981cea2e2ed03e512623eb78 |
| SHA512 | 6a91301445ebb7e25fe73716ff1542b55efec3e3bea94e41cee5e7a1831199e9fe7db3f112b79f69f70fcfd55e09c7f4aff7c41d91e4ca6b876a95e88c9faea5 |
/data/misc/profiles/cur/0/com.gurujifinder.mjpro/primary.prof
| MD5 | b61c01963db4dc2556ac33101de3ad34 |
| SHA1 | 0566dfcb86fcdc6e7cfad93254d2b2f1df070f59 |
| SHA256 | 54abfa222a3367ca9550f6fa85d33d38f0f775005d017774e8b83018f38112df |
| SHA512 | 60840d2ab10af3a16d6eddc62962fe989e0c582b88b9e71478ac664db70bfa78bf7a90d1857fcecde66fb058042b8e5bdaac1534677139c1a53f6a84b53a73c3 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-12 22:07
Reported
2024-11-12 22:09
Platform
android-x64-arm64-20240910-en
Max time kernel
63s
Max time network
151s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.gurujifinder.mjpro
Network
| Country | Destination | Domain | Proto |
| US | 216.239.34.223:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 216.58.204.78:443 | www.youtube.com | tcp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | limitcards.onrender.com | udp |
| US | 216.24.57.4:443 | limitcards.onrender.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| US | 216.239.32.223:443 | tcp | |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 142.250.179.225:443 | tcp | |
| GB | 142.250.200.33:443 | tcp | |
| US | 216.239.32.223:443 | tcp | |
| US | 216.239.32.223:443 | tcp |
Files
/data/misc/profiles/cur/0/com.gurujifinder.mjpro/primary.prof
| MD5 | 516ccc16b750b46286fa6ddef7c0764b |
| SHA1 | d249c808ef9b9bbef4222712fdeea95bae24b049 |
| SHA256 | 5c32f33adbb88864a8f80043b3ef440978c43cd14fc6b8f8d8d6c411e10bcd77 |
| SHA512 | 808fa4a27acd8f6d854bc1fdf34f3382dec70de54f4c12b499459f1d035bc57809adf6437d0c73c8224e80d7b54cd5e598e628a37b015e390fdaf19702a55c62 |
/data/data/com.gurujifinder.mjpro/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | e47d92ba84e2ff8ab13568b8ab2fa16c |
| SHA1 | 884a9ae14970b251aa3d3977177d718303ea38c5 |
| SHA256 | 4608a246f1494d49f1d61e6bfe70a44da734eb067e87af1c67dddeadfdde97b1 |
| SHA512 | 09bb0df1f8f4fcba8e9921ac5f0353847e7820e8d13dbac826d20aca5f12dcc30f45fd6f7dd7be297e378503024a5743214bdb710c9a74e40297bef53eb3d1d0 |
/data/misc/profiles/cur/0/com.gurujifinder.mjpro/primary.prof
| MD5 | da5ff4975be65d9d0776cfcd1f48ad57 |
| SHA1 | 210678ccb65f8c9bd254b18d89dcb638fb61a119 |
| SHA256 | 13f12b5d6c5dfb4048590974dd566d03262f95d8199ed52e99e232fc300a310a |
| SHA512 | 9dfa0fbcacb788d5db18ef2cf35b8b0c3e4b8e394fdb7ca4bb2620e12eac21c22ecd2a503f3bf7e31c74fce2a6599e86bbd5ae72ca38ce6100684ecd0044911b |