Analysis Overview
SHA256
6fdf1a9ee94fbb08c3dfeb6d5ad64708018c01aa960029e5f14f9475d07cd56c
Threat Level: Shows suspicious behavior
The file 6fdf1a9ee94fbb08c3dfeb6d5ad64708018c01aa960029e5f14f9475d07cd56c.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Queries the mobile country code (MCC)
Requests dangerous framework permissions
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-12 22:10
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-12 22:10
Reported
2024-11-12 22:12
Platform
android-x86-arm-20240910-en
Max time kernel
6s
Max time network
151s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.jhuklisupport.android
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 142.250.178.4:80 | tcp | |
| GB | 142.250.200.35:80 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.200.34:443 | tcp |
Files
/data/misc/profiles/cur/0/com.jhuklisupport.android/primary.prof
| MD5 | a3e481943d5331bca7034e0f8faa6799 |
| SHA1 | 9eb15b91a64f968449554b76d8c0f9cbc5df718f |
| SHA256 | 1069b08e167a3f2c435f6738e65b10c59b149b6fc41f8d6f10277dde53d1a64f |
| SHA512 | d99904619f40ca60a20a8377000d174a6b68a814d55d20b13868506828ef430a677beab34d59fff5decc2b395ac80123ca22d74d88054a73e43d0f4a941abab4 |
/data/data/com.jhuklisupport.android/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | a6ff4b0c51f65c554879f4858cb4dff1 |
| SHA1 | 1a78d8a684d52e190de66492d8bc11bf6d87bcad |
| SHA256 | 9d4e491b718df7082e174cc6b063f77252e4258fe85c027a36cdf0474cd4660d |
| SHA512 | 9f5a9cca38bf3983fa8bb9c0657df75e1d4eb392148a43b8335dc30cad5d59c4816c3d74238e2c4c674314e5b5c390c680c3f69ce5f478dbb482488ad43b5bfa |
/data/data/com.jhuklisupport.android/files/profileInstalled
| MD5 | ad6fc4dccad1f9786cd129dcdf672769 |
| SHA1 | f0868d418b44dd1fd2f798879c88ea3e2d13342d |
| SHA256 | eadc8f9cc943e6410bfdde6ef310862952112a8e92cc0bd49f1edd94fd7bd474 |
| SHA512 | 5ff9a23233a978c9195d8bbb3bdd8e118bac566655a64a345e12d190f647a8cd582b2e9f46af55b20857a5fbabc900d0cb46b383914b527a5af746c816dea638 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-12 22:10
Reported
2024-11-12 22:12
Platform
android-x64-20240910-en
Max time kernel
22s
Max time network
153s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.jhuklisupport.android
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.10:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.212.226:443 | tcp |
Files
/data/misc/profiles/cur/0/com.jhuklisupport.android/primary.prof
| MD5 | a3e481943d5331bca7034e0f8faa6799 |
| SHA1 | 9eb15b91a64f968449554b76d8c0f9cbc5df718f |
| SHA256 | 1069b08e167a3f2c435f6738e65b10c59b149b6fc41f8d6f10277dde53d1a64f |
| SHA512 | d99904619f40ca60a20a8377000d174a6b68a814d55d20b13868506828ef430a677beab34d59fff5decc2b395ac80123ca22d74d88054a73e43d0f4a941abab4 |
/data/data/com.jhuklisupport.android/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 9d437a34c847f676574f3d9947e8ef0d |
| SHA1 | 766699177a14b71ba03c612ebe5ebabc5d4cad1b |
| SHA256 | 2d170ca6ea9b349075049dbe53496a627fb35c616d2d0583ebd8c66b7e03a8ca |
| SHA512 | cc497838cfd7b5c59f300de8fb0922d6fa21616b20472a627fffe0704f286bd626df177600ad843d86b58c017a82e99ee139d8b0af2ff2410977c83c3d938072 |
/data/data/com.jhuklisupport.android/files/profileInstalled
| MD5 | 8ff39c5b24908d3f948fe0686f7412a1 |
| SHA1 | 962b01b40b6a48f1ad3b073a6c7bc6c1a003c094 |
| SHA256 | acb32b9f953719c8e25b0f5c20daa21bbc4fad8e0ad43fd26e455565137bd942 |
| SHA512 | b437b8c270c1d5b16d5b022c527b6c621dfed476d8cbbb32984df809282ef44df56deb1f9578e771b05adc9298e298b58df0c831bb3e0fc3b84b74e9e5cadb92 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-12 22:10
Reported
2024-11-12 22:12
Platform
android-x64-arm64-20240910-en
Max time kernel
122s
Max time network
155s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks the presence of a debugger
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.jhuklisupport.android
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| US | 216.239.36.223:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.193:443 | tcp | |
| US | 216.239.36.223:443 | tcp | |
| GB | 142.250.187.193:443 | tcp | |
| US | 216.239.36.223:443 | tcp |
Files
/data/misc/profiles/cur/0/com.jhuklisupport.android/primary.prof
| MD5 | a3e481943d5331bca7034e0f8faa6799 |
| SHA1 | 9eb15b91a64f968449554b76d8c0f9cbc5df718f |
| SHA256 | 1069b08e167a3f2c435f6738e65b10c59b149b6fc41f8d6f10277dde53d1a64f |
| SHA512 | d99904619f40ca60a20a8377000d174a6b68a814d55d20b13868506828ef430a677beab34d59fff5decc2b395ac80123ca22d74d88054a73e43d0f4a941abab4 |
/data/data/com.jhuklisupport.android/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | a858fc27dd3c5a452f03ce6f416f9f07 |
| SHA1 | ff435270fee15e8349a638397241dab04cae694d |
| SHA256 | 7b61e4e601ebf0e916b3c2af5b4e50392e50252c4d1e3faa98a09a2c6bb45ca2 |
| SHA512 | e0b39f573792e5f0a563787d5250d0c262e304257273a8aa5060785716e7a46c333df3c35de243a719c50ab61ea183712a1718c57c977311636b048ff5da986a |