Malware Analysis Report

2024-12-07 18:58

Sample ID 241113-11ycxatmcr
Target d71686d09d05c1b76aa02e6fa840d06bc889ded7d8adece81fde7ead096a1ff2.bin
SHA256 d71686d09d05c1b76aa02e6fa840d06bc889ded7d8adece81fde7ead096a1ff2
Tags
discovery persistence collection credential_access impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d71686d09d05c1b76aa02e6fa840d06bc889ded7d8adece81fde7ead096a1ff2

Threat Level: Shows suspicious behavior

The file d71686d09d05c1b76aa02e6fa840d06bc889ded7d8adece81fde7ead096a1ff2.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence collection credential_access impact

Obtains sensitive information copied to the device clipboard

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 22:07

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows an application to read image or video files from external storage that a user has selected via the permission prompt photo picker. android.permission.READ_MEDIA_VISUAL_USER_SELECTED N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 22:07

Reported

2024-11-13 22:11

Platform

android-x86-arm-20240624-en

Max time kernel

47s

Max time network

132s

Command Line

com.psd.qjzcwbanj

Signatures

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.psd.qjzcwbanj

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
GB 142.250.179.234:443 semanticlocation-pa.googleapis.com tcp

Files

/data/misc/profiles/cur/0/com.psd.qjzcwbanj/primary.prof

MD5 6b5bf6788ea65a0a622206bfe6bb949b
SHA1 ef5d54c05b71082069c0324f6892f7cdfedfbb65
SHA256 46198dd50d35e7d6e42f6a86b5cd99bc576a481b0fd1ef3324d25aa99b1eff27
SHA512 b28c549eb97dd9262d8bcfc73c1f73c92a4eb29dd52b97dc0f79c4ff348bb1657fe6063fcdd3eb2bada9460d666423892e32980f8f78c01b157fe65900bdd410

/data/data/com.psd.qjzcwbanj/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 f33d5288d2f10ddcdb4e10b582a1c8ce
SHA1 910de0842de7105290bdd8c07a764bdbf063c465
SHA256 aacf28df14db09dc317cfccadf5da4f96428152887258beef2bbdbf595c4f784
SHA512 dea7ede0429e70b53555e330d7ea438bf8fc87840c8c6a6ea6523390f959febd6af14e6f37c8f2fb3a0be3ee34534a5be1526e50db8036152f7c647c17433fdf

/data/data/com.psd.qjzcwbanj/files/profileInstalled

MD5 124cbaa09b9a22ee2dd37204a4d674c9
SHA1 68f66b5d09b0b31550869f3d330b70c52f7672ec
SHA256 b61e382a677479d72b569b87542f4bca6af22f9beeb3f9fc6e5631a3fb18d419
SHA512 cd1b130e030fe77bfb6f69ccbc36b528531eb62d525bf00350435f0a02282570f7dd7999dd09f05c903c571e88cd3a455169821952db99cb748f0d94842c2d7f

/data/misc/profiles/cur/0/com.psd.qjzcwbanj/primary.prof

MD5 17570c41d07441087a279fa0c7f50739
SHA1 64ad29a3680e57bf2cc69fc73014004e66ee7549
SHA256 44cbbfa72bd5d043d6f2da8a18ae559c6930ba9c44311af52ceba7ca73ae386f
SHA512 98391bdba13323fb957559a36db5f79390659e0c9d1680b3ff9bcb9d2f873dc1629eab69159d718c8e660161d1988b5e9b8c24c2741e37ed73a60b2d874ecc2b

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 22:07

Reported

2024-11-13 22:10

Platform

android-x64-20240910-en

Max time kernel

45s

Max time network

151s

Command Line

com.psd.qjzcwbanj

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.psd.qjzcwbanj

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 172.217.16.226:443 tcp

Files

/data/misc/profiles/cur/0/com.psd.qjzcwbanj/primary.prof

MD5 6b5bf6788ea65a0a622206bfe6bb949b
SHA1 ef5d54c05b71082069c0324f6892f7cdfedfbb65
SHA256 46198dd50d35e7d6e42f6a86b5cd99bc576a481b0fd1ef3324d25aa99b1eff27
SHA512 b28c549eb97dd9262d8bcfc73c1f73c92a4eb29dd52b97dc0f79c4ff348bb1657fe6063fcdd3eb2bada9460d666423892e32980f8f78c01b157fe65900bdd410

/data/data/com.psd.qjzcwbanj/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 a5285670459f860c645132ea55d6de7c
SHA1 5fa7bd254a3f906bab188d82b22501eb0be5eba2
SHA256 ab92577293dc09564744782929fcb4856444f7792d8cb052fb05023ea51a56a6
SHA512 1a5dfe73a2009d3b301e934f2b11b66179c7e32332717232befc10681b97086a4974ee0d3407fd027843b55c299037d78ad6333ba5fb5610da29db41417f3229

/data/data/com.psd.qjzcwbanj/files/profileInstalled

MD5 c19d9bb857056ca35096af1813aab764
SHA1 66c5bcd3845acc8cb0e2533173bf1e958895f568
SHA256 5e898e1edd9c6ab40f2450425860d7a25f40e0507993d7f3e79add631b898a25
SHA512 df2bb479333e14cf8c09a56c2537a19f3f570c89e663a53f59ce879f4979be2c2670632db8d4587670b791a8ecd2f479b6f872d6b363a16f7090b9cee5b00506

/data/misc/profiles/cur/0/com.psd.qjzcwbanj/primary.prof

MD5 033aa2437c0fae5f304feddc35904a71
SHA1 f66d90cf167c11906d9f2b2b30b469396344839b
SHA256 3bd20cb41cf284511dae63663539f03b51aa25e064471dd4d6e3cff113e605a5
SHA512 4f806e98ad3bb41ab9726f4409c37580ab61da1ae6b540188b94419918f4ec33906ef931325f8080365749f17551a750bb74bf93a777ac6d153c73f15149bd61

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-13 22:07

Reported

2024-11-13 22:10

Platform

android-x64-arm64-20240910-en

Max time kernel

105s

Max time network

151s

Command Line

com.psd.qjzcwbanj

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.psd.qjzcwbanj

Network

Country Destination Domain Proto
US 216.239.36.223:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 142.250.187.225:443 tcp
GB 142.250.179.225:443 tcp
US 216.239.32.223:443 tcp
US 216.239.32.223:443 tcp

Files

/data/misc/profiles/cur/0/com.psd.qjzcwbanj/primary.prof

MD5 6b5bf6788ea65a0a622206bfe6bb949b
SHA1 ef5d54c05b71082069c0324f6892f7cdfedfbb65
SHA256 46198dd50d35e7d6e42f6a86b5cd99bc576a481b0fd1ef3324d25aa99b1eff27
SHA512 b28c549eb97dd9262d8bcfc73c1f73c92a4eb29dd52b97dc0f79c4ff348bb1657fe6063fcdd3eb2bada9460d666423892e32980f8f78c01b157fe65900bdd410

/data/data/com.psd.qjzcwbanj/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 95ec6b2730b6025d751a5588cf3f7a8e
SHA1 c701c2b15fa8a12433504e82785dc5eb1c6c81b9
SHA256 769ea92f0d174188bc7af0c388afcd4863c07f6e30ae485e2ba5e71e58483b7d
SHA512 65f0429b3028d6c1db96ffedfe12ba97473f204d22ef4ebda0a8c86a7bfcb8bb1139d0f859a385830663b132bb06473f3aab7a08c88b2f1809b08ff5f1c37054