Analysis Overview
SHA256
d71686d09d05c1b76aa02e6fa840d06bc889ded7d8adece81fde7ead096a1ff2
Threat Level: Shows suspicious behavior
The file d71686d09d05c1b76aa02e6fa840d06bc889ded7d8adece81fde7ead096a1ff2.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Requests dangerous framework permissions
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 22:07
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read image files from external storage. | android.permission.READ_MEDIA_IMAGES | N/A | N/A |
| Allows an application to read image or video files from external storage that a user has selected via the permission prompt photo picker. | android.permission.READ_MEDIA_VISUAL_USER_SELECTED | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 22:07
Reported
2024-11-13 22:11
Platform
android-x86-arm-20240624-en
Max time kernel
47s
Max time network
132s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.psd.qjzcwbanj
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| GB | 142.250.179.234:443 | semanticlocation-pa.googleapis.com | tcp |
Files
/data/misc/profiles/cur/0/com.psd.qjzcwbanj/primary.prof
| MD5 | 6b5bf6788ea65a0a622206bfe6bb949b |
| SHA1 | ef5d54c05b71082069c0324f6892f7cdfedfbb65 |
| SHA256 | 46198dd50d35e7d6e42f6a86b5cd99bc576a481b0fd1ef3324d25aa99b1eff27 |
| SHA512 | b28c549eb97dd9262d8bcfc73c1f73c92a4eb29dd52b97dc0f79c4ff348bb1657fe6063fcdd3eb2bada9460d666423892e32980f8f78c01b157fe65900bdd410 |
/data/data/com.psd.qjzcwbanj/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | f33d5288d2f10ddcdb4e10b582a1c8ce |
| SHA1 | 910de0842de7105290bdd8c07a764bdbf063c465 |
| SHA256 | aacf28df14db09dc317cfccadf5da4f96428152887258beef2bbdbf595c4f784 |
| SHA512 | dea7ede0429e70b53555e330d7ea438bf8fc87840c8c6a6ea6523390f959febd6af14e6f37c8f2fb3a0be3ee34534a5be1526e50db8036152f7c647c17433fdf |
/data/data/com.psd.qjzcwbanj/files/profileInstalled
| MD5 | 124cbaa09b9a22ee2dd37204a4d674c9 |
| SHA1 | 68f66b5d09b0b31550869f3d330b70c52f7672ec |
| SHA256 | b61e382a677479d72b569b87542f4bca6af22f9beeb3f9fc6e5631a3fb18d419 |
| SHA512 | cd1b130e030fe77bfb6f69ccbc36b528531eb62d525bf00350435f0a02282570f7dd7999dd09f05c903c571e88cd3a455169821952db99cb748f0d94842c2d7f |
/data/misc/profiles/cur/0/com.psd.qjzcwbanj/primary.prof
| MD5 | 17570c41d07441087a279fa0c7f50739 |
| SHA1 | 64ad29a3680e57bf2cc69fc73014004e66ee7549 |
| SHA256 | 44cbbfa72bd5d043d6f2da8a18ae559c6930ba9c44311af52ceba7ca73ae386f |
| SHA512 | 98391bdba13323fb957559a36db5f79390659e0c9d1680b3ff9bcb9d2f873dc1629eab69159d718c8e660161d1988b5e9b8c24c2741e37ed73a60b2d874ecc2b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-13 22:07
Reported
2024-11-13 22:10
Platform
android-x64-20240910-en
Max time kernel
45s
Max time network
151s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.psd.qjzcwbanj
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.234:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| GB | 142.250.178.10:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.16.226:443 | tcp |
Files
/data/misc/profiles/cur/0/com.psd.qjzcwbanj/primary.prof
| MD5 | 6b5bf6788ea65a0a622206bfe6bb949b |
| SHA1 | ef5d54c05b71082069c0324f6892f7cdfedfbb65 |
| SHA256 | 46198dd50d35e7d6e42f6a86b5cd99bc576a481b0fd1ef3324d25aa99b1eff27 |
| SHA512 | b28c549eb97dd9262d8bcfc73c1f73c92a4eb29dd52b97dc0f79c4ff348bb1657fe6063fcdd3eb2bada9460d666423892e32980f8f78c01b157fe65900bdd410 |
/data/data/com.psd.qjzcwbanj/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | a5285670459f860c645132ea55d6de7c |
| SHA1 | 5fa7bd254a3f906bab188d82b22501eb0be5eba2 |
| SHA256 | ab92577293dc09564744782929fcb4856444f7792d8cb052fb05023ea51a56a6 |
| SHA512 | 1a5dfe73a2009d3b301e934f2b11b66179c7e32332717232befc10681b97086a4974ee0d3407fd027843b55c299037d78ad6333ba5fb5610da29db41417f3229 |
/data/data/com.psd.qjzcwbanj/files/profileInstalled
| MD5 | c19d9bb857056ca35096af1813aab764 |
| SHA1 | 66c5bcd3845acc8cb0e2533173bf1e958895f568 |
| SHA256 | 5e898e1edd9c6ab40f2450425860d7a25f40e0507993d7f3e79add631b898a25 |
| SHA512 | df2bb479333e14cf8c09a56c2537a19f3f570c89e663a53f59ce879f4979be2c2670632db8d4587670b791a8ecd2f479b6f872d6b363a16f7090b9cee5b00506 |
/data/misc/profiles/cur/0/com.psd.qjzcwbanj/primary.prof
| MD5 | 033aa2437c0fae5f304feddc35904a71 |
| SHA1 | f66d90cf167c11906d9f2b2b30b469396344839b |
| SHA256 | 3bd20cb41cf284511dae63663539f03b51aa25e064471dd4d6e3cff113e605a5 |
| SHA512 | 4f806e98ad3bb41ab9726f4409c37580ab61da1ae6b540188b94419918f4ec33906ef931325f8080365749f17551a750bb74bf93a777ac6d153c73f15149bd61 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-13 22:07
Reported
2024-11-13 22:10
Platform
android-x64-arm64-20240910-en
Max time kernel
105s
Max time network
151s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.psd.qjzcwbanj
Network
| Country | Destination | Domain | Proto |
| US | 216.239.36.223:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.225:443 | tcp | |
| GB | 142.250.179.225:443 | tcp | |
| US | 216.239.32.223:443 | tcp | |
| US | 216.239.32.223:443 | tcp |
Files
/data/misc/profiles/cur/0/com.psd.qjzcwbanj/primary.prof
| MD5 | 6b5bf6788ea65a0a622206bfe6bb949b |
| SHA1 | ef5d54c05b71082069c0324f6892f7cdfedfbb65 |
| SHA256 | 46198dd50d35e7d6e42f6a86b5cd99bc576a481b0fd1ef3324d25aa99b1eff27 |
| SHA512 | b28c549eb97dd9262d8bcfc73c1f73c92a4eb29dd52b97dc0f79c4ff348bb1657fe6063fcdd3eb2bada9460d666423892e32980f8f78c01b157fe65900bdd410 |
/data/data/com.psd.qjzcwbanj/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 95ec6b2730b6025d751a5588cf3f7a8e |
| SHA1 | c701c2b15fa8a12433504e82785dc5eb1c6c81b9 |
| SHA256 | 769ea92f0d174188bc7af0c388afcd4863c07f6e30ae485e2ba5e71e58483b7d |
| SHA512 | 65f0429b3028d6c1db96ffedfe12ba97473f204d22ef4ebda0a8c86a7bfcb8bb1139d0f859a385830663b132bb06473f3aab7a08c88b2f1809b08ff5f1c37054 |