Analysis Overview
SHA256
11510c07c6ed0314ed037c53e92eee340c6ed43f64d69679d78512362fbd6322
Threat Level: Shows suspicious behavior
The file 11510c07c6ed0314ed037c53e92eee340c6ed43f64d69679d78512362fbd6322.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Requests dangerous framework permissions
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 22:10
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 22:10
Reported
2024-11-13 22:12
Platform
android-x86-arm-20240910-en
Max time kernel
23s
Max time network
152s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.example.dsk
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | www.dksdirect.icu | udp |
| US | 94.158.244.44:443 | www.dksdirect.icu | tcp |
| US | 94.158.244.44:443 | www.dksdirect.icu | tcp |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 142.250.178.3:80 | clientservices.googleapis.com | tcp |
| GB | 216.58.212.228:443 | tcp | |
| GB | 172.217.16.226:443 | tcp |
Files
/data/misc/profiles/cur/0/com.example.dsk/primary.prof
| MD5 | 0bb3ed1645eea5747f505f5e7d7c4d12 |
| SHA1 | 8942b818c14e0144c82a566bf63bbcd73206be89 |
| SHA256 | fa76ea236a1767116c5c64239e91ad29b472a2fcfa4084d797dc9e082dc9d72c |
| SHA512 | d3aa89325555397f57f2b92d68a3fa35f228e0b46b1b00647ba1b3d4eadda2ec22ba4fccbbf48b90515b69179da9dd132a5d9f49886adf56e3c1da4f65475835 |
/data/data/com.example.dsk/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 4120abfd960e889ff47e47e6bb5b9bc5 |
| SHA1 | 4e0a0e34be1b1707bfeaf3daeeff5f0d58039188 |
| SHA256 | 0d71a2fefdfcb1797ce2ad8ffa999f3e1661a748c36631481aab6ebf0664564b |
| SHA512 | 22752e427e5308b817d36a4034b4d60fa9936ed9f7bbc8bcaadaa5b766ddcb85a4082764817ce8a7b3321d785afee17899c86520fbe9ee4f6537c6053f528e56 |
/data/data/com.example.dsk/files/profileInstalled
| MD5 | e1d91c13f70562b47af64010244450fd |
| SHA1 | 3ebba576799bf32e1c1837bf2d86472e754670c0 |
| SHA256 | 38ae4390ca13988d2c07402534ccb68b5c86c53ac7af07dc87a0155731388629 |
| SHA512 | 752426c257b1f78235b1987e445331345c2d4510d27809952b4fe55cac52912fb49fe9a74b9c09bdc12239c8f900c1cee1bba20e94a5ad02f5929c0ea933049a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-13 22:10
Reported
2024-11-13 22:12
Platform
android-x64-20240910-en
Max time kernel
46s
Max time network
152s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.example.dsk
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.42:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.dksdirect.icu | udp |
| US | 94.158.244.44:443 | www.dksdirect.icu | tcp |
| US | 94.158.244.44:443 | www.dksdirect.icu | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 216.58.213.2:443 | tcp |
Files
/data/misc/profiles/cur/0/com.example.dsk/primary.prof
| MD5 | 0bb3ed1645eea5747f505f5e7d7c4d12 |
| SHA1 | 8942b818c14e0144c82a566bf63bbcd73206be89 |
| SHA256 | fa76ea236a1767116c5c64239e91ad29b472a2fcfa4084d797dc9e082dc9d72c |
| SHA512 | d3aa89325555397f57f2b92d68a3fa35f228e0b46b1b00647ba1b3d4eadda2ec22ba4fccbbf48b90515b69179da9dd132a5d9f49886adf56e3c1da4f65475835 |
/data/data/com.example.dsk/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 3538c3ed2d03760ad0011931be04ff74 |
| SHA1 | 1dbf785e7332dbc580198aa3cb1a928215c6cae6 |
| SHA256 | e04c7f24e12f8dff46ccdda091ca6ba1c4240e9ec0899c470d40c51cea27e76b |
| SHA512 | b56670ecd4760899a79a81180da88f4e79628fc803f4f0bf2944108a3fd39025bbb6e62623b1e657cb0f716c76d412ffbf677b1a446d28420e89acd3403a565a |
/data/data/com.example.dsk/files/profileInstalled
| MD5 | ffe8c84ddea42f47682e332502f75c07 |
| SHA1 | 4b1182338ce077560f2e4f87da491e98a239cbba |
| SHA256 | 63d01fcd005aa504cfa6f668be25d8e6afbce9b0c32039462e6bb090bacb8c09 |
| SHA512 | 465804face421b8e7d89f43d516b56a784718dac076ac17164077936dbffac2165de0a50dfaff9d48296d3d891298996c713fa7a496746b1bb2f28d9a99fe897 |
/data/misc/profiles/cur/0/com.example.dsk/primary.prof
| MD5 | b40bcc3e4ba242fc4f7b9ea37b5d6bc4 |
| SHA1 | 06629dfbb9bb292c70dcefc98c939229d6c4251c |
| SHA256 | b6cbe562b833e1d9bc7101f5870a69ae979da7baaaf0bf447a0c3ba183495b00 |
| SHA512 | 380b66e85978987e8cd2affced4f35cd62b45fa00b0447aff7758c018745e60504dea0c9b1ab258e133862e2f5b494232f9f9549e25bc375c5fcbbde52cb0c69 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-13 22:10
Reported
2024-11-13 22:13
Platform
android-x64-arm64-20240910-en
Max time kernel
71s
Max time network
151s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.example.dsk
Network
| Country | Destination | Domain | Proto |
| US | 216.239.36.223:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.46:443 | android.apis.google.com | tcp |
| GB | 172.217.169.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | www.dksdirect.icu | udp |
| US | 94.158.244.44:443 | www.dksdirect.icu | tcp |
| US | 94.158.244.44:443 | www.dksdirect.icu | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.225:443 | tcp | |
| GB | 142.250.179.225:443 | tcp | |
| US | 216.239.32.223:443 | tcp | |
| US | 216.239.32.223:443 | tcp |
Files
/data/misc/profiles/cur/0/com.example.dsk/primary.prof
| MD5 | 0bb3ed1645eea5747f505f5e7d7c4d12 |
| SHA1 | 8942b818c14e0144c82a566bf63bbcd73206be89 |
| SHA256 | fa76ea236a1767116c5c64239e91ad29b472a2fcfa4084d797dc9e082dc9d72c |
| SHA512 | d3aa89325555397f57f2b92d68a3fa35f228e0b46b1b00647ba1b3d4eadda2ec22ba4fccbbf48b90515b69179da9dd132a5d9f49886adf56e3c1da4f65475835 |
/data/data/com.example.dsk/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | eb26de46db5c3d912357d7f4994c3f0f |
| SHA1 | a665108fea5e74c8313269054ef41f341ad82012 |
| SHA256 | e672ee8e8b8990b3ead6e25deccad875c84b645a07eafbe699a070a6b41f8706 |
| SHA512 | a0d8f00656501b322a7a77ec834be320a1ee89500d32d824a55a253c2ec7f31b5026b3400f81101d6bcba8a656537eab7593bc1a52cd8af335fbca17b5e9bad3 |