Malware Analysis Report

2024-12-07 18:59

Sample ID 241113-13d22szkdw
Target 11510c07c6ed0314ed037c53e92eee340c6ed43f64d69679d78512362fbd6322.bin
SHA256 11510c07c6ed0314ed037c53e92eee340c6ed43f64d69679d78512362fbd6322
Tags
discovery persistence collection credential_access impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

11510c07c6ed0314ed037c53e92eee340c6ed43f64d69679d78512362fbd6322

Threat Level: Shows suspicious behavior

The file 11510c07c6ed0314ed037c53e92eee340c6ed43f64d69679d78512362fbd6322.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence collection credential_access impact

Obtains sensitive information copied to the device clipboard

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 22:10

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 22:10

Reported

2024-11-13 22:12

Platform

android-x86-arm-20240910-en

Max time kernel

23s

Max time network

152s

Command Line

com.example.dsk

Signatures

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.example.dsk

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.dksdirect.icu udp
US 94.158.244.44:443 www.dksdirect.icu tcp
US 94.158.244.44:443 www.dksdirect.icu tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 142.250.178.3:80 clientservices.googleapis.com tcp
GB 216.58.212.228:443 tcp
GB 172.217.16.226:443 tcp

Files

/data/misc/profiles/cur/0/com.example.dsk/primary.prof

MD5 0bb3ed1645eea5747f505f5e7d7c4d12
SHA1 8942b818c14e0144c82a566bf63bbcd73206be89
SHA256 fa76ea236a1767116c5c64239e91ad29b472a2fcfa4084d797dc9e082dc9d72c
SHA512 d3aa89325555397f57f2b92d68a3fa35f228e0b46b1b00647ba1b3d4eadda2ec22ba4fccbbf48b90515b69179da9dd132a5d9f49886adf56e3c1da4f65475835

/data/data/com.example.dsk/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 4120abfd960e889ff47e47e6bb5b9bc5
SHA1 4e0a0e34be1b1707bfeaf3daeeff5f0d58039188
SHA256 0d71a2fefdfcb1797ce2ad8ffa999f3e1661a748c36631481aab6ebf0664564b
SHA512 22752e427e5308b817d36a4034b4d60fa9936ed9f7bbc8bcaadaa5b766ddcb85a4082764817ce8a7b3321d785afee17899c86520fbe9ee4f6537c6053f528e56

/data/data/com.example.dsk/files/profileInstalled

MD5 e1d91c13f70562b47af64010244450fd
SHA1 3ebba576799bf32e1c1837bf2d86472e754670c0
SHA256 38ae4390ca13988d2c07402534ccb68b5c86c53ac7af07dc87a0155731388629
SHA512 752426c257b1f78235b1987e445331345c2d4510d27809952b4fe55cac52912fb49fe9a74b9c09bdc12239c8f900c1cee1bba20e94a5ad02f5929c0ea933049a

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 22:10

Reported

2024-11-13 22:12

Platform

android-x64-20240910-en

Max time kernel

46s

Max time network

152s

Command Line

com.example.dsk

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.example.dsk

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
GB 216.58.201.110:443 tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 www.dksdirect.icu udp
US 94.158.244.44:443 www.dksdirect.icu tcp
US 94.158.244.44:443 www.dksdirect.icu tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
GB 216.58.213.2:443 tcp

Files

/data/misc/profiles/cur/0/com.example.dsk/primary.prof

MD5 0bb3ed1645eea5747f505f5e7d7c4d12
SHA1 8942b818c14e0144c82a566bf63bbcd73206be89
SHA256 fa76ea236a1767116c5c64239e91ad29b472a2fcfa4084d797dc9e082dc9d72c
SHA512 d3aa89325555397f57f2b92d68a3fa35f228e0b46b1b00647ba1b3d4eadda2ec22ba4fccbbf48b90515b69179da9dd132a5d9f49886adf56e3c1da4f65475835

/data/data/com.example.dsk/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 3538c3ed2d03760ad0011931be04ff74
SHA1 1dbf785e7332dbc580198aa3cb1a928215c6cae6
SHA256 e04c7f24e12f8dff46ccdda091ca6ba1c4240e9ec0899c470d40c51cea27e76b
SHA512 b56670ecd4760899a79a81180da88f4e79628fc803f4f0bf2944108a3fd39025bbb6e62623b1e657cb0f716c76d412ffbf677b1a446d28420e89acd3403a565a

/data/data/com.example.dsk/files/profileInstalled

MD5 ffe8c84ddea42f47682e332502f75c07
SHA1 4b1182338ce077560f2e4f87da491e98a239cbba
SHA256 63d01fcd005aa504cfa6f668be25d8e6afbce9b0c32039462e6bb090bacb8c09
SHA512 465804face421b8e7d89f43d516b56a784718dac076ac17164077936dbffac2165de0a50dfaff9d48296d3d891298996c713fa7a496746b1bb2f28d9a99fe897

/data/misc/profiles/cur/0/com.example.dsk/primary.prof

MD5 b40bcc3e4ba242fc4f7b9ea37b5d6bc4
SHA1 06629dfbb9bb292c70dcefc98c939229d6c4251c
SHA256 b6cbe562b833e1d9bc7101f5870a69ae979da7baaaf0bf447a0c3ba183495b00
SHA512 380b66e85978987e8cd2affced4f35cd62b45fa00b0447aff7758c018745e60504dea0c9b1ab258e133862e2f5b494232f9f9549e25bc375c5fcbbde52cb0c69

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-13 22:10

Reported

2024-11-13 22:13

Platform

android-x64-arm64-20240910-en

Max time kernel

71s

Max time network

151s

Command Line

com.example.dsk

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.example.dsk

Network

Country Destination Domain Proto
US 216.239.36.223:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.46:443 android.apis.google.com tcp
GB 172.217.169.46:443 android.apis.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 172.217.169.14:443 www.youtube.com tcp
US 1.1.1.1:53 www.dksdirect.icu udp
US 94.158.244.44:443 www.dksdirect.icu tcp
US 94.158.244.44:443 www.dksdirect.icu tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 142.250.187.225:443 tcp
GB 142.250.179.225:443 tcp
US 216.239.32.223:443 tcp
US 216.239.32.223:443 tcp

Files

/data/misc/profiles/cur/0/com.example.dsk/primary.prof

MD5 0bb3ed1645eea5747f505f5e7d7c4d12
SHA1 8942b818c14e0144c82a566bf63bbcd73206be89
SHA256 fa76ea236a1767116c5c64239e91ad29b472a2fcfa4084d797dc9e082dc9d72c
SHA512 d3aa89325555397f57f2b92d68a3fa35f228e0b46b1b00647ba1b3d4eadda2ec22ba4fccbbf48b90515b69179da9dd132a5d9f49886adf56e3c1da4f65475835

/data/data/com.example.dsk/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 eb26de46db5c3d912357d7f4994c3f0f
SHA1 a665108fea5e74c8313269054ef41f341ad82012
SHA256 e672ee8e8b8990b3ead6e25deccad875c84b645a07eafbe699a070a6b41f8706
SHA512 a0d8f00656501b322a7a77ec834be320a1ee89500d32d824a55a253c2ec7f31b5026b3400f81101d6bcba8a656537eab7593bc1a52cd8af335fbca17b5e9bad3