Analysis Overview
SHA256
1be147c207a1177fe3d01e134e4356a37d953e4a80a461dff10385e29c359c96
Threat Level: Shows suspicious behavior
The file 1be147c207a1177fe3d01e134e4356a37d953e4a80a461dff10385e29c359c96.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Requests dangerous framework permissions
Queries the mobile country code (MCC)
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 22:05
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 22:05
Reported
2024-11-13 22:08
Platform
android-x86-arm-20240910-en
Max time kernel
21s
Max time network
151s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.narialsupport.android
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.238:443 | tcp | |
| GB | 216.58.212.238:443 | tcp | |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.14:443 | android.apis.google.com | tcp |
| GB | 172.217.16.228:80 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 142.250.200.35:80 | tcp |
Files
/data/misc/profiles/cur/0/com.narialsupport.android/primary.prof
| MD5 | ff6929b3b9bfae587ca2fb87db958fba |
| SHA1 | f7d7994284d2d441bae07fc356c671b582136232 |
| SHA256 | 1ae529570948d802af83e2358a0db7044568e057fbe014babddd8aa7a104b18c |
| SHA512 | e277783f431649a3c154098a4f3d7034f85059d314ef975d9851c2bd9c844fb178b1bdd953412816625a8104e4b6b9520dc75b7ca6c3725461083cc90380f340 |
/data/data/com.narialsupport.android/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 190e5433af8f8e01ce803084783158c4 |
| SHA1 | 93d47f5512d07d76e5f628ac9869af5da23bffb6 |
| SHA256 | 1c142db3ffc252718f0f39d648d2dfbcbc40418526c6d19f2a07550f26f09815 |
| SHA512 | f83f3aaadc3d8e64e82ab07a16038a253ede83b178f065d0dd6b2b0e43988dc627a2e45a99d592f0d9a45c1e55cae8f31684ae312b9d9f9a4a8807ff0097aab5 |
/data/data/com.narialsupport.android/files/profileInstalled
| MD5 | a426fed80c95e84012fc94dabc956ecb |
| SHA1 | 86ba38f55064ad6a53568b174e9d8bfbc27046fe |
| SHA256 | e654aa012974275c907b5c67dce502d5246ea7f46791905c7c1fdb9ed7ea6f3b |
| SHA512 | 7c8cea6186cf9a553fb1d448245a9d9b00f929223a46b7e9694f11c36e6c3b7adab615f34d02a0b0ae68e87f29016dc650ab48c694736de0885b92c32efadcf0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-13 22:05
Reported
2024-11-13 22:09
Platform
android-x64-20240910-en
Max time kernel
143s
Max time network
155s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.narialsupport.android
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.10:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
Files
/data/misc/profiles/cur/0/com.narialsupport.android/primary.prof
| MD5 | ff6929b3b9bfae587ca2fb87db958fba |
| SHA1 | f7d7994284d2d441bae07fc356c671b582136232 |
| SHA256 | 1ae529570948d802af83e2358a0db7044568e057fbe014babddd8aa7a104b18c |
| SHA512 | e277783f431649a3c154098a4f3d7034f85059d314ef975d9851c2bd9c844fb178b1bdd953412816625a8104e4b6b9520dc75b7ca6c3725461083cc90380f340 |
/data/data/com.narialsupport.android/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 0948359137e2431577eb5642106a7830 |
| SHA1 | 61391c0bcce09777255cd6dbb3a7cc9401bde707 |
| SHA256 | 23311c1226d82e6c89a1607627a6fee68f934c7d436782bcca1344da76926014 |
| SHA512 | 104fd80a16210ca12e6b4092b1f1d5a26887c9241d82da26ff71abd58e1ee30abb1c7eec40b795b3760b86ddfc9e584df34923410d6081a0187811dcf6596d97 |
/data/data/com.narialsupport.android/files/profileInstalled
| MD5 | 67a27b6659c192284a0f04f49eca76ed |
| SHA1 | a0b8ae9fe30a7384f63351768ef85fd9338953f3 |
| SHA256 | d30859ebed861ab38e991c40e41c396989ae82842fbf1a9016072183211ea76a |
| SHA512 | 78d36b2c1db7ba6b0c498dcc8c1384998257a9adc8478e7feebc1866a673c2802da6394b05888626845c1ada89e8ee8264b9c7dfc4515161a99acee946051ce3 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-13 22:05
Reported
2024-11-13 22:08
Platform
android-x64-arm64-20240910-en
Max time kernel
23s
Max time network
150s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks the presence of a debugger
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.narialsupport.android
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.46:443 | android.apis.google.com | tcp |
| GB | 216.58.201.106:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| US | 216.239.36.223:443 | tcp | |
| US | 216.239.36.223:443 | tcp | |
| GB | 142.250.200.1:443 | tcp | |
| GB | 216.58.212.193:443 | tcp | |
| US | 216.239.36.223:443 | tcp | |
| US | 216.239.36.223:443 | tcp |
Files
/data/misc/profiles/cur/0/com.narialsupport.android/primary.prof
| MD5 | ff6929b3b9bfae587ca2fb87db958fba |
| SHA1 | f7d7994284d2d441bae07fc356c671b582136232 |
| SHA256 | 1ae529570948d802af83e2358a0db7044568e057fbe014babddd8aa7a104b18c |
| SHA512 | e277783f431649a3c154098a4f3d7034f85059d314ef975d9851c2bd9c844fb178b1bdd953412816625a8104e4b6b9520dc75b7ca6c3725461083cc90380f340 |
/data/data/com.narialsupport.android/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 84c05d715058cfad658697c250ecd6b6 |
| SHA1 | 7c4acfbcac348fcc368e3fa6373b94d0198424e0 |
| SHA256 | 706c57824ea357314ab5bb9808613fe59a87acae8d1b1e76a834fd25e4fdd9ff |
| SHA512 | d49696a6cb27f73b406cbdaf43fec52b433de2dbf4cb425d0a563ced6094d6cee8b7ab101745d940be535cbf23e4b3fbfc2a55dad9ba2f5b52e80e9e0fe7bdbd |