Malware Analysis Report

2024-12-07 19:22

Sample ID 241114-mrnv8axmbs
Target Sinergram.apk
SHA256 a946908f67ecd089ee34cc9aa89a9075de754d09e4bd2a82481fa029d8683fdc
Tags
collection credential_access impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

a946908f67ecd089ee34cc9aa89a9075de754d09e4bd2a82481fa029d8683fdc

Threat Level: Shows suspicious behavior

The file Sinergram.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection credential_access impact

Obtains sensitive information copied to the device clipboard

Attempts to obfuscate APK file format

Declares services with permission to bind to the system

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 10:42

Signatures

Attempts to obfuscate APK file format

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 10:42

Reported

2024-11-14 10:45

Platform

android-x64-arm64-20240624-en

Max time kernel

132s

Max time network

146s

Command Line

com.example.application

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.example.application

Network

Country Destination Domain Proto
GB 216.58.212.238:443 tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
DE 62.60.158.14:300 tcp
DE 62.60.158.14:300 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
DE 62.60.158.14:300 tcp
DE 178.63.215.73:300 tcp
DE 62.60.158.14:300 tcp
DE 178.63.215.73:300 tcp
DE 178.63.215.73:300 tcp
DE 62.60.158.13:300 tcp
DE 178.63.215.73:300 tcp
DE 62.60.158.13:300 tcp
DE 62.60.158.13:300 tcp
DE 5.9.230.13:300 tcp
DE 62.60.158.13:300 tcp
DE 5.9.230.13:300 tcp
DE 5.9.230.13:300 tcp
DE 178.63.237.127:300 tcp
DE 5.9.230.13:300 tcp
DE 178.63.237.127:300 tcp
DE 178.63.237.127:300 tcp
DE 85.209.154.13:300 tcp
DE 178.63.237.127:300 tcp
DE 85.209.154.13:300 tcp
DE 85.209.154.13:300 tcp
DE 85.209.154.145:300 tcp
DE 85.209.154.13:300 tcp
DE 85.209.154.145:300 tcp
DE 85.209.154.145:300 tcp
DE 62.60.158.13:308 62.60.158.13 tcp
DE 85.209.154.145:300 tcp
DE 62.60.158.14:300 tcp
DE 62.60.158.14:300 tcp
DE 62.60.158.14:300 tcp
DE 62.60.158.14:300 tcp
DE 178.63.215.73:300 tcp
DE 178.63.215.73:300 tcp
DE 178.63.215.73:300 tcp
DE 178.63.215.73:300 tcp
DE 62.60.158.13:300 tcp
DE 62.60.158.13:300 tcp
DE 62.60.158.13:300 tcp
DE 62.60.158.13:300 tcp
DE 5.9.230.13:300 tcp
DE 5.9.230.13:300 tcp
DE 5.9.230.13:300 tcp
DE 5.9.230.13:300 tcp
DE 178.63.237.127:300 tcp
DE 178.63.237.127:300 tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
DE 178.63.237.127:300 tcp
DE 178.63.237.127:300 tcp
DE 85.209.154.13:300 tcp
DE 85.209.154.13:300 tcp
DE 85.209.154.13:300 tcp
DE 85.209.154.13:300 tcp
DE 85.209.154.145:300 tcp
DE 85.209.154.145:300 tcp
DE 85.209.154.145:300 tcp
DE 85.209.154.145:300 tcp
DE 62.60.158.13:308 62.60.158.13 tcp
DE 62.60.158.14:300 tcp
DE 62.60.158.14:300 tcp
DE 62.60.158.14:300 tcp
DE 62.60.158.14:300 tcp
DE 178.63.215.73:300 tcp
DE 178.63.215.73:300 tcp
DE 178.63.215.73:300 tcp
DE 178.63.215.73:300 tcp
DE 62.60.158.13:300 tcp
DE 62.60.158.13:300 tcp
DE 62.60.158.13:300 tcp
DE 62.60.158.13:300 tcp
DE 5.9.230.13:300 tcp
DE 5.9.230.13:300 tcp
DE 5.9.230.13:300 tcp
DE 5.9.230.13:300 tcp
DE 178.63.237.127:300 tcp
DE 178.63.237.127:300 tcp
DE 178.63.237.127:300 tcp
DE 178.63.237.127:300 tcp
DE 85.209.154.13:300 tcp
DE 85.209.154.13:300 tcp
DE 85.209.154.13:300 tcp
DE 85.209.154.13:300 tcp
DE 85.209.154.145:300 tcp
DE 85.209.154.145:300 tcp
DE 85.209.154.145:300 tcp
DE 85.209.154.145:300 tcp
DE 62.60.158.13:308 62.60.158.13 tcp
DE 62.60.158.14:300 tcp
DE 62.60.158.14:300 tcp
DE 62.60.158.14:300 tcp
DE 62.60.158.14:300 tcp
DE 178.63.215.73:300 tcp
DE 178.63.215.73:300 tcp
DE 178.63.215.73:300 tcp
DE 178.63.215.73:300 tcp
DE 62.60.158.13:300 tcp
DE 62.60.158.13:300 tcp
DE 62.60.158.13:300 tcp
DE 62.60.158.13:300 tcp
DE 5.9.230.13:300 tcp
DE 5.9.230.13:300 tcp
DE 5.9.230.13:300 tcp
DE 5.9.230.13:300 tcp
DE 178.63.237.127:300 tcp
DE 178.63.237.127:300 tcp
DE 178.63.237.127:300 tcp
DE 178.63.237.127:300 tcp
DE 85.209.154.13:300 tcp
DE 85.209.154.13:300 tcp
DE 85.209.154.13:300 tcp
DE 85.209.154.13:300 tcp
DE 85.209.154.145:300 tcp
DE 85.209.154.145:300 tcp
DE 85.209.154.145:300 tcp
DE 85.209.154.145:300 tcp
DE 62.60.158.13:308 62.60.158.13 tcp
DE 62.60.158.14:300 tcp
DE 62.60.158.14:300 tcp
DE 62.60.158.14:300 tcp
DE 62.60.158.14:300 tcp
DE 178.63.215.73:300 tcp
DE 178.63.215.73:300 tcp
DE 178.63.215.73:300 tcp
DE 178.63.215.73:300 tcp
DE 62.60.158.13:300 tcp
DE 62.60.158.13:300 tcp
DE 62.60.158.13:300 tcp
DE 62.60.158.13:300 tcp
DE 5.9.230.13:300 tcp
DE 5.9.230.13:300 tcp
DE 5.9.230.13:300 tcp
DE 5.9.230.13:300 tcp
DE 178.63.237.127:300 tcp
DE 178.63.237.127:300 tcp
DE 178.63.237.127:300 tcp
DE 178.63.237.127:300 tcp
DE 85.209.154.13:300 tcp
DE 85.209.154.13:300 tcp
DE 85.209.154.13:300 tcp
DE 85.209.154.13:300 tcp
DE 85.209.154.145:300 tcp
DE 85.209.154.145:300 tcp
DE 85.209.154.145:300 tcp
DE 85.209.154.145:300 tcp
DE 62.60.158.13:308 62.60.158.13 tcp
DE 62.60.158.14:300 tcp
DE 62.60.158.14:300 tcp
DE 62.60.158.14:300 tcp
DE 178.63.215.73:300 tcp
DE 178.63.215.73:300 tcp
DE 178.63.215.73:300 tcp
DE 62.60.158.13:300 tcp
DE 62.60.158.13:300 tcp
DE 62.60.158.13:300 tcp
DE 5.9.230.13:300 tcp
DE 5.9.230.13:300 tcp
DE 5.9.230.13:300 tcp
DE 178.63.237.127:300 tcp
DE 178.63.237.127:300 tcp
DE 178.63.237.127:300 tcp
DE 85.209.154.13:300 tcp
DE 85.209.154.13:300 tcp
DE 85.209.154.13:300 tcp
DE 85.209.154.145:300 tcp
DE 85.209.154.145:300 tcp
DE 85.209.154.145:300 tcp
DE 62.60.158.13:308 62.60.158.13 tcp

Files

/data/misc/profiles/cur/0/com.example.application/primary.prof

MD5 31f034348980ff7afe3dcb170575e77b
SHA1 04b73895a2b31f1aecdc798a36d803559574b434
SHA256 08e843b7fde86451d66bb0b4d41eb76ae12637f3d37310742e8b1f5c77d6f87a
SHA512 3c265bac21c894c8fff73993575b5b88b1d9e5c98ef37f25714a623fe190525a0bef11b84d85a2d8fca9287be3934d805289f7e8eb29b35c1eb9a07962dafb88

/data/data/com.example.application/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 de33e97c38d39c62292c12ef4bcd8441
SHA1 cd6cb4d540514121aa222dfa14d476cd6d76c745
SHA256 2b052dba2ff88f68c4194bd6a4ccf1e8975d0432747fdb6d11d506a8abb565e8
SHA512 6037d15c5bafdda90f30ad102fdc2835bd68d82db9960120b4b8fd381c829e5e28931398aba135ffe78e262d62453aeb3eb6b186583d908ef1703db68f599cfa

/data/misc/profiles/cur/0/com.example.application/primary.prof

MD5 9e395f1833c45cd5dbc18b9e39417763
SHA1 a0c4a49eb4cfec2ee71f6c8aadc8e7db8ce84016
SHA256 48b485f849b9cdc93502d33a1b2587b3da8748aac825bf4343ddd41a70083ad8
SHA512 b966a80151befe1fc19b69aa17c611d1a00c4e81ef3a188bb5d239e0b1636dd1e2d4846c1cf61f53f81b36cd929bcad8a271ba1c0d84e041b1a1a83e5ea428c7