Analysis Overview
SHA256
0f5568d9ea1197e88b22d042d9d2b39c505ba062c63bf74b909cef8041c97086
Threat Level: Shows suspicious behavior
The file indus.credit.card.apk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads the content of the SMS messages.
Requests dangerous framework permissions
Makes use of the framework's foreground persistence service
Registers a broadcast receiver at runtime (usually for listening for system events)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-14 12:58
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 12:58
Reported
2024-11-14 13:01
Platform
android-x86-arm-20240624-en
Max time kernel
54s
Max time network
131s
Command Line
Signatures
Reads the content of the SMS messages.
| Description | Indicator | Process | Target |
| URI accessed for read | content://sms/ | N/A | N/A |
Makes use of the framework's foreground persistence service
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
indus.credit.card
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 216.58.204.74:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | onlinedeskapi.com | udp |
| US | 198.12.234.178:443 | onlinedeskapi.com | tcp |
Files
/data/data/indus.credit.card/files/profileInstalled
| MD5 | 0f4294b910186bd34d38832d278ac036 |
| SHA1 | 9369c15185080f6465ffa89afce78ed373df4e2c |
| SHA256 | b7a8390aef9b4b1227ae9229847787e09f894031b2e5427f3bb1fa692207279f |
| SHA512 | c7bb8d3405f867a7f473968a43d5d181a45ecf0c9ec1e58365683267e935a1414c7f865b2258b51fd0247af9896c2c99c1adf28effde4c8b7390885fdb661839 |
/data/data/indus.credit.card/files/mob.txt
| MD5 | 8b53abf3c0c1ba57dca66614e0e214ad |
| SHA1 | a93d565872376ae91ebcc08ac303061e94bacccf |
| SHA256 | b76a5f9f672e1b39017d5106640962f1d3e7ec38bacbb91f02eb415d4e3dea90 |
| SHA512 | d483fb8507178c8c44286c6f3a03f1c44a037a34a7739c8e5a54f5d4a7c15f50baaa4b9e976061a947419beee623990227fbd65d0d7101707fa2c3eff77a7ffd |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-14 12:58
Reported
2024-11-14 13:01
Platform
android-x64-20240624-en
Max time kernel
149s
Max time network
157s
Command Line
Signatures
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
indus.credit.card
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp |
Files
/data/data/indus.credit.card/files/profileInstalled
| MD5 | a9f18751cea64245518c5994c719e55a |
| SHA1 | 61bef178fceb2e3c81c88ce6bf519afd9f7c77cd |
| SHA256 | 8e6c799e1504605991027c03546e8b9a81eba11d230433aeede6e2180e191fb3 |
| SHA512 | eec76fea6ef2f6164249a08499059bdb0062c1075a5cd8db1e4a8a330cec20ae4120ab10fb2c3b36bded3d731d74e3f297bea5c97173c8430176f59b55e76895 |