Malware Analysis Report

2025-04-03 14:15

Sample ID 241114-p7gg7azcnr
Target indus.credit.card.apk
SHA256 0f5568d9ea1197e88b22d042d9d2b39c505ba062c63bf74b909cef8041c97086
Tags
collection evasion persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

0f5568d9ea1197e88b22d042d9d2b39c505ba062c63bf74b909cef8041c97086

Threat Level: Shows suspicious behavior

The file indus.credit.card.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection evasion persistence

Reads the content of the SMS messages.

Requests dangerous framework permissions

Makes use of the framework's foreground persistence service

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 12:58

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 12:58

Reported

2024-11-14 13:01

Platform

android-x86-arm-20240624-en

Max time kernel

54s

Max time network

131s

Command Line

indus.credit.card

Signatures

Reads the content of the SMS messages.

collection
Description Indicator Process Target
URI accessed for read content://sms/ N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

indus.credit.card

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 onlinedeskapi.com udp
US 198.12.234.178:443 onlinedeskapi.com tcp

Files

/data/data/indus.credit.card/files/profileInstalled

MD5 0f4294b910186bd34d38832d278ac036
SHA1 9369c15185080f6465ffa89afce78ed373df4e2c
SHA256 b7a8390aef9b4b1227ae9229847787e09f894031b2e5427f3bb1fa692207279f
SHA512 c7bb8d3405f867a7f473968a43d5d181a45ecf0c9ec1e58365683267e935a1414c7f865b2258b51fd0247af9896c2c99c1adf28effde4c8b7390885fdb661839

/data/data/indus.credit.card/files/mob.txt

MD5 8b53abf3c0c1ba57dca66614e0e214ad
SHA1 a93d565872376ae91ebcc08ac303061e94bacccf
SHA256 b76a5f9f672e1b39017d5106640962f1d3e7ec38bacbb91f02eb415d4e3dea90
SHA512 d483fb8507178c8c44286c6f3a03f1c44a037a34a7739c8e5a54f5d4a7c15f50baaa4b9e976061a947419beee623990227fbd65d0d7101707fa2c3eff77a7ffd

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 12:58

Reported

2024-11-14 13:01

Platform

android-x64-20240624-en

Max time kernel

149s

Max time network

157s

Command Line

indus.credit.card

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

indus.credit.card

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

/data/data/indus.credit.card/files/profileInstalled

MD5 a9f18751cea64245518c5994c719e55a
SHA1 61bef178fceb2e3c81c88ce6bf519afd9f7c77cd
SHA256 8e6c799e1504605991027c03546e8b9a81eba11d230433aeede6e2180e191fb3
SHA512 eec76fea6ef2f6164249a08499059bdb0062c1075a5cd8db1e4a8a330cec20ae4120ab10fb2c3b36bded3d731d74e3f297bea5c97173c8430176f59b55e76895