Malware Analysis Report

2025-04-03 14:15

Sample ID 241114-qn258azemj
Target indus.credit.card.apk
SHA256 0f5568d9ea1197e88b22d042d9d2b39c505ba062c63bf74b909cef8041c97086
Tags
collection evasion persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

0f5568d9ea1197e88b22d042d9d2b39c505ba062c63bf74b909cef8041c97086

Threat Level: Shows suspicious behavior

The file indus.credit.card.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection evasion persistence

Loads dropped Dex/Jar

Reads the content of the SMS messages.

Requests dangerous framework permissions

Makes use of the framework's foreground persistence service

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 13:25

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 13:25

Reported

2024-11-14 13:27

Platform

android-33-x64-arm64-20240624-en

Max time kernel

58s

Max time network

70s

Command Line

indus.credit.card

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /system_ext/framework/androidx.window.extensions.jar N/A N/A
N/A /system_ext/framework/androidx.window.extensions.jar N/A N/A
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A

Reads the content of the SMS messages.

collection
Description Indicator Process Target
URI accessed for read content://sms/ N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Processes

indus.credit.card

Network

Country Destination Domain Proto
GB 216.58.201.100:443 udp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 142.250.178.10:443 remoteprovisioning.googleapis.com tcp
GB 216.58.201.100:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 142.250.187.195:443 tcp
US 172.64.41.3:443 udp
GB 142.250.187.195:443 udp
GB 216.58.201.100:443 udp
US 1.1.1.1:53 onlinedeskapi.com udp
US 198.12.234.178:443 onlinedeskapi.com tcp

Files

/system_ext/framework/androidx.window.extensions.jar

MD5 3056e1bdb7d4e19789d0319eff484bd0
SHA1 6791ae47aa9466fe0bca27ad6643f846853bbee4
SHA256 8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0
SHA512 c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

/system_ext/framework/androidx.window.sidecar.jar

MD5 29469324e59dfcc052f24b5af4e7b2c4
SHA1 10c1e17ac6f598037bb51baa07945663645de4eb
SHA256 9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a
SHA512 5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2

/data/data/indus.credit.card/files/profileInstalled

MD5 5a930705e53b25709480496e7dd62a42
SHA1 b551bdd26913a382caa5d52a725e338bdc41d511
SHA256 bfe931dc3e9f8650b5f19055caf2740fb8093ad998f4b00f375d1070a4c1ffc5
SHA512 f96a76b9861c51b44365dff13c849134e98a46b8f764c1a611ac05804f010626d18fbc4f8f0767024ffe262b03f88c75aa4f6384f20fb0779e3df1172be3ec01

/data/data/indus.credit.card/files/mob.txt

MD5 a78fae3168ee2f1e4769de30a02cc6cb
SHA1 ccd8ed0e85525326baefaf9e2e9445ef7a28449b
SHA256 ff1315441424e4faa16aca28ef08bcbd3ef741e9c5d3b75fa3c5e4e53025e1af
SHA512 2e0bbfc3bc1b615e3d467c3d02bbe32e56d0d926d90a81400ed5370cb9001db672071ba43a12b2f4acfb1d386f479ee0b4e0e467203bb42351cb409021f6ed4a