Malware Analysis Report

2025-04-03 14:15

Sample ID 241114-rmnf4szmay
Target indus.credit.card.apk
SHA256 0f5568d9ea1197e88b22d042d9d2b39c505ba062c63bf74b909cef8041c97086
Tags
persistence evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

0f5568d9ea1197e88b22d042d9d2b39c505ba062c63bf74b909cef8041c97086

Threat Level: Shows suspicious behavior

The file indus.credit.card.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence evasion

Loads dropped Dex/Jar

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 14:19

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 14:18

Reported

2024-11-14 14:22

Platform

android-x86-arm-20240624-en

Max time kernel

69s

Max time network

82s

Command Line

indus.credit.card

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

indus.credit.card

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/indus.credit.card/files/profileInstalled

MD5 ce935cd6b69bb36ee231d26a877ccaa2
SHA1 21403ab65214e68101c5cae7b5a4912d2f1da534
SHA256 4ef123152d001e919b5831f669f22bf77b508c13778cec778a077a935150a8c0
SHA512 877be846956e3275c4dd63774fde2dcdaf137f512d6ae30c45f471a13b9b38e71c5366ad5c751974fa361909894f3678f52ccf89fefa929e7d7d64becc42e38f

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 14:18

Reported

2024-11-14 14:23

Platform

android-x64-arm64-20240624-en

Max time kernel

8s

Max time network

134s

Command Line

indus.credit.card

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A

Processes

indus.credit.card

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/system_ext/framework/androidx.window.sidecar.jar

MD5 bdf3529e80318eb14e53a5bf3720c10d
SHA1 25c9ace4b1af6e80ebb2572345972c56505969ba
SHA256 bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b
SHA512 48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b