Analysis Overview
SHA256
0f5568d9ea1197e88b22d042d9d2b39c505ba062c63bf74b909cef8041c97086
Threat Level: Shows suspicious behavior
The file indus.credit.card.apk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Reads the content of the SMS messages.
Makes use of the framework's foreground persistence service
Requests dangerous framework permissions
Registers a broadcast receiver at runtime (usually for listening for system events)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-14 14:23
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-14 14:23
Reported
2024-11-14 14:27
Platform
android-33-x64-arm64-20240624-en
Max time kernel
209s
Max time network
215s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /system_ext/framework/androidx.window.extensions.jar | N/A | N/A |
| N/A | /system_ext/framework/androidx.window.extensions.jar | N/A | N/A |
| N/A | /system_ext/framework/androidx.window.sidecar.jar | N/A | N/A |
| N/A | /system_ext/framework/androidx.window.sidecar.jar | N/A | N/A |
Reads the content of the SMS messages.
| Description | Indicator | Process | Target |
| URI accessed for read | content://sms/ | N/A | N/A |
Makes use of the framework's foreground persistence service
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
Processes
indus.credit.card
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.201.100:443 | udp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.204.78:443 | udp | |
| US | 1.1.1.1:53 | rcs-acs-tmo-us.jibe.google.com | udp |
| US | 216.239.36.155:443 | rcs-acs-tmo-us.jibe.google.com | tcp |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| GB | 142.250.187.195:443 | tcp | |
| US | 172.64.41.3:443 | udp | |
| GB | 142.250.187.195:443 | udp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 216.58.201.100:443 | udp | |
| US | 1.1.1.1:53 | onlinedeskapi.com | udp |
| US | 198.12.234.178:443 | onlinedeskapi.com | tcp |
Files
/system_ext/framework/androidx.window.extensions.jar
| MD5 | 3056e1bdb7d4e19789d0319eff484bd0 |
| SHA1 | 6791ae47aa9466fe0bca27ad6643f846853bbee4 |
| SHA256 | 8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0 |
| SHA512 | c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658 |
/system_ext/framework/androidx.window.sidecar.jar
| MD5 | 29469324e59dfcc052f24b5af4e7b2c4 |
| SHA1 | 10c1e17ac6f598037bb51baa07945663645de4eb |
| SHA256 | 9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a |
| SHA512 | 5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2 |
/data/data/indus.credit.card/files/profileInstalled
| MD5 | f3f0a679c23f96dc8386f615c48be6f7 |
| SHA1 | db14a3d6e8e43a2da32a97dfb2ef6468b25f48b6 |
| SHA256 | d9b3c0291eb2eaa9e6cdbd8af801fda9db28d36eb0d049428ff032e3da700a3a |
| SHA512 | 43f2855746fde1f34d3353350f5488c1c793c5adadc014322449f99fbf26ad9d8e46c04793b99b958267c1c0f9d04fed64942d97a8e809afd6c06f1ffd2fbad6 |
/data/data/indus.credit.card/files/mob.txt
| MD5 | 6d52932cbaf1574d70dff2d2ac56442e |
| SHA1 | 27fa4997bc1c9e1a1accc63bd33928da71460b32 |
| SHA256 | 57a1a4acc4db3a9d435394b0bbf6dc199aad7523895d7ef62489e7a947bf3f3d |
| SHA512 | 1643b888b47b65c67298a64946d398f7cb356371d762aeebc39d92f853228b5f884cab22f271daa51acd31a2577e7ef79ba2690cd5b7f92ee34ce230578b0cad |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 14:23
Reported
2024-11-14 14:26
Platform
android-x86-arm-20240624-en
Max time kernel
68s
Max time network
132s
Command Line
Signatures
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
indus.credit.card
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.202:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
Files
/data/data/indus.credit.card/files/profileInstalled
| MD5 | 25c8c36da6f233b614bda2d87669c42f |
| SHA1 | 63303d493101fc60529b7ab641520dd944fd7b9d |
| SHA256 | cf5c321f70a3b44fc09489028fc3f66803695d1258a2fa9be99e6c8545d6231b |
| SHA512 | 3af598373bd037abc5ee3fe2e4751d7b6eb1f92a52df4ec4358c06e24202a0c6f37de3e02e20346249af602c44bb528ea7b2d1473885a96217f01509decceba4 |