Analysis Overview
SHA256
91135fdeeab900ad00302f025096741e3fbfe3e5ba2aee57c7d513564ff24d86
Threat Level: Known bad
The file 91135fdeeab900ad00302f025096741e3fbfe3e5ba2aee57c7d513564ff24d86.bin was found to be: Known bad.
Malicious Activity Summary
Ajina family
Makes use of the framework's Accessibility service
Declares services with permission to bind to the system
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-19 14:32
Signatures
Ajina family
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-19 14:32
Reported
2024-11-19 14:35
Platform
android-x64-20240624-en
Max time kernel
93s
Max time network
155s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| SE | 46.226.160.5:8080 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 172.217.169.46:443 | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 5276a38e2c2eb135639987d2a0486e84 |
| SHA1 | 38a08350c707b7f77fd1bb370e83954096c684de |
| SHA256 | 6eefcbb1574779d599607010d03118f29488ac7797d100defd82246d556325df |
| SHA512 | 4358486e00a9cd395d0d27971569660203ae8cef66afccaef95a42cfa3e4abf767799312a7cec6c636bb65f29c338cddd64181845e20e5cf4afafd4bdce9de1b |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 636f4d61658719dbf8e4fcba6443e617 |
| SHA1 | 001c2e01a6fb96da9f48fd2635fedde337e18c4b |
| SHA256 | 6a1ba89d344e46eb7a27d332b74ebf0c622c54ff30fcd5646e5e8b3100bd548b |
| SHA512 | e35b537f7b8cb367181e7808d56bae6f0cd701a7a7addccc7349b527fd8e1e09c65df24a712e4659258c5023f1998626a59cb9ec5db21e457e6b9f5daec7ab6f |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | ca70d20b40b073264ed73a38964b4db4 |
| SHA1 | 0a249d13905745d8317a7564c9f107d371bd8b2f |
| SHA256 | 385f0db04f038554ec91c3b19a9bb3467969cbac7c25b2fa14d86e47d0578b4c |
| SHA512 | da1e6e15d8f7e87441c64f0331fb88d4336e19aa1104312e9cf3c12a22b3f84b5935cacf48d1222cbc85df291450bc3c99711fd904bc88557234770829652a47 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 6f14904c0594d7b5c08c4311ce4f0bb9 |
| SHA1 | 6253e9fa4e6dd18c8fc924ab0a1ba6f5a0efd402 |
| SHA256 | b156fbe6614688930f00b4c980c0ebcb016530e72adcd33ae96e8e81347d4c70 |
| SHA512 | 47008c25f1f7fa5d004b2d619e4ac997a72f0ec8aa97bab8fe2571c553abd94ae970c3ba2bcb1228a3ce76132ef995c2528bd5112999fffc44203277698650cd |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-19 14:32
Reported
2024-11-19 14:35
Platform
android-x64-arm64-20240624-en
Max time kernel
93s
Max time network
133s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| SE | 46.226.160.5:8080 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 5276a38e2c2eb135639987d2a0486e84 |
| SHA1 | 38a08350c707b7f77fd1bb370e83954096c684de |
| SHA256 | 6eefcbb1574779d599607010d03118f29488ac7797d100defd82246d556325df |
| SHA512 | 4358486e00a9cd395d0d27971569660203ae8cef66afccaef95a42cfa3e4abf767799312a7cec6c636bb65f29c338cddd64181845e20e5cf4afafd4bdce9de1b |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | fd81f97c54231987fbb7c95484f864da |
| SHA1 | 9ebc63f8944e2c5f32a3b5ffbd7bfc6552b8454a |
| SHA256 | 9c56cb4a5c1b02bf0a33856e1d85e107a374041d94e1649857a01107b54220e1 |
| SHA512 | e6cb873e6c3714d8dfe7d19a9f76c2e4bbbfe40052042dca6358e498161db0d55d7bd079164ce213b0000f8f7990e7afccdb1bb286d714103733e7497a3d11fa |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | a75bfef2900048173bf1290b5999389a |
| SHA1 | 7c1471d0f11d0374cc1cb4ff02b1cf076d2cd1b6 |
| SHA256 | 3e9724402cfbd7f1f3d871be88db6671fcaa50496d995adf45dbec0d5742b568 |
| SHA512 | 2394d1a16cf903e6e32ecab52177f84948d678892f8597586b7bb2dbf24f982268bb8cae8e1de85b30290d9c6529ea54aae08f0253eb71e24fa6f034489931cc |
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-19 14:32
Reported
2024-11-19 14:35
Platform
android-33-x64-arm64-20240624-en
Max time kernel
130s
Max time network
133s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.201.100:443 | udp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| SE | 46.226.160.5:8080 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.204.78:443 | udp | |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| GB | 142.250.178.3:443 | tcp | |
| US | 172.64.41.3:443 | udp | |
| GB | 142.250.178.3:443 | udp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| US | 1.1.1.1:53 | rcs-acs-tmo-us.jibe.google.com | udp |
| US | 216.239.36.155:443 | rcs-acs-tmo-us.jibe.google.com | tcp |
| GB | 216.58.201.100:443 | udp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 2150ddf4997818177c4706462e145061 |
| SHA1 | 527f4f19ccc62bfdcf4ba58b19ccf6d2facd2f79 |
| SHA256 | e2d41ac98cfc23f54dc50590274f151368455f6a6bfd113cbc576617eb93a59f |
| SHA512 | a619641bfde689f8f0b61353bb8bb9235992037b833b9db8831bac262dedc02f8d6e66ca005fc3a34787dbf716b3120d455df7a49daa6dead6ecd30a3dd6a77f |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 601d14753b7e339a3c137bfd064e3168 |
| SHA1 | 34f37dd1f3c11c372fe38e0ba148a8cb8bea0a27 |
| SHA256 | bc0bfda2e68d20ff980215ec28be23313730b2eb3dfdf4b8ce7d697aed977460 |
| SHA512 | d080e28342a03c4921b34c95c129e6adc344727c0d866cbeac4148a79725d8f34fe45614bc12ba88304eee245093b6c83ef97f74fdc99e721413796a2a11767d |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | c4921ba0e2ed5b99dfcfc971d59b4b00 |
| SHA1 | 92caad647dbb1eb492bfb51b8616ea870d16b4d0 |
| SHA256 | a0a97543e1b446fb35fc74819350e51c48fb4325479f7e87d14410f4b55bdb42 |
| SHA512 | 8b83c07d83f87ac8def411136607b10fea20fd3b4815604d5de2865543f52fee2dee773d40609e0acc5c7be11801b4cc2e8739a9741333e5cfd53ef9335377e0 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-19 14:32
Reported
2024-11-19 14:35
Platform
android-x86-arm-20240624-en
Max time kernel
93s
Max time network
132s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.213.10:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| SE | 46.226.160.5:8080 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 5276a38e2c2eb135639987d2a0486e84 |
| SHA1 | 38a08350c707b7f77fd1bb370e83954096c684de |
| SHA256 | 6eefcbb1574779d599607010d03118f29488ac7797d100defd82246d556325df |
| SHA512 | 4358486e00a9cd395d0d27971569660203ae8cef66afccaef95a42cfa3e4abf767799312a7cec6c636bb65f29c338cddd64181845e20e5cf4afafd4bdce9de1b |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | e50ec54e8786675d9689b337f9743d55 |
| SHA1 | ac59efd2189d5f3cec2016cf11a8b6d7c768e8ac |
| SHA256 | 0f5f1b17b2d21bd7ce26caa9e7b8aa9d73eea9c50bc54c78802c9f3cece23efb |
| SHA512 | 25d5eb1b6e7c451a1cdf9627a5df53b28c1306c561428f7d70a36a4f7143b3b7b3da955474e5f4485666af3646cd300257d2ab52c30f8ed98ce46c9c3a23980b |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | 781db4f77e3c690c8e77ead822a0265c |
| SHA1 | 3107b0c9dddf51dbcba516ae9682f01b8c0d201b |
| SHA256 | 3a5f6e93fd7eae4ebc937eb6c9554cc381597f8f8631f7195595c72bbef07194 |
| SHA512 | 86fece3391eff56aa00deb333910ccb9155d81fe61f071190573c57a2faad712be1e3ddf23306652b655bd542d92636c32dd9289d61c0535af275902fbc2003d |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 664709f366dd89536ad59274e8354699 |
| SHA1 | a8b3bb10635ff19f0e3feb475d868cc5d3b3f3ab |
| SHA256 | d20fac568b680f691210f03e2af9df41ffb3769cd69372f01aceac4d14b15bb9 |
| SHA512 | 77f5b18256cf02ab6d595747c5104ef42639241fb1fbb3a8bf99b00e2e9c1112d0ecc9146685f6945c519e14f0ccd1204c7aa438c1b2ed271b83a505479fcaf3 |