Malware Analysis Report

2025-01-19 05:51

Sample ID 241127-lybnssymcs
Target scott_pilgrim_netflix_anime_1462046204.apk
SHA256 32a04358c20a4e96e94ffae303527455fbbd8aa40f179b2fdcf3cbdd63ad4747
Tags
collection discovery impact otpstealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

32a04358c20a4e96e94ffae303527455fbbd8aa40f179b2fdcf3cbdd63ad4747

Threat Level: Known bad

The file scott_pilgrim_netflix_anime_1462046204.apk was found to be: Known bad.

Malicious Activity Summary

collection discovery impact otpstealer

Otpstealer family

Otpstealer payload

Requests changing the default SMS application.

Requests dangerous framework permissions

Legitimate hosting services abused for malware hosting/C2

Reads information about phone network operator.

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-27 09:56

Signatures

Otpstealer family

otpstealer

Otpstealer payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-27 09:56

Reported

2024-11-27 09:57

Platform

android-x86-arm-20240624-en

Max time kernel

2s

Max time network

34s

Command Line

com.example.myapplication

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Reads information about phone network operator.

discovery

Requests changing the default SMS application.

collection impact
Description Indicator Process Target
Intent action android.provider.Telephony.ACTION_CHANGE_DEFAULT N/A N/A

Processes

com.example.myapplication

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp

Files

N/A