Analysis Overview
SHA256
c6d701287fa8b065989ef6f157b47249866d56ad857f296ccfa2c3745a3fe4a8
Threat Level: Known bad
The file c6d701287fa8b065989ef6f157b47249866d56ad857f296ccfa2c3745a3fe4a8 was found to be: Known bad.
Malicious Activity Summary
Axbanker family
Obtains sensitive information copied to the device clipboard
Queries the mobile country code (MCC)
Requests dangerous framework permissions
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-27 19:43
Signatures
Axbanker family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-27 19:43
Reported
2024-11-27 19:45
Platform
android-x86-arm-20240624-en
Max time kernel
51s
Max time network
133s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.example.shineinterview
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.42:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | onlinemeeting.online | udp |
| IN | 89.117.27.152:443 | onlinemeeting.online | tcp |
Files
/data/misc/profiles/cur/0/com.example.shineinterview/primary.prof
| MD5 | 7c1eb4af3f79e9ffeb273fcb0ed8206f |
| SHA1 | c7227d3c1602954cf9a0b322c67dae9e2c3d86bd |
| SHA256 | 37820ff872b0ac9a9a6d44cf6f8bb6ccef7345791ed5ad1e02ec45db1f8b4e9d |
| SHA512 | 943a5e08723e2c95723f4fde17c67cb1be21ea03e401cadb8576f451646071407e549b19ac607c8c809ab171db1c139a5f77f7c3494fb2917c26120eeb93543c |
/data/data/com.example.shineinterview/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | e97e0671a7db4bc0bf73321d8e68bf78 |
| SHA1 | 6f5177bee0493e4300c4aa6b11c6a85ae93d76a1 |
| SHA256 | 8b39350abc2ec14ef988573ca0fd6602e701f4b9e66f8ca9dbffbf25285106ab |
| SHA512 | 406561ecd9f3e3fe6b2af575287f8a5038e31b0c7a1f8376e61f749469148e9047559b2a29347e2977f9c130d288d01ed4ec82c278ce7c46cf5537c32bcdb239 |
/data/data/com.example.shineinterview/files/profileInstalled
| MD5 | 0ece11568a23009da88d5168de604656 |
| SHA1 | b22efc957de3e60f41b2d98171dbb0ecdf0d8053 |
| SHA256 | f62a26b75cbd0ac67828d5069c8403a2eb9deafed15f6b9b5b2ea5d14552a99e |
| SHA512 | f1095a2e93acc231c36f0f76e00b023d2c918a45aea14116f8f8312e64ab122bec70e49da5f797957e77c1ba3aa02f8520980a75da07ab33561507b771b2e3df |
/data/misc/profiles/cur/0/com.example.shineinterview/primary.prof
| MD5 | c06c0a0f3fcd9ebf034a3c4e08bc38fa |
| SHA1 | c27531ba90adbb02a3b605f32167728080490f17 |
| SHA256 | 05db0dfff52fe003ff12df82b24605731f6a09bdecc6c21264ca120982ca8022 |
| SHA512 | 24666f027f0f268ca9f116b7b8f501059e91a088090d128a57211c7fc8fa3f63fa37d44c90906d5b9f980a20afc77bb3f0db54ec41338397faccdb303f9d05b3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-27 19:43
Reported
2024-11-27 19:44
Platform
android-x64-20240624-en
Max time kernel
46s
Max time network
83s
Command Line
Signatures
Processes
com.example.shineinterview
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.40:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp |
Files
/data/misc/profiles/cur/0/com.example.shineinterview/primary.prof
| MD5 | 7c1eb4af3f79e9ffeb273fcb0ed8206f |
| SHA1 | c7227d3c1602954cf9a0b322c67dae9e2c3d86bd |
| SHA256 | 37820ff872b0ac9a9a6d44cf6f8bb6ccef7345791ed5ad1e02ec45db1f8b4e9d |
| SHA512 | 943a5e08723e2c95723f4fde17c67cb1be21ea03e401cadb8576f451646071407e549b19ac607c8c809ab171db1c139a5f77f7c3494fb2917c26120eeb93543c |
/data/data/com.example.shineinterview/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 546ac0040e6adce309870abc768a5375 |
| SHA1 | 7d5a640b0f200d75956abf724e30436477805d8b |
| SHA256 | 0db921083b7a7aea6654850493d0bb717d605895a417249904af514f3794e9eb |
| SHA512 | ff9a6125d9705777e4bae2ce571318d3e244cea1b41596022fc2072104ac84daab9d45807c91603b0d268fe0002cdeef1c0c4fa1220faf924dbe662197793035 |
/data/data/com.example.shineinterview/files/profileInstalled
| MD5 | 477d89a54f5b3aa8d9ebde7ec1b5f05f |
| SHA1 | 5bb2d8271087c520175883f6097acc284b1b7d5a |
| SHA256 | 9bb60d67f35eee6e9cfcde82ffafe9b499c9a3935dd1a7b2d5e2ced2e8ca9b26 |
| SHA512 | 9f28b63c4db2b6141550fe22b36e2c40fe956f31041d2eef376a85d5cf1204743aaf03d7cb9ed4332b1c30015f12cfb79dbecd169b48ed61f3aa9d66bfbad2c0 |
/data/misc/profiles/cur/0/com.example.shineinterview/primary.prof
| MD5 | 8a073709458e35ba0337704b05fe4a9d |
| SHA1 | 78dd8bc96ba89a1bc92a09510cf06a90e640fd0b |
| SHA256 | b109527138ce2fc62c08cd2eac8261780a340b3fc151f2a854cc43a875cf0e41 |
| SHA512 | 37055129017cd91b3eea9f89f54e1dd734010e09836aff1da3b18328db0049a93cc5ff8d79d104d98a9c15a912c8ad57fb502f315340cecdb58cab39e0b231a7 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-27 19:43
Reported
2024-11-27 19:44
Platform
android-x64-arm64-20240624-en
Max time kernel
73s
Max time network
79s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.example.shineinterview
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | onlinemeeting.online | udp |
| IN | 89.117.27.152:443 | onlinemeeting.online | tcp |
| IN | 89.117.27.152:443 | onlinemeeting.online | tcp |
| US | 1.1.1.1:53 | www.recaptcha.net | udp |
| GB | 142.250.178.3:443 | www.recaptcha.net | tcp |
| GB | 142.250.178.3:443 | www.recaptcha.net | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp |
Files
/data/misc/profiles/cur/0/com.example.shineinterview/primary.prof
| MD5 | 7c1eb4af3f79e9ffeb273fcb0ed8206f |
| SHA1 | c7227d3c1602954cf9a0b322c67dae9e2c3d86bd |
| SHA256 | 37820ff872b0ac9a9a6d44cf6f8bb6ccef7345791ed5ad1e02ec45db1f8b4e9d |
| SHA512 | 943a5e08723e2c95723f4fde17c67cb1be21ea03e401cadb8576f451646071407e549b19ac607c8c809ab171db1c139a5f77f7c3494fb2917c26120eeb93543c |
/data/data/com.example.shineinterview/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | d7d0d05cc06d9d95530198ac6c19ca99 |
| SHA1 | 0886e106bed98aba0cbbf350fd2226af6d29630a |
| SHA256 | f26808283e7561c8e5eea4d047da7c49fe56837300425ad99ce674d6660d0f1c |
| SHA512 | 6f0aad40c4edc6e1d1191a1f683c7fb92d8dddc0e6ef39df1f895e63751611699f41c66d993fe3deb7a67d90325714ab04bc0645d3baf7069ac12eb456a95e47 |
/data/misc/profiles/cur/0/com.example.shineinterview/primary.prof
| MD5 | c70e98448713900bb76eced944bfe1f8 |
| SHA1 | 64a2fe92e3a2cef8371f24a05cd2003706001849 |
| SHA256 | fa9d456ae8d13b7f43e55d3bf8977bc72b1883355981465b9adcdb02df3cdc1d |
| SHA512 | 41d731a997cd5939111e0719bdf8b51747c609fe804668f7d063ba5239132d7a3d6fcadff1ae9a9ea606a85af8ddd8d5536b6ab960865f3904c0f73909428689 |