Analysis Overview
SHA256
111969cb0d27a1ea7e8b7c108e1c086a958d4eafbd6beb8879798c9dc780e67b
Threat Level: Known bad
The file 111969cb0d27a1ea7e8b7c108e1c086a958d4eafbd6beb8879798c9dc780e67b.bin was found to be: Known bad.
Malicious Activity Summary
Android SoumniBot payload
Soumnibot family
Requests dangerous framework permissions
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-12-04 22:11
Signatures
Android SoumniBot payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Soumnibot family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read image files from external storage. | android.permission.READ_MEDIA_IMAGES | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application a broad access to external storage in scoped storage. | android.permission.MANAGE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-04 22:11
Reported
2024-12-04 22:14
Platform
android-x64-arm64-20240624-en
Max time kernel
11s
Max time network
132s
Command Line
Signatures
Processes
com.kero.slimming
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp |
Files
/data/data/com.kero.slimming/no_backup/androidx.work.workdb-journal
| MD5 | 5a446e9881dfeed1adcce92df2beab1f |
| SHA1 | ab2cac9287f5591fd56a5af4bb543361ae541971 |
| SHA256 | 0effc02151f01dea0d4a0814bb2db4cd24654dabaf97b1610bc0a077872a4e86 |
| SHA512 | 5d682695d18f87c0be387a88a736fe59568afa3f7f0c4f1b70d044daba65ae53d7accaf39fc5c1851f62f471b2790e06264649faa55e9bdb53f577436417e871 |
/data/data/com.kero.slimming/no_backup/androidx.work.workdb
| MD5 | 7e858c4054eb00fcddc653a04e5cd1c6 |
| SHA1 | 2e056bf31a8d78df136f02a62afeeca77f4faccf |
| SHA256 | 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad |
| SHA512 | d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb |
/data/data/com.kero.slimming/no_backup/androidx.work.workdb-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.kero.slimming/no_backup/androidx.work.workdb-wal
| MD5 | f511e119365db3ba54ab6ab07605319f |
| SHA1 | 7e2683aa0d3c253f0ab79b90cd8127ed75c1d488 |
| SHA256 | cd57d5b7d8cedecd4152170eb5b43c3315fc448c4c03e43f52bcfdb5dedbeb65 |
| SHA512 | a16872ded1f34b3340c0a0e9f3d2cb87f3b087682e9077c7003089d0ad101ed67177fb400f055600cd5e8dd8e72520a2d3693287050f4aa8b5af4a63dc06cc01 |
/data/data/com.kero.slimming/no_backup/androidx.work.workdb-wal
| MD5 | 48e6ebfbfd5d35fcc2a942d80778026e |
| SHA1 | 6e6b7a35a1dc76ee9afdf28453b9cfe1519e0fec |
| SHA256 | d6911beb35e050ba6c83ecf54e7dbee5bf39036fcb77dc66fb5a19bb315105e4 |
| SHA512 | 32c541337d5afbf869d05114df509359e47d14340dc4508ddc66933f004af2dd33b661a2457ef686ce309bc7c32bfb19857d387a9296b1264ddf8cd06af5dbd8 |