Analysis Overview
SHA256
4345c978e38502461e187a45ed9b27e202adcdc58b4321bd6e878b8a70d136f5
Threat Level: Known bad
The file d8661409d7cbc3c89bb6bab53f818fc5.apk was found to be: Known bad.
Malicious Activity Summary
Axbanker family
Requests dangerous framework permissions
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-12-11 09:15
Signatures
Axbanker family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-11 09:15
Reported
2024-12-11 09:18
Platform
android-x86-arm-20240624-en
Max time kernel
47s
Max time network
142s
Command Line
Signatures
Processes
com.example.shineinterview
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.74:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
Files
/data/misc/profiles/cur/0/com.example.shineinterview/primary.prof
| MD5 | 7c1eb4af3f79e9ffeb273fcb0ed8206f |
| SHA1 | c7227d3c1602954cf9a0b322c67dae9e2c3d86bd |
| SHA256 | 37820ff872b0ac9a9a6d44cf6f8bb6ccef7345791ed5ad1e02ec45db1f8b4e9d |
| SHA512 | 943a5e08723e2c95723f4fde17c67cb1be21ea03e401cadb8576f451646071407e549b19ac607c8c809ab171db1c139a5f77f7c3494fb2917c26120eeb93543c |
/data/data/com.example.shineinterview/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 8b7c777fcbea40166d10afa3d005e14a |
| SHA1 | 731e24c56dfbea02a9729dd0bf0edaa2b89087c1 |
| SHA256 | f0765ef7bd716b9f03c7f5cfeeea071c018ffe031a8236a68bb7cde8e171b270 |
| SHA512 | 5ef0399cd7e8141fa7a29c6f92a73d98ab69271adfb15e709ac94f4367aff966dee0383ce94dcff78af0a5fa5c98ea871745aca0f83978885987bb45d3dbbb97 |
/data/data/com.example.shineinterview/files/profileInstalled
| MD5 | 5990398ab583b980180df7f4ed078945 |
| SHA1 | ad27d715f7b247e74c507ee89d16cd905945f4f1 |
| SHA256 | 60c74a1510a37643a35a1c6b72493b4784cbda1b75bce1dcb33ce8d450d8628b |
| SHA512 | 2123f4a3b0c7a8ee2a023125214814fdbc941ddfb3bbd80f7326c91043add117032277949d1367bfd49c3c57303ab0a3490523a94f63ec592c923ef7a615dd0d |
/data/misc/profiles/cur/0/com.example.shineinterview/primary.prof
| MD5 | 898cb82e137925449b87f15dcc13fb4b |
| SHA1 | ad85478b0e4e0351268c5be76d10403239d0b171 |
| SHA256 | 9c18294655ffa07214483be6d0308241ddd7b0140ec0a9545a2a846fcbc0600b |
| SHA512 | 83addea06008c8101d23ede3b03e6a5213e28ea517f006e09c4d138f6790053d461d75b2315e6c0a142fa4d8b59e404561031f0a9e484c99df96dd0bb56d8bc0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-11 09:15
Reported
2024-12-11 09:18
Platform
android-x64-20240910-en
Max time kernel
45s
Max time network
152s
Command Line
Signatures
Processes
com.example.shineinterview
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
Files
/data/misc/profiles/cur/0/com.example.shineinterview/primary.prof
| MD5 | 7c1eb4af3f79e9ffeb273fcb0ed8206f |
| SHA1 | c7227d3c1602954cf9a0b322c67dae9e2c3d86bd |
| SHA256 | 37820ff872b0ac9a9a6d44cf6f8bb6ccef7345791ed5ad1e02ec45db1f8b4e9d |
| SHA512 | 943a5e08723e2c95723f4fde17c67cb1be21ea03e401cadb8576f451646071407e549b19ac607c8c809ab171db1c139a5f77f7c3494fb2917c26120eeb93543c |
/data/data/com.example.shineinterview/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 041d32c47abfc620b688c56774b6e559 |
| SHA1 | 7570f84be48e6d09b85ebb37accbf2236dd48e4c |
| SHA256 | c41d22f3f026f0504d3a88c3f06e0dc9ba7e4b1b9e521788701f3810badcc5ff |
| SHA512 | ac418a9bd16b7b3ca336106a95dac75235e53dbdf966c55f566b59e30592c67fd6518e3c7c92c4d04a7831fe0750a4fc4a63670c6f55082e6b2e4a365a61a241 |
/data/data/com.example.shineinterview/files/profileInstalled
| MD5 | 105ddff89fa99ebc74e7b2f8ce496cfb |
| SHA1 | 1537b06606e8941980cfa934545f1afecebd2a9d |
| SHA256 | 69d8c89cc600b6df5d9551bfd9dfe5e0e43b3637957d5d03283a9a206260edcc |
| SHA512 | a879d169b0bb7d0bf62817e5e69b23b45976b2eb8a04eabead5d5fc6644f5e4eaab85e077cedd3d6e7cdb3e7f45209b025dca5799d1a0dc4241f24f07f9c5521 |
/data/misc/profiles/cur/0/com.example.shineinterview/primary.prof
| MD5 | 6367002d756b5fe63e0a3c95310e6de0 |
| SHA1 | 01da28a2413e4a257d1037ace746d45e3a661bde |
| SHA256 | ee99e418e2d2ac3337331580187c47d22bcfd3834f02bc9389e6f21802812128 |
| SHA512 | 2d25386b94f1778344988c6804f074f105fbdd3fa11c1b6e967b4d08c8bc58f21714bc27ab268d40e4fabd2b372c070c785dcd34dc7c19c69fa9f30e136a79bc |
Analysis: behavioral3
Detonation Overview
Submitted
2024-12-11 09:15
Reported
2024-12-11 09:18
Platform
android-x64-arm64-20240624-en
Max time kernel
7s
Max time network
134s
Command Line
Signatures
Processes
com.example.shineinterview
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp |
Files
/data/misc/profiles/cur/0/com.example.shineinterview/primary.prof
| MD5 | 7c1eb4af3f79e9ffeb273fcb0ed8206f |
| SHA1 | c7227d3c1602954cf9a0b322c67dae9e2c3d86bd |
| SHA256 | 37820ff872b0ac9a9a6d44cf6f8bb6ccef7345791ed5ad1e02ec45db1f8b4e9d |
| SHA512 | 943a5e08723e2c95723f4fde17c67cb1be21ea03e401cadb8576f451646071407e549b19ac607c8c809ab171db1c139a5f77f7c3494fb2917c26120eeb93543c |
/data/data/com.example.shineinterview/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 30548395a31cad96241a0703b0b0948b |
| SHA1 | 867f990ee3657cb0998c975e795709481e42b6e8 |
| SHA256 | 074b80a6e10c3b022d6640a79aed20c671d73708003dc5e3ce10f9042b87ceec |
| SHA512 | c50f25254ee3911be09985f1076c0f3e384ab01a74c180abc78e3aeb80e565413b33090484e3c8ad2f26573cd23da6865d56b0c9f742eb42958ad4c006e9e628 |