Analysis Overview
SHA256
68780c41c82e4a2d0739e7005b4bb5e0f346c065a9f6a58308ed375f01724ba0
Threat Level: Shows suspicious behavior
The file Game_of_thrones_telltale_997924346.apk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
Legitimate hosting services abused for malware hosting/C2
Reads information about phone network operator.
MITRE ATT&CK
Enterprise Matrix V15
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-23 11:34
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-23 11:34
Reported
2024-02-23 12:05
Platform
android-x86-arm-20240221-en
Max time kernel
5s
Max time network
1666s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
Reads information about phone network operator.
Processes
com.simplemobiletools.launcherpzzmowejop
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | static.xx.fbcdn.net | udp |
| US | 1.1.1.1:53 | m.youtube.com | udp |
| US | 1.1.1.1:53 | images-na.ssl-images-amazon.com | udp |
| US | 1.1.1.1:53 | en.m.wikipedia.org | udp |
| US | 1.1.1.1:53 | a.espncdn.com | udp |
| US | 1.1.1.1:53 | s.yimg.com | udp |
| US | 1.1.1.1:53 | ir.ebaystatic.com | udp |
| GB | 142.250.179.238:443 | m.youtube.com | tcp |
| US | 1.1.1.1:53 | www.instagram.com | udp |
| US | 151.101.129.16:443 | images-na.ssl-images-amazon.com | tcp |
| NL | 185.15.59.224:443 | en.m.wikipedia.org | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 157.240.214.11:443 | static.xx.fbcdn.net | tcp |
| GB | 2.16.170.34:80 | a.espncdn.com | tcp |
| GB | 23.44.65.95:443 | ir.ebaystatic.com | tcp |
| GB | 157.240.214.174:443 | www.instagram.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.3:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | s.pingsafe.org | udp |
| US | 172.67.214.20:443 | s.pingsafe.org | tcp |
| US | 1.1.1.1:53 | dabalx.org | udp |
| US | 1.1.1.1:53 | dabalx.org | udp |
| US | 172.67.207.156:443 | dabalx.org | tcp |
| US | 172.67.207.156:443 | dabalx.org | tcp |
| US | 1.1.1.1:53 | new-bestfortunes.life | udp |
| CH | 185.155.186.32:443 | new-bestfortunes.life | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| US | 1.1.1.1:53 | tifgxjmjki | udp |
| US | 1.1.1.1:53 | yttekuw | udp |
| US | 1.1.1.1:53 | wxkxznwwxrkotpo | udp |
| US | 1.1.1.1:53 | play.google.com | udp |
| GB | 216.58.201.110:443 | play.google.com | tcp |
| US | 1.1.1.1:53 | play-lh.googleusercontent.com | udp |
| US | 1.1.1.1:53 | ssl.gstatic.com | udp |
| GB | 142.250.178.22:443 | play-lh.googleusercontent.com | tcp |
| GB | 142.250.178.22:443 | play-lh.googleusercontent.com | tcp |
| GB | 142.250.178.22:443 | play-lh.googleusercontent.com | tcp |
| GB | 142.250.178.22:443 | play-lh.googleusercontent.com | tcp |
| GB | 142.250.178.22:443 | play-lh.googleusercontent.com | tcp |
| GB | 142.250.178.22:443 | play-lh.googleusercontent.com | tcp |
| GB | 142.250.178.3:443 | ssl.gstatic.com | tcp |
| US | 1.1.1.1:53 | stats.g.doubleclick.net | udp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | www.google.co.uk | udp |
| GB | 142.250.179.227:443 | www.google.co.uk | tcp |
| GB | 142.250.178.3:443 | ssl.gstatic.com | tcp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| GB | 216.58.212.195:80 | tcp | |
| GB | 216.58.204.68:443 | tcp | |
| US | 1.1.1.1:53 | drive.google.com | udp |
| GB | 142.250.200.14:80 | drive.google.com | tcp |
| GB | 142.250.200.14:80 | drive.google.com | tcp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 1.1.1.1:53 | ssl.gstatic.com | udp |
| US | 1.1.1.1:53 | docs.google.com | udp |
| GB | 142.250.178.3:443 | ssl.gstatic.com | tcp |
| GB | 142.250.180.14:443 | docs.google.com | tcp |
| GB | 142.250.200.34:443 | tcp | |
| GB | 142.250.178.3:443 | ssl.gstatic.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.178.3:443 | ssl.gstatic.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.178.3:443 | ssl.gstatic.com | tcp |
| GB | 142.250.178.3:443 | ssl.gstatic.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | play.google.com | udp |
| GB | 142.250.178.14:443 | play.google.com | tcp |
| GB | 142.250.178.14:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| BE | 74.125.71.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
Files
/data/data/com.simplemobiletools.launcherpzzmowejop/databases/apps.db-journal
| MD5 | ad9867224fd131da7de9eaadf09ea5de |
| SHA1 | 2ba192c10480b2d25f206efd52dbbae55ebd1818 |
| SHA256 | 581af4424a745f4d52a17634a78648752923d3996c10693a608b9cf6b53ef81d |
| SHA512 | 7254b30a6d30062c053671d1bfc90d41ae59ed55f6c790e1e27482f1baf7c83b9b7af386922a38c68b01a69c510d3b3f23c86430b2ab846419d7d2dc3e9a3bad |
/data/data/com.simplemobiletools.launcherpzzmowejop/databases/apps.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.simplemobiletools.launcherpzzmowejop/databases/apps.db-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/com.simplemobiletools.launcherpzzmowejop/databases/apps.db-wal
| MD5 | 565402cad1d74981bc965bcbe75ae918 |
| SHA1 | ccaff7c44d682680b178e598e70ced4c1cb285f5 |
| SHA256 | e8c1b75651fb6f44b73dd7058e52f478c79a817c0ab14f41463d513a65cb71e2 |
| SHA512 | 22f170d54be61190f1bd226f827728105c20afa95db07fbaf6e3d74bd0b426c9505533be7bee05c3886a05708d57380a17e23269a78ba63d988c1b5ba0fab35c |
/data/data/com.simplemobiletools.launcherpzzmowejop/databases/apps.db-wal
| MD5 | 24653cb280062e68902f91c1ae964e31 |
| SHA1 | b4d44652915dbe373c47dd7f5803f08510d1d839 |
| SHA256 | b3817413ff04733c2a90a5c8bca839b99763ffa0173b90a5e470245347695c79 |
| SHA512 | 19bfb20821856c6646d6da9688722b51ac5960182ec79eebae2b222f55e3ac821e87b3467192ecc7c6715cb86cfec797504dfc5f6eac0fd7e6c65168a0a314a9 |