Malware Analysis Report

2025-08-06 00:04

Sample ID 240223-npklfsfg97
Target Game_of_thrones_telltale_997924346.apk
SHA256 68780c41c82e4a2d0739e7005b4bb5e0f346c065a9f6a58308ed375f01724ba0
Tags
discovery
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

68780c41c82e4a2d0739e7005b4bb5e0f346c065a9f6a58308ed375f01724ba0

Threat Level: Shows suspicious behavior

The file Game_of_thrones_telltale_997924346.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Requests dangerous framework permissions

Legitimate hosting services abused for malware hosting/C2

Reads information about phone network operator.

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 11:34

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 11:34

Reported

2024-02-23 12:05

Platform

android-x86-arm-20240221-en

Max time kernel

5s

Max time network

1666s

Command Line

com.simplemobiletools.launcherpzzmowejop

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A

Reads information about phone network operator.

discovery

Processes

com.simplemobiletools.launcherpzzmowejop

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 static.xx.fbcdn.net udp
US 1.1.1.1:53 m.youtube.com udp
US 1.1.1.1:53 images-na.ssl-images-amazon.com udp
US 1.1.1.1:53 en.m.wikipedia.org udp
US 1.1.1.1:53 a.espncdn.com udp
US 1.1.1.1:53 s.yimg.com udp
US 1.1.1.1:53 ir.ebaystatic.com udp
GB 142.250.179.238:443 m.youtube.com tcp
US 1.1.1.1:53 www.instagram.com udp
US 151.101.129.16:443 images-na.ssl-images-amazon.com tcp
NL 185.15.59.224:443 en.m.wikipedia.org tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 157.240.214.11:443 static.xx.fbcdn.net tcp
GB 2.16.170.34:80 a.espncdn.com tcp
GB 23.44.65.95:443 ir.ebaystatic.com tcp
GB 157.240.214.174:443 www.instagram.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.3:443 update.googleapis.com tcp
US 1.1.1.1:53 s.pingsafe.org udp
US 172.67.214.20:443 s.pingsafe.org tcp
US 1.1.1.1:53 dabalx.org udp
US 1.1.1.1:53 dabalx.org udp
US 172.67.207.156:443 dabalx.org tcp
US 172.67.207.156:443 dabalx.org tcp
US 1.1.1.1:53 new-bestfortunes.life udp
CH 185.155.186.32:443 new-bestfortunes.life tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
US 1.1.1.1:53 tifgxjmjki udp
US 1.1.1.1:53 yttekuw udp
US 1.1.1.1:53 wxkxznwwxrkotpo udp
US 1.1.1.1:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 1.1.1.1:53 play-lh.googleusercontent.com udp
US 1.1.1.1:53 ssl.gstatic.com udp
GB 142.250.178.22:443 play-lh.googleusercontent.com tcp
GB 142.250.178.22:443 play-lh.googleusercontent.com tcp
GB 142.250.178.22:443 play-lh.googleusercontent.com tcp
GB 142.250.178.22:443 play-lh.googleusercontent.com tcp
GB 142.250.178.22:443 play-lh.googleusercontent.com tcp
GB 142.250.178.22:443 play-lh.googleusercontent.com tcp
GB 142.250.178.3:443 ssl.gstatic.com tcp
US 1.1.1.1:53 stats.g.doubleclick.net udp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
US 1.1.1.1:53 www.google.co.uk udp
GB 142.250.179.227:443 www.google.co.uk tcp
GB 142.250.178.3:443 ssl.gstatic.com tcp
US 1.1.1.1:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
GB 216.58.212.195:80 tcp
GB 216.58.204.68:443 tcp
US 1.1.1.1:53 drive.google.com udp
GB 142.250.200.14:80 drive.google.com tcp
GB 142.250.200.14:80 drive.google.com tcp
US 1.1.1.1:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 1.1.1.1:53 ssl.gstatic.com udp
US 1.1.1.1:53 docs.google.com udp
GB 142.250.178.3:443 ssl.gstatic.com tcp
GB 142.250.180.14:443 docs.google.com tcp
GB 142.250.200.34:443 tcp
GB 142.250.178.3:443 ssl.gstatic.com tcp
GB 142.250.187.206:443 tcp
GB 142.250.178.3:443 ssl.gstatic.com tcp
GB 142.250.187.206:443 tcp
GB 142.250.178.3:443 ssl.gstatic.com tcp
GB 142.250.178.3:443 ssl.gstatic.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.167.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 1.1.1.1:53 play.google.com udp
GB 142.250.178.14:443 play.google.com tcp
GB 142.250.178.14:443 play.google.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
BE 74.125.71.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp

Files

/data/data/com.simplemobiletools.launcherpzzmowejop/databases/apps.db-journal

MD5 ad9867224fd131da7de9eaadf09ea5de
SHA1 2ba192c10480b2d25f206efd52dbbae55ebd1818
SHA256 581af4424a745f4d52a17634a78648752923d3996c10693a608b9cf6b53ef81d
SHA512 7254b30a6d30062c053671d1bfc90d41ae59ed55f6c790e1e27482f1baf7c83b9b7af386922a38c68b01a69c510d3b3f23c86430b2ab846419d7d2dc3e9a3bad

/data/data/com.simplemobiletools.launcherpzzmowejop/databases/apps.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.simplemobiletools.launcherpzzmowejop/databases/apps.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.simplemobiletools.launcherpzzmowejop/databases/apps.db-wal

MD5 565402cad1d74981bc965bcbe75ae918
SHA1 ccaff7c44d682680b178e598e70ced4c1cb285f5
SHA256 e8c1b75651fb6f44b73dd7058e52f478c79a817c0ab14f41463d513a65cb71e2
SHA512 22f170d54be61190f1bd226f827728105c20afa95db07fbaf6e3d74bd0b426c9505533be7bee05c3886a05708d57380a17e23269a78ba63d988c1b5ba0fab35c

/data/data/com.simplemobiletools.launcherpzzmowejop/databases/apps.db-wal

MD5 24653cb280062e68902f91c1ae964e31
SHA1 b4d44652915dbe373c47dd7f5803f08510d1d839
SHA256 b3817413ff04733c2a90a5c8bca839b99763ffa0173b90a5e470245347695c79
SHA512 19bfb20821856c6646d6da9688722b51ac5960182ec79eebae2b222f55e3ac821e87b3467192ecc7c6715cb86cfec797504dfc5f6eac0fd7e6c65168a0a314a9