Malware Analysis Report

2025-08-05 09:29

Sample ID 240223-p19v6aga4v
Target 98de7e503a01c663632a3aef64ba1c0e6700fdb4779832793f03bd38b58f4a89
SHA256 98de7e503a01c663632a3aef64ba1c0e6700fdb4779832793f03bd38b58f4a89
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

98de7e503a01c663632a3aef64ba1c0e6700fdb4779832793f03bd38b58f4a89

Threat Level: Shows suspicious behavior

The file 98de7e503a01c663632a3aef64ba1c0e6700fdb4779832793f03bd38b58f4a89 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Loads dropped Dex/Jar

Acquires the wake lock

Reads information about phone network operator.

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 12:48

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 12:48

Reported

2024-02-23 12:51

Platform

android-x86-arm-20240221-en

Max time kernel

147s

Max time network

138s

Command Line

com.zombieapocalyps.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.zombieapocalyps.nearme.gamecenter/files/28452f4e.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Processes

com.zombieapocalyps.nearme.gamecenter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
US 1.1.1.1:53 g1.crunchstation.com udp
NL 5.149.249.226:80 g1.crunchstation.com tcp

Files

/data/data/com.zombieapocalyps.nearme.gamecenter/files/28452f4e.dex

MD5 f4f081315cb2558d1a8b8321997b75f2
SHA1 669fb7b5d7d440cf6ce12cb78da0382f624bc622
SHA256 0ffb19429a4977547f797a1379a6b10aeffd5f7176f8f21668874b2b7dab3bb1
SHA512 3e06fbd62f7ac0accfe451e804b7ca7303a613003a7a65a7673e6d6e2f9707518cb30a39153181573ad4cf7b4b6eb29ebaa374db9c467d4a4607caaa405ae706

/data/user/0/com.zombieapocalyps.nearme.gamecenter/files/28452f4e.dex

MD5 b3740a658575dd10b0bcda342cbd3c13
SHA1 8b37abbfb6864da0b4df4ac7cbf1e152a9d8f960
SHA256 8cffafbb74886b2234f4ee8367eeff82cb4fdc94f745142136a2f0bf8e5621a4
SHA512 b7f2ee81a96d2075be679a07b20dd542ae5edd46bf4acd2d38bd662f10e756e6f0e30568db21ddfcf460197279ec564fc26999a48180791bdf2fd26ce83eb257

/data/data/com.zombieapocalyps.nearme.gamecenter/databases/com.google.android.datatransport.events-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.zombieapocalyps.nearme.gamecenter/files/fjA

MD5 837d897aa5e164a8a4992290999fc66e
SHA1 5fabb9402b53688f3af6e779d9bcab0c57f4191a
SHA256 38cd0d2ce0a9d498b59e731c5efc7a667bf5f4cfac2c605dbe7d28731fae61bd
SHA512 5e26a71266339c2ee3880fcf68d6728dc42ff4abcfc2f86d9b04e0588c57b66076ca9dcba904527a733a333434fad2f06ed124295e93a56e3470fc385a026fb3

/data/data/com.zombieapocalyps.nearme.gamecenter/files/GiE

MD5 388f5f57f6e76879ad90358547511eb5
SHA1 40e3248935e02e064b2ec48cf93f62716b6cdd17
SHA256 afeedd17c94929926e924238598ef0a830a542de45b759d866dbee7eb197abcd
SHA512 4b3f828c5f20d92562eeb77fe4ba44e79988e8fa7005eb9be1f1fddba6370e965be34d2b86a87714418d8c4776ce5ae01057db5b7c6ad728c01473823283e660

/data/data/com.zombieapocalyps.nearme.gamecenter/files/fjA

MD5 5a74e938c7214a16f6aed37334b9303d
SHA1 421bc99469aa39b9b77633dc64b5e7eef5d6c5b1
SHA256 741aa124909e5a5aa7f3e022ea8fbd178d11ed2a1a78f6d0f6001834eeb90576
SHA512 03f09f016b4d1df9464cc80c4af1d3aeda7450912db14b5a6c01f09d332db7b5520d19f96b551e00ddd0c221a6a6bf8b575abd3000648bfc20486d9732329a7b

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-23 12:48

Reported

2024-02-23 12:51

Platform

android-x64-20240221-en

Max time kernel

153s

Max time network

146s

Command Line

com.zombieapocalyps.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.zombieapocalyps.nearme.gamecenter/files/28452f4e.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Processes

com.zombieapocalyps.nearme.gamecenter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.195:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 g1.crunchstation.com udp
NL 217.12.201.177:80 g1.crunchstation.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.187.238:443 tcp
GB 172.217.169.34:443 tcp

Files

/data/data/com.zombieapocalyps.nearme.gamecenter/files/28452f4e.dex

MD5 f4f081315cb2558d1a8b8321997b75f2
SHA1 669fb7b5d7d440cf6ce12cb78da0382f624bc622
SHA256 0ffb19429a4977547f797a1379a6b10aeffd5f7176f8f21668874b2b7dab3bb1
SHA512 3e06fbd62f7ac0accfe451e804b7ca7303a613003a7a65a7673e6d6e2f9707518cb30a39153181573ad4cf7b4b6eb29ebaa374db9c467d4a4607caaa405ae706

/data/user/0/com.zombieapocalyps.nearme.gamecenter/files/28452f4e.dex

MD5 b3740a658575dd10b0bcda342cbd3c13
SHA1 8b37abbfb6864da0b4df4ac7cbf1e152a9d8f960
SHA256 8cffafbb74886b2234f4ee8367eeff82cb4fdc94f745142136a2f0bf8e5621a4
SHA512 b7f2ee81a96d2075be679a07b20dd542ae5edd46bf4acd2d38bd662f10e756e6f0e30568db21ddfcf460197279ec564fc26999a48180791bdf2fd26ce83eb257

/data/data/com.zombieapocalyps.nearme.gamecenter/files/fjA

MD5 a675b48cb81d4d0f593496e30996be4f
SHA1 a9c11d71768cc3f61414678f1c9f6b51486d7a62
SHA256 75c75be3a3d7f30bc227b23edfc421a860c9eb62b261835e075c22c74c7d5ea1
SHA512 fea059197c018949fe78712ad306f20d6e0f17c98137a0e0c6b19873e4f5e4c70b84f47e43ba999cc75fc07f0264e42bd7be3432efa3dbffe1458edff16f30a4

/data/data/com.zombieapocalyps.nearme.gamecenter/files/GiE

MD5 0bd265ffe4092eaea88b26be808088f4
SHA1 8a7100103b473a04416e7721e5ed18dc3ec4667b
SHA256 4577d64bb1ae6a1f0a4e49b40e01e1c8a877adef0f3e540c433a1e3c29d39e3d
SHA512 37cc10aa62e15446af006000195060235e1f72f5a8d27f766bf9d56ed3cb7db92696f80d4d361d53810f9419e2275eaae74dc766bf4d8f6d0336269fd8c484c1

/data/data/com.zombieapocalyps.nearme.gamecenter/files/fjA

MD5 f3b0cc84b63f00b946a8a29736a19c7e
SHA1 9f8e0a435c3367388d6119499aa16378bd126ef2
SHA256 41f6242114de4c5a4a1873c4d4e23e1974d5aa3a22c64964a8bfeb021a1e01b8
SHA512 23e6fe7f3ba0244a8385d43c282731c18278e0f66257738b5b4a4c450feb0bd3e010188f63b56225c93f38775a54c657af2089872ad2040df1299c8ab0475611

Analysis: behavioral3

Detonation Overview

Submitted

2024-02-23 12:48

Reported

2024-02-23 12:51

Platform

android-x64-arm64-20240221-en

Max time kernel

152s

Max time network

136s

Command Line

com.zombieapocalyps.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.zombieapocalyps.nearme.gamecenter/files/28452f4e.dex N/A N/A

Reads information about phone network operator.

discovery

Processes

com.zombieapocalyps.nearme.gamecenter

Network

Country Destination Domain Proto
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 udp
GB 172.217.169.46:443 udp
GB 142.250.200.10:443 tcp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 g1.crunchstation.com udp
NL 217.12.201.177:80 g1.crunchstation.com tcp
GB 216.58.212.228:443 tcp
GB 216.58.212.228:443 tcp
GB 142.250.180.2:443 tcp

Files

/data/user/0/com.zombieapocalyps.nearme.gamecenter/files/28452f4e.dex

MD5 793b974b4e9d05c236b8f9960ef767e7
SHA1 a120baf67daba0676da8dfd0b951a7f86530cbfc
SHA256 627d1f66cc6964b2ee85bc2e546312a5e5657ddcd6f1c44066937f107fb4777d
SHA512 d5c749b2d5b5c5fe3fa27a49b4619fa857896626f5c9a6f3dcdd7f015e61e5f1ca8b9e0b410104a0b78e4742a6fc301b0aabd848414eaf99c680b81e30a54cfa

/data/user/0/com.zombieapocalyps.nearme.gamecenter/files/28452f4e.dex

MD5 b3740a658575dd10b0bcda342cbd3c13
SHA1 8b37abbfb6864da0b4df4ac7cbf1e152a9d8f960
SHA256 8cffafbb74886b2234f4ee8367eeff82cb4fdc94f745142136a2f0bf8e5621a4
SHA512 b7f2ee81a96d2075be679a07b20dd542ae5edd46bf4acd2d38bd662f10e756e6f0e30568db21ddfcf460197279ec564fc26999a48180791bdf2fd26ce83eb257

/data/user/0/com.zombieapocalyps.nearme.gamecenter/files/fjA

MD5 742c2e7c636fea9ee38d2acc2e76f486
SHA1 e914f67ff64989b33a0ee929ed4a0e9a56d32a84
SHA256 f504051b691f48894b12dfbe2842aa89434125545586755a0c01b7ed1b55c614
SHA512 51f189383b4c3d9892cc8d6f12cedf5c3a29707682c56dc0477c733d24291153fb0b83b75f8b9557e5af39a555649500a807cbc9ae230ba72a4eff71b4c5f572

/data/user/0/com.zombieapocalyps.nearme.gamecenter/files/GiE

MD5 134e6c4034da9300e23e041fe20973d0
SHA1 b9c30468e2067c213405feff2bb020acca35c443
SHA256 893c5e991b37761b352984bfb36b4c855b4dd072721163aff47c4f0d2f6710c0
SHA512 b02ccd233e4159de2c71dba1b1ec9fb8b2fb28b8bb37ee5f8d883f713d710dcae51b019d222c08af2bf5b0af7bf66c41e5e00218bf76b78e11473c07f08e3996

/data/user/0/com.zombieapocalyps.nearme.gamecenter/files/fjA

MD5 915799de46f27ac895c46a1a20bd9692
SHA1 03185d633547a51a401374581779dc15e3a9b5b2
SHA256 65ee1a828f4e484225219e1506fdefaa6a436d0ff13d0dc180d2f609b4e21a24
SHA512 432034d02293f786941d56bfe883456c54a9ca2b3b603dc62a46b04ad141c57c6c4b75997535f9f30cb8d5cd24f87c763f2ea80c27a3593a3f4281fab6f99f37