Analysis Overview
SHA256
98de7e503a01c663632a3aef64ba1c0e6700fdb4779832793f03bd38b58f4a89
Threat Level: Shows suspicious behavior
The file 98de7e503a01c663632a3aef64ba1c0e6700fdb4779832793f03bd38b58f4a89 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Acquires the wake lock
Reads information about phone network operator.
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-23 12:48
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-23 12:48
Reported
2024-02-23 12:51
Platform
android-x86-arm-20240221-en
Max time kernel
147s
Max time network
138s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.zombieapocalyps.nearme.gamecenter/files/28452f4e.dex | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
com.zombieapocalyps.nearme.gamecenter
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.213.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | g1.crunchstation.com | udp |
| NL | 5.149.249.226:80 | g1.crunchstation.com | tcp |
Files
/data/data/com.zombieapocalyps.nearme.gamecenter/files/28452f4e.dex
| MD5 | f4f081315cb2558d1a8b8321997b75f2 |
| SHA1 | 669fb7b5d7d440cf6ce12cb78da0382f624bc622 |
| SHA256 | 0ffb19429a4977547f797a1379a6b10aeffd5f7176f8f21668874b2b7dab3bb1 |
| SHA512 | 3e06fbd62f7ac0accfe451e804b7ca7303a613003a7a65a7673e6d6e2f9707518cb30a39153181573ad4cf7b4b6eb29ebaa374db9c467d4a4607caaa405ae706 |
/data/user/0/com.zombieapocalyps.nearme.gamecenter/files/28452f4e.dex
| MD5 | b3740a658575dd10b0bcda342cbd3c13 |
| SHA1 | 8b37abbfb6864da0b4df4ac7cbf1e152a9d8f960 |
| SHA256 | 8cffafbb74886b2234f4ee8367eeff82cb4fdc94f745142136a2f0bf8e5621a4 |
| SHA512 | b7f2ee81a96d2075be679a07b20dd542ae5edd46bf4acd2d38bd662f10e756e6f0e30568db21ddfcf460197279ec564fc26999a48180791bdf2fd26ce83eb257 |
/data/data/com.zombieapocalyps.nearme.gamecenter/databases/com.google.android.datatransport.events-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/com.zombieapocalyps.nearme.gamecenter/files/fjA
| MD5 | 837d897aa5e164a8a4992290999fc66e |
| SHA1 | 5fabb9402b53688f3af6e779d9bcab0c57f4191a |
| SHA256 | 38cd0d2ce0a9d498b59e731c5efc7a667bf5f4cfac2c605dbe7d28731fae61bd |
| SHA512 | 5e26a71266339c2ee3880fcf68d6728dc42ff4abcfc2f86d9b04e0588c57b66076ca9dcba904527a733a333434fad2f06ed124295e93a56e3470fc385a026fb3 |
/data/data/com.zombieapocalyps.nearme.gamecenter/files/GiE
| MD5 | 388f5f57f6e76879ad90358547511eb5 |
| SHA1 | 40e3248935e02e064b2ec48cf93f62716b6cdd17 |
| SHA256 | afeedd17c94929926e924238598ef0a830a542de45b759d866dbee7eb197abcd |
| SHA512 | 4b3f828c5f20d92562eeb77fe4ba44e79988e8fa7005eb9be1f1fddba6370e965be34d2b86a87714418d8c4776ce5ae01057db5b7c6ad728c01473823283e660 |
/data/data/com.zombieapocalyps.nearme.gamecenter/files/fjA
| MD5 | 5a74e938c7214a16f6aed37334b9303d |
| SHA1 | 421bc99469aa39b9b77633dc64b5e7eef5d6c5b1 |
| SHA256 | 741aa124909e5a5aa7f3e022ea8fbd178d11ed2a1a78f6d0f6001834eeb90576 |
| SHA512 | 03f09f016b4d1df9464cc80c4af1d3aeda7450912db14b5a6c01f09d332db7b5520d19f96b551e00ddd0c221a6a6bf8b575abd3000648bfc20486d9732329a7b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-23 12:48
Reported
2024-02-23 12:51
Platform
android-x64-20240221-en
Max time kernel
153s
Max time network
146s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.zombieapocalyps.nearme.gamecenter/files/28452f4e.dex | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
com.zombieapocalyps.nearme.gamecenter
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.195:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | g1.crunchstation.com | udp |
| NL | 217.12.201.177:80 | g1.crunchstation.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 172.217.169.34:443 | tcp |
Files
/data/data/com.zombieapocalyps.nearme.gamecenter/files/28452f4e.dex
| MD5 | f4f081315cb2558d1a8b8321997b75f2 |
| SHA1 | 669fb7b5d7d440cf6ce12cb78da0382f624bc622 |
| SHA256 | 0ffb19429a4977547f797a1379a6b10aeffd5f7176f8f21668874b2b7dab3bb1 |
| SHA512 | 3e06fbd62f7ac0accfe451e804b7ca7303a613003a7a65a7673e6d6e2f9707518cb30a39153181573ad4cf7b4b6eb29ebaa374db9c467d4a4607caaa405ae706 |
/data/user/0/com.zombieapocalyps.nearme.gamecenter/files/28452f4e.dex
| MD5 | b3740a658575dd10b0bcda342cbd3c13 |
| SHA1 | 8b37abbfb6864da0b4df4ac7cbf1e152a9d8f960 |
| SHA256 | 8cffafbb74886b2234f4ee8367eeff82cb4fdc94f745142136a2f0bf8e5621a4 |
| SHA512 | b7f2ee81a96d2075be679a07b20dd542ae5edd46bf4acd2d38bd662f10e756e6f0e30568db21ddfcf460197279ec564fc26999a48180791bdf2fd26ce83eb257 |
/data/data/com.zombieapocalyps.nearme.gamecenter/files/fjA
| MD5 | a675b48cb81d4d0f593496e30996be4f |
| SHA1 | a9c11d71768cc3f61414678f1c9f6b51486d7a62 |
| SHA256 | 75c75be3a3d7f30bc227b23edfc421a860c9eb62b261835e075c22c74c7d5ea1 |
| SHA512 | fea059197c018949fe78712ad306f20d6e0f17c98137a0e0c6b19873e4f5e4c70b84f47e43ba999cc75fc07f0264e42bd7be3432efa3dbffe1458edff16f30a4 |
/data/data/com.zombieapocalyps.nearme.gamecenter/files/GiE
| MD5 | 0bd265ffe4092eaea88b26be808088f4 |
| SHA1 | 8a7100103b473a04416e7721e5ed18dc3ec4667b |
| SHA256 | 4577d64bb1ae6a1f0a4e49b40e01e1c8a877adef0f3e540c433a1e3c29d39e3d |
| SHA512 | 37cc10aa62e15446af006000195060235e1f72f5a8d27f766bf9d56ed3cb7db92696f80d4d361d53810f9419e2275eaae74dc766bf4d8f6d0336269fd8c484c1 |
/data/data/com.zombieapocalyps.nearme.gamecenter/files/fjA
| MD5 | f3b0cc84b63f00b946a8a29736a19c7e |
| SHA1 | 9f8e0a435c3367388d6119499aa16378bd126ef2 |
| SHA256 | 41f6242114de4c5a4a1873c4d4e23e1974d5aa3a22c64964a8bfeb021a1e01b8 |
| SHA512 | 23e6fe7f3ba0244a8385d43c282731c18278e0f66257738b5b4a4c450feb0bd3e010188f63b56225c93f38775a54c657af2089872ad2040df1299c8ab0475611 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-02-23 12:48
Reported
2024-02-23 12:51
Platform
android-x64-arm64-20240221-en
Max time kernel
152s
Max time network
136s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.zombieapocalyps.nearme.gamecenter/files/28452f4e.dex | N/A | N/A |
Reads information about phone network operator.
Processes
com.zombieapocalyps.nearme.gamecenter
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.234:443 | udp | |
| GB | 172.217.169.46:443 | udp | |
| GB | 142.250.200.10:443 | tcp | |
| GB | 142.250.200.10:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | g1.crunchstation.com | udp |
| NL | 217.12.201.177:80 | g1.crunchstation.com | tcp |
| GB | 216.58.212.228:443 | tcp | |
| GB | 216.58.212.228:443 | tcp | |
| GB | 142.250.180.2:443 | tcp |
Files
/data/user/0/com.zombieapocalyps.nearme.gamecenter/files/28452f4e.dex
| MD5 | 793b974b4e9d05c236b8f9960ef767e7 |
| SHA1 | a120baf67daba0676da8dfd0b951a7f86530cbfc |
| SHA256 | 627d1f66cc6964b2ee85bc2e546312a5e5657ddcd6f1c44066937f107fb4777d |
| SHA512 | d5c749b2d5b5c5fe3fa27a49b4619fa857896626f5c9a6f3dcdd7f015e61e5f1ca8b9e0b410104a0b78e4742a6fc301b0aabd848414eaf99c680b81e30a54cfa |
/data/user/0/com.zombieapocalyps.nearme.gamecenter/files/28452f4e.dex
| MD5 | b3740a658575dd10b0bcda342cbd3c13 |
| SHA1 | 8b37abbfb6864da0b4df4ac7cbf1e152a9d8f960 |
| SHA256 | 8cffafbb74886b2234f4ee8367eeff82cb4fdc94f745142136a2f0bf8e5621a4 |
| SHA512 | b7f2ee81a96d2075be679a07b20dd542ae5edd46bf4acd2d38bd662f10e756e6f0e30568db21ddfcf460197279ec564fc26999a48180791bdf2fd26ce83eb257 |
/data/user/0/com.zombieapocalyps.nearme.gamecenter/files/fjA
| MD5 | 742c2e7c636fea9ee38d2acc2e76f486 |
| SHA1 | e914f67ff64989b33a0ee929ed4a0e9a56d32a84 |
| SHA256 | f504051b691f48894b12dfbe2842aa89434125545586755a0c01b7ed1b55c614 |
| SHA512 | 51f189383b4c3d9892cc8d6f12cedf5c3a29707682c56dc0477c733d24291153fb0b83b75f8b9557e5af39a555649500a807cbc9ae230ba72a4eff71b4c5f572 |
/data/user/0/com.zombieapocalyps.nearme.gamecenter/files/GiE
| MD5 | 134e6c4034da9300e23e041fe20973d0 |
| SHA1 | b9c30468e2067c213405feff2bb020acca35c443 |
| SHA256 | 893c5e991b37761b352984bfb36b4c855b4dd072721163aff47c4f0d2f6710c0 |
| SHA512 | b02ccd233e4159de2c71dba1b1ec9fb8b2fb28b8bb37ee5f8d883f713d710dcae51b019d222c08af2bf5b0af7bf66c41e5e00218bf76b78e11473c07f08e3996 |
/data/user/0/com.zombieapocalyps.nearme.gamecenter/files/fjA
| MD5 | 915799de46f27ac895c46a1a20bd9692 |
| SHA1 | 03185d633547a51a401374581779dc15e3a9b5b2 |
| SHA256 | 65ee1a828f4e484225219e1506fdefaa6a436d0ff13d0dc180d2f609b4e21a24 |
| SHA512 | 432034d02293f786941d56bfe883456c54a9ca2b3b603dc62a46b04ad141c57c6c4b75997535f9f30cb8d5cd24f87c763f2ea80c27a3593a3f4281fab6f99f37 |