Malware Analysis Report

2025-08-05 09:27

Sample ID 240223-p21zmsga6t
Target d188a1edce26436320f44235e05a49363cd1202fe50855b4d30db90bef11392a
SHA256 d188a1edce26436320f44235e05a49363cd1202fe50855b4d30db90bef11392a
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d188a1edce26436320f44235e05a49363cd1202fe50855b4d30db90bef11392a

Threat Level: Shows suspicious behavior

The file d188a1edce26436320f44235e05a49363cd1202fe50855b4d30db90bef11392a was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Loads dropped Dex/Jar

Acquires the wake lock

Reads information about phone network operator.

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 12:50

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 12:50

Reported

2024-02-23 12:52

Platform

android-x86-arm-20240221-en

Max time kernel

8s

Max time network

137s

Command Line

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 g1.topprocompany.com udp
NL 5.149.249.226:80 g1.topprocompany.com tcp

Files

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex

MD5 7f07edbc148cd899091b62191e234295
SHA1 01a79b79a36da81add4dfc0997bbe523bc7fc49f
SHA256 b2a64f2b5f7d1358e14896af24979846a15090bb1038fe02d419e47a24472e5e
SHA512 5d73c9047be5797f08f432964c9e51ced5b2de8e88cbbf8bd8a171e7a34eb79cd07746421e518233c7578bc941b9ad5b8b36108f1b026c501fb543660d998a2b

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex

MD5 4641466f6bb85afe4e66b18b3145eb4b
SHA1 1c53d1d38c296c0d4c647d26a1aa22086915b861
SHA256 1beb17b02d1639c2ae11f993259f2fd475eba848ad363317919fea9e9f91b8bf
SHA512 f4fd3484715193042535536f2d78e6d0c370a9cdbfd09f91cf6dcb1f3f8cfecaf582c1d43bec8bcd6007fb921cfaee9e07f44504acae69d3e098597cb16cd0c2

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/databases/com.google.android.datatransport.events-journal

MD5 4ca3a72ecf44e10efe052fa57ed4604a
SHA1 c9c1c19a1e3cb279fd91173400ce38805f8e3919
SHA256 da39d39f2db9bb8815463f7452281b1fc8bceba7798eb726faa8683fd6652066
SHA512 4cc264ca26266cbfa1fac1910093a66e083e68c777baba42fcc3bf50bf98ab4158b9e572f59ad352b6da3be21fc1eb51eab96da803abe5f7f1aa1a4a5d7b2590

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/databases/com.google.android.datatransport.events-wal

MD5 3b07fc2693b217f077c4f3bd2cf3be59
SHA1 57094617e16ab5e39e578eb16a08a5ab3c92b96b
SHA256 8efd3e848a35a26f5c04c11b7d93e5f89fd5409247a57c41fdcc9d086031c32a
SHA512 db4d0bad6db477860891a0594f7db7f9d4d2f5694b3b4c63733d54c2cbaa54741284692cebe7a76a1d0e8bc28b94d624904dfa98a1137fd9293ab42b0eef162e

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/PersistedInstallation4213608607902887853tmp

MD5 a7e2da7b5def1e3e1b2760bc14e184af
SHA1 b52413ed77bf94c66b719ba923bf11576f55d7a2
SHA256 2639695cf92bd9335da7a98bed8ff8f87642ea1967a467a0dce5728f67978871
SHA512 51dbcd47e373e847cf66f184e6a340d74570209bd2eb8bebd64d729faab1adb8ddddf424d387d64013fc1fc36dedf33198ec2f652c6e1fcbf7a5c41607d0b44c

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/KTp

MD5 8b63c8637e3bd15a188e68ddc20bba00
SHA1 8eadbcd221b5778a57aed1529d0a9571073abe31
SHA256 565e7c3b02c97be3e6e3d9bcc5539227f2aaecb5ed9b11553e909788cd55621e
SHA512 057c373faa7a36e65e47b5c11656875e31e5de1ef0b1a60409a246f3eaed5f3f6ef471483af6c9703dd6ce5a0161bb5118369eebfc05e80325a607102015361c

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E

MD5 eceb91e11967439d4099ca51fe74c05c
SHA1 cd4d6dbfcc5096a29865ef0477bc8f42403eac04
SHA256 5c63f66931160b4862fa544fecf7d8e5acc6d8ec269a4197ebb0313886d71ec1
SHA512 a10ba7f616e3b6d5c7fa9027b8ca6711543c061a80ced53d3738f948f06ce30fbd846fb428716244417dae20ba7c4fbf56624f4d0b43368d576b8a360422445e

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-23 12:50

Reported

2024-02-23 12:53

Platform

android-x64-20240221-en

Max time kernel

153s

Max time network

146s

Command Line

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Processes

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 g1.topprocompany.com udp
PL 51.75.61.102:80 g1.topprocompany.com tcp
GB 216.58.212.228:443 tcp
GB 216.58.212.228:443 tcp
GB 216.58.201.98:443 tcp
GB 172.217.16.238:443 tcp

Files

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex

MD5 7f07edbc148cd899091b62191e234295
SHA1 01a79b79a36da81add4dfc0997bbe523bc7fc49f
SHA256 b2a64f2b5f7d1358e14896af24979846a15090bb1038fe02d419e47a24472e5e
SHA512 5d73c9047be5797f08f432964c9e51ced5b2de8e88cbbf8bd8a171e7a34eb79cd07746421e518233c7578bc941b9ad5b8b36108f1b026c501fb543660d998a2b

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex

MD5 4641466f6bb85afe4e66b18b3145eb4b
SHA1 1c53d1d38c296c0d4c647d26a1aa22086915b861
SHA256 1beb17b02d1639c2ae11f993259f2fd475eba848ad363317919fea9e9f91b8bf
SHA512 f4fd3484715193042535536f2d78e6d0c370a9cdbfd09f91cf6dcb1f3f8cfecaf582c1d43bec8bcd6007fb921cfaee9e07f44504acae69d3e098597cb16cd0c2

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/PersistedInstallation8472664170156405271tmp

MD5 0706a1ce6a02a8d174802f9da3be4a0a
SHA1 5592ca7bcb009b6bb51791364575330f0f6b2380
SHA256 da1358602001f9cbbfa5292decd47d810fb7882bce0391cb62dcb3f9ac710774
SHA512 e7017f14c70b090f090aa6563cc6e999bc317e73d09356b73b123b3c0b628a5a87c856d6bff207357cc46c660e9f2f37aa22217e640d0110946c2e019c0d3f8d

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E

MD5 6034b09a522ffc99e48d8cd0e71ff8d2
SHA1 151a4ffc3684323d29c1f7ea4294dc5df6c5fcd7
SHA256 e1046b87b9391c048dc006fa0c376e5ee8acd790e11fe0a83d915d0bb5986594
SHA512 e623b14efe13985850e89d10722599482d99ad85313825a4a3693d88aeff0c2ba1eb71864032ab8963e71a7d06db353ac5b9f935f875da6f66a4dae02c381520

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/KTp

MD5 a94611fb626cff5f6110a55d25ed1ac9
SHA1 918be64d40da7f3b0676271b2af87a5977f4290f
SHA256 7c0f3baf1d876b6c6ed04eaa7c60f832f5720e52762fb6ab6bb2342f0667e725
SHA512 292426cd578b5ca432575c0985bbd1b926028ac58caaabbd3c7bbd9cbd9fd1556e25fcfdca93b720d69f434a344c284d2d6dbcb83cb9719491b912adb8df1157

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E

MD5 17748819b49b14b43e89bcff4d2ba974
SHA1 c4f1736de1cab13609fb4d65e5a82d3a34e70c35
SHA256 8bb58ad70437e5f2ee03ee26322ecb297c0a6dd4235887d094982ddbd7d87f6b
SHA512 07297675a957fbd7120cc4ae11c4373e3b5f49040746cb54ba382f84a791241545053fa221471601ca419606046cdf277e22d5e73560c639be868eca400dc33c

Analysis: behavioral3

Detonation Overview

Submitted

2024-02-23 12:50

Reported

2024-02-23 12:53

Platform

android-x64-arm64-20240221-en

Max time kernel

148s

Max time network

140s

Command Line

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Processes

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 g1.topprocompany.com udp
SE 185.117.88.15:80 g1.topprocompany.com tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp

Files

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex

MD5 7f07edbc148cd899091b62191e234295
SHA1 01a79b79a36da81add4dfc0997bbe523bc7fc49f
SHA256 b2a64f2b5f7d1358e14896af24979846a15090bb1038fe02d419e47a24472e5e
SHA512 5d73c9047be5797f08f432964c9e51ced5b2de8e88cbbf8bd8a171e7a34eb79cd07746421e518233c7578bc941b9ad5b8b36108f1b026c501fb543660d998a2b

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex

MD5 4641466f6bb85afe4e66b18b3145eb4b
SHA1 1c53d1d38c296c0d4c647d26a1aa22086915b861
SHA256 1beb17b02d1639c2ae11f993259f2fd475eba848ad363317919fea9e9f91b8bf
SHA512 f4fd3484715193042535536f2d78e6d0c370a9cdbfd09f91cf6dcb1f3f8cfecaf582c1d43bec8bcd6007fb921cfaee9e07f44504acae69d3e098597cb16cd0c2

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/PersistedInstallation562026086361815527tmp

MD5 5f6cd9ae9e4a04aec9c3114169fba9a7
SHA1 3cde334d4755cb1ee1cb5ca61526dd4ca5e08af4
SHA256 686c4d22ddd079d4bb3e59d714c15c9e03c89033a84786c50d799ffd717da875
SHA512 068c824bdef21be430d64214e57f2e67f4b021b10d4b29b5a996867efe8878b34de933e4d30a354571265dc387465ba8ccf4b1bea038c412121bedd15ebf1138

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E

MD5 a63f70a6b2bfa34f8565b0b70c8b0fd8
SHA1 860f59af3b45d5e526849a45a490ccb0e89aaaed
SHA256 05db0e81e57ad9d5a2f5950edc2ca25ecd4428d576263f69599661f9ae02b959
SHA512 76aaaaf480ad1a2a7670237010fdbdb40c61c2696839da8319105689cc5ca7745a75dd24b6d8d5dfe1941f00fdd85be9c28df5c053e50c10e2bdf7115e6b2e04

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/KTp

MD5 e0242ac83789aafe4b90d15466406669
SHA1 3f9acbba8567a810034005d673a5362247f9399f
SHA256 84d70cca0328b395e9b281b7d515777f015a42ff4362f3e591aea017e7216f2b
SHA512 6bf8add1a8bf8db13e65c42a58be5ebe7260db3161223618a107233612f8b287ea23873561f358007e8b5b0234d7da178e01a90b7e37ff19b97139a7d0e56c1e

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E

MD5 ccb2cf8c900a4f59c9a0e518de3df724
SHA1 6f7da010955286ba34234ac5a7bc56c344fa67f2
SHA256 fdd348e56200358d7642392f6a1931ec321a68f470ea8b62dcd5e06d5c158c12
SHA512 6880e91534ec746e2eb0a4522216c1a7afe9bf8fcd8ea45a352565bac34e7d07cb8aebd4b767e88cf7c92646b33b74617634504a71fa8cf3fc4a3bcedb2be011