Analysis Overview
SHA256
d188a1edce26436320f44235e05a49363cd1202fe50855b4d30db90bef11392a
Threat Level: Shows suspicious behavior
The file d188a1edce26436320f44235e05a49363cd1202fe50855b4d30db90bef11392a was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Acquires the wake lock
Reads information about phone network operator.
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-23 12:50
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-23 12:50
Reported
2024-02-23 12:52
Platform
android-x86-arm-20240221-en
Max time kernel
8s
Max time network
137s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
com.vsindiaapps.latestpunjabisongs.nearme.gamecenter
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | g1.topprocompany.com | udp |
| NL | 5.149.249.226:80 | g1.topprocompany.com | tcp |
Files
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex
| MD5 | 7f07edbc148cd899091b62191e234295 |
| SHA1 | 01a79b79a36da81add4dfc0997bbe523bc7fc49f |
| SHA256 | b2a64f2b5f7d1358e14896af24979846a15090bb1038fe02d419e47a24472e5e |
| SHA512 | 5d73c9047be5797f08f432964c9e51ced5b2de8e88cbbf8bd8a171e7a34eb79cd07746421e518233c7578bc941b9ad5b8b36108f1b026c501fb543660d998a2b |
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex
| MD5 | 4641466f6bb85afe4e66b18b3145eb4b |
| SHA1 | 1c53d1d38c296c0d4c647d26a1aa22086915b861 |
| SHA256 | 1beb17b02d1639c2ae11f993259f2fd475eba848ad363317919fea9e9f91b8bf |
| SHA512 | f4fd3484715193042535536f2d78e6d0c370a9cdbfd09f91cf6dcb1f3f8cfecaf582c1d43bec8bcd6007fb921cfaee9e07f44504acae69d3e098597cb16cd0c2 |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/databases/com.google.android.datatransport.events-journal
| MD5 | 4ca3a72ecf44e10efe052fa57ed4604a |
| SHA1 | c9c1c19a1e3cb279fd91173400ce38805f8e3919 |
| SHA256 | da39d39f2db9bb8815463f7452281b1fc8bceba7798eb726faa8683fd6652066 |
| SHA512 | 4cc264ca26266cbfa1fac1910093a66e083e68c777baba42fcc3bf50bf98ab4158b9e572f59ad352b6da3be21fc1eb51eab96da803abe5f7f1aa1a4a5d7b2590 |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/databases/com.google.android.datatransport.events
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/databases/com.google.android.datatransport.events-wal
| MD5 | 3b07fc2693b217f077c4f3bd2cf3be59 |
| SHA1 | 57094617e16ab5e39e578eb16a08a5ab3c92b96b |
| SHA256 | 8efd3e848a35a26f5c04c11b7d93e5f89fd5409247a57c41fdcc9d086031c32a |
| SHA512 | db4d0bad6db477860891a0594f7db7f9d4d2f5694b3b4c63733d54c2cbaa54741284692cebe7a76a1d0e8bc28b94d624904dfa98a1137fd9293ab42b0eef162e |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/PersistedInstallation4213608607902887853tmp
| MD5 | a7e2da7b5def1e3e1b2760bc14e184af |
| SHA1 | b52413ed77bf94c66b719ba923bf11576f55d7a2 |
| SHA256 | 2639695cf92bd9335da7a98bed8ff8f87642ea1967a467a0dce5728f67978871 |
| SHA512 | 51dbcd47e373e847cf66f184e6a340d74570209bd2eb8bebd64d729faab1adb8ddddf424d387d64013fc1fc36dedf33198ec2f652c6e1fcbf7a5c41607d0b44c |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/KTp
| MD5 | 8b63c8637e3bd15a188e68ddc20bba00 |
| SHA1 | 8eadbcd221b5778a57aed1529d0a9571073abe31 |
| SHA256 | 565e7c3b02c97be3e6e3d9bcc5539227f2aaecb5ed9b11553e909788cd55621e |
| SHA512 | 057c373faa7a36e65e47b5c11656875e31e5de1ef0b1a60409a246f3eaed5f3f6ef471483af6c9703dd6ce5a0161bb5118369eebfc05e80325a607102015361c |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E
| MD5 | eceb91e11967439d4099ca51fe74c05c |
| SHA1 | cd4d6dbfcc5096a29865ef0477bc8f42403eac04 |
| SHA256 | 5c63f66931160b4862fa544fecf7d8e5acc6d8ec269a4197ebb0313886d71ec1 |
| SHA512 | a10ba7f616e3b6d5c7fa9027b8ca6711543c061a80ced53d3738f948f06ce30fbd846fb428716244417dae20ba7c4fbf56624f4d0b43368d576b8a360422445e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-23 12:50
Reported
2024-02-23 12:53
Platform
android-x64-20240221-en
Max time kernel
153s
Max time network
146s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
com.vsindiaapps.latestpunjabisongs.nearme.gamecenter
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | g1.topprocompany.com | udp |
| PL | 51.75.61.102:80 | g1.topprocompany.com | tcp |
| GB | 216.58.212.228:443 | tcp | |
| GB | 216.58.212.228:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 172.217.16.238:443 | tcp |
Files
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex
| MD5 | 7f07edbc148cd899091b62191e234295 |
| SHA1 | 01a79b79a36da81add4dfc0997bbe523bc7fc49f |
| SHA256 | b2a64f2b5f7d1358e14896af24979846a15090bb1038fe02d419e47a24472e5e |
| SHA512 | 5d73c9047be5797f08f432964c9e51ced5b2de8e88cbbf8bd8a171e7a34eb79cd07746421e518233c7578bc941b9ad5b8b36108f1b026c501fb543660d998a2b |
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex
| MD5 | 4641466f6bb85afe4e66b18b3145eb4b |
| SHA1 | 1c53d1d38c296c0d4c647d26a1aa22086915b861 |
| SHA256 | 1beb17b02d1639c2ae11f993259f2fd475eba848ad363317919fea9e9f91b8bf |
| SHA512 | f4fd3484715193042535536f2d78e6d0c370a9cdbfd09f91cf6dcb1f3f8cfecaf582c1d43bec8bcd6007fb921cfaee9e07f44504acae69d3e098597cb16cd0c2 |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/PersistedInstallation8472664170156405271tmp
| MD5 | 0706a1ce6a02a8d174802f9da3be4a0a |
| SHA1 | 5592ca7bcb009b6bb51791364575330f0f6b2380 |
| SHA256 | da1358602001f9cbbfa5292decd47d810fb7882bce0391cb62dcb3f9ac710774 |
| SHA512 | e7017f14c70b090f090aa6563cc6e999bc317e73d09356b73b123b3c0b628a5a87c856d6bff207357cc46c660e9f2f37aa22217e640d0110946c2e019c0d3f8d |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E
| MD5 | 6034b09a522ffc99e48d8cd0e71ff8d2 |
| SHA1 | 151a4ffc3684323d29c1f7ea4294dc5df6c5fcd7 |
| SHA256 | e1046b87b9391c048dc006fa0c376e5ee8acd790e11fe0a83d915d0bb5986594 |
| SHA512 | e623b14efe13985850e89d10722599482d99ad85313825a4a3693d88aeff0c2ba1eb71864032ab8963e71a7d06db353ac5b9f935f875da6f66a4dae02c381520 |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/KTp
| MD5 | a94611fb626cff5f6110a55d25ed1ac9 |
| SHA1 | 918be64d40da7f3b0676271b2af87a5977f4290f |
| SHA256 | 7c0f3baf1d876b6c6ed04eaa7c60f832f5720e52762fb6ab6bb2342f0667e725 |
| SHA512 | 292426cd578b5ca432575c0985bbd1b926028ac58caaabbd3c7bbd9cbd9fd1556e25fcfdca93b720d69f434a344c284d2d6dbcb83cb9719491b912adb8df1157 |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E
| MD5 | 17748819b49b14b43e89bcff4d2ba974 |
| SHA1 | c4f1736de1cab13609fb4d65e5a82d3a34e70c35 |
| SHA256 | 8bb58ad70437e5f2ee03ee26322ecb297c0a6dd4235887d094982ddbd7d87f6b |
| SHA512 | 07297675a957fbd7120cc4ae11c4373e3b5f49040746cb54ba382f84a791241545053fa221471601ca419606046cdf277e22d5e73560c639be868eca400dc33c |
Analysis: behavioral3
Detonation Overview
Submitted
2024-02-23 12:50
Reported
2024-02-23 12:53
Platform
android-x64-arm64-20240221-en
Max time kernel
148s
Max time network
140s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
com.vsindiaapps.latestpunjabisongs.nearme.gamecenter
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.14:443 | udp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | g1.topprocompany.com | udp |
| SE | 185.117.88.15:80 | g1.topprocompany.com | tcp |
| GB | 142.250.200.4:443 | tcp | |
| GB | 142.250.200.4:443 | tcp |
Files
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex
| MD5 | 7f07edbc148cd899091b62191e234295 |
| SHA1 | 01a79b79a36da81add4dfc0997bbe523bc7fc49f |
| SHA256 | b2a64f2b5f7d1358e14896af24979846a15090bb1038fe02d419e47a24472e5e |
| SHA512 | 5d73c9047be5797f08f432964c9e51ced5b2de8e88cbbf8bd8a171e7a34eb79cd07746421e518233c7578bc941b9ad5b8b36108f1b026c501fb543660d998a2b |
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex
| MD5 | 4641466f6bb85afe4e66b18b3145eb4b |
| SHA1 | 1c53d1d38c296c0d4c647d26a1aa22086915b861 |
| SHA256 | 1beb17b02d1639c2ae11f993259f2fd475eba848ad363317919fea9e9f91b8bf |
| SHA512 | f4fd3484715193042535536f2d78e6d0c370a9cdbfd09f91cf6dcb1f3f8cfecaf582c1d43bec8bcd6007fb921cfaee9e07f44504acae69d3e098597cb16cd0c2 |
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/PersistedInstallation562026086361815527tmp
| MD5 | 5f6cd9ae9e4a04aec9c3114169fba9a7 |
| SHA1 | 3cde334d4755cb1ee1cb5ca61526dd4ca5e08af4 |
| SHA256 | 686c4d22ddd079d4bb3e59d714c15c9e03c89033a84786c50d799ffd717da875 |
| SHA512 | 068c824bdef21be430d64214e57f2e67f4b021b10d4b29b5a996867efe8878b34de933e4d30a354571265dc387465ba8ccf4b1bea038c412121bedd15ebf1138 |
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E
| MD5 | a63f70a6b2bfa34f8565b0b70c8b0fd8 |
| SHA1 | 860f59af3b45d5e526849a45a490ccb0e89aaaed |
| SHA256 | 05db0e81e57ad9d5a2f5950edc2ca25ecd4428d576263f69599661f9ae02b959 |
| SHA512 | 76aaaaf480ad1a2a7670237010fdbdb40c61c2696839da8319105689cc5ca7745a75dd24b6d8d5dfe1941f00fdd85be9c28df5c053e50c10e2bdf7115e6b2e04 |
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/KTp
| MD5 | e0242ac83789aafe4b90d15466406669 |
| SHA1 | 3f9acbba8567a810034005d673a5362247f9399f |
| SHA256 | 84d70cca0328b395e9b281b7d515777f015a42ff4362f3e591aea017e7216f2b |
| SHA512 | 6bf8add1a8bf8db13e65c42a58be5ebe7260db3161223618a107233612f8b287ea23873561f358007e8b5b0234d7da178e01a90b7e37ff19b97139a7d0e56c1e |
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E
| MD5 | ccb2cf8c900a4f59c9a0e518de3df724 |
| SHA1 | 6f7da010955286ba34234ac5a7bc56c344fa67f2 |
| SHA256 | fdd348e56200358d7642392f6a1931ec321a68f470ea8b62dcd5e06d5c158c12 |
| SHA512 | 6880e91534ec746e2eb0a4522216c1a7afe9bf8fcd8ea45a352565bac34e7d07cb8aebd4b767e88cf7c92646b33b74617634504a71fa8cf3fc4a3bcedb2be011 |