Analysis Overview
SHA256
9783d2ef8ea4eb4cb1d12e722d38d8fd86279f16f4e4fddc732f63d356b05ca8
Threat Level: Shows suspicious behavior
The file 9783d2ef8ea4eb4cb1d12e722d38d8fd86279f16f4e4fddc732f63d356b05ca8 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Acquires the wake lock
Reads information about phone network operator.
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-23 12:54
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-23 12:54
Reported
2024-02-23 12:56
Platform
android-x86-arm-20240221-en
Max time kernel
146s
Max time network
129s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/75b43a4b.dex | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
com.vsindiaapps.latestpunjabisongs.nearme.gamecenter
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | second.fiverequest.com | udp |
| NL | 217.12.201.177:80 | second.fiverequest.com | tcp |
Files
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/75b43a4b.dex
| MD5 | 02396bafb1061c65cab7eeaa1079959c |
| SHA1 | 425a300f18a4a7e3c893571e73eb41f0780db659 |
| SHA256 | 34877f6f53f96878e78e3c0fad6b9159df8747f7415d5e77c2f3047f1c478902 |
| SHA512 | 3a58568a92fbbb46e167f7e157a057969ba4c524a67f225e3c28f428bb07a6d579c725e8dbdda06b76a5025e0fbe5f65eae7fe8eb559711b2e6e117933b3fd06 |
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/75b43a4b.dex
| MD5 | 11b372793bfab780ff00c65e13d0c322 |
| SHA1 | 1218f75430a875608aa6e932cda133572f6258e5 |
| SHA256 | 5dc721b52c33300b112bd776b6143903e6117edd3d9f82832ee2aad9022e43a8 |
| SHA512 | fd9039eaed48bad2ebec88c0264251ee3cca9af12d82face69a5749586b5d7b0fa71bdf97d7e8ad11a3e4c364606523551a13d69c22f94225edcd43e1a61c6f4 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-23 12:54
Reported
2024-02-23 12:56
Platform
android-x64-20240221-en
Max time kernel
152s
Max time network
155s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/75b43a4b.dex | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
com.vsindiaapps.latestpunjabisongs.nearme.gamecenter
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | second.fiverequest.com | udp |
| SE | 185.117.88.15:80 | second.fiverequest.com | tcp |
| GB | 216.58.212.228:443 | tcp | |
| GB | 216.58.212.228:443 | tcp | |
| GB | 172.217.169.66:443 | tcp | |
| GB | 172.217.169.14:443 | tcp |
Files
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/75b43a4b.dex
| MD5 | 21413cd978e116f80d01fa73a4271216 |
| SHA1 | 4592ceccabf51ecb2df163aa7c39f66aad84ddc9 |
| SHA256 | 56b6982300c9ff1f6f92bf9ec2fdcb98b73f37aade4834a925680b2afe9bf224 |
| SHA512 | 23865263369b0075a36596944d1a3a3af7828f7a7daa6ebdddc85277cf2b2aae24ec7144cb7b499a495ef17c0628dc858e8b12abecafcc7b8f63e5ae1dc8d006 |
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/75b43a4b.dex
| MD5 | df4e5b4604389e82fed57488a471f6ce |
| SHA1 | 91141826f678dc52cae1ce2e4bbe271eb2ad168b |
| SHA256 | 0567a243bac51b210e37a441f950afc36e7bac53fb0b46554a2d31fcd76a9951 |
| SHA512 | 473b35a04a94d31d65f96dc4d5539d206a4788a26a038362f03e2757456c205831cf178cb230d2a1292bab693c0902b23fb5b38ccc961c2d60deb4af3094339c |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/IEpM
| MD5 | 0617d60fe78d40aef51f930d02e70409 |
| SHA1 | 4f9c8060120cc7a8e8871f72065c33591266b962 |
| SHA256 | 74408406c311b450cff587212186850271c7e98c8347e7f6959c41655ecc8b13 |
| SHA512 | 5e05338a14a09d8bd46955fe602c841f5b12372ce8fcc55191499a1dbd142b2a27f7290a670633a4c0c0ec3ef8a3cb662e232b4e7f477c283d5e8c441864d6b0 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-02-23 12:54
Reported
2024-02-23 12:56
Platform
android-x64-arm64-20240221-en
Max time kernel
146s
Max time network
140s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/75b43a4b.dex | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
com.vsindiaapps.latestpunjabisongs.nearme.gamecenter
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.74:443 | udp | |
| GB | 216.58.213.14:443 | udp | |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | second.fiverequest.com | udp |
| PL | 51.75.61.103:80 | second.fiverequest.com | tcp |
| GB | 172.217.169.4:443 | tcp | |
| GB | 172.217.169.4:443 | tcp | |
| GB | 142.250.179.226:443 | tcp |
Files
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/75b43a4b.dex
| MD5 | 75b791310bdc27265ff3f05558a51cce |
| SHA1 | e9df6899c2c1cf560e59b2eddf14d2af7f1fda8c |
| SHA256 | cdb948e3e8147f7ac718dde7991987d39d13c46de34f8b43ffdc322196d19816 |
| SHA512 | 13f53699dc86af48089f13b745afe4af73ed6453ea1273ddae631b70a3adb986d258ff42fd361725a6bfb9a01d4c539e63f8507c010733ffae7bacf831657e25 |
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/75b43a4b.dex
| MD5 | a089eff0fa6b33cb4e7ae2d00fe0867f |
| SHA1 | c55e73691159e64497724a593e5f2c3409c409f5 |
| SHA256 | 4399675b8f976cce266b14018b855e1ee4d95702a89320cc5b6a309ab175c0bf |
| SHA512 | e9960aa7a96b98995e4e4d639211d67b32d4acf26a7e94de1d83cdaae27a64585e13e313c0cb8f8ea58305827c397ecd12758c4f2a7b2805a34e2d61cf34bbbc |
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/CRa
| MD5 | 93e804a4912eb2c52ad3a8f4d4a434dc |
| SHA1 | 2e8da4c10280f26f66fc71a57eb00104fdc34da2 |
| SHA256 | e6f06e83b0bb06a306351853b5a00b6b5ee5179116043a67d4f5e78245b5c641 |
| SHA512 | 52c53b8d2f8eebed88ed239ad3d9700ea287d603106f0354b3687f77df2331e29fc621b177adf1d761064e343b425c53439806312208618dd3a2b9f7f47abd39 |
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/IEpM
| MD5 | bab93db7a3a499a2ad6cba1bb282ce51 |
| SHA1 | 3be4ed8eb4e340068f228fb3adc1230a250431c8 |
| SHA256 | 270fec262d1298ae7e1376f8ff38ab5e3815716df0782c66d82467c432712b1c |
| SHA512 | 6bb04a084886df9be240d348a0ced51d0b922eb84261e2846d906bde96313cbb748f792f6da5a10113c3988338c8fb00277606d31c67211fc85651649af2563e |