Malware Analysis Report

2025-08-05 09:27

Sample ID 240223-p46mxagb3s
Target 9783d2ef8ea4eb4cb1d12e722d38d8fd86279f16f4e4fddc732f63d356b05ca8
SHA256 9783d2ef8ea4eb4cb1d12e722d38d8fd86279f16f4e4fddc732f63d356b05ca8
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

9783d2ef8ea4eb4cb1d12e722d38d8fd86279f16f4e4fddc732f63d356b05ca8

Threat Level: Shows suspicious behavior

The file 9783d2ef8ea4eb4cb1d12e722d38d8fd86279f16f4e4fddc732f63d356b05ca8 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Loads dropped Dex/Jar

Acquires the wake lock

Reads information about phone network operator.

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 12:54

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 12:54

Reported

2024-02-23 12:56

Platform

android-x86-arm-20240221-en

Max time kernel

146s

Max time network

129s

Command Line

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/75b43a4b.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Processes

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Network

Country Destination Domain Proto
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 second.fiverequest.com udp
NL 217.12.201.177:80 second.fiverequest.com tcp

Files

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/75b43a4b.dex

MD5 02396bafb1061c65cab7eeaa1079959c
SHA1 425a300f18a4a7e3c893571e73eb41f0780db659
SHA256 34877f6f53f96878e78e3c0fad6b9159df8747f7415d5e77c2f3047f1c478902
SHA512 3a58568a92fbbb46e167f7e157a057969ba4c524a67f225e3c28f428bb07a6d579c725e8dbdda06b76a5025e0fbe5f65eae7fe8eb559711b2e6e117933b3fd06

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/75b43a4b.dex

MD5 11b372793bfab780ff00c65e13d0c322
SHA1 1218f75430a875608aa6e932cda133572f6258e5
SHA256 5dc721b52c33300b112bd776b6143903e6117edd3d9f82832ee2aad9022e43a8
SHA512 fd9039eaed48bad2ebec88c0264251ee3cca9af12d82face69a5749586b5d7b0fa71bdf97d7e8ad11a3e4c364606523551a13d69c22f94225edcd43e1a61c6f4

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-23 12:54

Reported

2024-02-23 12:56

Platform

android-x64-20240221-en

Max time kernel

152s

Max time network

155s

Command Line

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/75b43a4b.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Processes

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 second.fiverequest.com udp
SE 185.117.88.15:80 second.fiverequest.com tcp
GB 216.58.212.228:443 tcp
GB 216.58.212.228:443 tcp
GB 172.217.169.66:443 tcp
GB 172.217.169.14:443 tcp

Files

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/75b43a4b.dex

MD5 21413cd978e116f80d01fa73a4271216
SHA1 4592ceccabf51ecb2df163aa7c39f66aad84ddc9
SHA256 56b6982300c9ff1f6f92bf9ec2fdcb98b73f37aade4834a925680b2afe9bf224
SHA512 23865263369b0075a36596944d1a3a3af7828f7a7daa6ebdddc85277cf2b2aae24ec7144cb7b499a495ef17c0628dc858e8b12abecafcc7b8f63e5ae1dc8d006

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/75b43a4b.dex

MD5 df4e5b4604389e82fed57488a471f6ce
SHA1 91141826f678dc52cae1ce2e4bbe271eb2ad168b
SHA256 0567a243bac51b210e37a441f950afc36e7bac53fb0b46554a2d31fcd76a9951
SHA512 473b35a04a94d31d65f96dc4d5539d206a4788a26a038362f03e2757456c205831cf178cb230d2a1292bab693c0902b23fb5b38ccc961c2d60deb4af3094339c

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/IEpM

MD5 0617d60fe78d40aef51f930d02e70409
SHA1 4f9c8060120cc7a8e8871f72065c33591266b962
SHA256 74408406c311b450cff587212186850271c7e98c8347e7f6959c41655ecc8b13
SHA512 5e05338a14a09d8bd46955fe602c841f5b12372ce8fcc55191499a1dbd142b2a27f7290a670633a4c0c0ec3ef8a3cb662e232b4e7f477c283d5e8c441864d6b0

Analysis: behavioral3

Detonation Overview

Submitted

2024-02-23 12:54

Reported

2024-02-23 12:56

Platform

android-x64-arm64-20240221-en

Max time kernel

146s

Max time network

140s

Command Line

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/75b43a4b.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Processes

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.74:443 udp
GB 216.58.213.14:443 udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 second.fiverequest.com udp
PL 51.75.61.103:80 second.fiverequest.com tcp
GB 172.217.169.4:443 tcp
GB 172.217.169.4:443 tcp
GB 142.250.179.226:443 tcp

Files

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/75b43a4b.dex

MD5 75b791310bdc27265ff3f05558a51cce
SHA1 e9df6899c2c1cf560e59b2eddf14d2af7f1fda8c
SHA256 cdb948e3e8147f7ac718dde7991987d39d13c46de34f8b43ffdc322196d19816
SHA512 13f53699dc86af48089f13b745afe4af73ed6453ea1273ddae631b70a3adb986d258ff42fd361725a6bfb9a01d4c539e63f8507c010733ffae7bacf831657e25

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/75b43a4b.dex

MD5 a089eff0fa6b33cb4e7ae2d00fe0867f
SHA1 c55e73691159e64497724a593e5f2c3409c409f5
SHA256 4399675b8f976cce266b14018b855e1ee4d95702a89320cc5b6a309ab175c0bf
SHA512 e9960aa7a96b98995e4e4d639211d67b32d4acf26a7e94de1d83cdaae27a64585e13e313c0cb8f8ea58305827c397ecd12758c4f2a7b2805a34e2d61cf34bbbc

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/CRa

MD5 93e804a4912eb2c52ad3a8f4d4a434dc
SHA1 2e8da4c10280f26f66fc71a57eb00104fdc34da2
SHA256 e6f06e83b0bb06a306351853b5a00b6b5ee5179116043a67d4f5e78245b5c641
SHA512 52c53b8d2f8eebed88ed239ad3d9700ea287d603106f0354b3687f77df2331e29fc621b177adf1d761064e343b425c53439806312208618dd3a2b9f7f47abd39

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/IEpM

MD5 bab93db7a3a499a2ad6cba1bb282ce51
SHA1 3be4ed8eb4e340068f228fb3adc1230a250431c8
SHA256 270fec262d1298ae7e1376f8ff38ab5e3815716df0782c66d82467c432712b1c
SHA512 6bb04a084886df9be240d348a0ced51d0b922eb84261e2846d906bde96313cbb748f792f6da5a10113c3988338c8fb00277606d31c67211fc85651649af2563e