Analysis Overview
SHA256
7df8648aa93d4822f57240945bc8c0e9f9061ede4bf222648ddaf447aafc19f4
Threat Level: Shows suspicious behavior
The file 7df8648aa93d4822f57240945bc8c0e9f9061ede4bf222648ddaf447aafc19f4 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Requests dangerous framework permissions
Acquires the wake lock
Reads information about phone network operator.
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-23 12:54
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-23 12:54
Reported
2024-02-23 12:57
Platform
android-x86-arm-20240221-en
Max time kernel
147s
Max time network
137s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.maxparking.nearme.gamecenter/files/d2b72774.dex | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
com.maxparking.nearme.gamecenter
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | second.fiverequest.com | udp |
| PL | 51.75.61.102:80 | second.fiverequest.com | tcp |
Files
/data/data/com.maxparking.nearme.gamecenter/files/d2b72774.dex
| MD5 | b16369ae85a76126f557b89c3b59e842 |
| SHA1 | 7a69b5c0c61db28e42521470334215ea46eea32c |
| SHA256 | e5f849c0f69688dd26c2d46fa4fe175259cd6d2a6b189c97b50100c8d45b7608 |
| SHA512 | 30ed6cd8eebe1681908d3f822a1e7144fd083d92f8b5cbb6b590bef2e6e39d5880ccad00bcaa96f63bf088e6d4cc1d87dbb437f87f6f736adfaf02142ec2e925 |
/data/user/0/com.maxparking.nearme.gamecenter/files/d2b72774.dex
| MD5 | 746e8da085839c1e406dfc7831495fdb |
| SHA1 | b0f552bfd05b8ba89585b47c9c748f0e4154e03b |
| SHA256 | d750e3ce155ad136780cbf636ad9fdee6ecb3c2948fc34c01291dcadfcdfd508 |
| SHA512 | d32e72a74e48f81da6315dfd7447ff65324114243011eb1d036f6adfa4a50062c584abad366faa370fef80097b993a57ded11df7365655d94779915d7c45e028 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-23 12:54
Reported
2024-02-23 12:57
Platform
android-x64-20240221-en
Max time kernel
152s
Max time network
141s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.maxparking.nearme.gamecenter/files/d2b72774.dex | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
com.maxparking.nearme.gamecenter
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | second.fiverequest.com | udp |
| NL | 217.12.201.177:80 | second.fiverequest.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.2:443 | tcp | |
| GB | 142.250.179.238:443 | tcp |
Files
/data/user/0/com.maxparking.nearme.gamecenter/files/d2b72774.dex
| MD5 | dee441b549ccb2e5729dd31059f7004e |
| SHA1 | 5397b50331d4548f9050ed789815c4b637080faf |
| SHA256 | 843a48c33eb338ad447d61220d1b04bfd69465f4c01974035f3e77b979a04bf9 |
| SHA512 | 932eb33088ef91d2251ba99ac1c9dc25525821a80265a514edef58c21772c3e98dc6280a97f721303ea16a9d81652319dc70aa0bdc593251ba056669b3404d47 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-02-23 12:54
Reported
2024-02-23 12:57
Platform
android-x64-arm64-20240221-en
Max time kernel
147s
Max time network
141s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.maxparking.nearme.gamecenter/files/d2b72774.dex | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
com.maxparking.nearme.gamecenter
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.10:443 | udp | |
| GB | 142.250.200.14:443 | udp | |
| GB | 142.250.187.202:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | second.fiverequest.com | udp |
| PL | 51.75.61.102:80 | second.fiverequest.com | tcp |
| GB | 142.250.200.4:443 | tcp | |
| GB | 142.250.200.4:443 | tcp | |
| GB | 142.250.187.226:443 | tcp |
Files
/data/user/0/com.maxparking.nearme.gamecenter/files/d2b72774.dex
| MD5 | 2aaba5e9999d2f1e31cda12876156d79 |
| SHA1 | 84edaaad1288e81789ebecaed9099c352bd3c96f |
| SHA256 | 036306efd805477c14ec6afdb8dc1efa790db9cbda1d2601ef07bebf096d0b2f |
| SHA512 | 3db83d3a34f3dc8ffbc798d38a7bccf9a071d565895adc02e6a88d3ecb6362904aff8e71726ae5147484f24ffab786041bfee42feffa49bee0c8de69393bbf2b |
/data/user/0/com.maxparking.nearme.gamecenter/files/d2b72774.dex
| MD5 | d56eb524e9b8bc7ba6d99694e1a7a953 |
| SHA1 | 5597921c969aa09a8c2e3e06d21e2a6036c75db7 |
| SHA256 | 81ff3611e8f6125596f0486953dbeba7131d36a5799a90cf6ff5d0e27179f8ec |
| SHA512 | caa607f10b5a48bc417865c2c03d8327fff556ca8490a7638ae5c13bf880512f54054ee9a21f508cc190b6a27804633f822eeb071b2fe5443bb464efcc332e0b |