Malware Analysis Report

2025-08-05 09:28

Sample ID 240223-p6wkqagg62
Target a1cb41b5cbcd016905bfae9e89cb193c453969bbca932035b969f997fa5ee88a
SHA256 a1cb41b5cbcd016905bfae9e89cb193c453969bbca932035b969f997fa5ee88a
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

a1cb41b5cbcd016905bfae9e89cb193c453969bbca932035b969f997fa5ee88a

Threat Level: Shows suspicious behavior

The file a1cb41b5cbcd016905bfae9e89cb193c453969bbca932035b969f997fa5ee88a was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Loads dropped Dex/Jar

Requests dangerous framework permissions

Acquires the wake lock

Reads information about phone network operator.

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 12:57

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 12:57

Reported

2024-02-23 12:59

Platform

android-x86-arm-20240221-en

Max time kernel

149s

Max time network

136s

Command Line

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Processes

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 g1.topprocompany.com udp
PL 51.75.61.102:80 g1.topprocompany.com tcp

Files

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex

MD5 7f07edbc148cd899091b62191e234295
SHA1 01a79b79a36da81add4dfc0997bbe523bc7fc49f
SHA256 b2a64f2b5f7d1358e14896af24979846a15090bb1038fe02d419e47a24472e5e
SHA512 5d73c9047be5797f08f432964c9e51ced5b2de8e88cbbf8bd8a171e7a34eb79cd07746421e518233c7578bc941b9ad5b8b36108f1b026c501fb543660d998a2b

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex

MD5 4641466f6bb85afe4e66b18b3145eb4b
SHA1 1c53d1d38c296c0d4c647d26a1aa22086915b861
SHA256 1beb17b02d1639c2ae11f993259f2fd475eba848ad363317919fea9e9f91b8bf
SHA512 f4fd3484715193042535536f2d78e6d0c370a9cdbfd09f91cf6dcb1f3f8cfecaf582c1d43bec8bcd6007fb921cfaee9e07f44504acae69d3e098597cb16cd0c2

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/databases/com.google.android.datatransport.events-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/PersistedInstallation595436658753344981tmp

MD5 8060f00f2ea6cb0504ff712a1b541b2d
SHA1 1db44cfad27fcb05753d4a71a104143401d3c690
SHA256 9942446b3e44faac8dfdf30f3ee38a2b53c2a769cd8283adb4daf4429d6453ec
SHA512 3fd1f5f05a429d6c1faf3bc6c778157c6edcbd5a580190813ed52f4aca5a9ce861bb406e8c30d314bd245f5acf44be39a3b9a06b1523f039ff5209ff5eed5058

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E

MD5 66cd8258e8b44b85942608fdad52218c
SHA1 a7f87733e17cc53a851251c990377203e6089ca4
SHA256 a5b90cb1a24e4fae690340f4ebdb0745cc8219c68eeec88cc58aa884b6bd8027
SHA512 f0b1a3baac512560d0ec0fe3432520ace85e3b661b35d1ee3d05a34b9c468dac63cdfa6581b946c1209ac1ff7d8220fd031d1d0a554c020b6cfaad8b8370e44a

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/KTp

MD5 d327f6d0860997ea9fcc92f6f6949ad8
SHA1 0ec7aca83434c8111aaedfd7650b28e9562ccc4c
SHA256 d2beac955ab312e303051fc55476c6c99baffde9196ce4885d697a2699b5d530
SHA512 b766c26e3dd02d9b437219ae1539b35c7ecd99e3a23c69221fbf674dc9bc8f07057041927534872eea0957cc54bf9e33f0620f769e156e0699d2509cd746d5f2

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E

MD5 e0594697540a9a15bafa26bcfd124006
SHA1 ec316dbc2186104c7d39b4303a460686d7c2d205
SHA256 0331219e9fa9ae2950e35c101ed59561d46fcdaf032a2a32934fe07cd5a2044e
SHA512 df7729fcb4d153242731f28ef107bba47c7fb800e78a283e8f4ce3cb1d88f0451a96651cbf2f0c9bcfffffec7b9e395b2972f1049c020de9cd18957babc9f978

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-23 12:57

Reported

2024-02-23 12:59

Platform

android-x64-20240221-en

Max time kernel

152s

Max time network

146s

Command Line

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Processes

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 g1.topprocompany.com udp
NL 217.12.201.177:80 g1.topprocompany.com tcp
GB 216.58.212.228:443 tcp
GB 216.58.212.228:443 tcp
GB 172.217.169.66:443 tcp
GB 172.217.169.14:443 tcp

Files

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex

MD5 7f07edbc148cd899091b62191e234295
SHA1 01a79b79a36da81add4dfc0997bbe523bc7fc49f
SHA256 b2a64f2b5f7d1358e14896af24979846a15090bb1038fe02d419e47a24472e5e
SHA512 5d73c9047be5797f08f432964c9e51ced5b2de8e88cbbf8bd8a171e7a34eb79cd07746421e518233c7578bc941b9ad5b8b36108f1b026c501fb543660d998a2b

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex

MD5 fa48edd8d3c6c102165b413cd16e04b1
SHA1 1a76f5d9748edbc87f4057045ebdf4ce9e5af608
SHA256 0c5eaa3907f9cec41c0bd5c966b3e251e84c84c0ec784b2bc5760ccadfeda9aa
SHA512 6d2e6f343718142c9439afd3ee781bcf1d6e456b898c3cbe5620a0f2d66cb95f969fba1e500c858b421761a5171ca8dc7b2c5e84803904e422a39c037a5e2c62

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/PersistedInstallation2229743281608453341tmp

MD5 c96e543cbd33f8d81a9b91c1ac7cf141
SHA1 cae7b34cd91ff2e4fc9762f1bb6b73ba40820c8e
SHA256 7a0afde846df238ea22cc7887fe2d02892be7b0ac39c709e795a8651fb022f85
SHA512 984de8b75664b4e8e6a53a6d0c6be56f75c026a797a491d5a69606462c4a6a63cb2ac086baec6c2fd9d6da4a32dd324576beca2da7df5ad21e342ace90beed6c

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E

MD5 a92bdd284f015b4c7d64bafe165c270f
SHA1 ea69bc4052be0880309fd808280f92dcf821fc90
SHA256 afbbbe6572ca8bebde54c53ab98705366bb451989fd5e83995938a4d2782add3
SHA512 2c221b662295203c1d3baddcb4021d01c8b322a7d37b00984150547fe3546a8b7bdd2baf6ac02632158d525aa1a3f3a1c52c4e5b9e8a5e38203558cd50c1e24a

Analysis: behavioral3

Detonation Overview

Submitted

2024-02-23 12:57

Reported

2024-02-23 12:59

Platform

android-x64-arm64-20240221-en

Max time kernel

148s

Max time network

143s

Command Line

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Processes

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Network

Country Destination Domain Proto
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 udp
GB 172.217.169.46:443 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 g1.topprocompany.com udp
SE 185.117.88.15:80 g1.topprocompany.com tcp
GB 216.58.212.228:443 tcp
GB 216.58.212.228:443 tcp

Files

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex

MD5 c137ca93253323a39ae78fab1e4dbb9a
SHA1 9e579f9f37bb45bd156cd14a139f1ee6b4388b51
SHA256 fa31f0f92d87114774e43f4b9ae4616e8daee3d1d1d30bc5f1d56e4a423e5154
SHA512 df85f92f0fa3801d9e934002150edea84270b4c1891dc47e489a25716d616f92a034318a1eb030ac8648cc1c448b0eee4dfdf202c63fd2a0d1881d2ac47fbfb3

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex

MD5 4641466f6bb85afe4e66b18b3145eb4b
SHA1 1c53d1d38c296c0d4c647d26a1aa22086915b861
SHA256 1beb17b02d1639c2ae11f993259f2fd475eba848ad363317919fea9e9f91b8bf
SHA512 f4fd3484715193042535536f2d78e6d0c370a9cdbfd09f91cf6dcb1f3f8cfecaf582c1d43bec8bcd6007fb921cfaee9e07f44504acae69d3e098597cb16cd0c2

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/PersistedInstallation1296657457573637050tmp

MD5 65645a3c991f61f7a89800034446be94
SHA1 e1a31a6d19739ab0c2d943eb9a17130eb8924d41
SHA256 7b037d03a8aa2666953c801908c800f7c2d276730110a7fab85f3610d7dba38e
SHA512 c8405761eead45819eb9ed249879f8c84afed69075a64ed0d7e2fb3dab990418333f44da5812f5ac6a13c16b9d7d44408bfd607c66d9f9d79fc3f21ef06c7302

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/KTp

MD5 fea9881804abeb2d4220927499e1fa52
SHA1 43c39ee32a70487bb849bbd6eef1e96124c69b86
SHA256 5a004f0129e454cfd9431a9f2ebd23539ea0633d8700be53b4796616f5fe1df9
SHA512 4c859d399bf234e81b118c906ca0ec76b356a0c9f38741119dc1a1707e0d79f757ac39df47d4e17f5c60b8e17b3cca0ba124a2059de965afdbe67d692ceb1634

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E

MD5 2c1e39e2fdec88dcb2b8c8cfa947321c
SHA1 c23784efe16a0e02ff8381b736d7cd7841b9417a
SHA256 39f98e5c7a1d17654427c06bc35c3b9399f7578e805bf83465222e0cd7771abd
SHA512 08e1c1b101723a120d5a46ed98cae0a20d40bb276f53e891d9c1db4209d264a11efcf510a5d661a974d71a176323cd1bf84df43b3a4f5244f464601e29b326e4