Analysis Overview
SHA256
b84877980499caa11a4d2cdc6f638734c8eb72021fc74e64fde5985e3ceee063
Threat Level: Shows suspicious behavior
The file b84877980499caa11a4d2cdc6f638734c8eb72021fc74e64fde5985e3ceee063 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Reads information about phone network operator.
Requests dangerous framework permissions
Acquires the wake lock
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-23 12:30
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-02-23 12:30
Reported
2024-02-23 12:32
Platform
android-x64-arm64-20240221-en
Max time kernel
151s
Max time network
141s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.zombieapocalyps.nearme.gamecenter/files/1c7faaac.dex | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
com.zombieapocalyps.nearme.gamecenter
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.14:443 | udp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | second.fiverequest.com | udp |
| NL | 217.12.201.177:80 | second.fiverequest.com | tcp |
| GB | 142.250.200.4:443 | tcp | |
| GB | 142.250.200.4:443 | tcp |
Files
/data/user/0/com.zombieapocalyps.nearme.gamecenter/files/1c7faaac.dex
| MD5 | 986fc773dbd3cab9372a32ba28248829 |
| SHA1 | 208aa9bf208311642b282015e3c11509a6d6fb0a |
| SHA256 | 540e9e2cb2fc7f2c0a34986d93b5416d247442905f8d6bdb7464e02d32a9108b |
| SHA512 | c834136ccbf7c241e72ae6c034b251b38e02a865e4758d6182562ba6f4466cf5d56829fd69ec64b0a0971c588e1f3b9f8702c3558ca610c297b0b8258626e0a3 |
/data/user/0/com.zombieapocalyps.nearme.gamecenter/files/1c7faaac.dex
| MD5 | 19d019164fbaa64363d2a61b1b04211a |
| SHA1 | 5bdf5376c69b23ae70d441e911259dfa674a8071 |
| SHA256 | f1c93440e8e525d13a6482045a76a53bede6f3a9c84308f044b75e07fae9c2c1 |
| SHA512 | ee5a1f8424d96dec9023de04ca77eb1c003afc61f48a2138b024d9a1d1f073e3ebec31f2f83a9c31e50a6cf69e290bef4033145f3c71a1a819630cd4389bb33f |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-23 12:30
Reported
2024-02-23 12:32
Platform
android-x86-arm-20240221-en
Max time kernel
7s
Max time network
136s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.zombieapocalyps.nearme.gamecenter/files/1c7faaac.dex | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
com.zombieapocalyps.nearme.gamecenter
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | second.fiverequest.com | udp |
| NL | 217.12.201.177:80 | second.fiverequest.com | tcp |
Files
/data/data/com.zombieapocalyps.nearme.gamecenter/files/1c7faaac.dex
| MD5 | 986fc773dbd3cab9372a32ba28248829 |
| SHA1 | 208aa9bf208311642b282015e3c11509a6d6fb0a |
| SHA256 | 540e9e2cb2fc7f2c0a34986d93b5416d247442905f8d6bdb7464e02d32a9108b |
| SHA512 | c834136ccbf7c241e72ae6c034b251b38e02a865e4758d6182562ba6f4466cf5d56829fd69ec64b0a0971c588e1f3b9f8702c3558ca610c297b0b8258626e0a3 |
/data/user/0/com.zombieapocalyps.nearme.gamecenter/files/1c7faaac.dex
| MD5 | 61f1d5487792b1c96567fb6ce5ffd746 |
| SHA1 | 89ce741b86a93730bcf20b8e9d842a868cd097fe |
| SHA256 | c8750b35c1266de34f673ccc950f13c4c49ecec5e9ddaecbf8926fcae9cdecfb |
| SHA512 | 41e67e3ab631a21f6713e63043c85b5473c693c863bfce93c0810af581a25d0e913400e704b1c0c53c0bf41b0e5a579c979859ed973377480f4c33f3ca32f5aa |
/data/data/com.zombieapocalyps.nearme.gamecenter/databases/com.google.android.datatransport.events-journal
| MD5 | 5f1a582f5c6184dff9c7f08c0c5e0b0f |
| SHA1 | aeb628782c13e55e8b36562b113848c59ebb030e |
| SHA256 | 47c3c44a564e73cf1f5caca63e08728193fbab20db8b13dd8b33158a6cbbe4c1 |
| SHA512 | 2d9ebc19c7b7b0a27856797be0ce8b52fa3f0c294264864a62053e74eb9c61534aee68083344bbf3cdde7f790d32b27e76935b80589fb7aa6b2870c3ebf98975 |
/data/data/com.zombieapocalyps.nearme.gamecenter/databases/com.google.android.datatransport.events
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.zombieapocalyps.nearme.gamecenter/databases/com.google.android.datatransport.events-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/com.zombieapocalyps.nearme.gamecenter/databases/com.google.android.datatransport.events-wal
| MD5 | 01889a1078e19936dd6707d5fbc59822 |
| SHA1 | fce0b126d48c5bf63e7b8756eabd9c2a05a23f13 |
| SHA256 | 264b47c2f66a150aa230fccbaa248f6612571a2947a2a793eba6f3d7dec6a871 |
| SHA512 | 6737eb66f22432558597e7d3eb01950e58e127eea668f32314518237e36a597d14345dfc5cca43c96313aecf616ff2a7a82bf821642dd43afe2869d58dd912c5 |
/data/data/com.zombieapocalyps.nearme.gamecenter/files/PersistedInstallation2194800965028015257tmp
| MD5 | ecc0a61838e20c8d4ff99bd2ccc51a6e |
| SHA1 | fd9ea1adadcb954ce56b23b01888dd2640fb8daa |
| SHA256 | 38f3367f53c94184bade229c613931c1d7c9da013a377ccb17352862d0d04f20 |
| SHA512 | 21cd4c34960065242b7b8e1e4e57bcf72638646dca1e0bcdb3137befcdf017a84990e9913bac85271069e449a79d58761ef1737bf2a802e7a292f64f5c3a1d0a |
/data/data/com.zombieapocalyps.nearme.gamecenter/files/q
| MD5 | 933cd1da4c2cf3cf6650ceeb480b2370 |
| SHA1 | ea8cffe84916a6301675879a425f1a1adbd3d464 |
| SHA256 | ec1989a10b87a0d66113959e08a48d581e47a12441a537aacdb04a9f065281e8 |
| SHA512 | 276f1ec03c9383fdac4cbca5548d20b80434245444ef40ce46569b76808e8662aca886adf2f1b028a14e5191add73c3255cbee680ed241002c58d87748d3f57b |
/data/data/com.zombieapocalyps.nearme.gamecenter/files/PersistedInstallation8041080642591289354tmp
| MD5 | 9818d04c4345615da402792fcdc1df93 |
| SHA1 | 707985fc4f156bf73479d9c0376cf0971c8a2458 |
| SHA256 | 752e0d88a59a7ee076a478357751baee23bd8ab4bb55c9c24e4d9e850ba5563c |
| SHA512 | 3e9bc3f5159fd2ce1997fcee7b19ea058041a29b9381909e98dcc211670aea68dcc761d6576640c80b4fac918be7b6ecd41e74de776def340b414c2a8c371fa9 |
/data/data/com.zombieapocalyps.nearme.gamecenter/files/uYRf
| MD5 | f530a07d59848b3e04a4aac5f1bda2bb |
| SHA1 | 8ab5e2c4e3fd7a50fd8b5c5bce6dcb08c8b7a2f2 |
| SHA256 | d2700324a93a5ef78322cd0a23817bb8fe8bc9b0e3ccb0ee3e2c6550944ef341 |
| SHA512 | dd3c6a6b578d0380e84001fd71fe0e46bb7922a571b80d3e9931b0bac308f77cdf91ba85e8e1fbd94311b1158bd858522faf27c2670beef2e4c2cbb7991d9a30 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-23 12:30
Reported
2024-02-23 12:32
Platform
android-x64-20240221-en
Max time kernel
151s
Max time network
156s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.zombieapocalyps.nearme.gamecenter/files/1c7faaac.dex | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
com.zombieapocalyps.nearme.gamecenter
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | second.fiverequest.com | udp |
| NL | 217.12.201.177:80 | second.fiverequest.com | tcp |
| GB | 216.58.212.228:443 | tcp | |
| GB | 216.58.212.228:443 | tcp | |
| GB | 172.217.169.66:443 | tcp | |
| GB | 172.217.169.14:443 | tcp |
Files
/data/data/com.zombieapocalyps.nearme.gamecenter/files/1c7faaac.dex
| MD5 | 291f956caa1c5a6f88fa1d45da45971d |
| SHA1 | 1882b9ef4115a173e8145255726f3351f2da0fc9 |
| SHA256 | ab76330669bf5e0d657b54c7ce6e468cbe0ece16017d47ec58d7da6d4cf92729 |
| SHA512 | 263528806b8069120972e77d449b2a994c8f2898434cda1911224f1f94e4e4c3315c042b9cac6f937a5d0f58bd3d81c5ab39626e943ded8611bc26fbaa5ce0f6 |
/data/user/0/com.zombieapocalyps.nearme.gamecenter/files/1c7faaac.dex
| MD5 | 61f1d5487792b1c96567fb6ce5ffd746 |
| SHA1 | 89ce741b86a93730bcf20b8e9d842a868cd097fe |
| SHA256 | c8750b35c1266de34f673ccc950f13c4c49ecec5e9ddaecbf8926fcae9cdecfb |
| SHA512 | 41e67e3ab631a21f6713e63043c85b5473c693c863bfce93c0810af581a25d0e913400e704b1c0c53c0bf41b0e5a579c979859ed973377480f4c33f3ca32f5aa |
/data/data/com.zombieapocalyps.nearme.gamecenter/files/uYRf
| MD5 | 33ab786cad83b01f728fe15ba5f9e1ab |
| SHA1 | 074a93e792eb2c0bc17bc7da9104e3b9ab10b0b4 |
| SHA256 | 87412c00ad0ddbfc1d3878c2e0eaa8ec1504908c2bb9a10a447e70afc41e86ee |
| SHA512 | 2fb46b117faaf1ed87a471face99cbae26c90d9b821864d5cc12b638af1a444394b00c9bdb506d8197903b8e723eb07534ffd46c3e462e71cadd3e65f9f74d71 |
/data/data/com.zombieapocalyps.nearme.gamecenter/files/q
| MD5 | c9851ec818f0630d57eaebf0d58fd6bc |
| SHA1 | c988ee6e0f2cf34f2e7ce2c049094ab5ef4fadf2 |
| SHA256 | 9d9a8621c871be6acc9bf1a0cde83f578d307507cfd52b128e0a2a702acce603 |
| SHA512 | 415acb344912159f24fba1695456bacf1a6a7a6120ddc7c33257cc96ced804549e778ee20043d815a4a3021c296df985494a772622898de10cdd1d549501a4d1 |
/data/data/com.zombieapocalyps.nearme.gamecenter/files/uYRf
| MD5 | ed12df5d4344755c91b8e48a485990f5 |
| SHA1 | b79edf2a16c0b447128ff68e7150d97576fb7e6d |
| SHA256 | e8c886304e58566a4410ee2cdf0d84c3640f338eb0d7c801886b1922b67451d7 |
| SHA512 | 4a2784b38e5e9d2b8e8211bb0d7f11f6757ea2e331e91626c637305f414e646a5e3b72a709d43cfe3214b058f276becbe2587e2596aff814ab8dfa862f090dfc |