Malware Analysis Report

2025-08-05 09:28

Sample ID 240223-ppjvlaff7z
Target b84877980499caa11a4d2cdc6f638734c8eb72021fc74e64fde5985e3ceee063
SHA256 b84877980499caa11a4d2cdc6f638734c8eb72021fc74e64fde5985e3ceee063
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

b84877980499caa11a4d2cdc6f638734c8eb72021fc74e64fde5985e3ceee063

Threat Level: Shows suspicious behavior

The file b84877980499caa11a4d2cdc6f638734c8eb72021fc74e64fde5985e3ceee063 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Loads dropped Dex/Jar

Reads information about phone network operator.

Requests dangerous framework permissions

Acquires the wake lock

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 12:30

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-02-23 12:30

Reported

2024-02-23 12:32

Platform

android-x64-arm64-20240221-en

Max time kernel

151s

Max time network

141s

Command Line

com.zombieapocalyps.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.zombieapocalyps.nearme.gamecenter/files/1c7faaac.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Processes

com.zombieapocalyps.nearme.gamecenter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 second.fiverequest.com udp
NL 217.12.201.177:80 second.fiverequest.com tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp

Files

/data/user/0/com.zombieapocalyps.nearme.gamecenter/files/1c7faaac.dex

MD5 986fc773dbd3cab9372a32ba28248829
SHA1 208aa9bf208311642b282015e3c11509a6d6fb0a
SHA256 540e9e2cb2fc7f2c0a34986d93b5416d247442905f8d6bdb7464e02d32a9108b
SHA512 c834136ccbf7c241e72ae6c034b251b38e02a865e4758d6182562ba6f4466cf5d56829fd69ec64b0a0971c588e1f3b9f8702c3558ca610c297b0b8258626e0a3

/data/user/0/com.zombieapocalyps.nearme.gamecenter/files/1c7faaac.dex

MD5 19d019164fbaa64363d2a61b1b04211a
SHA1 5bdf5376c69b23ae70d441e911259dfa674a8071
SHA256 f1c93440e8e525d13a6482045a76a53bede6f3a9c84308f044b75e07fae9c2c1
SHA512 ee5a1f8424d96dec9023de04ca77eb1c003afc61f48a2138b024d9a1d1f073e3ebec31f2f83a9c31e50a6cf69e290bef4033145f3c71a1a819630cd4389bb33f

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 12:30

Reported

2024-02-23 12:32

Platform

android-x86-arm-20240221-en

Max time kernel

7s

Max time network

136s

Command Line

com.zombieapocalyps.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.zombieapocalyps.nearme.gamecenter/files/1c7faaac.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

com.zombieapocalyps.nearme.gamecenter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 second.fiverequest.com udp
NL 217.12.201.177:80 second.fiverequest.com tcp

Files

/data/data/com.zombieapocalyps.nearme.gamecenter/files/1c7faaac.dex

MD5 986fc773dbd3cab9372a32ba28248829
SHA1 208aa9bf208311642b282015e3c11509a6d6fb0a
SHA256 540e9e2cb2fc7f2c0a34986d93b5416d247442905f8d6bdb7464e02d32a9108b
SHA512 c834136ccbf7c241e72ae6c034b251b38e02a865e4758d6182562ba6f4466cf5d56829fd69ec64b0a0971c588e1f3b9f8702c3558ca610c297b0b8258626e0a3

/data/user/0/com.zombieapocalyps.nearme.gamecenter/files/1c7faaac.dex

MD5 61f1d5487792b1c96567fb6ce5ffd746
SHA1 89ce741b86a93730bcf20b8e9d842a868cd097fe
SHA256 c8750b35c1266de34f673ccc950f13c4c49ecec5e9ddaecbf8926fcae9cdecfb
SHA512 41e67e3ab631a21f6713e63043c85b5473c693c863bfce93c0810af581a25d0e913400e704b1c0c53c0bf41b0e5a579c979859ed973377480f4c33f3ca32f5aa

/data/data/com.zombieapocalyps.nearme.gamecenter/databases/com.google.android.datatransport.events-journal

MD5 5f1a582f5c6184dff9c7f08c0c5e0b0f
SHA1 aeb628782c13e55e8b36562b113848c59ebb030e
SHA256 47c3c44a564e73cf1f5caca63e08728193fbab20db8b13dd8b33158a6cbbe4c1
SHA512 2d9ebc19c7b7b0a27856797be0ce8b52fa3f0c294264864a62053e74eb9c61534aee68083344bbf3cdde7f790d32b27e76935b80589fb7aa6b2870c3ebf98975

/data/data/com.zombieapocalyps.nearme.gamecenter/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.zombieapocalyps.nearme.gamecenter/databases/com.google.android.datatransport.events-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.zombieapocalyps.nearme.gamecenter/databases/com.google.android.datatransport.events-wal

MD5 01889a1078e19936dd6707d5fbc59822
SHA1 fce0b126d48c5bf63e7b8756eabd9c2a05a23f13
SHA256 264b47c2f66a150aa230fccbaa248f6612571a2947a2a793eba6f3d7dec6a871
SHA512 6737eb66f22432558597e7d3eb01950e58e127eea668f32314518237e36a597d14345dfc5cca43c96313aecf616ff2a7a82bf821642dd43afe2869d58dd912c5

/data/data/com.zombieapocalyps.nearme.gamecenter/files/PersistedInstallation2194800965028015257tmp

MD5 ecc0a61838e20c8d4ff99bd2ccc51a6e
SHA1 fd9ea1adadcb954ce56b23b01888dd2640fb8daa
SHA256 38f3367f53c94184bade229c613931c1d7c9da013a377ccb17352862d0d04f20
SHA512 21cd4c34960065242b7b8e1e4e57bcf72638646dca1e0bcdb3137befcdf017a84990e9913bac85271069e449a79d58761ef1737bf2a802e7a292f64f5c3a1d0a

/data/data/com.zombieapocalyps.nearme.gamecenter/files/q

MD5 933cd1da4c2cf3cf6650ceeb480b2370
SHA1 ea8cffe84916a6301675879a425f1a1adbd3d464
SHA256 ec1989a10b87a0d66113959e08a48d581e47a12441a537aacdb04a9f065281e8
SHA512 276f1ec03c9383fdac4cbca5548d20b80434245444ef40ce46569b76808e8662aca886adf2f1b028a14e5191add73c3255cbee680ed241002c58d87748d3f57b

/data/data/com.zombieapocalyps.nearme.gamecenter/files/PersistedInstallation8041080642591289354tmp

MD5 9818d04c4345615da402792fcdc1df93
SHA1 707985fc4f156bf73479d9c0376cf0971c8a2458
SHA256 752e0d88a59a7ee076a478357751baee23bd8ab4bb55c9c24e4d9e850ba5563c
SHA512 3e9bc3f5159fd2ce1997fcee7b19ea058041a29b9381909e98dcc211670aea68dcc761d6576640c80b4fac918be7b6ecd41e74de776def340b414c2a8c371fa9

/data/data/com.zombieapocalyps.nearme.gamecenter/files/uYRf

MD5 f530a07d59848b3e04a4aac5f1bda2bb
SHA1 8ab5e2c4e3fd7a50fd8b5c5bce6dcb08c8b7a2f2
SHA256 d2700324a93a5ef78322cd0a23817bb8fe8bc9b0e3ccb0ee3e2c6550944ef341
SHA512 dd3c6a6b578d0380e84001fd71fe0e46bb7922a571b80d3e9931b0bac308f77cdf91ba85e8e1fbd94311b1158bd858522faf27c2670beef2e4c2cbb7991d9a30

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-23 12:30

Reported

2024-02-23 12:32

Platform

android-x64-20240221-en

Max time kernel

151s

Max time network

156s

Command Line

com.zombieapocalyps.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.zombieapocalyps.nearme.gamecenter/files/1c7faaac.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Processes

com.zombieapocalyps.nearme.gamecenter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 second.fiverequest.com udp
NL 217.12.201.177:80 second.fiverequest.com tcp
GB 216.58.212.228:443 tcp
GB 216.58.212.228:443 tcp
GB 172.217.169.66:443 tcp
GB 172.217.169.14:443 tcp

Files

/data/data/com.zombieapocalyps.nearme.gamecenter/files/1c7faaac.dex

MD5 291f956caa1c5a6f88fa1d45da45971d
SHA1 1882b9ef4115a173e8145255726f3351f2da0fc9
SHA256 ab76330669bf5e0d657b54c7ce6e468cbe0ece16017d47ec58d7da6d4cf92729
SHA512 263528806b8069120972e77d449b2a994c8f2898434cda1911224f1f94e4e4c3315c042b9cac6f937a5d0f58bd3d81c5ab39626e943ded8611bc26fbaa5ce0f6

/data/user/0/com.zombieapocalyps.nearme.gamecenter/files/1c7faaac.dex

MD5 61f1d5487792b1c96567fb6ce5ffd746
SHA1 89ce741b86a93730bcf20b8e9d842a868cd097fe
SHA256 c8750b35c1266de34f673ccc950f13c4c49ecec5e9ddaecbf8926fcae9cdecfb
SHA512 41e67e3ab631a21f6713e63043c85b5473c693c863bfce93c0810af581a25d0e913400e704b1c0c53c0bf41b0e5a579c979859ed973377480f4c33f3ca32f5aa

/data/data/com.zombieapocalyps.nearme.gamecenter/files/uYRf

MD5 33ab786cad83b01f728fe15ba5f9e1ab
SHA1 074a93e792eb2c0bc17bc7da9104e3b9ab10b0b4
SHA256 87412c00ad0ddbfc1d3878c2e0eaa8ec1504908c2bb9a10a447e70afc41e86ee
SHA512 2fb46b117faaf1ed87a471face99cbae26c90d9b821864d5cc12b638af1a444394b00c9bdb506d8197903b8e723eb07534ffd46c3e462e71cadd3e65f9f74d71

/data/data/com.zombieapocalyps.nearme.gamecenter/files/q

MD5 c9851ec818f0630d57eaebf0d58fd6bc
SHA1 c988ee6e0f2cf34f2e7ce2c049094ab5ef4fadf2
SHA256 9d9a8621c871be6acc9bf1a0cde83f578d307507cfd52b128e0a2a702acce603
SHA512 415acb344912159f24fba1695456bacf1a6a7a6120ddc7c33257cc96ced804549e778ee20043d815a4a3021c296df985494a772622898de10cdd1d549501a4d1

/data/data/com.zombieapocalyps.nearme.gamecenter/files/uYRf

MD5 ed12df5d4344755c91b8e48a485990f5
SHA1 b79edf2a16c0b447128ff68e7150d97576fb7e6d
SHA256 e8c886304e58566a4410ee2cdf0d84c3640f338eb0d7c801886b1922b67451d7
SHA512 4a2784b38e5e9d2b8e8211bb0d7f11f6757ea2e331e91626c637305f414e646a5e3b72a709d43cfe3214b058f276becbe2587e2596aff814ab8dfa862f090dfc