Analysis Overview
SHA256
d532e8e090a9b2c82fead783185bc8e3b3c8c0c26091d2217a0c6cc27e2e5ac7
Threat Level: Shows suspicious behavior
The file d532e8e090a9b2c82fead783185bc8e3b3c8c0c26091d2217a0c6cc27e2e5ac7 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Acquires the wake lock
Reads information about phone network operator.
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-23 12:35
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-23 12:35
Reported
2024-02-23 12:38
Platform
android-x64-20240221-en
Max time kernel
153s
Max time network
144s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
com.vsindiaapps.latestpunjabisongs.nearme.gamecenter
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | g1.topprocompany.com | udp |
| NL | 217.12.201.177:80 | g1.topprocompany.com | tcp |
| GB | 216.58.204.68:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.200.2:443 | tcp | |
| GB | 172.217.169.42:443 | tcp |
Files
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex
| MD5 | 7f07edbc148cd899091b62191e234295 |
| SHA1 | 01a79b79a36da81add4dfc0997bbe523bc7fc49f |
| SHA256 | b2a64f2b5f7d1358e14896af24979846a15090bb1038fe02d419e47a24472e5e |
| SHA512 | 5d73c9047be5797f08f432964c9e51ced5b2de8e88cbbf8bd8a171e7a34eb79cd07746421e518233c7578bc941b9ad5b8b36108f1b026c501fb543660d998a2b |
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex
| MD5 | 4641466f6bb85afe4e66b18b3145eb4b |
| SHA1 | 1c53d1d38c296c0d4c647d26a1aa22086915b861 |
| SHA256 | 1beb17b02d1639c2ae11f993259f2fd475eba848ad363317919fea9e9f91b8bf |
| SHA512 | f4fd3484715193042535536f2d78e6d0c370a9cdbfd09f91cf6dcb1f3f8cfecaf582c1d43bec8bcd6007fb921cfaee9e07f44504acae69d3e098597cb16cd0c2 |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/PersistedInstallation3866970859708685362tmp
| MD5 | 3b0bb93c390621b1eae4d97e905e94ef |
| SHA1 | 174c944ce84f6058b3143bbcb10d7fd5026b1ff5 |
| SHA256 | 36b50c5f79766c6e37bb0b4f1350def423753842a08add2c22465218b5dba219 |
| SHA512 | 35d77577c22ee475e4be37dcc86cc0895358bc1e7e6c06b0dd5ce34762caa871576d1c4b214efff3be478b28bdd5e50d4e5c6b31000ffe95e88e66ab490be743 |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E
| MD5 | 3adfcbe8ec87b8e4b5d18fa390c3de59 |
| SHA1 | f2726eec7021a7cf71f3b9616609540e3bf1a851 |
| SHA256 | 658d56536f5d176dd6683a8e2d4dcbfc52b1e45939c09ca8281f45ccb1ddec73 |
| SHA512 | 38835c2e5c71ca44bad289995c3df3f587b67d779f21de2080b0a6ea1247564154e402035a1c8465a18cb18fc82e0503f21bf1dbf1cb7fe273c6cbc0ab584fea |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/KTp
| MD5 | 46db557ea555766a792b5a2d11d89a58 |
| SHA1 | 5d2b8533c48d5c2190d01306fca35cdd26a27dd1 |
| SHA256 | ca6d9396c08d12d2d4c8159fbf26f34798baafa57078beecd68d547b0b6468b9 |
| SHA512 | 8d6abd38a9700117c9fa072f52cfe8f5c306ea17ad84d6906455df82c49a8ac5c410b3180e93835860e507c778cf1d76892c92f66e4db1e738f322ef3b349c91 |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E
| MD5 | 32622fc44695d1dd0f5a9584b136ef12 |
| SHA1 | b63a72bb03cafd9d5732bd0375eed6f25dda0ed5 |
| SHA256 | eba590884ed2cecdf26ee89c9e4d241a4f703833f5727773afe2680aa8c1b48b |
| SHA512 | d25838387f911ec44eea279eaf25ffae652cdcea324d89cb956fc9e5147ea0914fc8d1a0965e35e0b396742d4d8f04c6b99c7872baa6d346aab4ee8f9eac5186 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-02-23 12:35
Reported
2024-02-23 12:38
Platform
android-x64-arm64-20240221-en
Max time kernel
147s
Max time network
138s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
com.vsindiaapps.latestpunjabisongs.nearme.gamecenter
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.10:443 | udp | |
| GB | 216.58.213.14:443 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | g1.topprocompany.com | udp |
| NL | 217.12.201.177:80 | g1.topprocompany.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 172.217.16.226:443 | tcp |
Files
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex
| MD5 | 1bd58173007d9dc0d0a49b39cf19056c |
| SHA1 | 3218f560f7d67c98aad198e827b28df57b88a365 |
| SHA256 | 1e19b83b1365c22000867ee9ca9a7295e7a240e98da7659639f7610871656833 |
| SHA512 | be83fe8ce4fff1b7a3180aa15efec61b5c44a1a11e9e1f9ddba8bb586ec58115a39248630a7c6d17af7103f7e3d361dddc160270552f2a82682ab8a093418fbc |
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex
| MD5 | 4641466f6bb85afe4e66b18b3145eb4b |
| SHA1 | 1c53d1d38c296c0d4c647d26a1aa22086915b861 |
| SHA256 | 1beb17b02d1639c2ae11f993259f2fd475eba848ad363317919fea9e9f91b8bf |
| SHA512 | f4fd3484715193042535536f2d78e6d0c370a9cdbfd09f91cf6dcb1f3f8cfecaf582c1d43bec8bcd6007fb921cfaee9e07f44504acae69d3e098597cb16cd0c2 |
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/KTp
| MD5 | 7974395e9cafc104d9fef57b7cce50b5 |
| SHA1 | edf7ae2ecb8eaa0a79d92784413003682f0ef956 |
| SHA256 | 32bd5e7204cd6f9929cc0f68e6a5a065f58c04984e9a4322315b7b66dace72d2 |
| SHA512 | 305b85829456bb15d6af388f07db4d65d8e3a8a189d89ab8be9d8d3f2a45e428889d15914553d39f5acec6764977efa04d5d90eec83bf0bacd572fcbd7e780d9 |
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E
| MD5 | d928b2a02fb8ae7bbff96b0b551386df |
| SHA1 | 1cda7c5bfae38cdc3d0dc4df549fb9d031316cca |
| SHA256 | d60e2594dd2e90b301daf458dcad5b0c7954beae8bac8e216238ea8ab06c0810 |
| SHA512 | e079f06c320be87d432816dbb20bdabb29b23ef57447b3be613e4bd62039e0fbf9cb9b8b3b0ba7ab456d2978207b6b6b6f5d8a9d1da4a4fefdf651fd2edc1fb6 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-23 12:35
Reported
2024-02-23 12:38
Platform
android-x86-arm-20240221-en
Max time kernel
147s
Max time network
138s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
com.vsindiaapps.latestpunjabisongs.nearme.gamecenter
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | g1.topprocompany.com | udp |
| PL | 51.75.61.103:80 | g1.topprocompany.com | tcp |
Files
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex
| MD5 | 7f07edbc148cd899091b62191e234295 |
| SHA1 | 01a79b79a36da81add4dfc0997bbe523bc7fc49f |
| SHA256 | b2a64f2b5f7d1358e14896af24979846a15090bb1038fe02d419e47a24472e5e |
| SHA512 | 5d73c9047be5797f08f432964c9e51ced5b2de8e88cbbf8bd8a171e7a34eb79cd07746421e518233c7578bc941b9ad5b8b36108f1b026c501fb543660d998a2b |
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex
| MD5 | 4641466f6bb85afe4e66b18b3145eb4b |
| SHA1 | 1c53d1d38c296c0d4c647d26a1aa22086915b861 |
| SHA256 | 1beb17b02d1639c2ae11f993259f2fd475eba848ad363317919fea9e9f91b8bf |
| SHA512 | f4fd3484715193042535536f2d78e6d0c370a9cdbfd09f91cf6dcb1f3f8cfecaf582c1d43bec8bcd6007fb921cfaee9e07f44504acae69d3e098597cb16cd0c2 |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/PersistedInstallation2896962786313339899tmp
| MD5 | d0f6ca87c3160ea540402ddb76663fb7 |
| SHA1 | 309e51b36fa63860720fa6f77744c4d27c371733 |
| SHA256 | 9e65c0511e08d87ced068ecb1926603db1f975e9b16213c8df6d0998bb72147d |
| SHA512 | edfc443cfef097511cbb44e09b5db17f943df24a798dd8067ae223bc75927e775e1f34869f5b66ad7f742aaf4a6a5571ec2f36362bb78fc06ea019ab7c9b546e |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/KTp
| MD5 | 89ecb42fed083d21b71807a98a0d5732 |
| SHA1 | 74bc89c935131e87934d4ac6fc78528037bf24ab |
| SHA256 | 4485ab8c9c083090370b751254bc0100c6f5d59fc1e497e3e63e2cb6a2b6b0f8 |
| SHA512 | 46aa5e3c3a3ce64c33c49c660d0df58ae64a453c66e6b0f296a6d00e02cbd67c768ed2e0bdb5195c7c3fdd8f0b7ae82929277839bcaf25e78b0b0a4dacb8eefa |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E
| MD5 | 51252c17808d40a458e5cad5efd220c3 |
| SHA1 | 5012b7e76d82d24f061d5a6be13c4eae5793d652 |
| SHA256 | 34d261d5ee9721e9de58cf67ec240af660925adb4e58fea666b7ddf595d4fe8f |
| SHA512 | 11e3bb785eb5036aa75e93fa6704f96cffe6a0fbcb5feca6975a3a28237ef148d864e4a7f25e4f50c250cd31ee2b5e216e6614c58f31c36d28ba9b8545d81837 |