Malware Analysis Report

2025-08-05 09:28

Sample ID 240223-ptv4esfg8z
Target eede8113fbaae0baae24db465a8878da749a05e4a6c45c3acdc6924eb8e39a7a
SHA256 eede8113fbaae0baae24db465a8878da749a05e4a6c45c3acdc6924eb8e39a7a
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

eede8113fbaae0baae24db465a8878da749a05e4a6c45c3acdc6924eb8e39a7a

Threat Level: Shows suspicious behavior

The file eede8113fbaae0baae24db465a8878da749a05e4a6c45c3acdc6924eb8e39a7a was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Loads dropped Dex/Jar

Acquires the wake lock

Reads information about phone network operator.

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 12:37

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-23 12:37

Reported

2024-02-23 12:40

Platform

android-x64-20240221-en

Max time kernel

153s

Max time network

146s

Command Line

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Processes

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 g1.topprocompany.com udp
PL 51.75.61.102:80 g1.topprocompany.com tcp
GB 216.58.212.228:443 tcp
GB 216.58.212.228:443 tcp
GB 172.217.169.66:443 tcp
GB 172.217.169.14:443 tcp

Files

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex

MD5 0b7611bc34e51c9c8f538b2453d835b6
SHA1 7c53a2440528a5dc05a884482129cb3bd203ce97
SHA256 c4e2ba2599afb1582b93145ba1ac2770d2518fa9c5b1cf8cd11634857a17ac76
SHA512 631febc3971a1f8cfde56d2cea50cea8d8a0de6c44a30a2e18568ae1db20509421796c1b2c68149965987c36cb5863d3a5daab3cedb73b615d4c01632d8ea5b6

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex

MD5 00ecc57e450c873f131fb255fd4741dd
SHA1 150d4237ff4c3ec1a3e3acec3a8432b5b0374cad
SHA256 3fc760859346add5f2922c25346a3bc7e767553e7499f4ced5c025a2e9d26fc5
SHA512 2a8a4101b89af467e497411192fd2628b7e42eac7810b9edf0f645abfe2e3fdbb3c03912567c05290857cc1d05ba3bcc7366af14909ae3f1aadb845140487bbc

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/PersistedInstallation4931196862924586321tmp

MD5 50b4bf088643c8efc1063d4439f48d3f
SHA1 a89257b4877a4756becc99fc09455148e2c42529
SHA256 eda0310d2b7b57e723184fbd5d7f6e41fd739db84ea14b6fbff35ef0d34b048c
SHA512 5a1f1181acc8906706e776bab7d109dc8343aa596deaf3fe8934d17c2c9c021d4735495297eb607a72847d337b979139f802fe5c78d1055eaa40c84adcec8783

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E

MD5 ef838e25a81d1a214ae8bb96cc08e10d
SHA1 988ecfa99aa1b1303ca2bf7a7fc42d7062650202
SHA256 4235967c09d98a2fa2d1e0b63c4906d968c16d11b60a19a8211c61c0d488b52d
SHA512 fea72f6d3d6581b282f5c2bef7a55b564d2e3a302f3b98864411d2d4dec05b85db0a1eb7d834bfecbaf9f1dea07f0b06a774022b0d449c14ab5d888831880465

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/KTp

MD5 cb4f283d8c85bdbcd5ea47b5c6c99c0a
SHA1 391c1db24e5aa9807b30a001ae7cbd479e65ffc7
SHA256 f3b53ab75aac01ecdf8e7da8c25793e6c47c906ed064decdfa8922158319dabb
SHA512 03d3cf16ede6cd70a672a69128c56b6cc4492f86c70cc8b39016a19b0627cf155aff0f79ef4c8b3715c3a4d781baf0baad19566f6f8fe979b89446da91b4e100

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E

MD5 62447ec1645f6c717e6529e3535eddda
SHA1 2a92608a9d03cab40a7163c9c64f36c6ae3f2789
SHA256 e58e439ddafec5d881ccaebc1ce8652cab4dccda4b0dc419b34ddf05c50e877b
SHA512 c3e03ff43fb94d92addda9f02a380652f71f03496b55edbb975a734ced9ba80b96868fdaf1bfd1bddb959df65ac627b920afa950bfc3d96abedb076ef3048e95

Analysis: behavioral3

Detonation Overview

Submitted

2024-02-23 12:37

Reported

2024-02-23 12:40

Platform

android-x64-arm64-20240221-en

Max time kernel

148s

Max time network

142s

Command Line

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Processes

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Network

Country Destination Domain Proto
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 udp
GB 172.217.169.46:443 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 g1.topprocompany.com udp
SE 185.117.88.15:80 g1.topprocompany.com tcp
GB 216.58.212.228:443 tcp
GB 216.58.212.228:443 tcp

Files

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex

MD5 1d885e72a7527640b31d9da14007d2de
SHA1 abce18b53a4782f88f40f1de9a8f840af480ff90
SHA256 6318b3b3913ed1dfa0f5d1d838f7c64c6478a9dc1ed933a2761ac1f4acf65bb5
SHA512 ad182104fb1403f261dfce6516304d8c0d334c66683ab6f69663b44afd24d1a0eac812e2b88b95e940c4eb2bb2228ba0b9739564a5569d53613e329c6240fba0

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex

MD5 26f9b16352745ed05d1beedf00054634
SHA1 5088779ed4e5490199f195b219549104258a4372
SHA256 118d2b3d82e7502f569f168dc0c21aa4d7646342939455ccc1f63cc8de96a6b2
SHA512 b5b943ff57ae59912c4d431dc467adbc85fe0d331c13cc1747e1d73248d8d2a827109039023cd72d99185aa479544188961da5418d549bb60afa50a766b87b12

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/PersistedInstallation4856769271142654038tmp

MD5 5da954968c983cd8b4f511720303c40e
SHA1 89a83013e282770428da5b9143e864faf0a4e415
SHA256 23157791a536ddcef4bdaf562198fd9c53fdf58bae567728b6e7e77011f6bd5e
SHA512 15d7c813cca870b3908fa493ce767cba249b6ac054c1f282983258f10bb0615026e4785573c60e1e1587dc9667afcf588de09e01100dc14299c2314653e36eff

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 12:37

Reported

2024-02-23 12:40

Platform

android-x86-arm-20240221-en

Max time kernel

147s

Max time network

137s

Command Line

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Processes

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 g1.topprocompany.com udp
PL 51.75.61.103:80 g1.topprocompany.com tcp

Files

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex

MD5 861a27833e3ececb85b18e7fc43c51e1
SHA1 b229c8a039073b523f8f9949ab430e910728d7bd
SHA256 a3ec7748a5b1bb5b053a80e0276b85e1b1203be244151ec5c35be8f5e6beaf85
SHA512 da537df9ce8144a5d98342c802ab1b006aa1e61f1d251f214c1bb70fa25d7e5947594260206b5fb2ea1b6e261e017a2305ea12ec0ed8734ab87dc3387297658a

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex

MD5 4641466f6bb85afe4e66b18b3145eb4b
SHA1 1c53d1d38c296c0d4c647d26a1aa22086915b861
SHA256 1beb17b02d1639c2ae11f993259f2fd475eba848ad363317919fea9e9f91b8bf
SHA512 f4fd3484715193042535536f2d78e6d0c370a9cdbfd09f91cf6dcb1f3f8cfecaf582c1d43bec8bcd6007fb921cfaee9e07f44504acae69d3e098597cb16cd0c2

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/databases/com.google.android.datatransport.events-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/PersistedInstallation4116522280617025629tmp

MD5 47078ea6321c9f90e7d190bd5b5a12a8
SHA1 b32c87207e363207bad199b46d35804ce6a76737
SHA256 4019b86ec8f938cbb3adeb86b177b16c9ad7c2211a099e11ef50a159022302c3
SHA512 a43ef43146d6c34709ffd45a0695366a09ffb4e25a2bd42531513a59d1c5fb486fcb09970282423b5d5083baf5589092b3672879b80c5d14289d77f7eb30795e

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/KTp

MD5 69208a12caa03c8b156e7dd374170746
SHA1 d02787c9af9eefff939e29e682d69e17d0322bc5
SHA256 4fdb50a8fa95df80df5e81416b15e8ebd4cda152aab51c32a1a8de59de2b5972
SHA512 f5292f4f4715c935bd874d53d6d44cb90feb8ed4b0e6a0948632815c94119865d1c34b33af957d88ec87b803f0290bec166a3792a357587c5bba27f14e90070f

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E

MD5 901eee076fc28b878c83425cd0ce89d4
SHA1 2657d83bc4e3aa2662cf492793a4b03860a1f919
SHA256 38354d58bba6daa8ba04503354117b95186268797045512c8ac98070dd7ea4bd
SHA512 2823f488ba3b1b8a699a3d438dfe12de93bf2e1b5dc14e2e296e6eeae4dad54c755409f6577af6635612606689230e2d44d7f88b01a9a4fbaa716468d5a2af16

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/KTp

MD5 381c9d43bf66dca14eadaa7062e1bb71
SHA1 bf37908f6bfd04b2afc6c8b7d1e95ab1a34b1388
SHA256 70e0bf4663278d460fec2b6a24100288286a7d2e1eaec33a87f7d05900a9fed3
SHA512 2e648daf96bb36e14f5b27adb10ecef60f0b0a525404af7234f480289a484c88f5cf434e169e788a651942edfb9fa4765cd62f36aab08df93365e18050a9537b

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E

MD5 70ef9e4084d69a5e005bb66f970c8635
SHA1 81f04acf8087fa6f64867c79598bb463bc698f4e
SHA256 c751598e46f21932b2b353785d8459e7932d7104265b6cac13f6a816cb8ee0f9
SHA512 19b5fc02ad5446bc23b0e8941c4cf23d711517070d5502a92faf04078cc179765e2b390a509f07bed4dc6abb710750443bf67f04c1824fb616aa4dbe14e11211