Malware Analysis Report

2025-08-05 09:28

Sample ID 240223-pw37tafh3y
Target 63824e4ff79177079f0d7e0fa20afa6dfe7e95609b5b9e6313e86a8f00930744
SHA256 63824e4ff79177079f0d7e0fa20afa6dfe7e95609b5b9e6313e86a8f00930744
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

63824e4ff79177079f0d7e0fa20afa6dfe7e95609b5b9e6313e86a8f00930744

Threat Level: Shows suspicious behavior

The file 63824e4ff79177079f0d7e0fa20afa6dfe7e95609b5b9e6313e86a8f00930744 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Loads dropped Dex/Jar

Requests dangerous framework permissions

Acquires the wake lock

Reads information about phone network operator.

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 12:41

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 12:41

Reported

2024-02-23 12:44

Platform

android-x86-arm-20240221-en

Max time kernel

148s

Max time network

130s

Command Line

com.boomrocket.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.boomrocket.nearme.gamecenter/files/d47e8544.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Processes

com.boomrocket.nearme.gamecenter

Network

Country Destination Domain Proto
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 g1.crunchstation.com udp
NL 217.12.201.177:80 g1.crunchstation.com tcp

Files

/data/data/com.boomrocket.nearme.gamecenter/files/d47e8544.dex

MD5 471495ef091ab846c109cfd774fb8185
SHA1 67c075d3a5c9181d8be975c4bb0f8fe0efe9f525
SHA256 e41b8ab44c3b73371ad0c0c4765c341191dbad01effffaa4076949df91409014
SHA512 f49c15e9931215e4fbbf148fd7afcd40d94f492154e606ae40b495954988cd92c07a3f08bd5324fd0d0256f56b290422360eceacfeeed85872909953fbc59947

/data/user/0/com.boomrocket.nearme.gamecenter/files/d47e8544.dex

MD5 474a809a7378ca10ca901339cd56e3d2
SHA1 04d2109be3fe76cb6d00653b7c1d5ffed0718c64
SHA256 37da0406f9545b91044b9822949b970372ec1cb27fd3764728daee3f9c318b36
SHA512 9b8229df9fd1befd5f8f78c1d17899da9fb103152538168c57ef064db3f8ad5796c699c1bf01ff8631bf000a2708e3513cf74f93fbb2ab8765093f603887d9de

/data/data/com.boomrocket.nearme.gamecenter/databases/com.google.android.datatransport.events-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.boomrocket.nearme.gamecenter/files/PersistedInstallation2400669876476970272tmp

MD5 5a3bbcac50dcf9d532ad609483373a26
SHA1 2a9201769a6edf13e06455e68ee2a160940cd614
SHA256 ef3ae24f899b5f88d5dbcbdee8d6b56d241b0e371c13d7c806a795e0c1245bc0
SHA512 bb4c3ebfca513a83506a318b29ebe05d92c2d39600ded7e329ae906ff3c20cadc6d0be4e789fd93cc983f6ce1edccb7881344fd95327fa1118bfefef1dacfbe9

/data/data/com.boomrocket.nearme.gamecenter/files/I

MD5 46746e2f616de808cdc573b5ab3ec5e4
SHA1 3eceed80acc46323dab6ad0df0ff68e04cac4c2f
SHA256 9b9a33c6cb07b45fafc0ff578db9ed9a1021ee77c62abb434fd37baee8bd49b4
SHA512 24346124b7fd0a3f6fdbeb6de009b2ad061c1709c7fe978a683a3b636be5ccca80e0cca8a53c5d17c95651a19655993f54682113b6d9c9690482cbc1b531b006

/data/data/com.boomrocket.nearme.gamecenter/files/Hg

MD5 28d5e02fa8cc8293a9418690b9899207
SHA1 e4e8e1dbbba0d2cc83c2d6314244ed0f6a5bd765
SHA256 2197179d86a767debf90ff97e5b3e62775334bee7c08c12f5f90f38779936171
SHA512 79f409ac2fcc3b691dca12c57c537268ad728f1dab4e363d1f200b59f2f8b4ac85f0eefc465ba7faadc21f8a9b3321f137df9fc9ea8a4783e9158f319af940fd

/data/data/com.boomrocket.nearme.gamecenter/files/Hg

MD5 70fc6293004f8bd82e2101ac3956c6ef
SHA1 71938164b3f7f956176ea178aa03b50a24a65306
SHA256 1cfa2049974c73c39d8c6155006b02aaed365b4022ef1a047386c25f52c67ebd
SHA512 3222dd9bca64477846fc1d688cee05d6eb806cf2604f56558e10437118a554ca7d806e9638529b7c1583dc20fb1e85efefe6c24d14567c74cb119f5884759284

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-23 12:41

Reported

2024-02-23 12:44

Platform

android-x64-20240221-en

Max time kernel

154s

Max time network

141s

Command Line

com.boomrocket.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.boomrocket.nearme.gamecenter/files/d47e8544.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Processes

com.boomrocket.nearme.gamecenter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 g1.crunchstation.com udp
PL 51.75.61.102:80 g1.crunchstation.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.2:443 tcp
GB 142.250.179.238:443 tcp

Files

/data/data/com.boomrocket.nearme.gamecenter/files/d47e8544.dex

MD5 6dd2f4e86176fc532da46fde140def29
SHA1 67d20d1dcb6317a07d1aa5cd48348c6b04406ca8
SHA256 2648d2c926ff66f96de2613c7eceb43ca6264c6de11a8c5920d5b43d0a081d67
SHA512 f183088b314d24ea976e44cd48cd105611961471aedd9ef96e8eca1e591322bb931bbae05bd4e4ecef419c522901465b2fd1d893cb19741b664fe63ea117a087

/data/user/0/com.boomrocket.nearme.gamecenter/files/d47e8544.dex

MD5 19261deba0661bec838eabba1ae48c25
SHA1 855ddc33da1ad42f433d0103c6a4140e733709de
SHA256 d9095066e5e005b43a03f71c55751523693c92f92b411de54931486722febc89
SHA512 0ea4ac09de7184b679b6d6c6830dcbb6652fcc47b81a8882dae3c7ed4947571758867040130d2e6dc56a3c283b656994b039cf851dae69e1f38d476161c19716

/data/data/com.boomrocket.nearme.gamecenter/files/PersistedInstallation2850145513278516011tmp

MD5 b0de2c51776357a6167f13d08cbe271e
SHA1 f4133ca3065543e0f52ade136c48b32fa20b8b19
SHA256 3282acb5c7f168e0284d5860a52325a340c74cc6d560763326ca6f4d14d7d695
SHA512 39d0f5020471c4603f12884b1a71ca7292b5b11b70b687f275fad8d56ab368610589092ec9318fdd6488dcd39050b396cccd651c210047097c6fac5190ba3465

/data/data/com.boomrocket.nearme.gamecenter/files/I

MD5 f7b9f9d0a194091cd976f9c939a4e708
SHA1 c022712366512e2e44e477463122cec9b1923165
SHA256 6995975c6337c0f5f77b95bcaac787f177bb2cba8e989f123cbd0f87e38a27ed
SHA512 5aac7362d938697c00cd6414c6bbbced7e20a7b7b77a427db0fc7686d6873adaed75f6d93b39faa950954348e349b141cc335f36f58eec1cc8081357621a3d92

/data/data/com.boomrocket.nearme.gamecenter/files/Hg

MD5 206d486e57eca539f29717ab2731a920
SHA1 cd81a5f97ba6959178bfa6e7d18cb40209ed3a2b
SHA256 128800eba805584f221778eb29f5cf03b5a9d33b67fd90d7b552cb412b4103fe
SHA512 12d14a1ce749e63e3beefb37d067f1fa44310fc85b90b437c2c59d9cd9f7d0afd6fa66ec5ce8d872d479e9e1c0d12025c7da6d94b9d1de61057e0ce418807718

Analysis: behavioral3

Detonation Overview

Submitted

2024-02-23 12:41

Reported

2024-02-23 12:44

Platform

android-x64-arm64-20240221-en

Max time kernel

148s

Max time network

158s

Command Line

com.boomrocket.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.boomrocket.nearme.gamecenter/files/d47e8544.dex N/A N/A

Reads information about phone network operator.

discovery

Processes

com.boomrocket.nearme.gamecenter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 udp
GB 142.250.178.14:443 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 g1.crunchstation.com udp
NL 217.12.201.177:80 g1.crunchstation.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 142.250.187.226:443 tcp

Files

/data/user/0/com.boomrocket.nearme.gamecenter/files/d47e8544.dex

MD5 7769a0f1422b316ab71c4ca85c2de18c
SHA1 3c6e9f225068f5a69fb0f3fcc65a2c133a4798c9
SHA256 a4df234e149ae8f065af855c25fe752114318aeaf0ce2827f13072b0a5c36a16
SHA512 be7ca5c77b29adfebd16bf22b92f7c08a36b92f3b1b56d55591a84d167c3680afb656623254c00e41844f19f4aa0d0766ce58b7a173323b2ffc5f6c2778ced76

/data/user/0/com.boomrocket.nearme.gamecenter/files/d47e8544.dex

MD5 2b4d123971940af087bc4934bf8fa06c
SHA1 bfb296289862368cd8c60379bab8237de5970f07
SHA256 56b6fd70d638ac119c49d8566cc5f13dfee3000ed64fff7fbecbd1aadc5e1de7
SHA512 b17722de805803fc6f513838a24922c8800c68474f235aedc3c9a5a67c37842c24dce139b6c3b4aa59aa4dd5deee29fd5e86995c6312204a8712df9444cc65d0

/data/user/0/com.boomrocket.nearme.gamecenter/files/Hg

MD5 1578dd774edbf6ec15db966d8361b96f
SHA1 7802a1f7df7b313837cbcec26b2bd38bed3edd34
SHA256 85b2fc8fdfb4ff59c3de2726b936c197300420fb7f909763d2f67cf2130ddd99
SHA512 4743b4759393b6c3b6510f48a413d03e9621ca868d6d09da904d618b1b04cb121b24c9cc7cc3afef820d3eb994706421fbe7bdecc621c69bcc6be09279fa04dc

/data/user/0/com.boomrocket.nearme.gamecenter/files/I

MD5 f1d1777c58e5346e118e5b0e37aafd76
SHA1 06497d4f74b22bdca44d8d8562cc14d5a3780c24
SHA256 18ae1c4d3b358c28cd68312364d24f1b39ce3aee9e4b2e74bf1ecdcea076ce7c
SHA512 e208015e2b6019f3f4b1e9dc395ae3320922d4b738d0f3a16de2205559f841720c5ade49858d0c5df66bc219d523e1342012553c733073db753c2e22f7ea9c14

/data/user/0/com.boomrocket.nearme.gamecenter/files/Hg

MD5 14205bb6c7095a6193382f9674b1623c
SHA1 a7b565fc99d67b7c7734a68212ba7f19b52a5894
SHA256 bf84c23ac46f29e605697d0c33f1727f3ffd5e0b8256997f787ddd4e4e5134b6
SHA512 51619e616c2f4858ffc3cdf3e197bcedee949635c317d0bd98c0edd18163f9eb2be668512cf4654d0275d95a3d4c96496c7468dd97a8ded648d94c3a9266e082