Analysis Overview
SHA256
fc276ee63ab4477a6e73ffa9245befa378d5c2afb2b78afa20b2bbb0088aff0e
Threat Level: Shows suspicious behavior
The file fc276ee63ab4477a6e73ffa9245befa378d5c2afb2b78afa20b2bbb0088aff0e was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Acquires the wake lock
Reads information about phone network operator.
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-23 12:41
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-23 12:41
Reported
2024-02-23 12:44
Platform
android-x64-20240221-en
Max time kernel
152s
Max time network
155s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
com.vsindiaapps.latestpunjabisongs.nearme.gamecenter
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.195:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | g1.topprocompany.com | udp |
| NL | 217.12.201.177:80 | g1.topprocompany.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 172.217.169.34:443 | tcp |
Files
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex
| MD5 | 1432b40c2da872c5f3ca9b2ab3a04721 |
| SHA1 | b19f58fa9cb7a9052e1feedffadb011b43503464 |
| SHA256 | 630ad1e187ec88e45c7a867c6e35318063f9b93ea29890c61b7c023cbcca33d6 |
| SHA512 | 6eeea26dbe15801b8aef8bd4a5e1c6181199f4c71670ae112085cb93b3f5f2ce001de2fd212d42e17dfe19b9da1a039a253086e1107b1343e44a8a2eaa6be0a0 |
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex
| MD5 | d8f7efc7b71e0e46bb3a6d5d0a0ef76d |
| SHA1 | 04e167441a3b975f9470b48f723936403cfeaab5 |
| SHA256 | 7f41f6242b0e78e2d046bf3f32ae5ad802159246efc3e4f0805f337ff874227b |
| SHA512 | ce589c05aace238dd42cc0e43e54d9fe99ee7cdb8fda8d83eaf3004de9152c11e695ed2546a8ce413a0e5db79e2b0c24f4b65cd8c84119d6aae6d531bba8812b |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/PersistedInstallation8532163886878657773tmp
| MD5 | 6358ca0e914979426ceffedb5d2939c5 |
| SHA1 | 191315b77cf49b3e312d41fdb317f9ad875b1a97 |
| SHA256 | d71ea3357f5c1a6ebb63e72b56c53fee6bd2edfc98d27bdd61d6f96d6abfce1a |
| SHA512 | a1bdaabe2bc649fa67287e4d786f97d91a654e34ac899d96c2db401bcc9b6db8c676c3918782c91e7a67e84c9547c4a970bfeb30a04452ea3b731679db9f8a9a |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E
| MD5 | 941950d1d494595c473a33058ddcb2fc |
| SHA1 | 2d5754e4fc2e3e661c66a0011ad5202010709c4b |
| SHA256 | 463c79f83c5ad1557351cd110a7bf634c652b1d48a11a472e7fcb65d95144e84 |
| SHA512 | a6dc38c052963b07ae8d9f2d5001c850ba49f32e2327495fc66fddfd21b323205dc8898ddb4df5de0182b7896a0992299352d47642195d079fd99f2bed2902bd |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/KTp
| MD5 | 151342245bb11456d3a69e5735696337 |
| SHA1 | 2476daa9ef0756e18d4bfeb20394cc00aa019905 |
| SHA256 | d01090b31bf40187c441c48cdbf1b9904e60ab90ffa13cbea84e43f5b2e70b8e |
| SHA512 | 139c7a7f2b293a77d41cc792fc5e47d3595f19d2b138439a4204e494c06a178df41cdf09711dd945b30436781e15362ce699fb0a74fda8cf5a74ddd37f8a110b |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E
| MD5 | 815f3ba6afffaed5e54d3ed3fc103c1a |
| SHA1 | e3f7fedba336eb6dee02c5705bbad80bbf41ae14 |
| SHA256 | 087e8d83b7a164ae26f6b94d1e20674b7c20c45aa159bdfbd99531d8aeea76cb |
| SHA512 | 10174a483d269e6bbad401cc8cb88f47d19617c2556cf1958d29329fb3d9b115baf31f2aa2b691fdcc9e6bd7398fb19371790f9c44271fb5424036a3c8632090 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-02-23 12:41
Reported
2024-02-23 12:44
Platform
android-x64-arm64-20240221-en
Max time kernel
152s
Max time network
145s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
com.vsindiaapps.latestpunjabisongs.nearme.gamecenter
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.74:443 | udp | |
| GB | 216.58.213.14:443 | udp | |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | g1.topprocompany.com | udp |
| NL | 5.149.249.226:80 | g1.topprocompany.com | tcp |
| GB | 172.217.169.4:443 | tcp | |
| GB | 172.217.169.4:443 | tcp | |
| GB | 142.250.179.226:443 | tcp |
Files
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex
| MD5 | 1fd4cca19a696d4578a53280bdb40d98 |
| SHA1 | 510aaa257a2ab8e637a2c805bfe15e3bc7a29dd6 |
| SHA256 | 02448e1a283e700d50b459303a59c78e8216d6ea77723f32a45e9cd0d49249d3 |
| SHA512 | 00225868055ca6671d71ba4cd1f8ad2606a0343fd38a2faf1f05e45af062528c3ac4dd60800a1f4d6d731513c3b53e61d64a7dc8cba84e22d473d48dab8a7c95 |
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/PersistedInstallation8690155399068451119tmp
| MD5 | fb23aeed79fa5d515278d6bb1d507721 |
| SHA1 | 5ad51288f39edac2703cfa2793928a4811d92643 |
| SHA256 | c01adbb4329dc2eb9307863332b8632c2f8597e5dcf185215a4c65b9ca6d1a08 |
| SHA512 | 5d7ec57fb981b3f2dc0bb87bfbd17903811b7294fc28735ea4325162e08296676acafc5ded4bb0662d5d7f6755e5d373b1c661e9a040281350272be2d633bc4d |
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E
| MD5 | 2a40e78f952a0dd7c99fce2b14d7dead |
| SHA1 | 52b7375dc7d787fc7411c8c317525550ddaa4649 |
| SHA256 | 6edd69ab4637b2065dbff91f9f09dfca958752f49224d2c230bc9fb09d634a3a |
| SHA512 | 5a3fce6a9511db4a21e2e491c4c996f486fe9489722e6ae015c239d579e485a69bded277111873ff627a620afa44e05810116136da5ac1fc5f5830e4a7daa229 |
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/KTp
| MD5 | cb2168ef710bb8120f1167ba403c9ff9 |
| SHA1 | 267e15ebd2448dd6997ff606665a8f3bf250b439 |
| SHA256 | e5f0e4ad7f50d1f7313a3b90ef510722599ccc3b19a2af08a4f397234cbbe82e |
| SHA512 | 7d5363cd4d52bc51e06d468f6127341e0f3177ca8a08c60f75cd8f9154d2c571072b5d821fd7a0fee94538fb839c95e3488c0cc7a5778bc9c72ec0b23873587d |
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E
| MD5 | 0366d04d04d9dfd093dc0ace6d540d2d |
| SHA1 | 1dbd6a847b593828b05c385a4ad5772b517fd11d |
| SHA256 | b44722cb15b805f9fbd4b2db92394038355899a4e9d8fbad368e87fb68353743 |
| SHA512 | 6e996e8bd33e4fbd7238fa80bf7665d9d53480434730b49fcfbcd3aaa7d293108efaf534f338482b85a6788c88f9ee5b2db9ed8adac69cfb53ea5ddc89e4340e |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-23 12:41
Reported
2024-02-23 12:44
Platform
android-x86-arm-20240221-en
Max time kernel
147s
Max time network
149s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
com.vsindiaapps.latestpunjabisongs.nearme.gamecenter
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | g1.topprocompany.com | udp |
| NL | 5.149.249.226:80 | g1.topprocompany.com | tcp |
Files
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex
| MD5 | 7f07edbc148cd899091b62191e234295 |
| SHA1 | 01a79b79a36da81add4dfc0997bbe523bc7fc49f |
| SHA256 | b2a64f2b5f7d1358e14896af24979846a15090bb1038fe02d419e47a24472e5e |
| SHA512 | 5d73c9047be5797f08f432964c9e51ced5b2de8e88cbbf8bd8a171e7a34eb79cd07746421e518233c7578bc941b9ad5b8b36108f1b026c501fb543660d998a2b |
/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex
| MD5 | bb495f8d4f5b9dbc20ea2c235b2859da |
| SHA1 | afbcd5c240a008ce3d86c495771267916ab5d838 |
| SHA256 | aca8232a99a74b058d7b9fb81bf664c02d88df9a90ae1e4558846133f64e3bda |
| SHA512 | 107a1146322d4f7bce9bac82ca970d6496e0ef77cc938d3470c50fb7b3058305814a4a58d1895580b39acce6d31d0bcd4ddeadfae2e9785e2967d67c6ed21e10 |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/databases/com.google.android.datatransport.events-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/PersistedInstallation5235458422189843580tmp
| MD5 | ffdb051f48cdae924869d1908d9f0577 |
| SHA1 | 02ed2db62d64b92eaa656ecf4fa2b2b78b06f99f |
| SHA256 | ddcd55cee7751e11b0637d788d1b1d463c0bfd0af6deb8ba498933daaeab4204 |
| SHA512 | ec274ce6c02f5b7a25eadb7b7740bb66137ef50171fafcadfeb28b5cf998426291aa75cc50ec6f70dfc6856b7b9055f45351ec6db54b28d4e48f06d8626d9942 |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E
| MD5 | 5689a0d54c764d9a8cb361cfdf17d596 |
| SHA1 | 8f880a929ac97e11b70f620e387c0ab62e12cd68 |
| SHA256 | 59176699a015ece813630486b364727d372cfc4e4de3edf631dd12787688b9bb |
| SHA512 | 3a82fcfccbf6badd99627958798b415be09dc67c8e02ae158a63bcaed6892fd6d5e8f67c16131f312f76cf78f88a4d34eab75ddf11103146d3dd890a6d6fde61 |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/KTp
| MD5 | 6c5e3629f1a082018b4eac3141ef630b |
| SHA1 | 5a24be79f5dca5b916b7d58a12421c57dd0adbf4 |
| SHA256 | bbc4209df461aa9707b8965522f04db1f6e79167841da78aaa3f50ea8f198484 |
| SHA512 | 92d0850bf31526e45ba29908cc30a20d1438dc248038b2ce917b527128d760a47cf9a80d904c9566bba735d1c9ad4693367e6390fb6bf5aca9917dab7d946df5 |
/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E
| MD5 | 65e5303ce7250f24d547e639c98795aa |
| SHA1 | 386deaffc82b5350f664cf85e18a44123fa31ec6 |
| SHA256 | 3df2e8fc547057ec9676033de47eee1cbab01814d0246c572ed0d2d0effa1869 |
| SHA512 | 7c4ebb78327deb5c7bc14de4f95b187b190b685e9be35892b781cbe71ef94cd00e51518ef74f96447a6c54ca5ba6940ab212445b880416433c4164edb6e58409 |