Malware Analysis Report

2025-08-05 09:28

Sample ID 240223-pw7j8sfh4s
Target fc276ee63ab4477a6e73ffa9245befa378d5c2afb2b78afa20b2bbb0088aff0e
SHA256 fc276ee63ab4477a6e73ffa9245befa378d5c2afb2b78afa20b2bbb0088aff0e
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

fc276ee63ab4477a6e73ffa9245befa378d5c2afb2b78afa20b2bbb0088aff0e

Threat Level: Shows suspicious behavior

The file fc276ee63ab4477a6e73ffa9245befa378d5c2afb2b78afa20b2bbb0088aff0e was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Loads dropped Dex/Jar

Acquires the wake lock

Reads information about phone network operator.

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 12:41

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-23 12:41

Reported

2024-02-23 12:44

Platform

android-x64-20240221-en

Max time kernel

152s

Max time network

155s

Command Line

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Processes

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.195:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 g1.topprocompany.com udp
NL 217.12.201.177:80 g1.topprocompany.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.187.238:443 tcp
GB 172.217.169.34:443 tcp

Files

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex

MD5 1432b40c2da872c5f3ca9b2ab3a04721
SHA1 b19f58fa9cb7a9052e1feedffadb011b43503464
SHA256 630ad1e187ec88e45c7a867c6e35318063f9b93ea29890c61b7c023cbcca33d6
SHA512 6eeea26dbe15801b8aef8bd4a5e1c6181199f4c71670ae112085cb93b3f5f2ce001de2fd212d42e17dfe19b9da1a039a253086e1107b1343e44a8a2eaa6be0a0

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex

MD5 d8f7efc7b71e0e46bb3a6d5d0a0ef76d
SHA1 04e167441a3b975f9470b48f723936403cfeaab5
SHA256 7f41f6242b0e78e2d046bf3f32ae5ad802159246efc3e4f0805f337ff874227b
SHA512 ce589c05aace238dd42cc0e43e54d9fe99ee7cdb8fda8d83eaf3004de9152c11e695ed2546a8ce413a0e5db79e2b0c24f4b65cd8c84119d6aae6d531bba8812b

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/PersistedInstallation8532163886878657773tmp

MD5 6358ca0e914979426ceffedb5d2939c5
SHA1 191315b77cf49b3e312d41fdb317f9ad875b1a97
SHA256 d71ea3357f5c1a6ebb63e72b56c53fee6bd2edfc98d27bdd61d6f96d6abfce1a
SHA512 a1bdaabe2bc649fa67287e4d786f97d91a654e34ac899d96c2db401bcc9b6db8c676c3918782c91e7a67e84c9547c4a970bfeb30a04452ea3b731679db9f8a9a

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E

MD5 941950d1d494595c473a33058ddcb2fc
SHA1 2d5754e4fc2e3e661c66a0011ad5202010709c4b
SHA256 463c79f83c5ad1557351cd110a7bf634c652b1d48a11a472e7fcb65d95144e84
SHA512 a6dc38c052963b07ae8d9f2d5001c850ba49f32e2327495fc66fddfd21b323205dc8898ddb4df5de0182b7896a0992299352d47642195d079fd99f2bed2902bd

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/KTp

MD5 151342245bb11456d3a69e5735696337
SHA1 2476daa9ef0756e18d4bfeb20394cc00aa019905
SHA256 d01090b31bf40187c441c48cdbf1b9904e60ab90ffa13cbea84e43f5b2e70b8e
SHA512 139c7a7f2b293a77d41cc792fc5e47d3595f19d2b138439a4204e494c06a178df41cdf09711dd945b30436781e15362ce699fb0a74fda8cf5a74ddd37f8a110b

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E

MD5 815f3ba6afffaed5e54d3ed3fc103c1a
SHA1 e3f7fedba336eb6dee02c5705bbad80bbf41ae14
SHA256 087e8d83b7a164ae26f6b94d1e20674b7c20c45aa159bdfbd99531d8aeea76cb
SHA512 10174a483d269e6bbad401cc8cb88f47d19617c2556cf1958d29329fb3d9b115baf31f2aa2b691fdcc9e6bd7398fb19371790f9c44271fb5424036a3c8632090

Analysis: behavioral3

Detonation Overview

Submitted

2024-02-23 12:41

Reported

2024-02-23 12:44

Platform

android-x64-arm64-20240221-en

Max time kernel

152s

Max time network

145s

Command Line

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Processes

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.74:443 udp
GB 216.58.213.14:443 udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 g1.topprocompany.com udp
NL 5.149.249.226:80 g1.topprocompany.com tcp
GB 172.217.169.4:443 tcp
GB 172.217.169.4:443 tcp
GB 142.250.179.226:443 tcp

Files

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex

MD5 1fd4cca19a696d4578a53280bdb40d98
SHA1 510aaa257a2ab8e637a2c805bfe15e3bc7a29dd6
SHA256 02448e1a283e700d50b459303a59c78e8216d6ea77723f32a45e9cd0d49249d3
SHA512 00225868055ca6671d71ba4cd1f8ad2606a0343fd38a2faf1f05e45af062528c3ac4dd60800a1f4d6d731513c3b53e61d64a7dc8cba84e22d473d48dab8a7c95

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/PersistedInstallation8690155399068451119tmp

MD5 fb23aeed79fa5d515278d6bb1d507721
SHA1 5ad51288f39edac2703cfa2793928a4811d92643
SHA256 c01adbb4329dc2eb9307863332b8632c2f8597e5dcf185215a4c65b9ca6d1a08
SHA512 5d7ec57fb981b3f2dc0bb87bfbd17903811b7294fc28735ea4325162e08296676acafc5ded4bb0662d5d7f6755e5d373b1c661e9a040281350272be2d633bc4d

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E

MD5 2a40e78f952a0dd7c99fce2b14d7dead
SHA1 52b7375dc7d787fc7411c8c317525550ddaa4649
SHA256 6edd69ab4637b2065dbff91f9f09dfca958752f49224d2c230bc9fb09d634a3a
SHA512 5a3fce6a9511db4a21e2e491c4c996f486fe9489722e6ae015c239d579e485a69bded277111873ff627a620afa44e05810116136da5ac1fc5f5830e4a7daa229

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/KTp

MD5 cb2168ef710bb8120f1167ba403c9ff9
SHA1 267e15ebd2448dd6997ff606665a8f3bf250b439
SHA256 e5f0e4ad7f50d1f7313a3b90ef510722599ccc3b19a2af08a4f397234cbbe82e
SHA512 7d5363cd4d52bc51e06d468f6127341e0f3177ca8a08c60f75cd8f9154d2c571072b5d821fd7a0fee94538fb839c95e3488c0cc7a5778bc9c72ec0b23873587d

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E

MD5 0366d04d04d9dfd093dc0ace6d540d2d
SHA1 1dbd6a847b593828b05c385a4ad5772b517fd11d
SHA256 b44722cb15b805f9fbd4b2db92394038355899a4e9d8fbad368e87fb68353743
SHA512 6e996e8bd33e4fbd7238fa80bf7665d9d53480434730b49fcfbcd3aaa7d293108efaf534f338482b85a6788c88f9ee5b2db9ed8adac69cfb53ea5ddc89e4340e

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 12:41

Reported

2024-02-23 12:44

Platform

android-x86-arm-20240221-en

Max time kernel

147s

Max time network

149s

Command Line

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Processes

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 g1.topprocompany.com udp
NL 5.149.249.226:80 g1.topprocompany.com tcp

Files

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex

MD5 7f07edbc148cd899091b62191e234295
SHA1 01a79b79a36da81add4dfc0997bbe523bc7fc49f
SHA256 b2a64f2b5f7d1358e14896af24979846a15090bb1038fe02d419e47a24472e5e
SHA512 5d73c9047be5797f08f432964c9e51ced5b2de8e88cbbf8bd8a171e7a34eb79cd07746421e518233c7578bc941b9ad5b8b36108f1b026c501fb543660d998a2b

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/f28b08db.dex

MD5 bb495f8d4f5b9dbc20ea2c235b2859da
SHA1 afbcd5c240a008ce3d86c495771267916ab5d838
SHA256 aca8232a99a74b058d7b9fb81bf664c02d88df9a90ae1e4558846133f64e3bda
SHA512 107a1146322d4f7bce9bac82ca970d6496e0ef77cc938d3470c50fb7b3058305814a4a58d1895580b39acce6d31d0bcd4ddeadfae2e9785e2967d67c6ed21e10

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/databases/com.google.android.datatransport.events-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/PersistedInstallation5235458422189843580tmp

MD5 ffdb051f48cdae924869d1908d9f0577
SHA1 02ed2db62d64b92eaa656ecf4fa2b2b78b06f99f
SHA256 ddcd55cee7751e11b0637d788d1b1d463c0bfd0af6deb8ba498933daaeab4204
SHA512 ec274ce6c02f5b7a25eadb7b7740bb66137ef50171fafcadfeb28b5cf998426291aa75cc50ec6f70dfc6856b7b9055f45351ec6db54b28d4e48f06d8626d9942

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E

MD5 5689a0d54c764d9a8cb361cfdf17d596
SHA1 8f880a929ac97e11b70f620e387c0ab62e12cd68
SHA256 59176699a015ece813630486b364727d372cfc4e4de3edf631dd12787688b9bb
SHA512 3a82fcfccbf6badd99627958798b415be09dc67c8e02ae158a63bcaed6892fd6d5e8f67c16131f312f76cf78f88a4d34eab75ddf11103146d3dd890a6d6fde61

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/KTp

MD5 6c5e3629f1a082018b4eac3141ef630b
SHA1 5a24be79f5dca5b916b7d58a12421c57dd0adbf4
SHA256 bbc4209df461aa9707b8965522f04db1f6e79167841da78aaa3f50ea8f198484
SHA512 92d0850bf31526e45ba29908cc30a20d1438dc248038b2ce917b527128d760a47cf9a80d904c9566bba735d1c9ad4693367e6390fb6bf5aca9917dab7d946df5

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/E

MD5 65e5303ce7250f24d547e639c98795aa
SHA1 386deaffc82b5350f664cf85e18a44123fa31ec6
SHA256 3df2e8fc547057ec9676033de47eee1cbab01814d0246c572ed0d2d0effa1869
SHA512 7c4ebb78327deb5c7bc14de4f95b187b190b685e9be35892b781cbe71ef94cd00e51518ef74f96447a6c54ca5ba6940ab212445b880416433c4164edb6e58409