Malware Analysis Report

2025-08-05 09:29

Sample ID 240223-pxgefafh4z
Target 89a3c9dd0303d75e0918f576afd3deb257cb23fe3f88373250f7f23689d92d87
SHA256 89a3c9dd0303d75e0918f576afd3deb257cb23fe3f88373250f7f23689d92d87
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

89a3c9dd0303d75e0918f576afd3deb257cb23fe3f88373250f7f23689d92d87

Threat Level: Shows suspicious behavior

The file 89a3c9dd0303d75e0918f576afd3deb257cb23fe3f88373250f7f23689d92d87 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Loads dropped Dex/Jar

Requests dangerous framework permissions

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 12:42

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 12:42

Reported

2024-02-23 12:45

Platform

android-x86-arm-20240221-en

Max time kernel

50s

Max time network

136s

Command Line

com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.ext.jar N/A N/A
N/A /data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.ext.jar N/A N/A
N/A /data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.dat.jar N/A N/A
N/A /data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.dat.jar N/A N/A
N/A /data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.uni.jar N/A N/A
N/A /data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.uni.jar N/A N/A
N/A /data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.irs.jar N/A N/A
N/A /data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.irs.jar N/A N/A
N/A /data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/eJFtCuTpF.dex N/A N/A
N/A /data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/eJFtCuTpF.dex N/A N/A
N/A /data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.ext.jar N/A N/A
N/A /data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.uni.jar N/A N/A
N/A /data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.irs.jar N/A N/A
N/A /data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.dat.jar N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.ext.jar --output-vdex-fd=52 --oat-fd=53 --oat-location=/data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/oat/x86/launcher.ext.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.dat.jar --output-vdex-fd=52 --oat-fd=53 --oat-location=/data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/oat/x86/launcher.dat.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.uni.jar --output-vdex-fd=52 --oat-fd=53 --oat-location=/data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/oat/x86/launcher.uni.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.irs.jar --output-vdex-fd=52 --oat-fd=53 --oat-location=/data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/oat/x86/launcher.irs.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/eJFtCuTpF.dex --output-vdex-fd=52 --oat-fd=53 --oat-location=/data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/oat/x86/eJFtCuTpF.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 freebay.in udp
US 104.21.69.154:80 freebay.in tcp
US 104.21.69.154:443 freebay.in tcp
US 1.1.1.1:53 static.cloudflareinsights.com udp
US 104.16.56.101:443 static.cloudflareinsights.com tcp
US 1.1.1.1:53 vozito.net udp
NL 5.45.75.40:443 vozito.net tcp

Files

/data/data/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/databases/a-journal

MD5 59cc3697622932f9bf7a5ab786ace123
SHA1 8b79e352880bf04fd302002a4c0bf0d1e47c523d
SHA256 f48f71bf82b39518873c1765eefc037af96d580b5a2be052f7a1c634c1dd3622
SHA512 cf900d6740e8250c54e3db7ba12b819f80e38e38220fc9880a1dd996b08ff47c2a934c35c3b57b3b76cc476cd73c149a6e2185f49c35e226a5f389f65eae72d7

/data/data/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/databases/a

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/databases/a-wal

MD5 5033a8c3ec270429733eb8f171b8f7bc
SHA1 8c78ec592b35b06fcbcb177623fc7ff2c884bbaf
SHA256 9a9733345c31b916095bfdeea01a9bbb8c515c076708d96a292337a5fca0a874
SHA512 789c1d59235ebad249d133f687717e1824891a28988e9fdf6f73d256deeac106f123e8e9895dc9decbb564900fbd06246a12e0d169b47ec9339dcaef67018e3d

/data/data/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/databases/launcher.db

MD5 f462d789e14f072dfdab2531b89b2b98
SHA1 f46d41701ac08c18335a9f90aad519a309c3b232
SHA256 4c9e88ceada3f8095ee68a388444b6a93588248c8560b6b6f3bcd8763ad5f40c
SHA512 3565e4d633abc8d9072cfe6e29d0824ac088616fb4c486040283edb036e0be682054326f28083cfff16da9231dbe0f53c00101fcc223cb70aed4af31bd60db05

/data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.ext.jar

MD5 d16b0bb3c1029f2d8c1e2dbcbfb21773
SHA1 f139fc6a0fe735c362bf64eb649addd3c6787203
SHA256 c8ff8d85579da19542c3afe119e75c92beae8d394ffc13f9b61e3a0f8a3321c6
SHA512 a3ba18b4e6284353ecbbd32157a1422b4667f62f417e42ad3257b72acbb58f95f18423e99397c11487ff73b0391d636d97b07a2ef2d8990d5c4fa00451ff5549

/data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.ext.jar

MD5 3dce3c509bed279f61f59e1e31f771a0
SHA1 7d620219565c0b3c417485b94e7180e1a4e2ebdc
SHA256 c22374ec07b699cc044489b3acd9ee0f668790bc544f2e93afbf7cd02df5c1ae
SHA512 40fdeb39c751c0bc6b05cbe9d7d8c31f5b2d94efe1d942fc689fa86d5ac8a852e4c036066b2711f1840f80efae001b209e972de80be91fbf04d7b2d8d6b9fe55

/data/data/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.dat.jar

MD5 eeaafbbd7fab84c3a46d5ed8df1e0d2f
SHA1 f84795586cbfcc1aae13556a582d4c4d5cd8e539
SHA256 a140ba053de66a8ee04a0cc83cf778939c6570449d05a880b7c7284688df9241
SHA512 8940dd391c007ce2a71c4499d03d0c90151d3bb84f0777c4b2ee9cfac9df5e1698e594ff278cade691a200e66e6ac09909c7c980b618f5245ae63fd9d3a5e7fa

/data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.dat.jar

MD5 471f5bd1430f00abbbb5cec7bd19a670
SHA1 5e629a78e1675db86c130cfc14852da3bfc45949
SHA256 921efa6595c76e7016f0144a11568cd8a57f69329eea27edfec49ceee9d3987c
SHA512 d01ce47dca480128e4edfa6953a61789a24bc54a335db9b591db05098f153d87084d446540d21282d0fa04c34a695303619a497f00b0bb5c596becae7d9c323e

/data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.dat.jar

MD5 4bb9ba35c86e587d61dc3363447681e4
SHA1 5a532558fefc93d8ccc1a836d549011dfefe3cde
SHA256 27b5a58782ff67d2d7a8d52b7082330f67b1a4c06d2c2be38a5744f6e3210e41
SHA512 83e5efdef2c01e955b478e7699fe2f6b1862c24e9a0621b76f4cbf9ac9d143cc1bbbcccd02c0aa31b7945f0b684abd07a0e3ed468734bcd0b43eaff53379d0f5

/data/data/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.uni.jar

MD5 23c33d08ebde4a290c7c873d51c66f22
SHA1 b47a4dd2cb451b1b8948e5cf7b79a27592b11b68
SHA256 8d91ceb801f3a38a1072e3f3c0f873e42982593da9f8bd98ae318afcd984a73e
SHA512 e2c744864a0722b58c39636d4b0a229fd93a13cf6883ed6c11cdd803f8ec8b1a4b45aecf0da2f31fed3ca3fe6cac0d90c8d44b999d85016b39b3f944b07a30a7

/data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.uni.jar

MD5 3f5d5ab5cc80ae55dca1719549dc3627
SHA1 fc1a5e8b43ddd46c4d301127f9c2e07a613809f5
SHA256 adde7822a6f4b22b80e8348fe09d9d716e2f8519b8be926598a53463f43b569f
SHA512 885988fb4fb5b0a0b4c9b5f067c5b36a7fb7b731def6bbd3860832da215f19911b9a064973f74180461bace2bd04a2735142bb770783cb46e1b1d87c728497dc

/data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.uni.jar

MD5 5281c31bc937e0486df57682e61c5c86
SHA1 ce34b2893d203c76bf90cb67d5a1d56e957fa315
SHA256 2f6654f61f0ab758f6825a38f078cf4a1bb1cbed1a99819ea18ae96634171401
SHA512 6219e0f2a04232ae6aec1736eefd00f696d1badbbaeb68dbff5254370281b2b82fbaf10c256e982004bca2fa3f4259106bc1fe6562850d420bcf283c1c8c80a9

/data/data/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.irs.jar

MD5 2694bcf3a992344c8173b9bb5e22d922
SHA1 4fb53a2b03d39e8dfefbd7aaf90314592f92fe15
SHA256 02f6e2c4fff3f804e3ed80656bb6d9737ea28aa8b3edb7152a1f3d2d19d6c1b1
SHA512 b83326362b23bca306b98c79bd45589a740ff690c20e023ca4bc498b3701f4b00046fb87319ad8a28ca709e83b3503153afd55a57d5c96646b9bea747a48ce68

/data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.irs.jar

MD5 6263092a4066cc703fba3c43d7ccaaee
SHA1 dd29ff70f4a0c4efadf810b605ccf3217dd02c6b
SHA256 60db470efa19a143065f88eb485ad31ee9afb169b852b42a7d87a790eb051758
SHA512 122f8819c0268f5bf6dadacdc6586b7509c0ece6155e8d2eccc897afea84ec246a7f193ce2975ddc134107b64fd51ecf56ed0f14dc443823759d6b76d61fae4f

/data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.irs.jar

MD5 c7405d03f169b980f10cea6f717cb6a9
SHA1 8847b0550640d8cadd2325d19f10c60f232f1166
SHA256 c8ae0ce4f329bb0cd55672aaa5f8410bd27684aaac1b96085ed9bf54ebea3567
SHA512 8e8dfe8e23bfa882fef6882fac5c60618c5f8bedfc13f42f3a34354f2874d379e4a6cdf1c80ff9c0063898c64371ebacc89888bcec29c69e5dc8990160633d22

/data/data/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/eJFtCuTpF.dex

MD5 fac0b7dc92164aa1b001176bf154652e
SHA1 1eabc45ec8a8fd152d453ee485522516f9411035
SHA256 e15e95775c1be159af647ae91a3b1f6e9e0e9e765a3785d8795fba4dd8e2e5b4
SHA512 73bed8630b0b64d35cfe47a3d2f93b2fa4a05fe71659dcbd4db0bab18e578e5a4faa2f3c006bdf213f684fbff37a683a65bb91bef3315cccda95f665e5b0d6e2

/data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/eJFtCuTpF.dex

MD5 32e61306beb8d8cc836bca36144124cd
SHA1 b288a80605bd0c8705c8da6c39069bd9bd49d1be
SHA256 83e5ac76c1bd18521a842ffb8b1a1c7adc9fb199bf2e4fbb0573e4488f15716c
SHA512 35ec09863b6030b936d04ec702a3aa9c5fdaab0f33f553082a621c39789bd725cce079db0a8b0ace0f44934011dd8c86bb8ea6120abb198b50f70941414781b5

/data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/eJFtCuTpF.dex

MD5 7f1cba04256885e1a3ed63712285c1e0
SHA1 fbc5a75600bae6419c0f719ba4d8147e2c71e03a
SHA256 b4275c3714cf0e5c1892d8d9a8178653b55562e83fe071d123e50cb1bcd1f190
SHA512 470cbbde87586a038443f96369e36ef34d2858ae5b60a2649467760973811bcd99519149be5763cebb5717679fbc810f008960f1bb8b605fd8bac43dc9c27d8b

/data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.ext.jar

MD5 4c58d67fe8dc0c9e3b5f044aa32da907
SHA1 76141b78bc1d0ceefd216668d421e240cc7c95dd
SHA256 92af85c7883531b7c01c96c531f6899dfc05cb8a83d1a554c472ab1db699f68d
SHA512 425a24cbd4b243d9a0a6a6b6ad34405dd9c9edd901c6d35b18b59e958c00ea0a74f7eeb6b2343f92449c7eb78b92e1be9ccbb83aeeb69a28e478d1c021acde50

/data/user/0/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/launcher.irs.jar

MD5 bb37c6088a9c43dc9c058a658b2c00fd
SHA1 1301cddc99555517b7b8c67c9953c6c9533f8d06
SHA256 baa7f00c748eba91717d68d43d8fbdbd5f15411c1a4eba5a1f3182495911c9d5
SHA512 4d027101cead1d516a8b285b216824d88dcff4f83b2fdb126a5c7acfde1392b65438fb2b00879d24a91026696ff46ddd9ccefeb7ac4a73a55bc37707b3d6b020

/data/data/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/oat/launcher.dat.jar.cur.prof

MD5 1ed146a5f8ff44862e7499319368736a
SHA1 d86435024a1a6b8de9125e1f4f9db2f205da5172
SHA256 d93c4deaf4a8cf45e46c575e2b0732d8e9d008b8823c9639efedec54b0987e9e
SHA512 796589bb29dcb0ebde5aeff6ccaf9ed93045646107a02ddd97ee0b08c15531f2a5e5645509030bfd902d2f32f100a9a679861dc51822888e4236db3f4933e03f

/data/data/com.apppills.huawei.honor.psmart.theme.latesttheme.android.launcher/app_ftlgfvlyxb767btn8kt9/oat/launcher.ext.jar.cur.prof

MD5 821077167424879e6a487341fc17e105
SHA1 9ee4ab5e22a869e543d15bb050b167c8a4389bcf
SHA256 840f0207c9556f5db3c9c3d47d64f0e7c4a84d946ed35a410f7f611cacf4c061
SHA512 412c6cb2cd645fc24a8d73291afa94e426693aa15251dedc96ba5c341fd12337863c6ab89b6fb9a74a96e18919ae81319701195c334a4d7966f03ba5073af6d7