Malware Analysis Report

2025-08-05 09:27

Sample ID 240223-pzjmksge53
Target 19b92b03ba1318d30c2888bf3b1677889bb5b6136928aad974927bc5e09e5bcf
SHA256 19b92b03ba1318d30c2888bf3b1677889bb5b6136928aad974927bc5e09e5bcf
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

19b92b03ba1318d30c2888bf3b1677889bb5b6136928aad974927bc5e09e5bcf

Threat Level: Shows suspicious behavior

The file 19b92b03ba1318d30c2888bf3b1677889bb5b6136928aad974927bc5e09e5bcf was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Loads dropped Dex/Jar

Acquires the wake lock

Reads information about phone network operator.

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 12:45

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-23 12:45

Reported

2024-02-23 12:48

Platform

android-x64-20240221-en

Max time kernel

152s

Max time network

143s

Command Line

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/bb50dea8.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Processes

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 g1.topprocompany.com udp
PL 51.75.61.102:80 g1.topprocompany.com tcp
GB 216.58.204.68:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.187.238:443 tcp
GB 142.250.200.2:443 tcp

Files

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/bb50dea8.dex

MD5 57706cfdd2ff4b375b0d6484c1424db8
SHA1 0bee55a4a0330e06d1261b331ceb102c225272bc
SHA256 2fd9ed9978f17621d3f7fd6bb4c9187b6059c879d042753e5cc96d792dbb00fa
SHA512 b2482722c74dc1242c46a825892a5c67a1083ea8f19887569135dc7942d523cc5553abf0e30a565e00fe5dda4e39c030b3cec81304ea526def3e90fdc1d455d1

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/bb50dea8.dex

MD5 06a77b865b893e89a8dd894d61b88295
SHA1 06c48c3b4d2fc9520c6d25fe87a630cba571cc34
SHA256 2115a487e37de063d314b17ef9b3bf01800b097adb69dbadc857c50aa564e547
SHA512 31cb4e654459755cfc761dee9d46d1718666dc3f7fce2b85fbdbfc54fe429672da08312e1e9c2a5727b665988dbf531b36bd47c258f383273bba39d0c59a0046

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/PersistedInstallation538469467667007919tmp

MD5 ed0432a35a90617b5364578094ddb58e
SHA1 cc92500a3f2266231acc5c5b062ce1fb13c099fa
SHA256 906ab12aab385d6ece003fc3909e13d3996e18377bd3c20ae9531b2e74c28919
SHA512 21227218a5bcc87542292213c41780bbbe2759e21407365ceed52a17d60fbc3355316cdcea06789cd24de68e3a83f11421678475be8edf518f8c00d1dc9117d1

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/DMfQ

MD5 2517dc7b6317f3261c0220f4237ce77b
SHA1 9db6f234ad2dc719e65b43acd5a10a99d44e3c7a
SHA256 29135e79f79875f13d880ab148f4d0645c940a61a072ce2661f2585843369364
SHA512 771acd1584efb2f8284d1886cf5de0adc222c0e49ad7f1e5d914370c1962054390e3a10faeb36648f15cec11b9fef60b6548997ae3067d741039949d28a1392a

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/AOtHj

MD5 a592fe4971595baafcadb414b465ca8b
SHA1 b2b600ecf7e6d27719b5adda6ab713f6bde9e25d
SHA256 52d0e5c6b5b909248dc991a6a2e37a2076d4edf5ffc07cc3af921064efa5b560
SHA512 043ff38935a42f257e1fa5a64522a0aa8f377b434cae80062d2e8997d99d288e9eda8e7d346bc09e2bc345880b88505be47ade180961c93b28362996298acdfa

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/DMfQ

MD5 2cf2458e1d527c9f7f59b101fba080ac
SHA1 ca40bc39b7bf6bd9ccc45e7241d033d72fe23d06
SHA256 cff485b07abd61e6c5a185f6c9f32f6fe7e8cc6086cb2071d655cb419bf4fbf2
SHA512 97398d712f388d924925eec50053d926de1c633b1efc0d4b8a28651126002cd8e521ad9d3c6050835de89c86dc168aa3feab2f880be219706748b3882f65518f

Analysis: behavioral3

Detonation Overview

Submitted

2024-02-23 12:45

Reported

2024-02-23 12:48

Platform

android-x64-arm64-20240221-en

Max time kernel

152s

Max time network

146s

Command Line

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/bb50dea8.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Processes

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 udp
GB 142.250.187.234:443 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 g1.topprocompany.com udp
PL 51.75.61.102:80 g1.topprocompany.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 142.250.187.226:443 tcp

Files

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/bb50dea8.dex

MD5 06a77b865b893e89a8dd894d61b88295
SHA1 06c48c3b4d2fc9520c6d25fe87a630cba571cc34
SHA256 2115a487e37de063d314b17ef9b3bf01800b097adb69dbadc857c50aa564e547
SHA512 31cb4e654459755cfc761dee9d46d1718666dc3f7fce2b85fbdbfc54fe429672da08312e1e9c2a5727b665988dbf531b36bd47c258f383273bba39d0c59a0046

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/PersistedInstallation5359179909872516392tmp

MD5 1d6d53ad072e51f8a7f849527adf2498
SHA1 9f48fb1d88d1ceba8ada4a6256286c6d9b14731c
SHA256 f8372a99f64fa6595f45d7519cd0fa6ba4ce66cce89eabfe81af0c2ea85109a3
SHA512 867005af334dbeed45c8f865ee94b8779d0227c26262a1779f1f048dc062f2a001f3690e6e0052babe2a24c2da84d237e9309a50240a02e393fe4af4a4d73645

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/DMfQ

MD5 19f8c4a2cabe8b9631c37f830eb75a6e
SHA1 e35bfa6c0e0eef35a423ff9903665b9bec3bfb8c
SHA256 a91144263fae317f55f715b9d3681e9f547519a847139e7e27a2b9302aaaa58d
SHA512 26d7b336cfaee93c748150f1a0b0fe68affd99b74103cb97a8de0943de50f4ed86f9e93ca4b4d849ad2717f7e970661ed3581cd5d0655e828348922ad1147dd9

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/AOtHj

MD5 7bc62245c8d2847c1e5e5a4c5ac36de6
SHA1 bac14ee33beec634c559a038b65c8ebdee5ed120
SHA256 92d7b35094e3e357ea4ac23a2fa499a9f91c372c8188ef0fe971e5a9c96eec34
SHA512 e6d1d6afd73f5afee035c687a0ab24f2fb85d390b2943135f480156be6ad48dc87a15fab5536ddf50d180cc9443c5675b29f32c4557e081454afea926be4d23d

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/DMfQ

MD5 5836bc8e75e410a3cc887d498c99643f
SHA1 8c5ddef2bbcd2eb013c9ff6657269b0fed8fbc95
SHA256 64903f9bdd27ce13deb9aa4bec2a3d433450adadf472a4ce60444cb237543614
SHA512 6b9496aafb990dc1db4db474e0eeb388fab7a575df0c784d16ac315fabfb5b94cb9c6a875898551ed73ba089879e82695802b27126515d9661b21025e8911422

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 12:45

Reported

2024-02-23 12:48

Platform

android-x86-arm-20240221-en

Max time kernel

147s

Max time network

130s

Command Line

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/bb50dea8.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Processes

com.vsindiaapps.latestpunjabisongs.nearme.gamecenter

Network

Country Destination Domain Proto
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 g1.topprocompany.com udp
PL 51.75.61.102:80 g1.topprocompany.com tcp

Files

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/bb50dea8.dex

MD5 57706cfdd2ff4b375b0d6484c1424db8
SHA1 0bee55a4a0330e06d1261b331ceb102c225272bc
SHA256 2fd9ed9978f17621d3f7fd6bb4c9187b6059c879d042753e5cc96d792dbb00fa
SHA512 b2482722c74dc1242c46a825892a5c67a1083ea8f19887569135dc7942d523cc5553abf0e30a565e00fe5dda4e39c030b3cec81304ea526def3e90fdc1d455d1

/data/user/0/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/bb50dea8.dex

MD5 06a77b865b893e89a8dd894d61b88295
SHA1 06c48c3b4d2fc9520c6d25fe87a630cba571cc34
SHA256 2115a487e37de063d314b17ef9b3bf01800b097adb69dbadc857c50aa564e547
SHA512 31cb4e654459755cfc761dee9d46d1718666dc3f7fce2b85fbdbfc54fe429672da08312e1e9c2a5727b665988dbf531b36bd47c258f383273bba39d0c59a0046

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/databases/com.google.android.datatransport.events-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/PersistedInstallation459150234611464109tmp

MD5 45d8281f7dd8318f2df6b8b24ab4afbe
SHA1 806642f2f9957724c41cd189214c8e3536403deb
SHA256 98b68a29b6d21ef925461b01a3d13224310518ffba0f7a5b8885fc1223c98e2c
SHA512 33b6537cbef27655b615a62a8ae44b5eaf3a1e4cb06360a332f2cfc5dcaf9613dffa849774f21e835063fff4da893e4b8ae77d6b4c89150d9a561f40a82b826e

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/DMfQ

MD5 c8bfceb4881e0bde0ca347fc297a3eec
SHA1 1ce62e1e28a98bb9ced9b58c9d8c892daf5b8bc8
SHA256 a9ddfadc2d34dca45a3aad15321ee6aca07b7ff7c87dc91b7b2c3ee296b0ac72
SHA512 21e4c8776980ed2f21698fee2b658506728e1f8c23cc06c02787cff80d24dfe670e207c1aadcb9d920aa607bd3420b6164b6580fad38b694d3fdd037e432a601

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/AOtHj

MD5 7f95acbc0a43899439e8762c53a60e48
SHA1 60428a18448cdc8f7f65af8842ca4e58990111d5
SHA256 b9dd111a4065555a98d62f430f9a0ddb684770554857d2af1ab84f3aaf18b163
SHA512 7eb2f3ec6fdff9f45ecf3e4620dbe0f6395d50edbfa9fa539f755ba1b3679cac4bad3ab29f45546a5146592bc18ade1c5ccf522ac7a2f16598556cfd7a4ef3e5

/data/data/com.vsindiaapps.latestpunjabisongs.nearme.gamecenter/files/DMfQ

MD5 7a28c9dae63765d0a4c063fd245ee314
SHA1 3dc7632c38c1647df56ce733a8b72fa077318795
SHA256 e694b1df787df7bf2e575fbc6a5e0dfb4f21763c58cc9a504d59646f9082c7d3
SHA512 2d87a67987d0d92b34645d68edc6db12670d2268029e30a6321a17ba60be2c03bcdecce6d4498591cba18aa4c169f0bbc9e55f88425e681b7c9576b7565d3583