Malware Analysis Report

2025-01-19 05:35

Sample ID 240313-ppwt6ach5w
Target 724d3a7bf81b08e6a14ea7b0d1bfb33488cfaebafcfb2e84de4465dd785eea9a
SHA256 724d3a7bf81b08e6a14ea7b0d1bfb33488cfaebafcfb2e84de4465dd785eea9a
Tags
evasion stealth trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

724d3a7bf81b08e6a14ea7b0d1bfb33488cfaebafcfb2e84de4465dd785eea9a

Threat Level: Likely malicious

The file 724d3a7bf81b08e6a14ea7b0d1bfb33488cfaebafcfb2e84de4465dd785eea9a was found to be: Likely malicious.

Malicious Activity Summary

evasion stealth trojan

Removes its main activity from the application launcher

Loads dropped Dex/Jar

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-13 12:30

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-13 12:30

Reported

2024-03-13 12:33

Platform

android-x64-20240221-en

Max time kernel

149s

Max time network

148s

Command Line

com.gammalab.chessopenings

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.gammalab.chessopenings/files/f1396191993ses.dex N/A N/A

Processes

com.gammalab.chessopenings

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 acoon.asortally.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.78:443 android.apis.google.com tcp
GB 216.58.204.68:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
GB 142.250.187.238:443 tcp
GB 142.250.200.2:443 tcp

Files

/data/data/com.gammalab.chessopenings/files/f1396191993ses.dex

MD5 2c05d9d6be9db02ec426ae7269a08397
SHA1 5067f313d27a0efbf4b752f0e1f2ade0f7884caf
SHA256 bcfac6cae0e97f837c4deb6990bebf4b396cf764376d9544d70c9379297d395a
SHA512 3675aa2405b6031a9b5fedc610620c55433bef9a170ba5bff49ed93aba52adb2e624ba1fafd7af1cec56aa86b1215e432728bb2114d75a4fa921d3d9bf996cbb

/data/user/0/com.gammalab.chessopenings/files/f1396191993ses.dex

MD5 c4358244b6c14c6e1ad83b9605efa270
SHA1 f3b5c841e6430db3e22ba899ac7981009110fa71
SHA256 492e69a980e51126516819b0be759d9818e1524c892520b560201fedeba18ab7
SHA512 a155cb96247491a42f8413d59d0c7909508285164ed8466f8f90c7d3f745ce62a2a3ab23f1e3f93d92c18d145236b71cb4847abe8c17924379e3fc574fccfaa2

/data/data/com.gammalab.chessopenings/files/Config

MD5 8c3e0935d07382f16e83768d626b7f7c
SHA1 7599fd577aeed40858c008df77b4f5d1db49e231
SHA256 33621e87f9db55450dcdc5934dbf6c79a13d9a579ff9ee02e19f14d678204b53
SHA512 b7fd7d1714ef52af5ba3cace17fa5249903dbd09bbfcae3421484279f26f1c0c82a3c0380e05b8a1fece1e09db224e0ac68df6be9276156cbc0e1e821727148b

/data/data/com.gammalab.chessopenings/files/Timer

MD5 f3b33edaf833dd068d985582bd824eeb
SHA1 1276fad0050acc01338f87d985841ca745eeb37b
SHA256 8b6a1b5496af373815706a77255afc0dee12d2b4e8e2720f7e8283678873d85f
SHA512 5cb5150ef95d50312189494c5f9562e50e9c3186379750c7d518775079f19d42e21f9673a34eaa0151934ee595b5b4eee98eec14da2054b1635d0b9af7db80ff

/data/data/com.gammalab.chessopenings/files/Timer

MD5 11d010d9a6e8c2acae62f30646de0824
SHA1 a1085d7db0125a1ed2f3d962a3dca8a7b6cdf635
SHA256 7455f6527552828437b3d02c3adc320b48c172d2fb6e95ac66d90a3027f7bade
SHA512 f5a90a4bb9a4a643b213eedde38577280a107a87604bb3e28956fb8f0337ba49183c42607ae86b48c8dc16629b1d82d709f5134104b4deaa20c95e99fa342ba5

/data/data/com.gammalab.chessopenings/files/Timer

MD5 49870deceb7bfeefb6577b325855343f
SHA1 5eb2760590335e0e279ed65da89e2b84e35281c7
SHA256 ad2799abe23986c0eb801249dcb7e946f8c7241872167465f473560aeef90a76
SHA512 c82f098544f9005f4d118713dfa058eab8a1de849ef07242a30adbcab58dba3c660dce52c4a67205183b1510b4fdbb3590bb0f9efe9786ae2abda109bb8e3bf1

Analysis: behavioral3

Detonation Overview

Submitted

2024-03-13 12:30

Reported

2024-03-13 12:33

Platform

android-x64-arm64-20240221-en

Max time kernel

160s

Max time network

140s

Command Line

com.gammalab.chessopenings

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.gammalab.chessopenings/files/f140404836ses.dex N/A N/A

Processes

com.gammalab.chessopenings

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.10:443 udp
GB 216.58.213.14:443 udp
GB 172.217.169.42:443 tcp
GB 172.217.169.42:443 tcp
US 1.1.1.1:53 acoon.asortally.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.232:443 ssl.google-analytics.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp

Files

/data/user/0/com.gammalab.chessopenings/files/f140404836ses.dex

MD5 2c05d9d6be9db02ec426ae7269a08397
SHA1 5067f313d27a0efbf4b752f0e1f2ade0f7884caf
SHA256 bcfac6cae0e97f837c4deb6990bebf4b396cf764376d9544d70c9379297d395a
SHA512 3675aa2405b6031a9b5fedc610620c55433bef9a170ba5bff49ed93aba52adb2e624ba1fafd7af1cec56aa86b1215e432728bb2114d75a4fa921d3d9bf996cbb

/data/user/0/com.gammalab.chessopenings/files/f140404836ses.dex

MD5 c4358244b6c14c6e1ad83b9605efa270
SHA1 f3b5c841e6430db3e22ba899ac7981009110fa71
SHA256 492e69a980e51126516819b0be759d9818e1524c892520b560201fedeba18ab7
SHA512 a155cb96247491a42f8413d59d0c7909508285164ed8466f8f90c7d3f745ce62a2a3ab23f1e3f93d92c18d145236b71cb4847abe8c17924379e3fc574fccfaa2

/data/user/0/com.gammalab.chessopenings/files/Config

MD5 b50c9c0ab4ea266a053892a839cc7aab
SHA1 4419939b8aace79eacbbf350c331af9277e1316a
SHA256 d421654d0d77d3c20449c846346d9fa6778b1f1a3ee441b3e4560247d6efbf0c
SHA512 c555bf688789863d357be7ccf9647b3473d729e9b0ae4db90919bb9d6895e99cf22bd584b2642e0ac1e6064799efcd7f1ee28ecb38533fd8ae964ac961747427

/data/user/0/com.gammalab.chessopenings/files/Timer

MD5 8e8a861899e8bcae4d53dd3d578feda5
SHA1 4e8f3b926bc1bfacbf35d63d82d49d2a9d1395c4
SHA256 01a9131c794e465a93aa2b3c79c11b37be32e2970aa305604a0e3f487b7d75be
SHA512 228e09353944bb9cd9a100714f364a07a21c7a700012535017d6c1887ddcf06240bfbc9a088aa9c431720b56c7923b9bab3e8e4ec12aa9c8917aff18f5936299

/data/user/0/com.gammalab.chessopenings/files/Timer

MD5 465e917f3b4fcc1466f7bff2ee2fe2a3
SHA1 da0c16df64c7d98831e7d02e0b5a6143a24a459d
SHA256 32ec1ad7f8805ffa7639a816ce2bf111b2da037e644d0b89d1568811ea280bbd
SHA512 559e9fc87676d731466c3f33c56c11b5c214c27a15ebe25e1291a2698b61ceb7bc9943a70c8c892aa02054001da2821706111855621df13cb5d1519243c58834

/data/user/0/com.gammalab.chessopenings/files/Timer

MD5 09794572d8886fd3b9122a9d812f10ae
SHA1 f24ae9f43af9d9284b21d21476c5beb94c9c4f89
SHA256 665ff4e052eff4cfad035b0bc33efb208f38e13817e6da73d85bdb03a29ecd0c
SHA512 22bb6283478ac67af89a3130bacd44ea298cba59e44e2aa03e637f963a3183f7ee96d399b5bc7d466f6c9e566cb3b4d9b155449b595982c99616e1dfb5e7c33f

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-13 12:30

Reported

2024-03-13 12:33

Platform

android-x86-arm-20240221-en

Max time kernel

145s

Max time network

155s

Command Line

com.gammalab.chessopenings

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.gammalab.chessopenings/files/f2091030324ses.dex N/A N/A

Processes

com.gammalab.chessopenings

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 acoon.asortally.com udp
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 216.58.213.10:443 tcp

Files

/data/user/0/com.gammalab.chessopenings/files/f2091030324ses.dex

MD5 c4358244b6c14c6e1ad83b9605efa270
SHA1 f3b5c841e6430db3e22ba899ac7981009110fa71
SHA256 492e69a980e51126516819b0be759d9818e1524c892520b560201fedeba18ab7
SHA512 a155cb96247491a42f8413d59d0c7909508285164ed8466f8f90c7d3f745ce62a2a3ab23f1e3f93d92c18d145236b71cb4847abe8c17924379e3fc574fccfaa2

/data/data/com.gammalab.chessopenings/files/Config

MD5 b8ccba27fe39cd69d2ba697c274ea76f
SHA1 99178c54d2f004b4907b121ff78bbe771432ef5d
SHA256 dc53f9e582b8aea6c70987f254a87bdb635f271fd987b093705d81eed6286abb
SHA512 228d9fb7898aa1a35325fe49f58949cb4133834290a640a7947b76b46d87c622df0856450f42c31e7a3e9b8a897be8696d0b80405a5058a613881682852ac3ff

/data/data/com.gammalab.chessopenings/files/Timer

MD5 90d40db8a1590ae18babfcac0589016a
SHA1 85470da4b58b5f4b259d1dc5a3497dd71431ec1f
SHA256 804187395dd9abc0f60ed58cf00debd6281187823b0a69ae5228a97c1c27c2c9
SHA512 343182186f8845275e6727dae11aad24b75611806ce4b39cc417b0fdf844600862cb3e425c11566b986f2b3f164f04053fa3ff1c747fbdd395c6b5cee59d0aef

/data/data/com.gammalab.chessopenings/files/Timer

MD5 fe8807f95b642be1d7b63d0b2344273a
SHA1 fc2b748a2f42c06010cfdf2bbaa429b7dbb41fbf
SHA256 54f0736066cb15b2e8d391baa84455b952bc8338e1a602f066812c5da9a4d6be
SHA512 fe563f28b2c07358c1ebe7b535c0cee4f06bc249f203584c75bc602c87bd7b19c07279a66cdbdbf5dafc088180cc55ec5d139863061bd07c04d382a0e02e41dd

/data/data/com.gammalab.chessopenings/files/Timer

MD5 27ded0871ae4645c493d7df747206eef
SHA1 2c1dabffb51c954f55cb8a2ddb357cbebad0a895
SHA256 d8ef3dd21ce999c62a7f856be6e1681cecbc45f4e3dc553227d7e3fb3415dafa
SHA512 ab45d15f4599175b24eb34d1cea637709c61a60c6f173c95efa99263ee189723f85e52cfe43e899e7bfe5c0c9e3a8edfec309dd89540bee49d1e8d5b6e86738d