Analysis Overview
SHA256
724d3a7bf81b08e6a14ea7b0d1bfb33488cfaebafcfb2e84de4465dd785eea9a
Threat Level: Likely malicious
The file 724d3a7bf81b08e6a14ea7b0d1bfb33488cfaebafcfb2e84de4465dd785eea9a was found to be: Likely malicious.
Malicious Activity Summary
Removes its main activity from the application launcher
Loads dropped Dex/Jar
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-13 12:30
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-13 12:30
Reported
2024-03-13 12:33
Platform
android-x64-20240221-en
Max time kernel
149s
Max time network
148s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.gammalab.chessopenings/files/f1396191993ses.dex | N/A | N/A |
Processes
com.gammalab.chessopenings
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | acoon.asortally.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.78:443 | android.apis.google.com | tcp |
| GB | 216.58.204.68:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.200.2:443 | tcp |
Files
/data/data/com.gammalab.chessopenings/files/f1396191993ses.dex
| MD5 | 2c05d9d6be9db02ec426ae7269a08397 |
| SHA1 | 5067f313d27a0efbf4b752f0e1f2ade0f7884caf |
| SHA256 | bcfac6cae0e97f837c4deb6990bebf4b396cf764376d9544d70c9379297d395a |
| SHA512 | 3675aa2405b6031a9b5fedc610620c55433bef9a170ba5bff49ed93aba52adb2e624ba1fafd7af1cec56aa86b1215e432728bb2114d75a4fa921d3d9bf996cbb |
/data/user/0/com.gammalab.chessopenings/files/f1396191993ses.dex
| MD5 | c4358244b6c14c6e1ad83b9605efa270 |
| SHA1 | f3b5c841e6430db3e22ba899ac7981009110fa71 |
| SHA256 | 492e69a980e51126516819b0be759d9818e1524c892520b560201fedeba18ab7 |
| SHA512 | a155cb96247491a42f8413d59d0c7909508285164ed8466f8f90c7d3f745ce62a2a3ab23f1e3f93d92c18d145236b71cb4847abe8c17924379e3fc574fccfaa2 |
/data/data/com.gammalab.chessopenings/files/Config
| MD5 | 8c3e0935d07382f16e83768d626b7f7c |
| SHA1 | 7599fd577aeed40858c008df77b4f5d1db49e231 |
| SHA256 | 33621e87f9db55450dcdc5934dbf6c79a13d9a579ff9ee02e19f14d678204b53 |
| SHA512 | b7fd7d1714ef52af5ba3cace17fa5249903dbd09bbfcae3421484279f26f1c0c82a3c0380e05b8a1fece1e09db224e0ac68df6be9276156cbc0e1e821727148b |
/data/data/com.gammalab.chessopenings/files/Timer
| MD5 | f3b33edaf833dd068d985582bd824eeb |
| SHA1 | 1276fad0050acc01338f87d985841ca745eeb37b |
| SHA256 | 8b6a1b5496af373815706a77255afc0dee12d2b4e8e2720f7e8283678873d85f |
| SHA512 | 5cb5150ef95d50312189494c5f9562e50e9c3186379750c7d518775079f19d42e21f9673a34eaa0151934ee595b5b4eee98eec14da2054b1635d0b9af7db80ff |
/data/data/com.gammalab.chessopenings/files/Timer
| MD5 | 11d010d9a6e8c2acae62f30646de0824 |
| SHA1 | a1085d7db0125a1ed2f3d962a3dca8a7b6cdf635 |
| SHA256 | 7455f6527552828437b3d02c3adc320b48c172d2fb6e95ac66d90a3027f7bade |
| SHA512 | f5a90a4bb9a4a643b213eedde38577280a107a87604bb3e28956fb8f0337ba49183c42607ae86b48c8dc16629b1d82d709f5134104b4deaa20c95e99fa342ba5 |
/data/data/com.gammalab.chessopenings/files/Timer
| MD5 | 49870deceb7bfeefb6577b325855343f |
| SHA1 | 5eb2760590335e0e279ed65da89e2b84e35281c7 |
| SHA256 | ad2799abe23986c0eb801249dcb7e946f8c7241872167465f473560aeef90a76 |
| SHA512 | c82f098544f9005f4d118713dfa058eab8a1de849ef07242a30adbcab58dba3c660dce52c4a67205183b1510b4fdbb3590bb0f9efe9786ae2abda109bb8e3bf1 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-03-13 12:30
Reported
2024-03-13 12:33
Platform
android-x64-arm64-20240221-en
Max time kernel
160s
Max time network
140s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.gammalab.chessopenings/files/f140404836ses.dex | N/A | N/A |
Processes
com.gammalab.chessopenings
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.10:443 | udp | |
| GB | 216.58.213.14:443 | udp | |
| GB | 172.217.169.42:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| US | 1.1.1.1:53 | acoon.asortally.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp |
Files
/data/user/0/com.gammalab.chessopenings/files/f140404836ses.dex
| MD5 | 2c05d9d6be9db02ec426ae7269a08397 |
| SHA1 | 5067f313d27a0efbf4b752f0e1f2ade0f7884caf |
| SHA256 | bcfac6cae0e97f837c4deb6990bebf4b396cf764376d9544d70c9379297d395a |
| SHA512 | 3675aa2405b6031a9b5fedc610620c55433bef9a170ba5bff49ed93aba52adb2e624ba1fafd7af1cec56aa86b1215e432728bb2114d75a4fa921d3d9bf996cbb |
/data/user/0/com.gammalab.chessopenings/files/f140404836ses.dex
| MD5 | c4358244b6c14c6e1ad83b9605efa270 |
| SHA1 | f3b5c841e6430db3e22ba899ac7981009110fa71 |
| SHA256 | 492e69a980e51126516819b0be759d9818e1524c892520b560201fedeba18ab7 |
| SHA512 | a155cb96247491a42f8413d59d0c7909508285164ed8466f8f90c7d3f745ce62a2a3ab23f1e3f93d92c18d145236b71cb4847abe8c17924379e3fc574fccfaa2 |
/data/user/0/com.gammalab.chessopenings/files/Config
| MD5 | b50c9c0ab4ea266a053892a839cc7aab |
| SHA1 | 4419939b8aace79eacbbf350c331af9277e1316a |
| SHA256 | d421654d0d77d3c20449c846346d9fa6778b1f1a3ee441b3e4560247d6efbf0c |
| SHA512 | c555bf688789863d357be7ccf9647b3473d729e9b0ae4db90919bb9d6895e99cf22bd584b2642e0ac1e6064799efcd7f1ee28ecb38533fd8ae964ac961747427 |
/data/user/0/com.gammalab.chessopenings/files/Timer
| MD5 | 8e8a861899e8bcae4d53dd3d578feda5 |
| SHA1 | 4e8f3b926bc1bfacbf35d63d82d49d2a9d1395c4 |
| SHA256 | 01a9131c794e465a93aa2b3c79c11b37be32e2970aa305604a0e3f487b7d75be |
| SHA512 | 228e09353944bb9cd9a100714f364a07a21c7a700012535017d6c1887ddcf06240bfbc9a088aa9c431720b56c7923b9bab3e8e4ec12aa9c8917aff18f5936299 |
/data/user/0/com.gammalab.chessopenings/files/Timer
| MD5 | 465e917f3b4fcc1466f7bff2ee2fe2a3 |
| SHA1 | da0c16df64c7d98831e7d02e0b5a6143a24a459d |
| SHA256 | 32ec1ad7f8805ffa7639a816ce2bf111b2da037e644d0b89d1568811ea280bbd |
| SHA512 | 559e9fc87676d731466c3f33c56c11b5c214c27a15ebe25e1291a2698b61ceb7bc9943a70c8c892aa02054001da2821706111855621df13cb5d1519243c58834 |
/data/user/0/com.gammalab.chessopenings/files/Timer
| MD5 | 09794572d8886fd3b9122a9d812f10ae |
| SHA1 | f24ae9f43af9d9284b21d21476c5beb94c9c4f89 |
| SHA256 | 665ff4e052eff4cfad035b0bc33efb208f38e13817e6da73d85bdb03a29ecd0c |
| SHA512 | 22bb6283478ac67af89a3130bacd44ea298cba59e44e2aa03e637f963a3183f7ee96d399b5bc7d466f6c9e566cb3b4d9b155449b595982c99616e1dfb5e7c33f |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-13 12:30
Reported
2024-03-13 12:33
Platform
android-x86-arm-20240221-en
Max time kernel
145s
Max time network
155s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.gammalab.chessopenings/files/f2091030324ses.dex | N/A | N/A |
Processes
com.gammalab.chessopenings
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | acoon.asortally.com | udp |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 216.58.213.10:443 | tcp |
Files
/data/user/0/com.gammalab.chessopenings/files/f2091030324ses.dex
| MD5 | c4358244b6c14c6e1ad83b9605efa270 |
| SHA1 | f3b5c841e6430db3e22ba899ac7981009110fa71 |
| SHA256 | 492e69a980e51126516819b0be759d9818e1524c892520b560201fedeba18ab7 |
| SHA512 | a155cb96247491a42f8413d59d0c7909508285164ed8466f8f90c7d3f745ce62a2a3ab23f1e3f93d92c18d145236b71cb4847abe8c17924379e3fc574fccfaa2 |
/data/data/com.gammalab.chessopenings/files/Config
| MD5 | b8ccba27fe39cd69d2ba697c274ea76f |
| SHA1 | 99178c54d2f004b4907b121ff78bbe771432ef5d |
| SHA256 | dc53f9e582b8aea6c70987f254a87bdb635f271fd987b093705d81eed6286abb |
| SHA512 | 228d9fb7898aa1a35325fe49f58949cb4133834290a640a7947b76b46d87c622df0856450f42c31e7a3e9b8a897be8696d0b80405a5058a613881682852ac3ff |
/data/data/com.gammalab.chessopenings/files/Timer
| MD5 | 90d40db8a1590ae18babfcac0589016a |
| SHA1 | 85470da4b58b5f4b259d1dc5a3497dd71431ec1f |
| SHA256 | 804187395dd9abc0f60ed58cf00debd6281187823b0a69ae5228a97c1c27c2c9 |
| SHA512 | 343182186f8845275e6727dae11aad24b75611806ce4b39cc417b0fdf844600862cb3e425c11566b986f2b3f164f04053fa3ff1c747fbdd395c6b5cee59d0aef |
/data/data/com.gammalab.chessopenings/files/Timer
| MD5 | fe8807f95b642be1d7b63d0b2344273a |
| SHA1 | fc2b748a2f42c06010cfdf2bbaa429b7dbb41fbf |
| SHA256 | 54f0736066cb15b2e8d391baa84455b952bc8338e1a602f066812c5da9a4d6be |
| SHA512 | fe563f28b2c07358c1ebe7b535c0cee4f06bc249f203584c75bc602c87bd7b19c07279a66cdbdbf5dafc088180cc55ec5d139863061bd07c04d382a0e02e41dd |
/data/data/com.gammalab.chessopenings/files/Timer
| MD5 | 27ded0871ae4645c493d7df747206eef |
| SHA1 | 2c1dabffb51c954f55cb8a2ddb357cbebad0a895 |
| SHA256 | d8ef3dd21ce999c62a7f856be6e1681cecbc45f4e3dc553227d7e3fb3415dafa |
| SHA512 | ab45d15f4599175b24eb34d1cea637709c61a60c6f173c95efa99263ee189723f85e52cfe43e899e7bfe5c0c9e3a8edfec309dd89540bee49d1e8d5b6e86738d |