f18aba837e86025dfb9bd3fd2c4bf161f679ff1f3d10e7a480d682178051a9b9

General

Target

pithus_sample_f18aba837e86025dfb9bd3fd2c4bf161f679ff1f3d10e7a480d682178051a9b9.apk
Size

6.3MB
MD5

547217d768ca6a46b00fc02f1ab7fb56
SHA1

f68cf2783e026b7ca6d4f577819c206e4258d48b
SHA256

f18aba837e86025dfb9bd3fd2c4bf161f679ff1f3d10e7a480d682178051a9b9
SHA512

926b7761b728057022f0f44aec2048f12a69e6fc4e897f6900897926cbcae19e65bc4eb4438ec5d2a8c9ec097b429f35db29460d52d2861d40d761e70355fffa

Score

10^/10

obfuscation

Malware Config

Extracted

AES_key

Signatures

Checks Android system properties for emulator presence. 1 IoCs

Processes:

com.hdmovies.freemovieshd.watchmovies

description ioc process

Accessed system property key: ro.product.model com.hdmovies.freemovieshd.watchmovies
Checks known Qemu pipes. 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.

Processes:

com.hdmovies.freemovieshd.watchmovies

ioc process

/dev/socket/qemud com.hdmovies.freemovieshd.watchmovies
/dev/qemu_pipe com.hdmovies.freemovieshd.watchmovies

description	ioc	process
Accessed system property	key: ro.product.model	com.hdmovies.freemovieshd.watchmovies

ioc	process
/dev/socket/qemud	com.hdmovies.freemovieshd.watchmovies
/dev/qemu_pipe	com.hdmovies.freemovieshd.watchmovies

Loads dropped Dex/Jar 6 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.hdmovies.freemovieshd.watchmovies

ioc	pid	process
/data/user/0/com.hdmovies.freemovieshd.watchmovies/[email protected]	4511	com.hdmovies.freemovieshd.watchmovies
/data/user_de/0/com.google.android.gms/app_chimera/m/00000002/DynamiteLoader.apk	4511	com.hdmovies.freemovieshd.watchmovies
/data/user_de/0/com.google.android.gms/app_chimera/m/00000007/MeasurementDynamite.apk	4511	com.hdmovies.freemovieshd.watchmovies
/data/user_de/0/com.google.android.gms/app_chimera/m/00000000/AdsDynamite.apk	4511	com.hdmovies.freemovieshd.watchmovies
/product/app/TrichromeLibrary/TrichromeLibrary.apk	4511	com.hdmovies.freemovieshd.watchmovies
/product/app/TrichromeLibrary/TrichromeLibrary.apk	4511	com.hdmovies.freemovieshd.watchmovies

Uses reflection 64 IoCs

obfuscation

Processes:

com.hdmovies.freemovieshd.watchmovies

description	pid	process
Invokes method android.app.Application.getProcessName	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field d.c.b.c.b.b.a	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field d.c.b.c.b.b.a	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field d.c.b.c.b.b.a	4511	com.hdmovies.freemovieshd.watchmovies
Invokes method android.app.Application.getProcessName	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field d.c.b.c.b.b.a	4511	com.hdmovies.freemovieshd.watchmovies
Invokes method android.app.Application.getProcessName	4511	com.hdmovies.freemovieshd.watchmovies
Invokes method com.google.android.gms.chimera.DynamiteModuleInitializer.initializeModuleV1	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field ci.a	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.IABDisplayImpressionDelayInSeconds	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.IABVideoImpressionDelayInSeconds	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.SimpleToken	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.SupportIABViewability	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.adPlatformBannerHostSecured	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.adPlatformBannerHostSecured	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.adPlatformHostSecured	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.adPlatformNativeHostSecured	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.adPlatformNativeHostSecured	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.adPlatformOverlayHostSecured	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.adPlatformOverlayHostSecured	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.adPlatformReturnHostSecured	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.adPlatformReturnHostSecured	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.adPlatformSplashHostSecured	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.adPlatformSplashHostSecured	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field d.c.b.c.b.b.a	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.alwaysSendToken	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.analytics	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.assetsBaseUrlSecured	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.btConfig	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.chromeCustomeTabsExternal	4511	com.hdmovies.freemovieshd.watchmovies
Invokes method com.google.android.gms.chimera.DynamiteModuleInitializer.initializeModuleV1	4511	com.hdmovies.freemovieshd.watchmovies
Invokes method android.app.Application.getProcessName	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.chromeCustomeTabsInternal	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.compressionEnabled	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.consentDetails	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field ci.a	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.disableSendAdvertisingId	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.dns	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field d.c.b.c.b.b.a	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.inAppBrowser	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.installersList	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.invalidForRetry	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.isToken1Mandatory	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.location	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.metaDataHostSecured	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.metadataUpdateVersion	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.netDiag	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.networkTests	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.notVisibleBannerReloadInterval	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.omSdkEnabled	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.periodicEventIntMin	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.periodicInfoEventEnabled	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.periodicMetaDataEnabled	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.periodicMetaDataIntervalInMinutes	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.periodicThresholdMin	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.preInstalledPackages	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.profileId	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.profileId	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.rsc	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.sensorsConfig	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.sessionMaxBackgroundTime	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.simpleToken2	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.staleDc	4511	com.hdmovies.freemovieshd.watchmovies
Acesses field com.startapp.sdk.adsbase.remoteconfig.MetaData.stopAutoLoadAmount	4511	com.hdmovies.freemovieshd.watchmovies

com.hdmovies.freemovieshd.watchmovies
1⤵
- Checks Android system properties for emulator presence.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Uses reflection
PID:4511

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads