Analysis
-
max time kernel
2364354s -
max time network
1798s -
platform
android_x64 -
resource
android-x64-arm64-20220823-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system -
submitted
17-04-2023 01:50
Static task
static1
Behavioral task
behavioral1
Sample
Kids XXX Video.apk
Resource
android-x64-arm64-20220823-en
General
-
Target
Kids XXX Video.apk
-
Size
1.6MB
-
MD5
2206b3ba2f3f377d22bb91a489cf56d9
-
SHA1
c6d7d6e39f614c3d9f2372ee316c2c61365adb0b
-
SHA256
8ab0d9b07252a20f591d240bc6560dd1132eef24eecec9421beb62dfde1c295c
-
SHA512
2299be372af0fd4965caa8092445b1d0ae1e686cfaab5aacb1e0688916a29ab3e776a18fc211bac042db3752ff0bb12f0e321877b782b719112d1a77829d6a47
-
SSDEEP
24576:fnZ+SzlRvyr7u++6GzK2QswUSYqAHQj991IZVjUlgIPsbNDKKrCdtLgb+dUHcG+X:PZ+CkAjzKA+h91IZBKeDUnMbJcNFgeZ
Malware Config
Signatures
-
Checks Android system properties for emulator presence. 6 IoCs
description ioc Process Accessed system property key: ro.bootmode com.zolia.kidsxxxvideoo Accessed system property key: ro.hardware com.zolia.kidsxxxvideoo Accessed system property key: ro.product.device com.zolia.kidsxxxvideoo Accessed system property key: ro.product.model com.zolia.kidsxxxvideoo Accessed system property key: ro.product.name com.zolia.kidsxxxvideoo Accessed system property key: ro.bootloader com.zolia.kidsxxxvideoo -
Checks known Qemu pipes. 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
ioc Process /dev/socket/qemud com.zolia.kidsxxxvideoo /dev/qemu_pipe com.zolia.kidsxxxvideoo
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
120KB
MD5a48cd9324b1f8754b07f00d863b840f3
SHA111c6614775b35a58f440971dfc87c8aaac6d6173
SHA2568859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420
SHA51235fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1
-
Filesize
2KB
MD52e27a9f370d30059fc1dc203b9ec60a0
SHA1fd266478f4b44e89ab2d7c6a8e8358040578bc3c
SHA256766c8b87eb73aad539372762a1ce3712c3ca8ca247d1b670fd69bf03059b57d3
SHA512aad3ee28c97d743d391a05514dd79e8c176d0bcf9d64fc46bd12e7bb403e3261646de2e1eec91955a4e7441f0cde6c80e78210fc6fd43c1c1ab315a2b69a956b
-
Filesize
29B
MD595544a879146f94f9ce124d096696dbc
SHA1ed854d08bcf344e9afe5668338ba3146e8019571
SHA25626713700bddf1b8b782af2d90328d5b8e5e1863c7083dd48ae5087988bcf01b0
SHA512d2b2996711378a4e5bfa88a4d2bb534b267196935374ebcb5e64acdd97c799b2adb189fe1b091bf495e48c9c3dfde5caa13c90400807da4e100795f2adbdb2cd
-
Filesize
40B
MD53fec9f01dc659b7adf7c1d00acd71694
SHA1633ae77a2958027654c490a451b85a85ad452b30
SHA256b4989e720815a33ef41c50d14466b960a99d55aa1cbe72de42e4205c338a49c8
SHA512ebb81e5ec7a53f54cfae831311a734d1237e0ddd29432b74cf7b9e5548997e7fc566df73e7d1d61196147a0fd46795eb73f43d131db439c5416a394440887bea
-
Filesize
48B
MD56d7d499960179766cd4261d12dacc411
SHA1e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA5126526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547
-
/data/user/0/com.zolia.kidsxxxvideoo/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index
Filesize96B
MD5678bcc6ced0d8efc17ce1503e985561c
SHA1bbf039c4e79c9646d539599b4da2e39f725832ea
SHA256391e35f0e6bca554b8e855ee97610f23b22a73e9655494bdf366c1d138750849
SHA5127c083407d7f4ea3b268170981c6d9617af975eefec7ea0067056cbece954400c7fedc58acc3706685374b870918bed55d199b86d48b14bde557f5d4152f25aad
-
Filesize
48B
MD56d7d499960179766cd4261d12dacc411
SHA1e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA5126526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547
-
/data/user/0/com.zolia.kidsxxxvideoo/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index
Filesize96B
MD539fcc485ae82cede4b22d47480e20003
SHA15d86c3a41a07974e1d7d559a7e3f51ee5454a418
SHA256e0f728d0aa1bef59d6a79d6e701246aed3cfcafbc427ac2b51ae343b5b11c213
SHA512042afefe5354c28c6cbd0d1e4b50dd53c1f91a53407c38da60ccdf8f1c5083a3ae5215a18184ce490e7d67d72a715e5b16be7aea6a38dc6762265361b30070d0
-
Filesize
57KB
MD5f080fa2a56ab5479d58063e5ea871447
SHA14b3fd57a98916fa5784305b76ba30af26b5253d9
SHA2560aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815
SHA5128aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936
-
Filesize
288KB
MD54e816d2272f2e6f3447e06b5be9b8165
SHA19cd2cada728921cf82dc7b242fdd061557668fa5
SHA256df5a2fb1792bfde2087266087c4070b6321c40ed995240bbd20bb77442aa93c6
SHA512ee1900be7532645370b3a9c404108936e113dd13c32d3cabbdfdaf6f0c1aae6f241a741aedc87952f8028b2e03b4096f657b81bae2a09e67609704d0d6d84a49
-
Filesize
1KB
MD59f7e7594befb5276259aa6dd7493ac13
SHA1d2afeb16217822014c6ba430f3ecb6a3d2579a52
SHA2568092bc3f1e03d55d21514165975457371920a448055d64f37d134fd48fa6383d
SHA5122ab052675368c7c12fd63b7f101444825eb02dfcbaac7eb47ae7257a0ed3969e4edf745d0a5722823bb495666a95a2b3f88a0d0d2fd47897a420c316e1ef1588
-
Filesize
5B
MD59dcf2a6f12095ecff342e9fa0c5ca72f
SHA1c815f34691be353caa9de93bbdb00a31f62a9ed3
SHA2564e68143408826326220a32d6bff59e1cca3dd85f74b018aebd6723c5686c54e5
SHA5127ba3449f5ec3363bbee33d47abe471286cf78034dd70379fa4d0de5fd59215e8c58287eddffed1b9c3c74e157f6a9ad69b0c551001a62d04790bba49df48231c
-
Filesize
125B
MD521a489e72faced37a51aa1370d06c2ec
SHA172096a391432b75fd9b333d516125f2b41f171ee
SHA2569e2cfa5ba5d7ac3a9b06ec4fa07d202a3d00e682255bd4841f6cebf6b0726e65
SHA51261797d84f016587d49ad4cf6996af4a04744903005c9c325c6b062abef195de448cc60f0bb372010fed4146b4b7c8fc1afeccb1b27696c89b2e71dfe5f7b9913
-
Filesize
127B
MD597ccd9a2b2063143df56b6937f961ca4
SHA15e78a91ae5df289ce83443cb7d5589dd3504fb5d
SHA256248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd
SHA51286c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b