30461b0c1437228c23c0d73ac44ce810e84b3ba6c681dda9620d1f114afb15f4

Analysis

max time kernel
2659422s
max time network
165s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
25/12/2023, 01:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

duolingo-5.129.4-premium-5play.apk
Size

54.9MB
MD5

606d838c63a51d9223564c65addccc41
SHA1

7829ce45e6fb106e2e02bd784edf4dcea5c9e3bc
SHA256

30461b0c1437228c23c0d73ac44ce810e84b3ba6c681dda9620d1f114afb15f4
SHA512

4449cfe248b890ed6de2a2320fdc33c4617a6f1d63514e91e3429bba3d78a0207eace8329e5491bd50d5a243cf536378222f29d4b0ef94cd2cdc50450df55201
SSDEEP

1572864:jS2h6yUAkkim7Q0VjvphWSA3o1ydVFU5EJEj2x1xC+wlKiyB:jSUUfkj7Q0xvrWSQo1iXaVi

Score

7^/10

evasion

Malware Config

Signatures

Checks Android system properties for emulator presence. 6 IoCs

description	ioc	Process
Accessed system property	key: ro.bootloader	com.duolingo
Accessed system property	key: ro.bootmode	com.duolingo
Accessed system property	key: ro.product.model	com.duolingo
Accessed system property	key: ro.product.device	com.duolingo
Accessed system property	key: ro.product.name	com.duolingo
Accessed system property	key: ro.hardware	com.duolingo

Checks Qemu related system properties. 5 IoCs

Checks for Android system properties related to Qemu for Emulator detection.

description	ioc	Process
Accessed system property	key: ro.kernel.qemu	com.duolingo
Accessed system property	key: init.svc.qemud	com.duolingo
Accessed system property	key: qemu.hw.mainkeys	com.duolingo
Accessed system property	key: ro.kernel.android.qemud	com.duolingo
Accessed system property	key: ro.kernel.qemu.gles	com.duolingo

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.duolingo

Checks the presence of a debugger
evasion

com.duolingo
1⤵
- Checks Android system properties for emulator presence.
- Checks Qemu related system properties.
- Acquires the wake lock
PID:5093

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.duolingo/databases/com.google.android.datatransport.events

Filesize
12KB

MD5
ea628e04765adaf4238a5dcdff4bbd51

SHA1
a801947619ea8c368efe9c006a324dc6339ac60b

SHA256
885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4

SHA512
c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

Download Submit
/data/data/com.duolingo/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
1d5a3770ae2aac48af96bbb8399713d2

SHA1
0de04236f94d54c59cdd2f5db8e444bf970648e1

SHA256
d25d46ee3bd8fcf833d2553a64467291ec536b52ab88c7e46b5a5151309da333

SHA512
3ac66abfad8394b282de8ec36e7b3542bb921a499ff02e64f86f2676fd384fe54997ac906202a58e631127c9c996351fb970f98dd29f9042e3f23e5a67b27f9f

Download Submit
/data/data/com.duolingo/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
2176ae809aca8e81c2d99b9536adde3a

SHA1
55cc374e4b3da1aed8e2ee05abad1d9c23bfbf32

SHA256
df4ed672fcdd7352d3856484b78b9cd23eba2180f9e3d6b3f4e75437e365cb4a

SHA512
9600a46f789618b5d91e8a60be08cbc4fc23b4e2f062abb032d00fc2a722a9c419ecd54b9a076d1ee2ee0fe9c59a837719bf7650303c79e57b2a8acfb7aacf3f

Download Submit
/data/data/com.duolingo/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
f20b6bf24e493627e42da27ec7a6a580

SHA1
80795fa2aaec802382e9df028a099678f26ce07c

SHA256
8c6778301c226074c14db15ab2968772e0eaf8a79fe6be0f42e2e334a912d72e

SHA512
a71d239f71eabddad1298605949ffb639463e4abae606ae5257aecd8d65263fda8045a7fa6dd5e27ec6f78d40a981a7cd461c68950987c6ed97f277b6d2a8b93

Download Submit
/data/data/com.duolingo/files/.com.google.firebase.crashlytics/6588D563012F000113E53140B624CF25keys.meta

Filesize
443B

MD5
49ec654ca2f79d7f23455a5b445cadce

SHA1
d7032747a96dae012d5582d98c0fb7dd2c45525f

SHA256
ea741bda6b0806d11e9f33a2240258fb4c41d115fcc850920c437a40c738887b

SHA512
40efecd56af62fd1f0224e7b0c44c7ba098989697db0271983968b37bbf66020a75796a4716df3dd3435667349232b9543d46fc78ca34930af05d6acf669e75d

Download Submit
/data/data/com.duolingo/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-6588D563012F000113E53140B624CF25.temp

Filesize
68B

MD5
ba0f400d76233b65034fb2a857c10337

SHA1
0b9f1eb7764cd7f9acccc9d5e65beb27b11039a7

SHA256
6a23f37c2ec543d25d957f2efc5a9dea061adff3539d63345ecfe7c1b59dfb78

SHA512
d3fa2b20068f4146b3f340046318855d35f017ba6a0f3fed7151409061e405b61c849997e98b71ccc1f1adbc8f8c5fcca20e739e408b443e8c31d9fe34fd1510

Download Submit
/data/data/com.duolingo/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-6588D563012F000113E53140B624CF25.temp.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.duolingo/files/.com.google.firebase.crashlytics/report-persistence/sessions/6588D563012F000113E53140B624CF25/report

Filesize
738B

MD5
e1c7b888b1d931732723506ccc73bf5e

SHA1
3e5dff9a059a3c37ae45eb12a8396efe5d51c1cf

SHA256
4e8a57e50731c4ef5ad6903b8d04c6e9085981b80318f4bf6073eafa14d4f314

SHA512
cacaf9d1d52a7104421d74ebe86cbdd2d7487bc801b32b7311a87a6c8e7dbfafe13f2fd9d98c24c3f16fb68415ff03015d7ecc45b0724eec55ab807e4b2c5fb7

Download Submit
/data/data/com.duolingo/files/AdjustIoActivityState

Filesize
1KB

MD5
0ce7c4c70d8c29cbc7f5f9a11768160d

SHA1
c4ff50d9bd311225779f74e2552047e23f19c777

SHA256
321b4f21c95ee24b3f3f9d273c1314b637d2c013b2d2a7e7166388c3d36a0536

SHA512
c5f3b7e430fb5bb049302c78237e172309fe71362521b58ec9f5b25b1b2234649c7c54affaadce3473badddcb4cb079b42af51330db19f4ec29fe57e6e51d2ca

Download Submit
/data/data/com.duolingo/files/AdjustIoActivityState

Filesize
1KB

MD5
944fbc6367c72b84e6b400a3955cd7c1

SHA1
19e8a00c2b107b49a47f816a0a44fc28c31ee782

SHA256
16ceffc393bd6e4c40a18ab025c57db3e479542e8e5bf5e1ba63e6ad8d8aeffd

SHA512
ad7d2241826465eaa90f159630eb659bbdd5dac4ca6744fa0fcd503a2c0fb5b4df1027aab0d40881336e3c1800657e9dd24694865a502896662eff63f1b54f59

Download Submit
/data/data/com.duolingo/files/excess_events/event_store.ndjson.tmp

Filesize
1KB

MD5
3547860540c74b5158a68e83de3a7e2a

SHA1
7d883a057a98c4954ef416922f8ceabdb19e077d

SHA256
0ef2d12235d92da9b9e99183f639d16bb397a7d6c040faa1c370d2c5458acc7c

SHA512
842a6dee93ba66fcd98793129e4c994b22b8106ba2ba35832d5348c7d606d7deba7f32384a3aabeee5329025fc9dc3047aa73391ea268b2e944c93e689148d99

Download Submit
/data/data/com.duolingo/files/excess_events/event_store.ndjson.tmp

Filesize
3KB

MD5
7a1b178bbab026668aafb2306effdb8c

SHA1
bf3e8d01efd086e3660d24f4c7e1e7cf8036bf4a

SHA256
d2d050194d9cfe770ed9732a87bde5be330dae2f3831e0f8b901496cb2d0294d

SHA512
c6cac885c14a11a24d1f0eddd6f7c09e7b9ce31de8a80bcd4de26036d839122bae91b835b471f0fa52915a9061d0fd672720913df92d618787b7dcf3e376c172

Download Submit
/data/data/com.duolingo/files/excess_events/event_store.ndjson.tmp

Filesize
5KB

MD5
a0d63eb674b32cba3a346eef116df231

SHA1
9fd555e9ef1fa28258c2175be910b8fdf2a03d52

SHA256
ccf92daec7c1b335e7a8c2d2a8569e0c17a76d510dd7541a1a31cc47c3b0da09

SHA512
b236c177c36b17d7233d8cfd9c71b949a8204f7e54dc4d48e5ff80920f4dc526b233da080e41c09bda869fa4ed237223600a82a1f48f581dd6cccd7620ab31cb

Download Submit
/data/data/com.duolingo/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.duolingo/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
0da92919f8f061caa2226c5967c0036f

SHA1
d8fc457521ab77d7a959ab5e9d30e844b49e60d1

SHA256
dbdd7e46069beb53a0b8b77270c3254cc1bf9975000a8fb190ab17f4a7927f88

SHA512
9d53f8d07fc33e413f79542cca222050ffb026a4b7228f8025e1719dfb3ae62122d9bdd3feae1fcf2c63c5ae41ed7e8f74328efca695d88e4cda3c30bbbf71cf

Download Submit
/data/data/com.duolingo/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.duolingo/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
9f89d31c51e7a84fceafc9a504a37b5d

SHA1
1bffb5959c7c56eea058653fbc3ad069e5428f95

SHA256
a59e279541675127ae1a0083e5895404f34de47cd2207d658de65663b808f11f

SHA512
b79177e9dec7ddab6a63d48b43a03e2e357d46bf1bffbbaec5368b8a892269ea155aea9ec8a544b5e4b2a73ce7cb22ff651fc19720378ec8c62b6a8c31981630

Download Submit
/data/data/com.duolingo/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
fd938badd36fef2c2eb5329b1c42ba74

SHA1
808fe5f6c2da50555ffc580b28a9578fcee06da0

SHA256
f91dd75ed9cedb4e27a43a9e265724be98b9151fa7c77a564f2f9e9554506971

SHA512
de9605d53b22d2162e8293bc76e627677487b353d163b02bcc080731d3e5660c2f9532c92904cde315ae9359a5ae3f99be09dc3a94293070502d16960a510523

Download Submit