3d19a2e0ffea784874516ae5e84aa09ca53d0ff2780bd92b3214077337d1151c

Analysis

max time kernel
126s
max time network
165s
platform
android_x64
resource
android-33-x64-arm64-20231215-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20231215-enlocale:en-usos:android-13-x64system
submitted
20-02-2024 17:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Duolingo-5.138.6-www.ReXdl.com.apk
Size

55.9MB
MD5

12e61f78e98bf70d38f8073d8642f16b
SHA1

376027caf1d77ff75df3370600ef162bc25909d4
SHA256

3d19a2e0ffea784874516ae5e84aa09ca53d0ff2780bd92b3214077337d1151c
SHA512

40791c92566f61d1f95b4eb1165873e1530df9577efbc0cc67dfbc49f7d8abb4a06e1b9b3ec38e4538389fcc488af912a52d4fe879d2d4fbadc6c42ccdf27503
SSDEEP

1572864:M6oRk5Si7kUVDvphWdp/fN4mYty69kZnSyKxvx7+ulMy2:y65n7kU9vrWdJfNMM

Score

7^/10

evasion

Malware Config

Signatures

Checks Android system properties for emulator presence. 6 IoCs

description	ioc	Process
Accessed system property	key: ro.bootmode	com.duolingo
Accessed system property	key: ro.product.model	com.duolingo
Accessed system property	key: ro.product.device	com.duolingo
Accessed system property	key: ro.product.name	com.duolingo
Accessed system property	key: ro.hardware	com.duolingo
Accessed system property	key: ro.bootloader	com.duolingo

Checks Qemu related system properties. 5 IoCs

Checks for Android system properties related to Qemu for Emulator detection.

description	ioc	Process
Accessed system property	key: init.svc.qemud	com.duolingo
Accessed system property	key: qemu.hw.mainkeys	com.duolingo
Accessed system property	key: ro.kernel.android.qemud	com.duolingo
Accessed system property	key: ro.kernel.qemu.gles	com.duolingo
Accessed system property	key: ro.kernel.qemu	com.duolingo

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.duolingo

Checks the presence of a debugger
evasion

com.duolingo
1⤵
- Checks Android system properties for emulator presence.
- Checks Qemu related system properties.
- Acquires the wake lock
PID:4361

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.duolingo/databases/com.google.android.datatransport.events

Filesize
12KB

MD5
edb655088d1ed9f33f9d0d499b7a3ef5

SHA1
565c4f4e43179dbfc285cd6331dc8ac75a901af8

SHA256
bb9e45aad35b43e895393e7a66e4ead6a5f728f90b7627e3c741d391bf65d4f9

SHA512
98cbf923880de82921c38973fbc6d711dc39884428d1eb4ead33658a5a7f163734e5121823d5b043ca44554d19c5b6f966674ac7291513944a94cec97d5be599

Download Submit
/data/data/com.duolingo/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
6334bea4730606ec7be13423194d69da

SHA1
b2be3d448a2d9b44d7f8b910edd5a25ab91d7566

SHA256
7b3a756a39d152ed571cf723346e4dffa35d7a94f213c61bfb2d68113c62c690

SHA512
5be1b85b30bfaad16f0b9bd9a727b0c6ad2844e3a398d50089f267d6893996246031f1963173856041d22cb094f0efd97dbeb06448eb51935a9296aa88337024

Download Submit
/data/data/com.duolingo/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
db0b21ad2a3349b3b82e5f60953c5e9a

SHA1
69bf93289e6822b3479a76d114f7e01f642986fa

SHA256
33ae5fb20a17bf896ac33d9ff0170f2ea278da25e2e7ce66d29af40ae3e89391

SHA512
57829f136f333e7890d870939568bdc31f3e83bc41471833fda1c459a64fd50c80ceb14044ede820a9282ea2eb5f44ef9fa5f7aecc2ad793f26ee05fc2974665

Download Submit
/data/data/com.duolingo/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
236ad7be90696fa21f40d9d5c6f6c7ec

SHA1
1a478c1cb0df25e9569122763347c8eebde39f84

SHA256
1b2ce5b118a4ee323d69c813eec6666fe2d65a0fe61a9cf6d31a104083b2916a

SHA512
57f134431ab64b3787a5e7aead1af6bdeda2e2473cf1e26cad2879537fa6f09ffd8ffef644b219262a14674e6a3d3a7b8ecfe55638633636f78cc93e308c8d81

Download Submit
/data/data/com.duolingo/files/.com.google.firebase.crashlytics/65D4DBAA01DF000111096D60F9AA0100keys.meta

Filesize
556B

MD5
6f8626c86f4287a59dea57edc9cae0ab

SHA1
aefcaddf291f1e46ffd69416f9173a3c5c346f16

SHA256
e034c7339e22a8b4f1a2cfaf801e5271a0523c596fb117921f020280370febc0

SHA512
869226c60ce556ce46522db83859a6d6c2623a74bbc0b6fffb592d6c9b1b53e36ba42263dc2769a783e834429432730e2572c9a1f1176462aea833ad6ca5aac0

Download Submit
/data/data/com.duolingo/files/.com.google.firebase.crashlytics/65D4DBAA01DF000111096D60F9AA0100keys.meta

Filesize
490B

MD5
c79b5cc516894541c927cbb8a057a546

SHA1
6968aee4c86923e1fde1c3be8867dc0f66287b4d

SHA256
2c594c59bd9e8b9e189a9b395c4725f0ef626109eaf10d83f2f8aece27b02b85

SHA512
63ffe71750557b231d64824441ec61a1218edd7936c6c74f9544db215c22f7a3b8b60ceafa5386895159f6d57132ae4ce945eb5a09530c6f70dd252aef2f0334

Download Submit
/data/data/com.duolingo/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-65D4DBAA01DF000111096D60F9AA0100.temp.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.duolingo/files/.com.google.firebase.crashlytics/report-persistence/sessions/65D4DBAA01DF000111096D60F9AA0100/report

Filesize
739B

MD5
1b5153d43b29e16971ff81288a2bf7bf

SHA1
13b97c654d635952bfa2ce1fe36f05c700117ebe

SHA256
866c6f4d2f2c80540dd93ae4df892085a49a76e30f5287e03989f8826e368ee2

SHA512
d537cc0a192c3f36a5d191c5fb57bb32bd5efbdbf5f2490e7571e058fcf1aa7833b178df891d23e83661a25a094eacc5dc4a021b3bbfe8d98fa369a855fc6858

Download Submit
/data/data/com.duolingo/files/AdjustIoActivityState

Filesize
1KB

MD5
1ca952c8060a004ae0b5189b732bc3a9

SHA1
2d7d27401e4fa306a4506b8b51357df5aba4c58d

SHA256
ae770dfe149e1fca8df1ddfbba3052761d0610487182da99fa648f2d1661a363

SHA512
f7cdb26905b5b9a568d2591c69dada177499c877f22bc0a8592b5bebef3f42d26e424b97142a8f5d9f26ac6d49ad1ff1750dafb432082c0a37a90a6fbcfb7e08

Download Submit
/data/data/com.duolingo/files/AdjustIoActivityState

Filesize
1KB

MD5
98b2877059fff5adab1410b7979478af

SHA1
36cd95641893fb1deb4d21024af2f8d8e5e0d733

SHA256
807b7d22b1b2a14df5ba97bcbe7edb9f933ac17c869777744f7e8bf598d78c95

SHA512
262d293d001ca1bf8ce590a2b11db0b5a5507af52f4ae5d8106b5389f7b7de5d5a5e94ec73b02019f9c81e66e4d2793bcb01f60198c1b9b158fbf9e7f7dbdb7c

Download Submit
/data/data/com.duolingo/files/AdjustIoActivityState

Filesize
1KB

MD5
08fb1259aaaaed1d78db0753689b447e

SHA1
18301c706dfe5afa746aaf213f63deb8b9ad0396

SHA256
8fbbf986d1a7448ad37fc8e9ce16578b080ae527829ea27fa727cea4afb842fd

SHA512
241a49f3b0c972e0bad8e62698e672334d778e74d46d53f921bbe7f69a98d49bf226fee3b2712e892dd6899e3d855807c19417c65d52bc3723db00867a0dcf6b

Download Submit
/data/data/com.duolingo/files/AdjustIoActivityState

Filesize
1KB

MD5
bc33310a0400d8d99832883b65d1aa65

SHA1
d70a67b6991cf0947217ea7c514fa5f3188a696a

SHA256
0e5227ea01dfb94a4a74259a019e1d04817d957c5edc4e0506b537760107a9a3

SHA512
40ba4870009c47567017224d7c845eeb2c22b82d3740db83c4722c5ce2fca77fa13f4051810bbf448484eefa1dd14b361b3b66f5869484a99963222433aa83ce

Download Submit
/data/data/com.duolingo/files/AdjustIoPackageQueue

Filesize
1KB

MD5
8e33ef66022dafa9149d64fcc269d332

SHA1
8aa4f98524bc6870cdebbeaea783958045414a48

SHA256
f293fc088d20bff203c8d0b1e4927c4263383126fce275d52d8c28801e2a9364

SHA512
f70f68c47cc24cd26d88ca32b61425cc40ee4343eb321c1a159713e8a6817449123d8f21527d2147f6027b71c596cc3c465f5c1a8e879c991d4e533de96304f9

Download Submit
/data/data/com.duolingo/files/AdjustIoPackageQueue

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.duolingo/files/AdjustIoPackageQueue

Filesize
1KB

MD5
125f50c39833d05fc050cbcdec656fe2

SHA1
0f3c63e2b26a3e8161e95737919bf0c9315a1189

SHA256
49662ba82cdd9e152f4d43ea93c3916fb92e77f609fa9f4925f863c0cc00135e

SHA512
8317e09a2846a1499a8d2e06bf3ba02cacd1ab5d693a9aa02f020394f8d48bb39c4c59d404b690fb78a4891611b84aba6567e0ec37dc092b884748ba97cb445c

Download Submit
/data/data/com.duolingo/files/excess_events/event_store.ndjson.tmp

Filesize
1KB

MD5
b272d927d2c559c3fc6890b1d6a4484c

SHA1
ef0cf9dc347f219a986c40989a321c40a95187a2

SHA256
8025c36f53bb4a215da67f5b6ecc640ba5c630425bc80d27c42bd7fe310287df

SHA512
3409128727a8abefadeb209cd6f6de96f39ece5a80900f7005d4212e38d3a1090d7b8a6403ea888e4c1b08f533850757d2a103f29626318c33423d37a361861f

Download Submit
/data/data/com.duolingo/files/excess_events/event_store.ndjson.tmp

Filesize
3KB

MD5
8948428c5b9524fb2fe5cf461e4eaee1

SHA1
b2f7e6c7f091f7d2519bf27f978361bcddbea8a0

SHA256
fd271cc52e9751741eb66a242ab4e31cd8e3cf969b9d2ac58c954236ccdf3ec9

SHA512
0f786067a54d31f2bd3035a5ffb6c1c00d2cbf4a02089a3e5dea5c36c171968d67baabf386fe14b31966430e6b77ed4fdbe34b0f04177c4cdf37d239d2ab72dc

Download Submit
/data/data/com.duolingo/files/excess_events/event_store.ndjson.tmp

Filesize
5KB

MD5
5e15b82e9666c0773e762f49c128aa7e

SHA1
6b172bbfefca804060afdcd2eb323b591f01521c

SHA256
d37d535b435d55395a771f3a4d6168678245531fd0cdff70c760c4abdca2bd09

SHA512
78898b3eac679d34331029f4b3d8cd5ccd3ec24d4812e8f64badf4a7af41280e79f75367b6e28c1472592d8322a86d25c0ec122e0841fd4eda72841c13313541

Download Submit
/data/data/com.duolingo/files/excess_events/event_store.ndjson.tmp

Filesize
7KB

MD5
c92d2189b6dd8bc7d88e2d1b7a8b57c3

SHA1
af9f815d06153e128bb2143b76a89254cebe919e

SHA256
31acbd17a8e90471dbf4ea7e74158c8b1fb73b866c2c3c94a19dafc54bab6996

SHA512
72b9f6ff9311fc3cf4300da74092ca77a192df1c88f20f03581a29cfbc9a331fc72bd324de329b00263585f8127c1e8648c473fa8962f1edebc2082bf144ee15

Download Submit
/data/data/com.duolingo/files/res/v2/rest/2017-06-30/config.json.new

Filesize
4KB

MD5
71ee1c13bbf212ae4bdb588508486f8b

SHA1
84ff9b3234878fec97ea7c525d24913bcdd59881

SHA256
bf6cedc8e27de7dbe29aebc55b1fba6415d2013ca602ffdf2b8362ece76efe61

SHA512
06d4b838320947fb397910ee17c96fbeaa56d4318238b63ca57698a0b49613e02aeaa86f0ae39b2481c1455262d5e3fc36588a0763c463d8c4213278b30d496d

Download Submit
/data/data/com.duolingo/no_backup/androidx.work.workdb

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/com.duolingo/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
184a374a4a64409a341c8d3bfea4b4b5

SHA1
702c532be783af05b346ea85810486ad83be1fea

SHA256
24d18c2487debe2bebaa7f3ac31fc04d0db11f9ea2075ab170e9269dab9faa3e

SHA512
c421ceaa9f231229a03fe57763f316c397171e09c7472f3881abf51011f084bbe10e8f4f2c3c317fe3aa7115f9e3b7832cfb864abeadc5aaf17e5b14fa9f62dd

Download Submit
/data/data/com.duolingo/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.duolingo/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
6b597644ce8cfee9fa1276294dd38c4f

SHA1
3e4d88b76a5aee0dd9fcf54567a570729d590ff4

SHA256
77c6765f40d48a51308c68771040662b1cb02db22cb9946cc21cd604b2b7009c

SHA512
44685834242ec2e3939bcef6d5131b037d299b0abfdcdfbcae0881c91abf64852018116bf1809afcafedae12fb4f234634f464f54673f84e9fe5839ee7ac0c92

Download Submit
/data/data/com.duolingo/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
03d358887e119e77d37aacf6e0cec03b

SHA1
184aa11dddcdad6440177cd0dca4ef6a80387716

SHA256
3b446f0c2cef0509d69c58c567ebfc5697a4aa9dfa68a3ceb9de2d93ba35c340

SHA512
7be432b432015c8a9fb31ebbda732c956d2beeb6a505c650b757d5f8b2b2136e74c670fe2e355d2fb37d13d35b8777141deda9a49186407d28dd87addff12884

Download Submit
/data/data/com.duolingo/no_backup/androidx.work.workdb-wal

Filesize
156KB

MD5
b64d55a564b491cd64ff636b1f5a67e5

SHA1
9a3aa7117d7f8177fe4827d9c837d9002d2e6bb4

SHA256
1ef060d1987a97bdfaee1f719976aa3a49d6095faf7096a326bc78b96f2c79b5

SHA512
a1160f445e7c2a00f6443cde3ee52d21376a44c293fd4838144f6c8ff60cd95e693cc7743385a704b681168e9a3aa92632626ec395bb38f9af78ed46a2c31047

Download Submit