2a082a251186f073265791338799ad0e1eec0c3f4fd3b8a911bc5ec34538cf9a

Analysis

max time kernel
10s
max time network
137s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
16-03-2024 06:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PelisMax1102.apk
Size

54.8MB
MD5

d8e86bda666f958cf2048a366c70eb12
SHA1

ef518dff3fdc5d46d8be26c22c9c0a759d338556
SHA256

2a082a251186f073265791338799ad0e1eec0c3f4fd3b8a911bc5ec34538cf9a
SHA512

6b8b6b1119e082a4dc6b981287b4d53dd2570011a072b46790a008a0b6417b5393a89813ff70b129ec1c452d90c465fb7de3c8ca3db75e3a728e65337d4bc0b9
SSDEEP

786432:ts6B1FnNxWDKGvQm/1uYD5bi1b84H7UpbFlds6lOQ8is3iycHF0To3FHVYcJJXIN:i6BvnNkD0dYdilsbdI3VcmTo3ccJVIN

Score

7^/10

evasion

Malware Config

Signatures

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

Processes:

com.equirozdev.pelismaxv6.app

ioc	Process
/dev/socket/qemud	com.equirozdev.pelismaxv6.app
/dev/qemu_pipe	com.equirozdev.pelismaxv6.app

Acquires the wake lock 1 IoCs

Processes:

com.equirozdev.pelismaxv6.app

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.equirozdev.pelismaxv6.app

com.equirozdev.pelismaxv6.app
1⤵
- Checks known Qemu pipes.
- Acquires the wake lock
PID:4321

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.equirozdev.pelismaxv6.app/databases/StartApp-d6864f2502af7851-journal

Filesize
512B

MD5
42de3590efd066216290bd82c292615d

SHA1
92768758db7635e52a86054ec7bdf01736c76d26

SHA256
03b63e556292e4f83da003de90d387b871c12d8cfafa874549d23f23e91a5345

SHA512
732885fe15a8a5228e673b82d6046602b5bf0331c6d27054ea827528069e0ff9b9dadc449daac2899f91099de40608b381afc713e36aa50bbb5266bd730745c5

Download Submit
/data/data/com.equirozdev.pelismaxv6.app/databases/StartApp-d6864f2502af7851-wal

Filesize
28KB

MD5
fa1eb26eb63963c4182493b903f4ec01

SHA1
17a0d61fd7522249da0da124c7432c606289c210

SHA256
c7c13af3512eb0cc3a61f746d73cacd7f2dfa9c4b42e4e59b9081d8a87e45e07

SHA512
ac0d1349aa0d49a6f77787a8ecc10db8b502406bdee02745d5b312a2ff83bf2f2bdd52fc0fe415d824f8ec04c8133e802853079fd90f69ada2c0a78b21288798

Download Submit
/data/data/com.equirozdev.pelismaxv6.app/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.equirozdev.pelismaxv6.app/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
221a6f2c22e6007c7614b08e4cf9a1f3

SHA1
086876cca2f92c91ac1ec6547e48a86715f20171

SHA256
db395e84733ad75cbbd3d3c9b728b478e77ca6061813f9a624fa84150dd27025

SHA512
e0dd51312d3cf00b92b76228c43a40d857b8f9ddc834c8d1ebeeba1470d5d2dedb50370cb90e94a6b87e1a9e70b7c56ae585c6ffa6d5df54c936d852f35f5002

Download Submit
/data/data/com.equirozdev.pelismaxv6.app/databases/com.google.android.datatransport.events-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.equirozdev.pelismaxv6.app/databases/com.google.android.datatransport.events-wal

Filesize
16KB

MD5
be302a79ed83699f5bcd7e7d8d4a161c

SHA1
651a94e610fe0840fec69487794e63838896c5f7

SHA256
4dbdb29e9572c18e9379e952ba1264f9edcf3c9943e25ed3e1f59761d97986fb

SHA512
5e061704fd868336fa112e7c1c29b3e0edbd877e0a59c0d24648fb1876e40c8a288afe0b68491129527c9cb66acd36e3df5dd1a712ce87dc759c1935cdb8ac7b

Download Submit
/data/data/com.equirozdev.pelismaxv6.app/files/PersistedInstallation2742908960517420491tmp

Filesize
90B

MD5
b4dd5b1675d09afb6f3b0adb326becea

SHA1
4887e2e19460f6e140fe74243e82f6bcb3eccd1d

SHA256
8bb844fe0f2cf426930fc7c3a8829b9bf85057e6e8f929866710bb3d659aed0b

SHA512
ab23ea78d81b7764a7cc5a895e8dcd5d418e3361cc3296a4dcd849955511fd13dbe14fabc87021ee64022fc989b9f1eb79ec1ec6e183e04bd0d759ea03bc5efc

Download Submit
/data/data/com.equirozdev.pelismaxv6.app/files/PersistedInstallation8696408180390249854tmp

Filesize
565B

MD5
4fbb1d3435f2135bfef0a12581800968

SHA1
6768ca86b03e927aaaf854697b4de7008e386d4b

SHA256
7d32a05bff716232e7ead3628cc041fb92235b9bd511abb88731668937b5441f

SHA512
a27a34dbb15f686e72af1cd20c1779009b84add473657711f23ddece79570c39c22e03c1e057fca93140d179e9fd1f0f2d3ebaef24185e1e68d5e96f02c4d72a

Download Submit
/data/data/com.equirozdev.pelismaxv6.app/files/shared_prefs_sdk_ad_prefs

Filesize
5B

MD5
9dcf2a6f12095ecff342e9fa0c5ca72f

SHA1
c815f34691be353caa9de93bbdb00a31f62a9ed3

SHA256
4e68143408826326220a32d6bff59e1cca3dd85f74b018aebd6723c5686c54e5

SHA512
7ba3449f5ec3363bbee33d47abe471286cf78034dd70379fa4d0de5fd59215e8c58287eddffed1b9c3c74e157f6a9ad69b0c551001a62d04790bba49df48231c

Download Submit
/data/data/com.equirozdev.pelismaxv6.app/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
475ad86da1f29f5265df02bc57d26ab8

SHA1
cef365ab035b5be89062eb62a9b1ec5ebaf91d11

SHA256
351c2857eff6d82a02179fe5cca128e7f8ed1d2b7432a4d6f88be4dad9ca4b5d

SHA512
e222d31e7b81764c140a3cd8e5b673fecc2b5c95e9c8297c5e09c9a51e918f33bf785ac6d44374c49106c1119031c2123911d97682b9e514b75aacc9dc9e1d94

Download Submit
/data/data/com.equirozdev.pelismaxv6.app/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
b37f6082c7d926006fc6491306d32fde

SHA1
e1d5b6cee1390001fcf4b8e3f20eab5fbf4c5681

SHA256
44b1f934d7a22cea5571e624a6fec72afec1e760b920aa32215e195a4d12b613

SHA512
9dd8f067e187c64368b492a83d04ab1c1df80ea890e00a3970514fb76d67c49d507d6b721877ff4429082d75bff8ce08f12910cc20eaa4a2d98fbe41d7b60c4b

Download Submit
/data/data/com.equirozdev.pelismaxv6.app/no_backup/androidx.work.workdb-wal

Filesize
40KB

MD5
dab72e42009f5e015559e60ddb7fb154

SHA1
af6c8db3a88829bb44aad8d2270eb915b9cab67c

SHA256
cb8b4462c8975320994175f891a1fc50da5e80c2ddbe31c6e675c1d281f820ca

SHA512
1bf8ea51a4272d06daa34e1fc8984b06a65a687956fed6f840c316c3fc46740c8ce8b5d9a50b24538b09fa02add983a479bbd31f34906a91d0060f84ed8a791b

Download Submit