6e422998077e7bbc7f6726eb100104fb5ba97fe62e1c1ca846561179dda6b6c7

Analysis

max time kernel
5s
max time network
82s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
20-04-2024 00:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Evon.apk
Size

177.5MB
MD5

02a9032150ca8af20604111cbe1c8d35
SHA1

5f88784937569acdd332e9018cba954e9e842301
SHA256

6e422998077e7bbc7f6726eb100104fb5ba97fe62e1c1ca846561179dda6b6c7
SHA512

62ea76d1d9d28c29aa5c8fc533fcc633339aee48a243b6a8e1bd104d60c85731a164a54f04e0938649ccecffa48cde4f91c073f0df9aa05c376534d48e683410
SSDEEP

3145728:VsqFqjmk3vL30DZEqjJq6Xo42Hggbq9iWlNhJ+QkyenVREPn7zg/WFCs8M7z115I:aAqjNpCJfo42l2UWlNOQkyec7c/WFT8N

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.roblox.client

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.roblox.client

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.roblox.client

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.roblox.client

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
99	discord.com

com.roblox.client
1⤵
- Checks CPU information
- Checks memory information
- Acquires the wake lock
- Checks if the internet connection is available
PID:4198

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.roblox.client/cache/0de3774d53f29efb27fa09a940a0ec5f.0.tmp

Filesize
5KB

MD5
dd3cbac8840750d88e8cbd815e246025

SHA1
e683c8b1f4769c2c73b8d15e4b3f795d55daee4d

SHA256
75139ab9a408b125d2465860e71f640ee9c6c7183b704e77e0e212221db2ba93

SHA512
73634047a5bd86a6215f0b7bcde03fe09c7cd379054ec8402d83959d4e30872b9774d299d1881dac9589afc84c784e0b43edbc36a0541fb3ada3dec3476508f1

Download Submit
/data/data/com.roblox.client/cache/0de3774d53f29efb27fa09a940a0ec5f.1.tmp

Filesize
201KB

MD5
7a31ad780b3d4579eb7ed1f54978a05a

SHA1
da3c02fb067d0ef0ebd6a4e8260d934394321259

SHA256
06c8fe5885bec525d3950bc3c018f2643175b852d9e2496ada5a85e368cb4b44

SHA512
adbb5f440829cc56d1e982d5f68364244d5f345a10db98a77ac643c367f271b1f9942f7b3024f7c673a76b131a39bbad179c853161764603c98df4218722a391

Download Submit
/data/data/com.roblox.client/cache/journal

Filesize
126B

MD5
63f94e66ffc236b0abe641576107727e

SHA1
320f389d953cd54cff82527590f258f33f337f01

SHA256
0f934dceecddf5b0cfa05a24d8b350c5397c56f08d589d0ea85f21f58211bf9f

SHA512
2a26911568ad79fbe88c5955b60475fcac6ce707c8576e1e4b9670e08b077cac84eccd1d5737efcd3f1b5183ae9d947103a741709e7682dc41b4c8dfbdefdc84

Download Submit
/data/data/com.roblox.client/cache/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/data/com.roblox.client/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.roblox.client/databases/google_app_measurement_local.db

Filesize
16KB

MD5
552d8493a5dbce88bc73466738f9f667

SHA1
3300891f0003df9cdf44b09cd4e19dea1915ee69

SHA256
26734d4feb304921a1d8c9721718694674e565587e9fdd088f991e8e24f36cab

SHA512
16ef9be1d08e238dcdb0b6bfc50823b0fd4950bcb4265fd25566273889a464e331e5fe4e2596b7f2d8e6f9ed5e01501db76fec7627ce5455af88e0cc3559df03

Download Submit
/data/data/com.roblox.client/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c20e8b1acdfb1f7fd5e1add96f87c26a

SHA1
072aef5eba60082f0acd84ff96cfc5ea631ea729

SHA256
83f41576b800678f0f19fff0daf3afdb2e1288c084ddcfd76b5f1547bef039c9

SHA512
f4a0a99cb5d439d9cedac6dd4807d6ea476c1d0da4bea11d98aeddcb0666dd97ba0c919ec283d224bc4a10617ffb60cdf5efedf198f8184f387d207733049477

Download Submit
/data/data/com.roblox.client/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
08fb9d0866ae01e4cb22064d212e3ed5

SHA1
88db54d814e1bd7c7a26b82f4f51cca8fdf73d7c

SHA256
05ad0fe183594647eb3f3c6e9e933f9e7d20ca614a9d697bfcaef6f14593f56d

SHA512
7adbe64f0121e7a0c9bcb90f472d1235dd1376552002679ba62f0577f004e58296ddda7ba0f54e91d7d0e76791405fbb214780ad555eb59bcd0159939b6f7d9f

Download Submit
/data/data/com.roblox.client/databases/google_app_measurement_local.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.roblox.client/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
91577320a0e0ab8fd5f9057ed6b5321c

SHA1
c6cbae860f48a576767477476ad6985b1c8cf467

SHA256
0093325f906eec1c92145eb814b7516ce0a3e759fbc8ec60b2f02350d98af4a4

SHA512
ec45deeee20d14a36d557f72aba63577e7317eb0c257323992374c2f158fd401315f2d378ea640d1f5f6e2fd2210f3a07a34511fa434d8e736f9a3ef13b15221

Download Submit
/data/data/com.roblox.client/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
b06c111504bf5ec30ba7f20ffe1d55d0

SHA1
1e5f4eed9546f6341ba3324e6807ecbfb028b362

SHA256
b9c097416a842ba5f8ffa2e6bb0a7b2304fe286543feabaebe2e02b106ac39c4

SHA512
aebcb1db749173bdefa820d654af55da528fe3937f446135a340ff0e83a74094a96b9ab30fd755cb2663242111492fb1976cea0995a585ec9c1137d22bac4b39

Download Submit
/data/data/com.roblox.client/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
8f0d6577c97c135bd953af5433ce3f5a

SHA1
5b9a83f8ca77d0f3852eba86bdf633b4f5610b5b

SHA256
f825e746a136e907c120376262fc040d3b38384ab4503fe73f70e474f1de1429

SHA512
65cd512acfc8d23430e8e24265a9ce5b44f799ae66c639143424e1c08e9d89ec2252296ec5f1a421fbb6681fa91857d66b4d925b93cd75f405c13345c3d58295

Download Submit
/data/data/com.roblox.client/files/PersistedInstallation4869796217610104908tmp

Filesize
79B

MD5
0d1455d38839f60082e25ca3347de105

SHA1
6d56a439fffb3285e049dffc8dd790218fb46691

SHA256
bdf44cafd7c77385d8945100beb761a0ef50971e6af3a9260392766ecc8bf53c

SHA512
f10e088711130752c39e35f4dcde7989a5ead1e9ae5dac6773cbb233bf1fa7fb6166b1c5044e0be69f7af8a37adfb076395196e993458cbab160c904241768e1

Download Submit
/data/data/com.roblox.client/files/PersistedInstallation5092215413240673797tmp

Filesize
561B

MD5
7a7cd2ad56f40a4b0737c024ee6056ab

SHA1
aa9403a74240ee1e6e17a37ce02755598b86bee5

SHA256
e2b30b387d1e7b19011eb930c68801ec6e487b7d815438b2eae380020ef26956

SHA512
7449b953dfc62b88e83e620ee3dc7c14f6763677004b9f76b9f2ca1823e32ce527a3359dd4d9cae1335144dac6cff92cbf3ca31cb6c0137a86d3f4c3436e85cb

Download Submit
/data/data/com.roblox.client/no_backup/com.google.InstanceId.properties

Filesize
63B

MD5
be38c7be3f658baa3687db95d7d78aac

SHA1
f723dbd093b2cb9ee8b9e8a67c63a2ad26e0b8af

SHA256
99ea62667ebcaad4f7aa621e86211537ab5fbe08e0b3d0723684086c825ed5a9

SHA512
d7d80097318aa8347c8559b2a9478049c99469d6e35ae35ccebb3c149371b81d3f07e7612036753d221134af73bd00cc3ba364f16ef6dfb9f531804183bdb9ef

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads