Malware Analysis Report

2025-08-05 19:08

Sample ID 240421-jzkxrafa91
Target https://www.mediafire.com/file/1qjiryaa2bfydzi/Subway+Surfers_3.10.0_Dat2022Modz_Legit-%29.apk/file?dkey=dss1s0mz3uc&r=684
Tags
discovery evasion collection
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://www.mediafire.com/file/1qjiryaa2bfydzi/Subway+Surfers_3.10.0_Dat2022Modz_Legit-%29.apk/file?dkey=dss1s0mz3uc&r=684 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion collection

Reads the content of photos stored on the user's device.

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-21 08:06

Signatures

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-04-21 08:06

Reported

2024-04-21 08:09

Platform

android-x64-arm64-20240221-en

Max time kernel

142s

Max time network

146s

Command Line

com.android.chrome

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 udp
GB 172.217.169.46:443 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 www.mediafire.com udp
US 1.1.1.1:53 accounts.google.com udp
US 104.16.113.74:443 www.mediafire.com tcp
US 104.16.113.74:443 www.mediafire.com tcp
BE 142.250.110.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 www.mediafire.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 www.mediafire.com udp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 www.mediafire.com udp
BE 74.125.133.84:443 accounts.google.com tcp
US 104.16.114.74:443 www.mediafire.com tcp
US 1.1.1.1:53 the.gatekeeperconsent.com udp
US 1.1.1.1:53 the.gatekeeperconsent.com udp
US 104.21.42.32:443 the.gatekeeperconsent.com tcp
US 1.1.1.1:53 btloader.com udp
US 1.1.1.1:53 privacy.gatekeeperconsent.com udp
US 1.1.1.1:53 www.ezojs.com udp
US 1.1.1.1:53 translate.google.com udp
US 1.1.1.1:53 static.cloudflareinsights.com udp
US 1.1.1.1:53 cdn.amplitude.com udp
US 1.1.1.1:53 static.mediafire.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 172.67.170.144:443 www.ezojs.com tcp
GB 142.250.187.206:443 translate.google.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
GB 52.85.142.7:443 cdn.amplitude.com tcp
US 1.1.1.1:53 cdn.otnolatrnup.com udp
US 1.1.1.1:53 www.mediafiredls.com udp
US 104.16.53.110:443 cdn.otnolatrnup.com tcp
US 1.1.1.1:53 translate.googleapis.com udp
GB 216.58.201.106:443 translate.googleapis.com tcp
US 1.1.1.1:53 otnolatrnup.com udp
GB 216.58.201.106:443 translate.googleapis.com tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 api.amplitude.com udp
GB 172.217.169.3:443 update.googleapis.com tcp
US 54.187.211.61:443 api.amplitude.com tcp
US 1.1.1.1:53 g.ezoic.net udp
US 1.1.1.1:53 btloader.com udp
US 172.67.41.60:443 btloader.com tcp
US 1.1.1.1:53 www.mediafiredls.com udp
US 104.26.2.173:443 www.mediafiredls.com tcp
GB 142.250.180.10:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 oyvzliipbm udp
US 1.1.1.1:53 hqjxqvndlyymfkr udp
US 1.1.1.1:53 guqhlxwtvmteuzr udp
US 1.1.1.1:53 g.ezoic.net udp
FR 15.188.219.54:443 g.ezoic.net tcp
US 1.1.1.1:53 go.ezodn.com udp
US 1.1.1.1:53 securepubads.g.doubleclick.net udp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
GB 216.58.201.98:443 securepubads.g.doubleclick.net tcp
US 1.1.1.1:53 clients1.google.com udp
US 1.1.1.1:53 tags.crwdcntrl.net udp
US 1.1.1.1:53 ad.crwdcntrl.net udp
GB 172.217.16.238:443 clients1.google.com tcp
US 1.1.1.1:53 bcp.crwdcntrl.net udp
IE 3.248.140.97:443 bcp.crwdcntrl.net tcp
IE 54.78.246.130:443 bcp.crwdcntrl.net tcp
US 1.1.1.1:53 api.btloader.com udp
US 1.1.1.1:53 ad-delivery.net udp
US 130.211.23.194:443 api.btloader.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
IE 54.78.246.130:443 bcp.crwdcntrl.net tcp
US 1.1.1.1:53 stats.g.doubleclick.net udp
US 1.1.1.1:53 btlr.sharethrough.com udp
US 1.1.1.1:53 tlx.3lift.com udp
US 1.1.1.1:53 prebid.media.net udp
US 1.1.1.1:53 hbopenbid.pubmatic.com udp
DE 52.57.148.227:443 btlr.sharethrough.com tcp
DE 52.57.148.227:443 btlr.sharethrough.com tcp
DE 52.57.148.227:443 btlr.sharethrough.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
US 34.120.63.153:443 prebid.media.net tcp
US 1.1.1.1:53 translate-pa.googleapis.com udp
US 1.1.1.1:53 analytics.google.com udp
GB 142.250.200.46:443 analytics.google.com tcp
US 1.1.1.1:53 tags.crwdcntrl.net udp
GB 18.165.201.18:443 tags.crwdcntrl.net tcp
US 1.1.1.1:53 stats.g.doubleclick.net udp
BE 108.177.15.155:443 stats.g.doubleclick.net tcp
BE 108.177.15.155:443 stats.g.doubleclick.net tcp
US 1.1.1.1:53 hbopenbid.pubmatic.com udp
US 1.1.1.1:53 translate-pa.googleapis.com udp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
US 1.1.1.1:53 fundingchoicesmessages.google.com udp
US 1.1.1.1:53 fundingchoicesmessages.google.com udp
GB 142.250.187.206:443 fundingchoicesmessages.google.com tcp
GB 142.250.187.206:443 fundingchoicesmessages.google.com tcp
US 1.1.1.1:53 eb2.3lift.com udp
US 1.1.1.1:53 contextual.media.net udp
US 1.1.1.1:53 ads.pubmatic.com udp
US 76.223.111.18:443 eb2.3lift.com tcp
GB 2.23.160.192:443 ads.pubmatic.com tcp
US 1.1.1.1:53 csi.gstatic.com udp
US 1.1.1.1:53 image6.pubmatic.com udp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 1.1.1.1:53 contextual.media.net udp
GB 104.115.32.26:443 contextual.media.net tcp
US 1.1.1.1:53 csi.gstatic.com udp
US 216.239.32.3:443 csi.gstatic.com tcp
GB 216.58.201.106:443 translate-pa.googleapis.com tcp
GB 216.58.212.228:443 tcp
GB 216.58.212.228:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 1.1.1.1:53 www.mediafire.com udp
US 1.1.1.1:53 www.mediafire.com udp

Files

files/dom-0.html

MD5 86b3c7a4971bc8f4fe2d7fe2b1a54532
SHA1 23f7ec7c46fd4492b0959489bf222bda79560bc3
SHA256 1079797c467fbf9dffd375ec8bea3ce3d8e22b6ed566eef8c082ec560f58f47b
SHA512 44d7b5a8eb8d26bada9f5c21bb8a80925e45dacb4279da7ba9a8f44905a6d0b5bad4a676f5b30445a1b825501fda01398481f0eaafbf0031587088be6bfe26f4

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-21 08:06

Reported

2024-04-21 08:09

Platform

android-x86-arm-20240221-en

Max time kernel

147s

Max time network

137s

Command Line

com.android.chrome

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
US 1.1.1.1:53 www.mediafire.com udp
US 1.1.1.1:53 www.mediafire.com udp
US 104.16.114.74:443 www.mediafire.com tcp
US 104.16.114.74:443 www.mediafire.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.200.10:443 safebrowsing.googleapis.com tcp
US 104.16.114.74:443 www.mediafire.com tcp
US 1.1.1.1:53 the.gatekeeperconsent.com udp
US 172.67.199.186:443 the.gatekeeperconsent.com tcp
US 1.1.1.1:53 btloader.com udp
US 172.67.41.60:443 btloader.com tcp
US 1.1.1.1:53 privacy.gatekeeperconsent.com udp
US 1.1.1.1:53 www.ezojs.com udp
US 1.1.1.1:53 translate.google.com udp
US 1.1.1.1:53 static.cloudflareinsights.com udp
US 1.1.1.1:53 cdn.amplitude.com udp
US 1.1.1.1:53 static.mediafire.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 172.67.170.144:443 www.ezojs.com tcp
GB 142.250.187.238:443 translate.google.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
GB 52.85.142.7:443 cdn.amplitude.com tcp
US 1.1.1.1:53 www.mediafiredls.com udp
US 1.1.1.1:53 translate.googleapis.com udp
US 1.1.1.1:53 api.amplitude.com udp
US 54.212.237.82:443 api.amplitude.com tcp
US 1.1.1.1:53 www.mediafiredls.com udp
US 54.212.237.82:443 api.amplitude.com tcp
US 1.1.1.1:53 clients1.google.com udp
GB 172.217.169.14:443 clients1.google.com tcp
GB 172.217.169.14:443 clients1.google.com tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 analytics.google.com udp
US 1.1.1.1:53 stats.g.doubleclick.net udp
US 216.239.38.181:443 analytics.google.com tcp
BE 66.102.1.156:443 stats.g.doubleclick.net tcp
US 1.1.1.1:53 g.ezoic.net udp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.196:443 www.google.com tcp
US 1.1.1.1:53 www.mediafiredls.com udp
US 104.26.3.173:443 www.mediafiredls.com tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 g.ezoic.net udp
FR 13.39.145.251:443 g.ezoic.net tcp
US 1.1.1.1:53 go.ezodn.com udp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 1.1.1.1:53 dlpashuinn udp
US 1.1.1.1:53 wefmyfq udp
US 1.1.1.1:53 ufdnvlodswaoeb udp
US 1.1.1.1:53 g.ezodn.com udp
US 1.1.1.1:53 securepubads.g.doubleclick.net udp
US 1.1.1.1:53 ads.pubmatic.com udp
GB 216.58.212.196:443 www.google.com tcp
GB 216.58.201.98:443 securepubads.g.doubleclick.net tcp
GB 2.23.160.192:443 ads.pubmatic.com tcp
US 1.1.1.1:53 bshr.ezodn.com udp
US 172.67.142.121:443 bshr.ezodn.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 fundingchoicesmessages.google.com udp
GB 142.250.200.46:443 fundingchoicesmessages.google.com tcp
US 1.1.1.1:53 g.ezodn.com udp
GB 142.250.200.46:443 fundingchoicesmessages.google.com tcp
GB 142.250.200.46:443 fundingchoicesmessages.google.com tcp
GB 142.250.200.46:443 fundingchoicesmessages.google.com tcp
GB 142.250.200.46:443 fundingchoicesmessages.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.200.42:443 tcp

Files

files/dom-0.html

MD5 ce442372705249e5048ffb588ad4366c
SHA1 7849124bbdd0a8d8febe7c835d0b8ab57dc06f52
SHA256 20371df196a66d279749e8d878326d393acff994ebb276e09e1430dbd2552522
SHA512 f0e4933aa27b5356a3a43eebcbe14c2f28eeafa17c8655d4597f93e4990af018931df50d0c39ac376e18346ff5d1dae4c93b619310e41d6109e87da283ad0d38

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-21 08:06

Reported

2024-04-21 08:09

Platform

android-x64-20240221-en

Max time kernel

147s

Max time network

153s

Command Line

com.android.chrome

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Reads the content of photos stored on the user's device.

collection
Description Indicator Process Target
URI accessed for read content://media/external/images/media N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 accounts.google.com udp
BE 108.177.15.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.mediafire.com udp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 172.217.16.234:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 www.mediafire.com udp
US 104.16.113.74:443 www.mediafire.com tcp
US 104.16.113.74:443 www.mediafire.com tcp
US 1.1.1.1:53 the.gatekeeperconsent.com udp
US 1.1.1.1:53 btloader.com udp
US 172.67.199.186:443 the.gatekeeperconsent.com tcp
US 172.67.199.186:443 the.gatekeeperconsent.com tcp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 privacy.gatekeeperconsent.com udp
US 1.1.1.1:53 www.ezojs.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 1.1.1.1:53 translate.google.com udp
US 1.1.1.1:53 static.cloudflareinsights.com udp
US 1.1.1.1:53 cdn.amplitude.com udp
US 104.21.63.106:443 www.ezojs.com tcp
US 1.1.1.1:53 static.mediafire.com udp
GB 142.250.180.14:443 translate.google.com tcp
US 104.21.63.106:443 www.ezojs.com tcp
US 1.1.1.1:53 www.mediafiredls.com udp
US 104.26.3.173:443 www.mediafiredls.com tcp
US 1.1.1.1:53 btloader.com udp
US 104.22.75.216:443 btloader.com tcp
US 1.1.1.1:53 g.ezoic.net udp
FR 13.39.145.251:443 g.ezoic.net tcp
US 1.1.1.1:53 static.cloudflareinsights.com udp
US 1.1.1.1:53 cdn.amplitude.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 1.1.1.1:53 static.mediafire.com udp
GB 52.85.142.7:443 cdn.amplitude.com tcp
US 1.1.1.1:53 go.ezodn.com udp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 1.1.1.1:53 clients1.google.com udp
GB 142.250.178.14:443 clients1.google.com tcp
US 1.1.1.1:53 translate.googleapis.com udp
GB 172.217.16.234:443 translate.googleapis.com tcp
GB 172.217.16.234:443 translate.googleapis.com tcp
US 1.1.1.1:53 api.amplitude.com udp
US 44.241.247.223:443 api.amplitude.com tcp
US 1.1.1.1:53 g.ezodn.com udp
US 1.1.1.1:53 securepubads.g.doubleclick.net udp
US 1.1.1.1:53 ads.pubmatic.com udp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
US 1.1.1.1:53 securepubads.g.doubleclick.net udp
US 1.1.1.1:53 ads.pubmatic.com udp
GB 142.250.178.2:443 securepubads.g.doubleclick.net tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp
US 1.1.1.1:53 ihuixcaw udp
US 1.1.1.1:53 sgrhylpxguyt udp
US 1.1.1.1:53 aurnehbuxdahxc udp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 ads.pubmatic.com udp
US 1.1.1.1:53 bshr.ezodn.com udp
US 104.21.87.79:443 bshr.ezodn.com tcp
US 1.1.1.1:53 fundingchoicesmessages.google.com udp
US 1.1.1.1:53 stats.g.doubleclick.net udp
GB 216.58.201.110:443 fundingchoicesmessages.google.com tcp
BE 108.177.15.155:443 stats.g.doubleclick.net tcp
BE 108.177.15.155:443 stats.g.doubleclick.net tcp
US 1.1.1.1:53 analytics.google.com udp
BE 108.177.15.155:443 stats.g.doubleclick.net tcp
US 216.239.38.181:443 analytics.google.com tcp
GB 216.58.201.100:443 www.google.com tcp
GB 216.58.201.100:443 www.google.com tcp
GB 216.58.201.110:443 fundingchoicesmessages.google.com tcp
GB 104.115.32.236:443 ads.pubmatic.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 216.58.212.228:443 tcp
GB 216.58.212.228:443 tcp
US 1.1.1.1:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp

Files

files/dom-0.html

MD5 fe136cb56fb37b9ce772c48cba8fb5ef
SHA1 786242efdbdc901469a1df802131b6b31662f26d
SHA256 e087012edd54b0adfc3fe7725a75f354b9347cbd016fd8ea48333c1a657fe5aa
SHA512 81b6362a7d22b752434f4fc6cf08b58f58be63b91019dc783d365675f0ff40c14f58a02d460e018d286c9cca8f73ec3858150e1b9008daa532dafa955e2231ce