ca87b8240a9ef83a129df7c27730995379da8b88f5ae71543ed3e8e28db043f0

Analysis

max time kernel
87s
max time network
156s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
24-04-2024 18:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Epix play 2.6.2.apk
Size

61.7MB
MD5

77e0545739d04026560777dcfca2557b
SHA1

284275fffdaf3872dfabb3a4a171eb9c7733c24e
SHA256

ca87b8240a9ef83a129df7c27730995379da8b88f5ae71543ed3e8e28db043f0
SHA512

7fb3b0e60768b595a4581691ac4d2fff6a0b0229ed715e5e2dc94c48f26fba0107522d3fefd2f06a0becc474f8a138600479a744b40d8c07cdd5677fce9c9c4c
SSDEEP

1572864:kvrxDnPRPZNvQdRkU8HFv9xrGab+TYc3fqd5:kvJW3k1HzsaGNvqv

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 TTPs 4 IoCs

evasion

T1633.001

Processes:

com.enikop.epixplay

description	ioc	process
Accessed system property	key: ro.bootloader	com.enikop.epixplay
Accessed system property	key: ro.product.device	com.enikop.epixplay
Accessed system property	key: ro.product.model	com.enikop.epixplay
Accessed system property	key: ro.product.name	com.enikop.epixplay

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.enikop.epixplay

description ioc process

File opened for read /proc/cpuinfo com.enikop.epixplay
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
evasion

T1633.001

Processes:

com.enikop.epixplay

ioc process

/dev/socket/qemud com.enikop.epixplay
/dev/qemu_pipe com.enikop.epixplay
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.enikop.epixplay

description ioc process

File opened for read /proc/meminfo com.enikop.epixplay
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.enikop.epixplay

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.enikop.epixplay
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.enikop.epixplay

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.enikop.epixplay
Acquires the wake lock 1 IoCs

Processes:

com.enikop.epixplay

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.enikop.epixplay
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.enikop.epixplay

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.enikop.epixplay
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
File opened for read	/proc/cpuinfo	com.enikop.epixplay

ioc	process
/dev/socket/qemud	com.enikop.epixplay
/dev/qemu_pipe	com.enikop.epixplay

description	ioc	process
File opened for read	/proc/meminfo	com.enikop.epixplay

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.enikop.epixplay

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.enikop.epixplay

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.enikop.epixplay

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.enikop.epixplay

Requests dangerous framework permissions 3 IoCs

Processes:

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.enikop.epixplay

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.enikop.epixplay

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.enikop.epixplay

com.enikop.epixplay
1⤵
- Checks Android system properties for emulator presence.
- Checks CPU information
- Checks known Qemu pipes.
- Checks memory information
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4215

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.enikop.epixplay/databases/OneSignal.db-journal
Filesize
512B

MD5
48634f7f9426c9c2b46731e3a2bfb8cc

SHA1
4d8d86926682749d5a4bd129aa5bb5877e0418eb

SHA256
36ec467d1fcad6c5530e1c4159f63d102d79060faf167da821510ceca5ef1b9e

SHA512
d87749e4ced57a4bd04442b614d8d8a3516c2567baa2454abb39d2fba3f4192c4bb00985f2fc2e07127f51b1711f17b07935a30ca793dd9f6b18f9bf1d28aa52

Download Submit
/data/data/com.enikop.epixplay/databases/OneSignal.db-wal
Filesize
64KB

MD5
38e83e47572122350b2c0d6a8b56a1ec

SHA1
1fbba4bda95ee4178188769ab541645478057e4c

SHA256
1865b94a2271cad2a385718f9cec1ec9b06488063cbff63f6e8840a16a3a3281

SHA512
c287cd511715a7a8bee3c2aa9a4121ca8602edb1c1f8c9676d4346720b88f2be244d48740b896815e72f9bf66a7f258cb1360e7e50d7e21602b86a58a0cbe97e

Download Submit
/data/data/com.enikop.epixplay/databases/StartApp-d6864f2502af7851-journal
Filesize
512B

MD5
10b3715d14bbaaf9d8e02783d3501aa5

SHA1
8659035cf1f8242372f7117434e9582ae076c40d

SHA256
9ceb8373d1f81bf5eba72922c1430443bc8982c6e5f73a73bc2f5320c0a730d2

SHA512
4ea0fc4ad455f8daee4d08001f07fb04039eba98353abe5c4ae2f02efe068d8f94b70d7e4c36bb637d34b282a7d048333d7975e458f661bb7c5adf34cadbbfca

Download Submit
/data/data/com.enikop.epixplay/databases/StartApp-d6864f2502af7851-wal
Filesize
28KB

MD5
18a53890486c9d52840c11eab7725005

SHA1
aff870d49eb0bfa09334e2f081885a65aa7862ed

SHA256
83f63417c8b422419f8c7c53e14654dc207468697d3255caa55cab0fcc0e25f2

SHA512
da8a6e8138f21c1ad73ec199f91b2fb400dece9307bb90e20689fa0dd7eddb989365c2d5daf1ba240302a4fe1a0740891e0e3d77f609cee3bb683a6a5ee9a957

Download Submit
/data/data/com.enikop.epixplay/databases/com.google.android.datatransport.events
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.enikop.epixplay/databases/com.google.android.datatransport.events-journal
Filesize
512B

MD5
1484025e4fca1ffff9d34f9f34fd6f41

SHA1
452c5723a86e4321a8203c29cb96fda738003e31

SHA256
3c124192cf9b01f2ebb30978386f3bacfa49f13fe9de5e6327b18e56adbd3221

SHA512
11787cec52c831f5bd2636e9e351b01b423aa6f88660778f91845bb311d30a7f49cef5339f58e7125e207649791510b64a37db244dd7bc86ccfdf75a0d37da59

Download Submit
/data/data/com.enikop.epixplay/databases/com.google.android.datatransport.events-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.enikop.epixplay/databases/com.google.android.datatransport.events-wal
Filesize
68KB

MD5
638debbd25abdf72684c8703f6d60128

SHA1
86487a9869579565e832d83211f625de63acb252

SHA256
7ed9843454afb8f6ff66709c9fed64075a36af938b900e68f251ac607a443d77

SHA512
7e2d37f8f248716754eebc0f6588eb72ec9c6de332ee5480da5feec3326d42a7637a702888d2e430893c8a51e895d4f40d997a692b8e7eb22e4fa3dc55951617

Download Submit
/data/data/com.enikop.epixplay/files/PersistedInstallation2161383613978206600tmp
Filesize
90B

MD5
5111e8054d08c7dd7d9cb9e25521fbe6

SHA1
8be4e255b1ae095c922474c822ec232d46f585ad

SHA256
d499c88e6645cd689cd991f4edf58ffc86b8857d4d1cfbc73e3d4a70675d44ac

SHA512
b71a081797d303cd11e6e45bde01b9d291cba273e6cc9866d904925c05040cd90db792df406f60fc63963057b0ab8b2e24d7d1157b2fceb1b26a6829ed72754c

Download Submit
/data/data/com.enikop.epixplay/files/PersistedInstallation2512970494299126497tmp
Filesize
572B

MD5
12a64aeb2b1bff774d48c407113144b7

SHA1
d03650aac47494a0788fb1810780097d63dd98c6

SHA256
87bf3bc52e961ddd94f29b454fa792a1f213a1ff96e528c7aa0c1ca36868b849

SHA512
7eb7e3c0d27538e516465ac54436035e234b85ee029ed964ae01274aa4579bfb3c288eebe4de21ef19fad0881dcbb85dd4078337dddbbb78194d729096bb642a

Download Submit
/data/data/com.enikop.epixplay/files/PersistedInstallation4499468654083337223tmp
Filesize
570B

MD5
d6dbe6d565464984ee106cb7e2958d1f

SHA1
0fae60057bdfbc200aafc86661beed11c5711447

SHA256
71d456abe8c04fe2212a9a8bcf395183dcdb6f989ea86b167305cea41666a4a0

SHA512
1b5b541cb9e269fbf41282bef45352287e148fd7b9b5dedbc96640a2e50e5835514b2a90ffa11245e12ecf9de9df7405947b9d9364ab62aae522bd00f1cb630e

Download Submit
/data/data/com.enikop.epixplay/files/PersistedInstallation4951013183790241233tmp
Filesize
90B

MD5
ab5a964b1d88f53579f90c852f3d6124

SHA1
f175494c2dce043cf50ccef33b9b48981d4f5f51

SHA256
80713f1897732d9c4fb6bd092be6764b41dc233936375c8376df356e21d3182b

SHA512
fe1dfa4e86c487fcb996b62437bfa1de91bc6cc0e68ef2db287a881c04bd2d546738128d7826bab3f80f46ef3dfdbd0afe47f918126a3918d1ed2c885eae098d

Download Submit
/data/data/com.enikop.epixplay/files/StartappAdInfoMetadata
Filesize
1KB

MD5
6c4260aeab7294e23dbbf5eab026a1a6

SHA1
e006a040f14d62a5f550bd15cf42f99ef690ad01

SHA256
66133d728782bca602a2b4a81c907275565ef4281f0ee55004e20aa3f839e98c

SHA512
ca63850531f0a28b5aba743f3f8546208f0f46d0f4a2a81bd567397a418d1c15fb6e336ea29a7d9132208747d4c9b6a4e7189791b9eb210041fa1c49df1ec9fe

Download Submit
/data/data/com.enikop.epixplay/files/StartappAdsMetadata
Filesize
2KB

MD5
ab4e4f817dd50d74a1ea14fbf2da4560

SHA1
a456f7f39894fe1901ac8e5288a0da0c7c6a7c6e

SHA256
afa246fc93f9cf921289aa8bbb43809c893ff8a22fa79ee1c117399225cbad56

SHA512
f2369ec3100508ff1b96492ef54d082d39657a39aef527c1c131b9d286acdc19bc529a179c3ebf839284775b56240cea51e22b89cfe5f7695701650ff40bd748

Download Submit
/data/data/com.enikop.epixplay/files/StartappBannerMetadata
Filesize
796B

MD5
faee059c3d433ac658f268dbb061fd0e

SHA1
f12ecb699f1421ab53981e880d1574867341aed4

SHA256
ec0eca28edf97e74b769ba0d35e7015a8b0161e33cedd62fd03478bd309e8996

SHA512
3915a76e70ecb3a53c64653960874a31a0ddc08a704e976afd418fd86197d0fc644cd99a6ed1a027d6c814e8bffe21bfe03d88bdd983d265302abb24df2a0b16

Download Submit
/data/data/com.enikop.epixplay/files/StartappCacheMetadata
Filesize
907B

MD5
4e9afd5faa0c65554fbcc977f8a4f27c

SHA1
247b6cb38a92c2658153199a7b76a3551c323aa2

SHA256
17ff56889901c275f0f578fcf011e4e678091378d2a6f8b706c119546ac2b2f9

SHA512
3bdb7df93ef435972c53c40d741a02f679b0ad2770d7a90b11101301ba589419f8a991976f4b07c22be503593f0b4aebee8be18458ac9e1ff47f4e8ed35ef0ae

Download Submit
/data/data/com.enikop.epixplay/files/StartappSplashMetadata
Filesize
1KB

MD5
dfcc5af015648efe05127a9c15674c99

SHA1
9d805f564950e299f8f9561c43e8b0331a708ebd

SHA256
fea0652713c99d8a8506db5d771b3e5366195ea9f1aa2ab40fccce38044a55f1

SHA512
811e36e0eadb30e74d01dc9de2d63469bc3590cdbb289b32ec45423bccfde335fd26668874d4464a8bda7f108bc8bc9bad47c56fc233eae3c7cc0b8d97b3b2cc

Download Submit
/data/data/com.enikop.epixplay/files/UnityAdsStorage-public-data.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/com.enikop.epixplay/files/base.apk
Filesize
31.6MB

MD5
f26f550f892db4ae19dbbb18a7886f89

SHA1
b7be67ee3ea174987961c575665c5948f70ef064

SHA256
e46945908ffe058458e6307800c0ca3ed71412284f2010babe71e1b79fe8fdf9

SHA512
bf0687a6ca26bcd677f4b6989b133849e42bdc8535eb85bd6507cb5e1db4ca046d3cafe3427c20dce8e3fb3b03c4b20f0566642570a3570bd8233bbc603a9da2

Download Submit
/data/data/com.enikop.epixplay/no_backup/androidx.work.workdb-journal
Filesize
512B

MD5
daf0cbc1c4ef9de49a78cf29bb0af851

SHA1
d87c0ca7e1a46409a9aafe5237cd6ab44bedae73

SHA256
669dd2b88f7e7f29e361646326003fc58a109541078bf55bffd481d91dff3dad

SHA512
608617f05aaf2289d4f18b3ca3a38834aaaec64b7108d4fca2e9765aff870e67c8c368dce1663e559a415008b186e27037be15e373789980f22efff1fda99b01

Download Submit
/data/data/com.enikop.epixplay/no_backup/androidx.work.workdb-wal
Filesize
16KB

MD5
07af94af113fd58a1f06581102ea122a

SHA1
a47b93bab98a3ca655302ea2fa332ebe86793d37

SHA256
ce803279c3fec7a3cc5aa10a4e0052b9e4943beda57755ede8d0c3e0fb30b923

SHA512
4501b252488b8b3a3f27e8c7be4fc5d9beb80d5dd900491ac9aa5995aa4992873ab71b532c4880f2821d83197d998cc8e505376ade1b6e3887b32073b301b97b

Download Submit
/data/data/com.enikop.epixplay/no_backup/androidx.work.workdb-wal
Filesize
116KB

MD5
777d08e42a34087b1a957540fc9e52ec

SHA1
3b7736d6dd21045efac35430a347612036d9df6e

SHA256
05372135a2b2a808434847d43871cf7289c6e8ade3d0bceefea92123db3275ce

SHA512
3375c84de9d449c1ca8fa7a6aa35434bbc3852d2cc3c51c7adbaafaae227e20ec28d84f48347a67627c590a8b59b938288149f4436feb0b03e24872a0deef65c

Download Submit
/data/data/com.enikop.epixplay/no_backup/androidx.work.workdb-wal
Filesize
124KB

MD5
01db8f6a9811387b8d19577465152d86

SHA1
0c2c4ab16352e123cf3480752bb262c1a0b223d0

SHA256
79823cfe57e702a083d6d69ed85c33ae002cd25ace8b9ba6668fa1f81a63cba6

SHA512
c3743416487e37a0dc1996ed6e060b588c5d7d1fd564c69d2f317f84c73002135cb22ab835dfd5c5e314063b6b2b9b025baf9b501d20b0c4fe49ae2cfcc307b2

Download Submit
/storage/emulated/0/Android/data/com.enikop.epixplay/cache/UnityAdsCache/UnityAdsTest.txt
Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit