Malware Analysis Report

2024-12-08 03:08

Sample ID 240510-x2zetadb6t
Target c4e08640eaa5c174828447d3b66d1216c2d397671695a9fa75b9d4a5f0474067
SHA256 c4e08640eaa5c174828447d3b66d1216c2d397671695a9fa75b9d4a5f0474067
Tags
privateloader discovery evasion persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c4e08640eaa5c174828447d3b66d1216c2d397671695a9fa75b9d4a5f0474067

Threat Level: Known bad

The file c4e08640eaa5c174828447d3b66d1216c2d397671695a9fa75b9d4a5f0474067 was found to be: Known bad.

Malicious Activity Summary

privateloader discovery evasion persistence

Privateloader family

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

Checks if the internet connection is available

Reads information about phone network operator.

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 19:21

Signatures

Privateloader family

privateloader

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 19:21

Reported

2024-05-10 19:22

Platform

android-33-x64-arm64-20240508.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 216.58.213.4:443 udp
GB 216.58.213.4:443 udp
BE 173.194.76.188:5228 tcp
GB 216.58.201.100:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 19:21

Reported

2024-05-10 19:24

Platform

android-x86-arm-20240506-en

Max time kernel

144s

Max time network

153s

Command Line

com.whiteroom.HoleFeed

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Processes

com.whiteroom.HoleFeed

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 graph.facebook.com udp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 app.adjust.com udp
NL 185.151.204.15:443 app.adjust.com tcp
US 1.1.1.1:53 config.uca.cloud.unity3d.com udp
US 34.111.113.40:443 config.uca.cloud.unity3d.com tcp
US 1.1.1.1:53 rubick.gameanalytics.com udp
US 1.1.1.1:53 api.gameanalytics.com udp
US 67.202.54.7:443 api.gameanalytics.com tcp
US 1.1.1.1:53 cdp.cloud.unity3d.com udp
US 34.107.172.168:443 cdp.cloud.unity3d.com tcp

Files

/data/data/com.whiteroom.HoleFeed/files/AdjustIoPackageQueue

MD5 ac6fc0f765b20105518c5b9afc22c014
SHA1 5f52146aad57800dd325eaa469e36d425feb25d7
SHA256 769e714b0ec476a782333806c84c6b9b2e1649a76e1886007657759660a3027f
SHA512 6ded40bc5f640ae6f279ce49c13d979a7a5bc56a1dde770b791c7266734ba45bfb270dfdc3514290144bfbad91f1998227eed815bde81787e020d96882e54ab0

/data/data/com.whiteroom.HoleFeed/files/AdjustIoActivityState

MD5 a387c236d6846f27153d7dd15e504ae3
SHA1 1050bb71b717e4c96afdbb9e1ab136624d897ab8
SHA256 55e1d292dee2abc8f4c7aec1baf8a26ddbf0fa4bf20340888642c9ce612e1d2f
SHA512 49fbf455e15ed6ae56a26b32e4bc3342cedd52dd7262553d40ffbba6e6988bd7f04abbf7d08a8a9e1317cecee5e83ad79331de1a3ce411ea6ac5cc65b840d674

/data/data/com.whiteroom.HoleFeed/files/AdjustIoPackageQueue

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.whiteroom.HoleFeed/files/AdjustIoActivityState

MD5 ad7216e9f905a0e891559f3b223958af
SHA1 be30ddb045afe4b12a395cef34075ea330ca7eb7
SHA256 66f81a082d340653267dfefc455829231ebff6fb07446b6225c6d7ca24b67a98
SHA512 b6c64eba0dbe3a6d66098f42cafd7304914ec994f225f5417f7a9568cb37ccef17ef2a77e1ceb7b4fec408ff2aa0246a11d4aae132f51e4952c580146aaa0457

/storage/emulated/0/Android/data/com.whiteroom.HoleFeed/files/Unity/395e91f1-5d44-46e1-bf66-14e3a2f4450d/Analytics/config

MD5 8673a8ac0b06a9d056d08d62f857ba4b
SHA1 a351bea1932270bafbe468584058fef20dcfc31e
SHA256 83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96
SHA512 edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f

/storage/emulated/0/Android/data/com.whiteroom.HoleFeed/cache/ga.sqlite3-journal

MD5 9d83dc10cc0d6347bf65288793f2df88
SHA1 4ef5ad0b3e6c327b6456acb398763a9a7ad33fff
SHA256 78a4f088ac341dec6bf3cbaa4a832f3a475b7214b74a118f01c7d38c830a1288
SHA512 60b67d5560f4c9c1d9083a2ed0d73c859a3a695a9a2b3d465f664affbedd958af80563ee55fd98499304726b97db3aff49c683f41213f74bf43871c55a6a5082

/storage/emulated/0/Android/data/com.whiteroom.HoleFeed/cache/ga.sqlite3

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/storage/emulated/0/Android/data/com.whiteroom.HoleFeed/cache/ga.sqlite3-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/storage/emulated/0/Android/data/com.whiteroom.HoleFeed/cache/ga.sqlite3-wal

MD5 84e881b2042db9a9d1fecc0f5194bcf5
SHA1 95907776f931d33fe724224c16e3092df8a55e81
SHA256 1195131c395402fdcf946f4d4386b9ae7ac5387b069f82e67d905bb07ebe1315
SHA512 5794b9e5f7980dd59d9374f4b84592f06c4fa6ab5fbca02ba21903e5cd8ad4a23032b43b1db2061ba3055661253ff92f336fd7f5dc3906878e1580a7a8fb073f

/storage/emulated/0/Android/data/com.whiteroom.HoleFeed/files/Unity/395e91f1-5d44-46e1-bf66-14e3a2f4450d/Analytics/ArchivedEvents/171536893900000.3d34aecc/s

MD5 d69fc4e71e5a47945b1fa3b3609308dd
SHA1 d2e24241f33b53275e3c2e99bc2c1ff653a2a07e
SHA256 e4807f3051d28e00a628455e01a514506db3db781d958fdbbb2811cb94ca820b
SHA512 59f4330b19675b11b4bbd0d0a30856620ef20062164b6ebc13aa85a9425875e07c308a52609f34fb3eb99f73a58920b57f934d8739476da50271db304c0fde9d

/storage/emulated/0/Android/data/com.whiteroom.HoleFeed/files/Unity/395e91f1-5d44-46e1-bf66-14e3a2f4450d/Analytics/ArchivedEvents/171536893900000.3d34aecc/g

MD5 c81e728d9d4c2f636f067f89cc14862c
SHA1 da4b9237bacccdf19c0760cab7aec4a8359010b0
SHA256 d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35
SHA512 40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

/storage/emulated/0/Android/data/com.whiteroom.HoleFeed/files/Unity/395e91f1-5d44-46e1-bf66-14e3a2f4450d/Analytics/ArchivedEvents/171536893900000.3d34aecc/c

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

/storage/emulated/0/Android/data/com.whiteroom.HoleFeed/files/Unity/395e91f1-5d44-46e1-bf66-14e3a2f4450d/Analytics/ArchivedEvents/171536893900000.3d34aecc/e

MD5 9e411d6678093a1c773b43282be9b103
SHA1 ab60c7a625f7b48a6c6ecc4308f8429fbf53adf4
SHA256 fbbb9bd2cbd1cda5cde1c6760b53248d5e8a2bf8ff671d4272431463e039db76
SHA512 32bd6c03a197bd1534646d323fa914c351db5c4e2c3266d5d81011d2296c02e4ee8f18bc907f98f8c39174ced7f086637cca860af2b2652e5268aa495086496d

/storage/emulated/0/Android/data/com.whiteroom.HoleFeed/files/Unity/395e91f1-5d44-46e1-bf66-14e3a2f4450d/Analytics/values

MD5 09113f14d8f9f338e7a0efcd61b28c1f
SHA1 7cf34e89d6cb49fe53d605d039d1a9b81250d189
SHA256 32ed8f3e0a73a47cb1b9307015aa6df28d014be6fd00fa9dcbd5e5a941186bf9
SHA512 2f5dd83f30b9f7c41365ef5f41d4147c08cd4b36bd0c1d8aa92a38ced0aa325f4e50907a6ca99094239bab05fdf63580d1c5098d0b2384080107f49f108b0f45

/storage/emulated/0/Android/data/com.whiteroom.HoleFeed/files/Unity/395e91f1-5d44-46e1-bf66-14e3a2f4450d/Analytics/ArchivedEvents/171536893900001.3d34aecc/e

MD5 ae60f754f42289151010ff89d3c7565f
SHA1 2cecf24e368bbdabbe869599cf06f2e55a33702d
SHA256 3e895807ea6108fa348e5c37544f66deb6cd579306898a1bea6efff0596865e3
SHA512 88a22f3416e07d41054635825ef527c3bcf44d96277974eb1ec02ed90e3b9d9dab4264b5a73d3c274d7cce37da666a0c6c5827c5e82219837bc0afb5732497dc

/storage/emulated/0/Android/data/com.whiteroom.HoleFeed/files/Unity/395e91f1-5d44-46e1-bf66-14e3a2f4450d/Analytics/ArchivedEvents/171536893900002.3d34aecc/e

MD5 1ce253451d38a2252dfa29543657fb1e
SHA1 9d550a5ec0996a2b3cb2c3b32e48494b1e800bba
SHA256 71a404fe9aea1bc1f95fca685db80cb34dc68d7a5cc1aae5569f77e1d6a2eba7
SHA512 870879a812809694d3edaac0d02b5d6544b70ccad56fc6c627f584a934fa70a35f59b514916ba9dca1a1991d82f9da061a4bfb23d929ba7de2fd4098ece4a8ff

/storage/emulated/0/Android/data/com.whiteroom.HoleFeed/files/Unity/395e91f1-5d44-46e1-bf66-14e3a2f4450d/Analytics/ArchivedEvents/171536893900002.3d34aecc/e

MD5 09a53206482ee121fa8adddc5da0cb1b
SHA1 54d6a711386bac7fd8a743db42d47fcf32fe828d
SHA256 48b50b20ce0159a1eb60162609c4fa4f422254994c912675b7da207ab974500f
SHA512 56313843f848cef2b553adb97d221125a38a0a1f3f0a9dd021a26c1500d234696a49c1846aec0398d17ce568cd8f55b04f58e6c36a4f9b0d59b953a5667fd548

/data/data/com.whiteroom.HoleFeed/files/AdjustIoActivityState

MD5 b5566709e4e9d6be8e8955e518762a99
SHA1 f76fdb6cf6224bf41866265fd8a161128706346d
SHA256 5bc3c1f8e05efc928651cc489e7825b44d7c95702512268fbf7d062b07a454b8
SHA512 2915ce7b411df63b2d8cf1ff431f78439044f1d0fd2959ca7fbf157906cf3d3f2acbceac3832a4649dbe70cbf6ccf37ded7c206c998c4ebfd91e73f29ce42622

/data/data/com.whiteroom.HoleFeed/files/AdjustIoActivityState

MD5 df08b2f1ac5a6c59e14451dfc0d89cae
SHA1 103a08aa036b0dee0619f31b0eb61ca57d131916
SHA256 2f85d4de535dd88619db3ae509416d9448c4dd825e73757f99d21945fb553397
SHA512 bc40fe317db2b94f06c49dac658945f46ce6723a7331ce405ae404688b91401616efdedfcdfb472cd3f5687122323b6f8919610ebf1727a89828a3be234279d3