9aaab216f4a485006475dfab6e275b3a8ba9adb2439a3d7baadd14abc72c921d

Analysis

max time kernel
155s
max time network
167s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 12:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

honeygain_app.apk
Size

8.2MB
MD5

ed3a52f98dee0e529b4df3cd6505bd02
SHA1

8b358b1484693575364f95803b39e3ffd9ab62b5
SHA256

9aaab216f4a485006475dfab6e275b3a8ba9adb2439a3d7baadd14abc72c921d
SHA512

11688bf82de60ffae79ff14b05a39894b1703e4c579bace3c713c8dce98b037df3cac0b2adea0819ca20dd6e6f3fdf5e5366ae205a116a54ac9322724d37ba87
SSDEEP

196608:WQorOi96XSiHqs3i3jQct4P34JyWBpUKIBLvFl:WHQqHjQHoJyWnOb/

Score

8^/10

discovery evasion execution persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

com.honeygain.make.money

ioc process

/system/app/Superuser.apk com.honeygain.make.money
/sbin/su com.honeygain.make.money
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.honeygain.make.money

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.honeygain.make.money
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.honeygain.make.money

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.honeygain.make.money
Acquires the wake lock 1 IoCs

Processes:

com.honeygain.make.money

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.honeygain.make.money
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.honeygain.make.money

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.honeygain.make.money
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

com.honeygain.make.money

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.honeygain.make.money
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

User Evasion
T1628.002

Processes:

com.honeygain.make.money

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.honeygain.make.money

ioc	process
/system/app/Superuser.apk	com.honeygain.make.money
/sbin/su	com.honeygain.make.money

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.honeygain.make.money

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.honeygain.make.money

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.honeygain.make.money

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.honeygain.make.money

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.honeygain.make.money

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.honeygain.make.money

com.honeygain.make.money
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4277

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.honeygain.make.money/cache/7d9f47fb28c3c8fcb9cdeb2f0c4a33ec.0.tmp

Filesize
6KB

MD5
e3e5816595d31141aed7eb0647f4213c

SHA1
0fe05a8e76aad76e68216bf0467d227f59af5d53

SHA256
2560abb3ec4c54638353e3e27132d90b842a5b04dce942931f667081fbc963a1

SHA512
9cecb75124def25621f3c5355526312814aa0058b3c21915bd325bb2c340f166a9760bbb6636df1685ada2865f3bf056940ea91839e680887da5822916341dc4

Download Submit
/data/data/com.honeygain.make.money/cache/7d9f47fb28c3c8fcb9cdeb2f0c4a33ec.1.tmp

Filesize
621B

MD5
34855cce4483dbfda18ff335c46ac67b

SHA1
77569ed8410c79fc69d8b88612521d19c8fee369

SHA256
b16062e686ee191b4fe6a3fe21db27537a9927ccb863fd84ccd7243155b8e970

SHA512
4bdbac4bf3679e16936e28a6b52b33136e59a85cf05f580c468e3b4e7f77f73d271c65c7d1ede1ea08c00fd296ee41ceb0dfb94e2623dd42ec377b074a7cc618

Download Submit
/data/data/com.honeygain.make.money/cache/journal

Filesize
123B

MD5
9bc6c74d2fe6d8ea0101425cedcf036b

SHA1
3a1bd2a2dcb52ec2561f176f3f2b2cdabab82062

SHA256
386c2c288e8a205a451d274a55b31c20413191e2998080c1d5190b1d1738d305

SHA512
1083d1ccf93c11ed77ab60b019b54ec81541de3b023731b8993542b46b25072c23000e1e13891dbe6e6093134edc0a4a768508c6dcf2c3caebb7a52675fe72e6

Download Submit
/data/data/com.honeygain.make.money/cache/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/data/com.honeygain.make.money/cache/sentry/e9dcf26a139bd3091e36ec8a2b6c408da3b2c29a/90cadf6a-7b19-47e2-80ff-5b36fe33caaa.envelope

Filesize
1KB

MD5
62534952eda2e6e590e509c52e51c924

SHA1
9169927e46eba6271053c599f40c818eeadb98cc

SHA256
a75508ae25d817a1e7f00993bf727b73a96209962b112c5fb1fe4f70c89c175d

SHA512
0a11fd0de5f69a880d415a0e5d460f8eb6afa375e33cd8ebf492642e932eb14a351c9430dbcc82b4489d3dfb6190c4903606ecacfd69978343f609308b4d72ac

Download Submit
/data/data/com.honeygain.make.money/cache/sentry/e9dcf26a139bd3091e36ec8a2b6c408da3b2c29a/session.json

Filesize
291B

MD5
4f05583bf2fac946948e88a3cba4d254

SHA1
aa95ba0587e7e06105daaaeacdb135ec4054fed9

SHA256
a59b4677cff65b7ef9870852210324d81b763145152425c36bda2bcc98254699

SHA512
f4839b27951f4f488081cdff14efa832ce369cb3e7ca77c92ae6868a5cb58ba87bab7008dad8caba55461f5c32aee69f7aca80a9461ad93f4434bcea2eaa4a63

Download Submit
/data/data/com.honeygain.make.money/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.honeygain.make.money/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
ca15d06bea4d8ff11ebdd694c30bb07a

SHA1
3799e97c88b7768f1c966147a508da4242a05a86

SHA256
6094da8110b63131a400a62d9216fbce12248526cffb37874b6cb50a228fe2a1

SHA512
ea196826d64055be3e785557756fa28daf313baddb776c11527da5c8085c8e010b7461ec50437269a942fd805dbf05e772f32b959d0ae1ca7861211f86ab5fa4

Download Submit
/data/data/com.honeygain.make.money/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.honeygain.make.money/databases/com.google.android.datatransport.events-wal

Filesize
354KB

MD5
d957c1c90b20d8a88b48033dbb6e47bf

SHA1
085ef44c5bb3ba7d0492858fff0a22915b0948de

SHA256
bc0f8c35e34b986abadf6b18fa8492252595ffa523a206c98a0311ef23335316

SHA512
4dead68351ad4ee7a5c2d0de1a546fdfde5cadcfd20139c60151db6b22abc744c63ff9318183970776ec553e23cca0c9842b29baa7a354913e10e384a17f060f

Download Submit
/data/data/com.honeygain.make.money/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.honeygain.make.money/databases/google_app_measurement_local.db

Filesize
16KB

MD5
42671ddd0176aef02b3999d840103c4a

SHA1
93d374114974ab70e18cce635878bb48012f2b96

SHA256
ec7c0a34817e9170cdfae5048c514b19006eb35e5f8c6ee4f4eb891c9db15f8e

SHA512
12f93ee4751a2d1c5e4ecf6b47fd9b83d87f6cf15b3374784530ff98910a7a65923af9cd99a29e1e6349b136494211790625784ba1ac6a780c26080d424a7fdd

Download Submit
/data/data/com.honeygain.make.money/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8c76d83bd25c33355436821bd130fc63

SHA1
d69438d08629f5faf54e7f93076965e75c86dd46

SHA256
a36e2a08e54d7d170f24ef7ddda7d9d0a30e936d362a6c66f6e1a6e94ffef8c5

SHA512
8ad7236a45cca1d80e3aa354a1b9b90abf88bd774141108ba983a9ad2ec5a707b9507c1315d16859e7ac0070e603571c9a675405f75e693f4e7d272af02d490b

Download Submit
/data/data/com.honeygain.make.money/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1ff7802101d32be2e98d01638b74db26

SHA1
c55ee1a7ca80822a503edcea232e1ba1030028d7

SHA256
4c69d11bcb86096cbb9876171801682ae7584649ccfdf504f5a75a8c01fc1ee3

SHA512
2108e00cfe8de5386a4bbc3a4eacc21dbf7d7649c594bd8348499d7824fb4b6b4799283534669b353066c07d8846e7a1fd30a2b859a5e986f84ec556b479339a

Download Submit
/data/data/com.honeygain.make.money/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a732b3fc5fd4961552c6dd08235c9e11

SHA1
fb4f74889e0328661a168794f5cdf0727eb89bbb

SHA256
cd4a385b6103b91917440f530096ab118b8547f764c978476ada911a5d6ee25f

SHA512
b74ccd1db4aec7f05043ab0800574205e22b0fa71e1dc628bf0efbe0d44f2305164b910f8e27a916d78deebe1d00c0c5daab49ee75ff06a0c818cc7d7ff37685

Download Submit
/data/data/com.honeygain.make.money/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5a120ff2b891ea46395fa81e3ac09738

SHA1
afaf5c32068e5a7499a8802fc6074211af5ddd94

SHA256
d7ae60b836f0e9b12c519a2b0367913aea50dc8c74290ff4bd12daaf9073cc59

SHA512
a67eac812b297b5d3346305e6480303e27e4aade534da790334bb898c447402de17c8af1506662e562733f65e4f7777d60c8d2b25640fed54173194f8b084781

Download Submit
/data/data/com.honeygain.make.money/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
76bda54b8d262662847234118d5204c5

SHA1
01b099fe637c4b13c900169ad0310a3733527dae

SHA256
91ff682b5720c2e8e86d058d56e0733d71379347dba2ec93c777056775ad4c5f

SHA512
21d00ab8d2e196130e3760564d4a0e8436b043a16f5daf9361afc758f96936905f2396a22ffa5505a50df52d14d29858ac7d7e35516ff730a83adc6805307502

Download Submit
/data/data/com.honeygain.make.money/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
88fa52ac62632900b27f2e71b37470d7

SHA1
dbaa19b01cc2454d24b4d349bee0aa8ca44c6a95

SHA256
ce4f2e6e0cb3d4e32099dacb3a2e3e5105708e8b3f462aa7e8dd6d84cf290628

SHA512
a596b6d5b2db4e67b219af0368e025bb7ef81e9447c5d5c53cb2fcb7078fb10b2eb9aa5ef6be73668a12958b969d76f82fdd075909bb16ddb7b0ed54b1502044

Download Submit
/data/data/com.honeygain.make.money/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
38558c3b474c4c61902b246d0044dc2b

SHA1
e527037481c852682aca224b6f81c5c31b7ad2f0

SHA256
950ebb99e3a3a18c738f2d1ecba1fad2af40c3c87e4395181a0809b15f757659

SHA512
2b10880a03afccca8cb803775263a97f7671684ff2542215f13e92014959e317fbba07b9bf2e5fdf7e7b0937f1c81711533ab809e534872758b4cd78c63e1b8a

Download Submit
/data/data/com.honeygain.make.money/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
350d85d4085a668fb92f9d5eef4c5e61

SHA1
baba4dffe2cdee5a60161bba7b43689db9e5d16f

SHA256
b9c2e9883a1f44e9e27d4cbacd4d86c6005a9f01e0e141826da5b3a0b6d947bf

SHA512
97d2413ffded49c2246e212360978b02d44d6e60957f050707950b0587963d8b79c934f18fd71609bd00a8f6714e9ec0da69169811b51157baa04977cf4b5149

Download Submit
/data/data/com.honeygain.make.money/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
0afdcfd77e77b73bcc23a8dd0ba831d4

SHA1
8addad3fa8dd3eefc9dbc1473cd34b1026100001

SHA256
bff855c8e87c7e1c06c3f06a97dc265b1521172ced95dc529a749389a8311b04

SHA512
b633ece7dfc4ad942d7df2b54b8a9e27f917d48a58b9a7e20d5307294139a2ddf26619e8d8dd0ee3ffdfe34fc8b2b80062db25c6158b973fe0fb04cecc361abd

Download Submit
/data/data/com.honeygain.make.money/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
b13e8c44bb9ef5850a729a921f0f4d37

SHA1
b73e00036eb2d185cb9a6dcbf5c5bbb05d124b89

SHA256
9b379970cf27dece15572b629c68db8510d421dada60b8f393f6169a511f348e

SHA512
faedd03bb4cbf5bde246461f8fb8314252a708b5de017bb8846b4d56aafda680c30adcef61deddf1531113defd16254ac1340fb088c2b3733d74549bd29ce14f

Download Submit
/data/data/com.honeygain.make.money/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
6700b74952b164e5449666a5f06a0bba

SHA1
0e2cc50cdfb56114ed6606a87eaef23348612ef8

SHA256
b8765b3ce2b90b3751d8e2747c165cab5225f407324febb4fc830740b20bf47c

SHA512
0c2e17bf9c3b1be56f0a18bcd9b6c86ca0119aa7b8e6ace8b4343c293124149382fd1dfafb6e7d6cfc4f6b9573e69cbc4fcb7758c1d7674245682577a8e3674a

Download Submit
/data/data/com.honeygain.make.money/files/AppEventsLogger.persistedevents

Filesize
511B

MD5
9d26a076380df268a108a9d389a78dc1

SHA1
20a3f29eb76d0236d9064624e59b57aa4e199924

SHA256
bf438a2ab9ceaf75d69e792f69a5f225f0084fdf949f6a17836593d419b9298c

SHA512
f1ba4ecbd74b94e017e946fda4830a5e8f366c4b8a6d5936c11feb147dced14469efdfd1057d8d2f5968b0b6dfb2cb01d100fd08de6f5fe368a484f888c8e634

Download Submit
/data/data/com.honeygain.make.money/files/INSTALLATION

Filesize
36B

MD5
733e252e5deb1dbac44db562ddd80b3d

SHA1
a029a2481dd718c0ba3143e9fc953563536b800d

SHA256
a1c0cadfbdb4d1e52befdfcab73ef197179b1e86a8244f1850220ce68de1da08

SHA512
a4d9b2abbc8e767ac8f896cc9b2d848264aa84807501e19b195179cce93b1b365965c84254f24c453cb8518d63a70047c76892954fe93a1364f93620021b72e1

Download Submit
/data/data/com.honeygain.make.money/files/PersistedInstallation2005231687526714180tmp

Filesize
561B

MD5
b710b0fad833f17e78506a1241b8d8f8

SHA1
916683de937a002edb260676337d2dd22f6ad640

SHA256
fe224411bf4c6332c40413d6a326672bbaa1bc66e9155c2f460398ce735e0541

SHA512
829d112bf95863c9d195ea67bbf8a6de5bb189b9a8cf9f45bddf615a5423a13619b05a5126d2614787f4d3971e5ef921357f09977e05ac91417d116be4b119b5

Download Submit
/data/data/com.honeygain.make.money/files/PersistedInstallation8534877368007636708tmp

Filesize
90B

MD5
afb0fb16cac26ad00b713b318b5134a5

SHA1
291a66141e22addcf205d525a6e7b8949757f495

SHA256
570982cc347c76d6cd0d7bd91e80a6ec6d0654c24f0db138457e11e6e0fb2c2a

SHA512
2cafa1ef1af59e2029ee3660444552cd5636105517f8e4fd523f41888beb726f8cd8b4cf941de1423cbff8241415cc423ca0e5d5bb883a426c701a0697374690

Download Submit
/data/data/com.honeygain.make.money/files/frc_1:866932844520:android:3e2ba4026413c68b_fireperf_fetch.json

Filesize
1KB

MD5
e6609924aabf9bd8510a24b37e26ee31

SHA1
a1650dd61742fb904889533fbc54a0bbbeda8c26

SHA256
2261357862f700405a1f3b95f46ded5f9fd12038b14ba9ab1a0ea142cc752efa

SHA512
cd51a5bbe6578f9429795e2470c632532639bc1d395c65599da26b3dc3b8069c6635dfbfea9ee852057fef7ca0c7216154aa8987cc717a6d7695bc5ab099e0c1

Download Submit
/data/data/com.honeygain.make.money/files/profileInstalled

Filesize
24B

MD5
15d7f698c8fede7edcc6139e60fe2d68

SHA1
2c38d8a25fad5bc5893df94723ac02ada54534f8

SHA256
8c4645c8bd221d396dc61bbc433550388574f5e3ec7b6a71d9a1e7cdeba97be2

SHA512
cefc44db6055fbfe20dbc4be60f728ea7bf12850b796579efc44b2dac7f525a5e2a073192980c729b8b449cba5f53a9cc6285e362cd12dd5e4f1252c1c681652

Download Submit
/data/data/com.honeygain.make.money/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
7f8050fb277620d0ed1f93e3963923c5

SHA1
90d4f73ca446229881e4003b8b3898bc906c3d75

SHA256
cb07d52837391bd2b515574ebafe096b049c87d909e269ebdb223dcc403098ce

SHA512
84d1eff4119dc985f7921ce68683f7dd1006cb3b9ce6af3a3bf3d39278be59dcbe3e2a15bf89091235d324fd6e4ae76f3e8946b2fa8d5b1386f7b286f9f3bef9

Download Submit
/data/misc/profiles/cur/0/com.honeygain.make.money/primary.prof

Filesize
2KB

MD5
d3839436c5a031a399d8013498d1d8ca

SHA1
8cc86d288b2fde3fb8865aaf5917ebcabe172e35

SHA256
5cfbe4510533731713977c8db762f3593b8bd9946952337d48dc8bb4e94b93d6

SHA512
43e1fe1f4956389fa4d93133730b4fd3069f3fe52e6cd911d6bb364b518fbb1abaa42efe06ffdbaaaea8dd852529ee35ca6d2f2c7046439dd3e7e22e6d5ffe66

Download Submit
/data/misc/profiles/cur/0/com.honeygain.make.money/primary.prof

Filesize
12KB

MD5
59f9d1e32d04c6c53ebe0335acddcc41

SHA1
92e2e987f968f84f48238fd21ca89770cb6572f1

SHA256
5389d8ddc6ed04d6488dde8cd2dc42157c57750039a711b22dbeeb58a18747ff

SHA512
7a0c38da633a41eea9db2d305c0483bdb6be339926c043df4a296c54f79cf39b056154ced0f15b65b0c3f962c0cb96f65dc30a2ffe01c6a4802f03e959283f34

Download Submit