7ad1bab90675a7d4463a5df4b759842a11e7d4243d20e1f7a09f30b32c45ab26

Analysis

max time kernel
179s
max time network
193s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
24-05-2024 12:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

freeplay-tv-en-vivo-gratis_1.0(1).apk
Size

6.3MB
MD5

8e41193f22ecbb233404d5b1a9cb51e9
SHA1

6bbb0fefdd32a32d21e0dbd11d13ab606edcfafe
SHA256

7ad1bab90675a7d4463a5df4b759842a11e7d4243d20e1f7a09f30b32c45ab26
SHA512

ad492f084c0d726df4a2dfb7b95c69b07e046d90f4cb06a9946299a5c6645c4f8222b21102f4a1d4b120b5ed1d00243eddbb4f0bcf641661599234c5f6614cdb
SSDEEP

196608:90fVnY9Vb0sy9FHbBqgl5BZn+HYQpcm8a:MhYvb0n9FHrl5f+HYQd

Score

8^/10

collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

freeplay2.app

ioc process

/system/app/Superuser.apk freeplay2.app
/system/xbin/su freeplay2.app
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

freeplay2.app

description ioc process

File opened for read /proc/cpuinfo freeplay2.app
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

freeplay2.app

description ioc process

File opened for read /proc/meminfo freeplay2.app
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

freeplay2.app

ioc pid process

/data/user/0/freeplay2.app/cache/1598581401714.jar 5261 freeplay2.app
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

freeplay2.app

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener freeplay2.app
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

freeplay2.app

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses freeplay2.app
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

freeplay2.app

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone freeplay2.app
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

freeplay2.app

description ioc process

Framework service call android.app.IActivityManager.registerReceiver freeplay2.app
Acquires the wake lock 1 IoCs

Processes:

freeplay2.app

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock freeplay2.app
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

freeplay2.app

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo freeplay2.app
Reads information about phone network operator. 1 TTPs
discovery

T1422
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

freeplay2.app

description ioc process

Framework service call android.app.job.IJobScheduler.schedule freeplay2.app
Checks the presence of a debugger
evasion
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

freeplay2.app

description ioc process

Framework API call javax.crypto.Cipher.doFinal freeplay2.app

ioc	process
/system/app/Superuser.apk	freeplay2.app
/system/xbin/su	freeplay2.app

description	ioc	process
File opened for read	/proc/cpuinfo	freeplay2.app

description	ioc	process
File opened for read	/proc/meminfo	freeplay2.app

ioc	pid	process
/data/user/0/freeplay2.app/cache/1598581401714.jar	5261	freeplay2.app

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	freeplay2.app

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	freeplay2.app

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	freeplay2.app

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	freeplay2.app

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	freeplay2.app

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	freeplay2.app

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	freeplay2.app

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	freeplay2.app

freeplay2.app
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5261

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/freeplay2.app/cache/1598581401714.jar
Filesize
9KB

MD5
03ee9d194982da8259d81957162c9795

SHA1
f05ab5cc908262c4dd51f3e8ca49bc346dc136b2

SHA256
d44cfb6b41231f150cf310c7c4d399be9587294e3727197e046db4a1c2c3ca3b

SHA512
241f97312aa3e4547ce7f3195667301872bded70880ce33641a26292530ec2c22614a85c7e2437c5a88fff0e6359ef9c253caa79fa49a025869ae5dcbae524ff

Download Submit
/data/data/freeplay2.app/cache/journal.tmp
Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/data/freeplay2.app/cache/oat/1598581401714.jar.cur.prof
Filesize
109B

MD5
2165683b5a624969fad201208ae861ad

SHA1
ec28e2a7441dbb4a14bbb80ffde3d7ead70bf98e

SHA256
00ba4e960be1fca09a637b085f7230010bd90fb8f6134f50de9b5675fac6d2a8

SHA512
c390b88685b3f67f859c372c78af2b704da3f0bbb3ed2bf2f99c0a3e7a985f637d2398f82164a6b2292d46c109014c4cb685e641a28eaeb227f1b0e2e4597102

Download Submit
/data/data/freeplay2.app/databases/androidx.work.workdb
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/freeplay2.app/databases/androidx.work.workdb-journal
Filesize
512B

MD5
cf18157425a5bc7373c27b128d791f90

SHA1
cde5d24cdf2e49861914462da941c0d95ea7c004

SHA256
b5407f4043ef1387731d9cbdfed5c4ac32b47b550203f2cc7ba7ee2d8b83fcd3

SHA512
071cbbae431f250188d19b4c6fdfaacad83e90559fcdd5b4f4e9dc9a271f86944f594a79709659a4244654fd5d2a4de409d2435795f6f66fcb49f4564619ab9c

Download Submit
/data/data/freeplay2.app/databases/androidx.work.workdb-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/freeplay2.app/databases/androidx.work.workdb-wal
Filesize
16KB

MD5
06a08028c213f0d9ce248955b6eb5de8

SHA1
15479fda5d7be23ba85bc7be9cd2ef67f5ca9b74

SHA256
439a66c2e64595e648bc6b845af6d363dc037a695bd6ab8eda0cb519880b0978

SHA512
e2f3d4c5187acf22f6fd61f64652a493653107b8e2e10b5a3377bf6a8445b4a7ac9d85cdd4aa1bc7db3641783421814258cad8f504f7fe5200fe80d79466e85c

Download Submit
/data/data/freeplay2.app/databases/androidx.work.workdb-wal
Filesize
88KB

MD5
8e3ea7eff742dd6c3b46537b6f930bec

SHA1
b6e09ac82c2b870182e0199a00b789705557ed0a

SHA256
06f1b9365620a851368a0b02a7d2e877e8da8bd14656be3ec3ad51e8869089e9

SHA512
2a9c471b1dad3e61ecfc7dcbf79c03c479eebd0c3b4e7a0e4ee97379084bd2765a298ceb6bbdf188218aceb968a99e8299cb8b61a405fcdd25954ec6c5a89dce

Download Submit
/data/data/freeplay2.app/databases/com.google.android.datatransport.events
Filesize
40KB

MD5
3cb59929f0caee1f7551cb5f45e5a1f5

SHA1
b149e56d170da881826d4555f64b1cecebb2f680

SHA256
4c57d21e4663f00920b63ed9135bcd314de3eff8eec917bddb7299230b266d4e

SHA512
71cca48c19b97be2669b74f0b24097def6f209cca8ce6fb5c88db7a55dbb142eb21cea4f227d18c23fc6fafd15372bd321b1b29a9cdbd698da640529a2ed4e9d

Download Submit
/data/data/freeplay2.app/databases/com.google.android.datatransport.events-journal
Filesize
512B

MD5
39a0b5d0341139d5cb7214af0b65b25f

SHA1
6c87c836bb2776246662c6c17502a7d2e11f9c3e

SHA256
107b69d82332981c2ed54e4c8dc3fe922cb1ac5933a34a9aba47d3f203dd0f20

SHA512
4c70c02bdcc14e9274159c3d0adde8748866b1a229244cd23fbf31038033ba399d9f8d3e16eba110f9aca94fea32c4c173a308bfa6801e18dce7fc7c41b019cb

Download Submit
/data/data/freeplay2.app/databases/com.google.android.datatransport.events-journal
Filesize
24KB

MD5
cd2e12a08b1d8e1f78f2bb9f6146a1a7

SHA1
e95c3d89265e3606116a8db0955caafc9a6dd9de

SHA256
f0b023bca1a88c9543ef5494a0942c963b0109a2bb2d22a7720ac90ca281c94a

SHA512
4fb682fbfd4dc88ce197794c6f2495ad615a561ae4c202f38cd8e9b89160f8448fb3b474427fa2969ff3118dbc2074b7ea914d5ae14266cccfac838d60816b46

Download Submit
/data/data/freeplay2.app/databases/com.google.android.datatransport.events-journal
Filesize
8KB

MD5
f21d43afaf8e9af83d8dbcb4dfd90b97

SHA1
1d02e3377e056d27bdb51ed8bb30ca26bf0323be

SHA256
d38a4794c27e8f7c0a91ede46c525ea85fcd5c533430b4a75f00023725f31860

SHA512
5531bb7b477f07464c287b31f84eb8c4fc659e770915fd8450c87214b7735f82f0a31488484ea9151c8027db1f1ed4999c634ac8cbee88b0a7555a839223f9b6

Download Submit
/data/data/freeplay2.app/databases/com.google.android.datatransport.events-journal
Filesize
8KB

MD5
864b3ccdd731c8ad43c4cc477ef02fea

SHA1
c6c4f6190f3ca423847e96ac20db5eacde473be8

SHA256
ab3c13a6995a71a389677e862bc61367f35f275b2abf44cb5b59b385fc4faa53

SHA512
1027c1ca8f334afac3d76da230c339cdd7d6c433bdba2cf4cff1763307fbad485520c63f1bfbd370e5bfdaff63040ec10165c5aa88f365c2dac644d55aeb8ccf

Download Submit
/data/data/freeplay2.app/databases/google_app_measurement_local.db
Filesize
16KB

MD5
c37b04e1c5341ba6ea283ba0f7964664

SHA1
c13868849b1b85de3232d5677ab62908bcf94897

SHA256
93847d79b16e79b0c497c2b33803e2e2eea12b2ca86c6e9e1c0a24918ada71de

SHA512
69f56aadf8e8b731431f535a09500f18c73a734905b0c3baa86e1f03cc1efbc98aff04339dea8fd672025c9eeed759c8d4f945e2d3b2e4e779daa5c054ce9392

Download Submit
/data/data/freeplay2.app/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
aea2ba34a24f155e6642c46d0679eb4e

SHA1
143bfa662ff5b0ede1906b57ab69e86a6e2e2786

SHA256
a019db582f0aef6f5188a1b6d957aac5545cd27e68b924303148e4ee5559e7c6

SHA512
bb90b06bce6b6260c9892622aad83bbfb62268dba3fbdcc4f8f62b4282856f9e7017595d1abf3b1bb9c94165a69fd9b7a07b5b63c54233c598aa21c79e3b7d51

Download Submit
/data/data/freeplay2.app/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
60bfd28625c034310a606cd0c1ba1ba6

SHA1
fca960a649040f039f6155c71bca4eb3c7a6c14f

SHA256
20747324a342c45310f882371c3cba5a0a3759fc552603659fd6bedd9b3cd991

SHA512
c07c7c1d28910cb989a07ddb6323aff5d5b400ff690a5e46fed5cb01cc2fbc9c92501445274a8da6156556da74f5f2dc1e252287fefe68a96d005e1678bc0926

Download Submit
/data/data/freeplay2.app/databases/google_app_measurement_local.db-journal
Filesize
4KB

MD5
28e1c22f76df3ec7e9ac40bb3e4bc0f7

SHA1
5499267462efdad914fdeb9e42d9d99f759e38bf

SHA256
7dd0955367e9342da8252a6d145f82bb89193b9eef6fbdf9917e9e3a72138d81

SHA512
aab9ef7f2b2060e1dce18169e67061f22602a2c9a4355b1248d13861cadf08bc45d1c76ba2b82bc23a3b190955b83e1c92c72a97b6a2e7d2d937ef6c094041e1

Download Submit
/data/data/freeplay2.app/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
6381dfe40ab3723ea47135961fd4d2c2

SHA1
751417b1988b2aa1441834e4c9577fc5ebab1744

SHA256
95a94b5a74a0d493de694c987a1fe50c4974b2aaa9248828dbedc7e7a83f1f02

SHA512
b047913cfa1460c3d86fc1951be49fe03dc895f8a08c079c30f66cc058e150a9a99299c43b9b2834dc25e7f9c402f937fd33d765c9e2155d78ecdbb6e4643737

Download Submit
/data/data/freeplay2.app/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
f38816f96c2767ffd7146175cbaae299

SHA1
bdefd7c758b0ed52bf4df7bea327656950801869

SHA256
978a2cfc6e7ee77511323d89d0bb5ba23ec4363cc4bbe6f51b9306ea79771f36

SHA512
1cf02ca94b77cb767f597b021aaf5f18563f8472403831ff9d96e359306a4148f10a593039030e020e80f48cc08d0e4e7d4bd9be7f011f00feade9b57217ee40

Download Submit
/data/data/freeplay2.app/files/.com.google.firebase.crashlytics/665083060050-0001-148D-3E4004E13981BeginSession.cls_temp
Filesize
75B

MD5
80a26d6865598c26103aab5d07e28785

SHA1
ca40a6fd3701162f9cd9ade7d817b73611f732a4

SHA256
dbcdb6e7cc689b6a45f9573d829c59b71aee897411af6e0a4dae66e3d9044488

SHA512
998f78c25d07605146f86552f05c607d0cb670d5220f7e3f05bf7ef2022d34c7510dd1f3dce3fa373fd2b075397e6a5b6afa977afd132975c7d67b2be032f98d

Download Submit
/data/data/freeplay2.app/files/.com.google.firebase.crashlytics/665083060050-0001-148D-3E4004E13981SessionApp.cls_temp
Filesize
61B

MD5
b910fd8e800bfe3ee63f567c3078797f

SHA1
d574cf82a1cee331db787f3449a6f2dfe5e5796b

SHA256
8a40d52e8f3572c6ea3163110d33da09680be005c992c8553e2d9c6898db38cb

SHA512
0dbcb9accd0f155c82222c46eff3e6f3df2f4aa2e038ccdfa89a7819899f67a868be403c879b4c0770a5a37de500291f7c2d1a27c76d234cf099698aef41ed63

Download Submit
/data/data/freeplay2.app/files/.com.google.firebase.crashlytics/665083060050-0001-148D-3E4004E13981SessionDevice.cls_temp
Filesize
48B

MD5
2390c1f21db00b20c07107e3ec7275fe

SHA1
e663a646460acc071aebee942cc1776c23d77655

SHA256
d348072a01496839cfcde3a18866423aee74aefd613fa3bf1ff4a203ef46a699

SHA512
43ff60754eb60795ca1c318f44dcfe49194add26cc3d92c2eac7bef538fd65b6290f2e5953b8f1693b9425ebbcdd022ab16a18280146ee0b0c2eefe27bc0bd63

Download Submit
/data/data/freeplay2.app/files/.com.google.firebase.crashlytics/665083060050-0001-148D-3E4004E13981SessionOS.cls_temp
Filesize
15B

MD5
2566d27ce8c28d8961f082c375d7535e

SHA1
92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf

SHA256
5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a

SHA512
1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

Download Submit
/data/data/freeplay2.app/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json
Filesize
709B

MD5
f362c46fad96b2eee0b9a413c6241221

SHA1
d37429c4988f8754a650b397c278deece2453b42

SHA256
bbece431875d2abf9aae04508053b473d74acaf4ba1dbce82be2b96bba7f61fe

SHA512
e56ce252802eace136d7a5258345c5a6c3690d5e7a45acb90d4f2305235e5bf5a62d460d1be46b367c35cff784313710c22a292fd7ab0d9b07a72137803687cf

Download Submit
/data/data/freeplay2.app/files/.com.google.firebase.crashlytics/report-persistence/sessions/6650830600500001148D3E4004E13981/report
Filesize
731B

MD5
9051863e377be3b84efdf5d3cdd50570

SHA1
3c1a92f0d3f32884081843ec78f4d00c8860959a

SHA256
7b1cf1ec1bba51b657ca661d34dafcc9f25282cdb0f53325ae65c2330f12dd99

SHA512
f537681a32dfaf23d03181bef55526f127d7c64ad1249bb2786bb2942c04b6865288618234e668ae085bd708c38dbbe41d16b1b350b789df648ec1aea7b2ec3f

Download Submit
/data/data/freeplay2.app/files/PersistedInstallation1000671794034862842tmp
Filesize
90B

MD5
067d6abff50a61b109089c90584bcc2a

SHA1
20d5b4e1550175e2d01a969a01243631066e3080

SHA256
509dc416a5f68d6cfa38e26e8729fd4e9840262a1e0aaab7b5eb43f27221d996

SHA512
83c4dbcbf23e43ab4291c01e185cacd679037229d96750b8de52898cbaab657c5abd2a404790c4117671d80e6cf98dfa64c61b4775642f06880660e7c1ad3783

Download Submit
/data/data/freeplay2.app/files/PersistedInstallation6926631255368219413tmp
Filesize
570B

MD5
bd2746f0113712b2b1e72bd27b3043aa

SHA1
8220bf26f446664255576d9336d4b8aae76b5b9f

SHA256
84741bba1ea44109981c276d1277ca81b47e5627c5af0b79415be2cbd468290c

SHA512
74149b8ba8d8cef131af10c33ec7744530dd9002a4244ed647355013c9c172eb81663f38e0a92cb0e54917050dcddd3cf5e1534d2a525761096f0481157b6160

Download Submit
/data/data/freeplay2.app/files/frc_1:921579615390:android:8ca1d4c13dc8f42a7c378f_firebase_defaults.json
Filesize
1KB

MD5
61cf78241d7bc7acb8d7a6ec0cc6a3d3

SHA1
c212b6c11e3095b738ec7230db7134ab05248b5b

SHA256
c59402884b1d370ce2ae311f76e17c108c0481e62c397484901cdd35e9c86f89

SHA512
2c06e5319910fe9a837eb9bb6c0fbff95505a30d5e86029bc5962a84c14aa124b3c282d4b2803611fdfecbb2ea020ae98e3405d79b76bd0d5c3ca12f49047ab3

Download Submit
/data/data/freeplay2.app/files/frc_1:921579615390:android:8ca1d4c13dc8f42a7c378f_firebase_fetch.json
Filesize
921B

MD5
aa93fda6979e4350b894a93deb0ba3a0

SHA1
77ed0ddc509da05019b4f382e4717272be38b87a

SHA256
e8f578515f460a4353649c010f501edc3a13fc6ca5b195ac592b714158f5c51e

SHA512
411c109b741fe14d749b571b1b6fd5269b54cc4778be7196bcbfccb937357748a15201d9c27d5aa4990a37f267b90dea935763ec2ba30cc818da5746175b552b

Download Submit
/data/user/0/freeplay2.app/cache/1598581401714.jar
Filesize
19KB

MD5
cf2ed89992c1145a27f078b9da17e96c

SHA1
2afc75b5bc6329198ec01829e6c6acbd0c0dee01

SHA256
84009ae4f9125e2d61a670b88e41ad81bba2161dc0910b4506ef6356f0ebeb78

SHA512
8240cd4dcf4087b5f02400853f6820afe4b2a8825089aaa661662539fcb857b78013f8f3a9dc047034f6f42168fffcc6c1727076ab0e4eeaffcad956659de6f5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads