7ad1bab90675a7d4463a5df4b759842a11e7d4243d20e1f7a09f30b32c45ab26

Analysis

max time kernel
179s
max time network
189s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
24-05-2024 12:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

freeplay-tv-en-vivo-gratis_1.0(1).apk
Size

6.3MB
MD5

8e41193f22ecbb233404d5b1a9cb51e9
SHA1

6bbb0fefdd32a32d21e0dbd11d13ab606edcfafe
SHA256

7ad1bab90675a7d4463a5df4b759842a11e7d4243d20e1f7a09f30b32c45ab26
SHA512

ad492f084c0d726df4a2dfb7b95c69b07e046d90f4cb06a9946299a5c6645c4f8222b21102f4a1d4b120b5ed1d00243eddbb4f0bcf641661599234c5f6614cdb
SSDEEP

196608:90fVnY9Vb0sy9FHbBqgl5BZn+HYQpcm8a:MhYvb0n9FHrl5f+HYQd

Score

8^/10

collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

freeplay2.app

ioc process

/system/xbin/su freeplay2.app
/system/app/Superuser.apk freeplay2.app
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

freeplay2.app

description ioc process

File opened for read /proc/cpuinfo freeplay2.app
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

freeplay2.app

description ioc process

File opened for read /proc/meminfo freeplay2.app
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

freeplay2.app

ioc pid process

/data/user/0/freeplay2.app/cache/1598581401714.jar 4612 freeplay2.app
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

freeplay2.app

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener freeplay2.app
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

freeplay2.app

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses freeplay2.app
Acquires the wake lock 1 IoCs

Processes:

freeplay2.app

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock freeplay2.app
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

freeplay2.app

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo freeplay2.app
Reads information about phone network operator. 1 TTPs
discovery

T1422
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

freeplay2.app

description ioc process

Framework service call android.app.job.IJobScheduler.schedule freeplay2.app
Checks the presence of a debugger
evasion
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

freeplay2.app

description ioc process

Framework API call javax.crypto.Cipher.doFinal freeplay2.app

ioc	process
/system/xbin/su	freeplay2.app
/system/app/Superuser.apk	freeplay2.app

description	ioc	process
File opened for read	/proc/cpuinfo	freeplay2.app

description	ioc	process
File opened for read	/proc/meminfo	freeplay2.app

ioc	pid	process
/data/user/0/freeplay2.app/cache/1598581401714.jar	4612	freeplay2.app

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	freeplay2.app

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	freeplay2.app

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	freeplay2.app

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	freeplay2.app

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	freeplay2.app

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	freeplay2.app

freeplay2.app
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/freeplay2.app/cache/1598581401714.jar
Filesize
9KB

MD5
03ee9d194982da8259d81957162c9795

SHA1
f05ab5cc908262c4dd51f3e8ca49bc346dc136b2

SHA256
d44cfb6b41231f150cf310c7c4d399be9587294e3727197e046db4a1c2c3ca3b

SHA512
241f97312aa3e4547ce7f3195667301872bded70880ce33641a26292530ec2c22614a85c7e2437c5a88fff0e6359ef9c253caa79fa49a025869ae5dcbae524ff

Download Submit
/data/data/freeplay2.app/cache/journal.tmp
Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/data/freeplay2.app/databases/androidx.work.workdb
Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/freeplay2.app/databases/androidx.work.workdb-journal
Filesize
512B

MD5
95c3b49245bf3903ee53125658008ffd

SHA1
0e05afb4212a1770f62c66fe867c8855731b57d7

SHA256
9d2fa4447ef259308885484829e8f740905d7fbc4c09fbd50356ad325b8bc97d

SHA512
e7a925dae960a3c7b412a7ac2a0b70f3911b3699e6c551f14977844310d6dabd024d0dcfdae7f564c767fbd5d2c505223581a06a93d2202298609a5ac7493db2

Download Submit
/data/data/freeplay2.app/databases/androidx.work.workdb-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/freeplay2.app/databases/androidx.work.workdb-wal
Filesize
88KB

MD5
8c2d8de12d58eb8f6959b4166aac438e

SHA1
ec39d515469ec7642ee8876734577ad630f3555c

SHA256
2e27e4264788ed36011edc2410442a3b54afe80130ca38cf02e0ee98f5621121

SHA512
4a7a79b220d2e27947113988d9d5ca1cab0434d3567ccf4ab8d0d4f91506eb39561cf966f87a53985ad3967352d897367397386144e02302689ff2e2bc3b16b9

Download Submit
/data/data/freeplay2.app/databases/androidx.work.workdb-wal
Filesize
16KB

MD5
c3257d515cfbfdd07dd96ccaa96a2e99

SHA1
a2c06a1dc85a8f9667bad42c274962f11140e69c

SHA256
82d0eb44494b10b47baf5daea7eb5bacd493f7fc0c89f96da57f5815241ff2ac

SHA512
7b91fb2ef67418bf73daf34bcc79b47ccf9d5724bff685170473f4257b22f49dd8f0148cebcc0726f92cd9117278a4056f2d5a3cfa8f952f347a73b3638cff77

Download Submit
/data/data/freeplay2.app/databases/com.google.android.datatransport.events
Filesize
40KB

MD5
5cb45bb54d66badcd11357ebbff000f6

SHA1
db4b36ce668645cfff59cd2eca12d0321bfd76ef

SHA256
fa24e31fd9b7562b6bd445783fd3074c9ff7d9fa1a0fc30c0a412119b274cf4c

SHA512
fd2cd9b8dddbd637019b193c0f3b4f0d7f1e7b2bb9812e6ef9445cdea23fc714d79e75c2b6d60842642c28c95b5b2e3a0da29c5fe050fc62feb04b5060eaf857

Download Submit
/data/data/freeplay2.app/databases/com.google.android.datatransport.events-journal
Filesize
512B

MD5
122c1e951491a77dc9cdbb89af623871

SHA1
5fb2bb9a85a0ef48c699bbb33af8d42d528c0e88

SHA256
4ceaed29f507ce78d0a5725737cef0b18f553a31888cf35718979a581f4db047

SHA512
8c2ffa194ca08361938209efb5e6cd3836db5501c613c04fe0ea17c96de553b2c3fbdb841b978a9798993962662ff44dc01e7d5e84eb971447142381e03098f9

Download Submit
/data/data/freeplay2.app/databases/com.google.android.datatransport.events-journal
Filesize
24KB

MD5
9a1b227bc8ed8f69f49e8d65b93f9839

SHA1
8fba2141c3cb621f8ac4fce71066b016cb493acd

SHA256
70e385de65c160868ce8530ab5a6391e39d6316275bb47514e195dab145529f5

SHA512
55a7684352d7eb604e0f6e67fb298b360fbe44cc7b4c150e54dfeeb9b4af6957c7d9ad6af20f3f7f8298d90eb0ead29c47d36522067a77c890e6a3292dac0a96

Download Submit
/data/data/freeplay2.app/databases/com.google.android.datatransport.events-journal
Filesize
8KB

MD5
047c2b9b9d6a9c5a790c549d26c73a6a

SHA1
f2660dd97ce790a822ec2389d21b90655a4ee975

SHA256
8a4ca805d599a25aa32ea31c0e40f51972833d04146c02df2699fcac5970f23b

SHA512
a4d53556fb768d03a40ee906ad91691f935c2ff8747c672914a834cd27f11cb202efa747307246b025808a0a351375e5432bf9302f4f84ae03d089618e77de37

Download Submit
/data/data/freeplay2.app/databases/com.google.android.datatransport.events-journal
Filesize
8KB

MD5
4e02f5ca14aa6b3257f1f493af24787c

SHA1
c3e2ca5cd2c5175de5d0c91f4af47d88bb6b6b13

SHA256
7d86f66f810e2b72e22678682166ba147862cf342df6960c41508da2018efbe7

SHA512
bee0861c879b583a37083d32bb4abe3174d77ab754aa6f0ee42196a6aa98d3451673548b0dae0c412cdd83e17d952a09687151b8b23ec2d0a8087ae0fdeb76b7

Download Submit
/data/data/freeplay2.app/databases/google_app_measurement_local.db
Filesize
16KB

MD5
138dea1a72b76471e2e7e947006d127b

SHA1
6dd3b2d17aef9a6fd2ea292553c3b7b71638da42

SHA256
d5a5dc273e29058ef64f7f8f06e73747c61f9ea7c4782a7b21cdb39c6f6fcea0

SHA512
e80a4eb9045fa5d2769a6d52733772fba6dd595308ff5fe72dc9e525870ce3f1140dabe7d6dedaca55d643f2027a906dc03be02af2d88c8df478cbe752bdaf99

Download Submit
/data/data/freeplay2.app/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
1c893899db9c9de9ad386d811c7a5767

SHA1
1196988fe36454a0fce843b4c98850b7301f7c25

SHA256
b64699a180081a7495877181a5efa829db52c178460adad59e8a36936585c4b5

SHA512
7b31a531222e710603f1c28b2b2caf6f75b0cb32da25825561e86f6f01bb784ccb38313efe9740ea3310d111640e054775aaa318441d5a5a6d0d909b980594d0

Download Submit
/data/data/freeplay2.app/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
47b5179415a59ffa30c0a8aa995aacb7

SHA1
f6bbc5a96b5ee227014a7e270af3a3875f600616

SHA256
4b8cac2bc8fb01de797fce3cfe80858d15326484deab551a79139bf240efa88c

SHA512
bc7157219e54c7055a4782de14614b5189fa7996e3b973a08a3ad8331755ee11d4d4be5e146452af403349150cf2d42faf37a9fc3a59510b52531ed4f3a86386

Download Submit
/data/data/freeplay2.app/databases/google_app_measurement_local.db-journal
Filesize
4KB

MD5
be652c9d7d6846494e82102149919321

SHA1
bda3d933ce800eef2c6ca6939ad3f8e3002832c5

SHA256
043b09819e8974b8cc804a2d947226fb70a68347502f0002054f441a1c456d38

SHA512
4a8d04aedca0c212d403452cd4bd4289692e4968bdf53bf79f568f6a533474c5795c4e12abfe1e746299d0d8849d69dc05adca1ff25292ff08ae0560c9a82831

Download Submit
/data/data/freeplay2.app/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
1b648742cfa4578fabbb8d65e1a8b6db

SHA1
14f73fcdebec7f3647caf9fd5527dcdb4e942fd3

SHA256
66d9c6fe4a0b7fa10f8fb481c4522914329319fd6ab9170dc7fca0cfedeee039

SHA512
3dc178c36b348c1bb931d4e5fd984a7ca3b267323d9e46d61bb146bffa10a1e6a7a99f1993b066299fd18d0b28b63eb742eeae11566dd90e60daa9c3e0130fed

Download Submit
/data/data/freeplay2.app/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
2af193af8765e9bfb4e6a82537524434

SHA1
06e6c7491196eb996d40f6342b6fd9a2de3363ed

SHA256
da96e82b4bc2727e5b22089e6d3eec5203af853f4737693330cbcd85cfa7995d

SHA512
d181c7363036642e256f0440d91ee985c820da286c8c5be272ad6053d38c36f943662af1efb66cc4ebb06c3984d209dbad40cc3f7cdec1f54d7698d16154b81d

Download Submit
/data/data/freeplay2.app/files/.com.google.firebase.crashlytics/665083040218-0001-1204-3CEB5A868B02BeginSession.cls_temp
Filesize
75B

MD5
ed7541ec2baa7dc54cf0a00a51b10bdd

SHA1
8cc79c9d5c77a6e7860071b372b00c37147b61e8

SHA256
2b1cd42687ae22fbc46c6dc4f549ed06c343d26822a19810847fdfc512fac7cb

SHA512
a93444f2816188a9ee6e68f4eaf420ba03025a76d2933af84ef904c35d78309a4268efec42bbcbe7339b9068d2df669515d684fcf598c2419f13393d82bd1f15

Download Submit
/data/data/freeplay2.app/files/.com.google.firebase.crashlytics/665083040218-0001-1204-3CEB5A868B02SessionApp.cls_temp
Filesize
61B

MD5
1e0b717be31b894a21bf3860daa80754

SHA1
6d3219fa167a6a89b77c3a8035215301e4901b0a

SHA256
e1bd6c9f8e719f3ee6e356c6cc1ddcf6d7d9d3b253ce7814a48a54d61ad77ed1

SHA512
a6e286243ba65bcb7a818a6e867da238a82dad2bf635a3d44966dd37678f143df124440ee958e4ca2e7136478d29697911521f8bccbba09e5724ab3fe963de37

Download Submit
/data/data/freeplay2.app/files/.com.google.firebase.crashlytics/665083040218-0001-1204-3CEB5A868B02SessionDevice.cls_temp
Filesize
48B

MD5
fd6372364a5c5c9cf8945ac3ea7a5d94

SHA1
3c798cab71f6ae7a81e71e58712368231230588a

SHA256
7400bf714ca32b64dd89440c9d5ace4e0115ddce44d169839e465df0e1638641

SHA512
a18b18d061dfd979bce1e0b769009668c322300e7174f51d2532e86dc6018769194507a106dd30b97317f8c1a7539d13a7baeab2900c1e00da7c74e899dab276

Download Submit
/data/data/freeplay2.app/files/.com.google.firebase.crashlytics/665083040218-0001-1204-3CEB5A868B02SessionOS.cls_temp
Filesize
15B

MD5
b3d9541cc92a9153d14e5160f8d8c008

SHA1
2e1ac80eb381dd82a03795b682f92020348c0113

SHA256
1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d

SHA512
78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

Download Submit
/data/data/freeplay2.app/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json
Filesize
709B

MD5
60a2eb756b90863f7647529016d25c1d

SHA1
556895557d14da356ba913d57199f8b6bf23f9d0

SHA256
0d6fa982ecd53cc0bd193047ecb36f2260a4ba9214ba7340c4bfe7ef02a6474f

SHA512
904ba69d0fd0cd8e05c639134eb9c9f9656e9dcde77f7d6533071a805c2b084d471e6f2ef63a5542f5f9b51c66dd124d530372bc095b31099b59aaac0637e9ef

Download Submit
/data/data/freeplay2.app/files/.com.google.firebase.crashlytics/report-persistence/sessions/665083040218000112043CEB5A868B02/report
Filesize
731B

MD5
d37f606e36e30b6789e37903caea4e44

SHA1
cfe96611323102f4e3268a1481d160586aec722d

SHA256
3c538b49f7c2b7c52b4eb56196be4573c02ee44736a0275dfa25f8d3d78c73fd

SHA512
1ee5638b914041dc876e5fbce11c66600c2d3faa6befa0610070492a3eae8ede1e4e982792bc31d41d8f5ab484dcdf87e5126dc74a98ba1c888de298689d2d5f

Download Submit
/data/data/freeplay2.app/files/PersistedInstallation4865646202174169302tmp
Filesize
90B

MD5
573f8480a21daa734f78363e5f62540a

SHA1
f37d4f6e85e9124316b3130325e4ba8e33189e22

SHA256
97ed8665359d6b25280f4083aafc0550a462532b3a96e57b9b006db56eee478b

SHA512
86412752b8ef948936ee70a1b3e14020e546d8618692b337dc906d159d473eba14e823f3ccab8b1166a74b37740dece3775e88932dce9c3f45fc16990893f35a

Download Submit
/data/data/freeplay2.app/files/PersistedInstallation9092153852401407076tmp
Filesize
567B

MD5
5d0a0ff9eec871e57077a32ce4615b60

SHA1
9811d61d2180de781c35488b06fb2abae504418a

SHA256
320f055346667f54960b8a7490e4d20f952f91603d95da73336a8b2cd12a87e4

SHA512
6f2f78eec46baeeedbb99f148217a6dfb4a27d083958e4bc0fc09df4bac531ac7f1d4dcf2ba22b4b42df14b173fa7157eeda6657a1704aa3c8392bde9f98a5d4

Download Submit
/data/data/freeplay2.app/files/frc_1:921579615390:android:8ca1d4c13dc8f42a7c378f_firebase_defaults.json
Filesize
1KB

MD5
61cf78241d7bc7acb8d7a6ec0cc6a3d3

SHA1
c212b6c11e3095b738ec7230db7134ab05248b5b

SHA256
c59402884b1d370ce2ae311f76e17c108c0481e62c397484901cdd35e9c86f89

SHA512
2c06e5319910fe9a837eb9bb6c0fbff95505a30d5e86029bc5962a84c14aa124b3c282d4b2803611fdfecbb2ea020ae98e3405d79b76bd0d5c3ca12f49047ab3

Download Submit
/data/data/freeplay2.app/files/frc_1:921579615390:android:8ca1d4c13dc8f42a7c378f_firebase_fetch.json
Filesize
921B

MD5
c0fff6867e8c57b7522e8d621bda58dc

SHA1
0aed665849e5b4ca60ec1c6d5329eecb89043c51

SHA256
edd85461bf29391e293114d2590759333f9bdcf778880a3fa75881057c0d23d0

SHA512
5882fedf00546b99cbd7c8c578e8ccf846918ebaae8ab93eb00da6bd074f1467b7272786c16d8568db6df0d3bffb50587c7a0278131ed77e9cf706f5358c25a0

Download Submit
/data/user/0/freeplay2.app/cache/1598581401714.jar
Filesize
19KB

MD5
cf2ed89992c1145a27f078b9da17e96c

SHA1
2afc75b5bc6329198ec01829e6c6acbd0c0dee01

SHA256
84009ae4f9125e2d61a670b88e41ad81bba2161dc0910b4506ef6356f0ebeb78

SHA512
8240cd4dcf4087b5f02400853f6820afe4b2a8825089aaa661662539fcb857b78013f8f3a9dc047034f6f42168fffcc6c1727076ab0e4eeaffcad956659de6f5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads