d29d6904e3f0885ec4e799d02be729c0edfef28ecbdb0ba88ce84566b0bf37df

Analysis

max time kernel
48s
max time network
180s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FreePlay TV.apk
Size

6.3MB
MD5

3d3fe79ea520cc4fb59f334aea9bf493
SHA1

7a9a87fa88ed4f41a6ce2a92f0d86481f189c7f6
SHA256

d29d6904e3f0885ec4e799d02be729c0edfef28ecbdb0ba88ce84566b0bf37df
SHA512

c06736d5c842d19a6bf35f6fc17f117abba60fda5932c6e0ae764f583e6213e0c7f118b880ec1abfbacff3baa45d0e68add84b50ced597d7d0712edaa9eb4b1a
SSDEEP

196608:b2cgTjgK3nRkrIohjaSdAV+vE5Dgsr+HYQPdqsO:b2+K3Rk8F4AWKD7+HYQs

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

freeplay2.app

ioc process

/system/xbin/su freeplay2.app
/system/app/Superuser.apk freeplay2.app
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

freeplay2.app

description ioc process

File opened for read /proc/cpuinfo freeplay2.app
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

freeplay2.app

description ioc process

File opened for read /proc/meminfo freeplay2.app
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

freeplay2.app

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone freeplay2.app
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

freeplay2.app

description ioc process

Framework service call android.app.IActivityManager.registerReceiver freeplay2.app
Acquires the wake lock 1 IoCs

Processes:

freeplay2.app

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock freeplay2.app
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

freeplay2.app

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo freeplay2.app
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

freeplay2.app

description ioc process

Framework service call android.app.job.IJobScheduler.schedule freeplay2.app
Checks the presence of a debugger
evasion
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

freeplay2.app

description ioc process

Framework API call javax.crypto.Cipher.doFinal freeplay2.app

ioc	process
/system/xbin/su	freeplay2.app
/system/app/Superuser.apk	freeplay2.app

description	ioc	process
File opened for read	/proc/cpuinfo	freeplay2.app

description	ioc	process
File opened for read	/proc/meminfo	freeplay2.app

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	freeplay2.app

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	freeplay2.app

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	freeplay2.app

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	freeplay2.app

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	freeplay2.app

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	freeplay2.app

freeplay2.app
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4353

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/freeplay2.app/cache/1598581401714.jar
Filesize
9KB

MD5
03ee9d194982da8259d81957162c9795

SHA1
f05ab5cc908262c4dd51f3e8ca49bc346dc136b2

SHA256
d44cfb6b41231f150cf310c7c4d399be9587294e3727197e046db4a1c2c3ca3b

SHA512
241f97312aa3e4547ce7f3195667301872bded70880ce33641a26292530ec2c22614a85c7e2437c5a88fff0e6359ef9c253caa79fa49a025869ae5dcbae524ff

Download Submit
/data/data/freeplay2.app/databases/androidx.work.workdb-journal
Filesize
512B

MD5
6b2189ca734d594be00da40594cdf7e2

SHA1
c31a26e0cf26b8eebd8efb6f5d0a601aa31b0b64

SHA256
94cea412369b8b0c289645d8488a36105580f3de942ce9d671474f6920654f2c

SHA512
ec1cbc633bb6b228dd0a034004673cebeafb3e241b915e7437b859d15906c4a05430f523f2d9e9ad2a6040d028fa97c5d456cd7c034ac57c2193de3998c49d31

Download Submit
/data/data/freeplay2.app/databases/androidx.work.workdb-wal
Filesize
16KB

MD5
ad576edb8261e9f7ab1eaa1df8892a43

SHA1
f282baaa07674047729eb6f20332dc99c6666cd3

SHA256
94e254251f3d33d880df01fe232361f0bef8d1f037d10ca6caf9dd68462c8746

SHA512
efad109ab6abd70604337dec5bc7ccf970739d166ff36991df7a78db86cd0754ec4c2dea8e94b08794c7fdd6b023a8ba4cdf8717176656b375a6a74ac2a4b6ec

Download Submit
/data/data/freeplay2.app/databases/androidx.work.workdb-wal
Filesize
88KB

MD5
02fbed28a773cee6ffdd8fe2a062657d

SHA1
eb515609452d10b199a887e81b08568b324e5650

SHA256
3cc01aa52294e43aad01eba605ac0ba18325b5ed0fbfe3b91a2460e9b6222e99

SHA512
204dd8eb86523ac3a5bb50d0d10f46e7834a11fbfb62d7ca577f5cb2da052614fc2508b321ad7d6f280c258e2818c498c269d1590eb4e2f8deff2469307c093a

Download Submit
/data/data/freeplay2.app/databases/com.google.android.datatransport.events
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/freeplay2.app/databases/com.google.android.datatransport.events-journal
Filesize
512B

MD5
2e9bd40af3506b29a2092b8f43eb4e44

SHA1
30efbbb98ba5f594e5742abb35ddcf11c6a57b40

SHA256
e04146d945763d02536bdd28469ce6709fffb65a792086c76d86a404416ca75d

SHA512
c76b048fee13930dd5e9c83a17495bb06585fe8ebec199a40ae66c237ad485951551fdae8a473e34d63fd35541170485b7680366cde6e639a619085499700270

Download Submit
/data/data/freeplay2.app/databases/com.google.android.datatransport.events-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/freeplay2.app/databases/com.google.android.datatransport.events-wal
Filesize
72KB

MD5
f1d540ba90787ffeb28c7bb544d469d2

SHA1
4d4cc90c208de8d7febf62c487c44164a3631397

SHA256
cea479a7ab3d961ca59d1078f9c4428eb9c304c3de50247cdac39b0a6133a9e5

SHA512
4fc912776841e5f753091e1ab6ae40b2a92f187d2289e13bd1443cb6cc029d86743a86b20bf66b2b4e15604a5492f513f8afbcf6b87f0cef9efb1b8a9c3a5cf6

Download Submit
/data/data/freeplay2.app/databases/google_app_measurement_local.db
Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/freeplay2.app/databases/google_app_measurement_local.db
Filesize
16KB

MD5
fc1ea4d2456ce4f7832ab7dba6e4ec99

SHA1
1f0b37938b279ec1bda6e1fd07b77486248fcee0

SHA256
7391c3c9e26508c661dc5b5715f109537be881167b24f96df524927a4b3eaf98

SHA512
476cc3e6641731b6a920f86bf21a305682e2863583248b98fab820d23872dc811f8e292ac413c83b434f09a21f18946ffcff9ef0de964898d56af633a67e1ae0

Download Submit
/data/data/freeplay2.app/databases/google_app_measurement_local.db
Filesize
16KB

MD5
1352e3254d7d59f70ea1e056d73550f1

SHA1
f5a1d74fa343971bc55e9001b4a447c418fc5d5f

SHA256
3bf4038489503eca02a9dde5f68ff8065f35e164e246931f5804ad11331196a9

SHA512
c8f97b8e89a555fb2e3ad7be64fcd53f878f934231feae091076a599d46e61af3c22adf68f806e16db0cd7445ecc6a0a64e45b35df84094cec96a509938586be

Download Submit
/data/data/freeplay2.app/databases/google_app_measurement_local.db
Filesize
16KB

MD5
318242d4c10906640712055839c2b929

SHA1
3803dce9731e87d3dd8efe1003f04547d9ffb4ab

SHA256
af0e6c5b6691a26e578533008ff847bdfae8438eb5053ea9752fcd63cf669958

SHA512
b847aef9377a493f6c50dbfd88f5b817a07d6b94801becdc040a84946d748947921a0c60519e5c59a6a0eda19d5e5bccbd84644e95aa43932ce357acd72086ae

Download Submit
/data/data/freeplay2.app/databases/google_app_measurement_local.db
Filesize
16KB

MD5
5669f9d0b32af1fef9438dbdc13c7e70

SHA1
54c1278c8149f2b5256b916c6ec5b3ef57de2887

SHA256
2a154f3152d160024dca405a7169f13defd788d34643a64430b7e20594ebf360

SHA512
547696896f2d06c0076a91fb6fe6730501b6881217f11f932a14328c10781c8f3137ff998720ad8cb90b3cbf908c52c6621d58492a6b0d692b21ac76e7dabf15

Download Submit
/data/data/freeplay2.app/databases/google_app_measurement_local.db
Filesize
16KB

MD5
6626783af72a0ccdceace420b7e7e50f

SHA1
b902a217ee0cf292c54c17e85c1ae8d11fa8812a

SHA256
82561f2414a061fb1151f505c883b3890c63e28bdad0535b6e89eeea0365c139

SHA512
793d8e1373c1818fa8baed46f4c2981b29cf2826935602efb825924cfa6534765f0204a7f9217fc87f5d82787e059cc97a2a1e935fe02183f116fbfc0487776b

Download Submit
/data/data/freeplay2.app/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
6e86e9face730dc31d5ab633d6bd5be4

SHA1
62c2d83a76247941b8ef5df3ef5ac1ad121202f3

SHA256
f96b698b2ae0a2721f10b9cfe639a799be1dccc537c2e32c688e5e2d6a33ba3a

SHA512
b10c8f5190cb85d85b2d3cac331287b469e4a3654438bcfae0a5e9d6b536f3961244ffaa6ac4818a334ecf62e65764d0e18437bef3185e310a1d0c9a5197b4cf

Download Submit
/data/data/freeplay2.app/databases/google_app_measurement_local.db-wal
Filesize
36KB

MD5
452eb89bfe9715e714bfeb533932d8e2

SHA1
668832db1bd10530b96a1598f422a05ece31184b

SHA256
0b53b6ceaae327b1fbf85f9747d89be2ed89c5c1bb88c054fe96d6fffe51d847

SHA512
93431bdb633ec353749c0f2d7d7ca0a60937a00939c7183aa6256d80c62c3daba1d7e4b1de8a96da91c43eabeaa0ee9ac798df7adffdcfaa9f528ae0f2bbb72c

Download Submit
/data/data/freeplay2.app/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
6547c64700d41eff63d007ed787a340a

SHA1
ef5c06f707518a2b3794d0165346a54aad300f5b

SHA256
e1d84b30c050ec9cd3229c261573dc2f8b23d480d87f13a3b53632ae791bae84

SHA512
6807c40a21f11bd6b21ec57b81af0987b58f3cbe0015f3646ad4277699ca79f56b2b72e75d9906261e4e757e100d2815c9c9a4c232ce7e6d3097f5898180f400

Download Submit
/data/data/freeplay2.app/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
14f89f6039633e7b3712b043132256ab

SHA1
1f34acd876b121d6a23cd1e37c5ea65f6427ffc1

SHA256
7b1e629bdb89c4b3d9f4b34e9ae14b5128f2c0c99ac85e122b30d3cd9f0aa4cb

SHA512
58983635c39a794e21147989aa4015f4fd839fc9011afdb56dca9a984ae33d6a77a02a036d1cd8ef8acb1309616a61ccfe7aa62eba29233334b79879f79a7ef8

Download Submit
/data/data/freeplay2.app/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
79e8a7c720a14bb0406148afd1ed63cf

SHA1
fb38e69ef822913374b8bb99a22793c180bf1088

SHA256
852d25a431d00d1b3392ba5adaec2b787b9f3201aace502edf5d428aa109e0b6

SHA512
05706d3d44ee05874f4b6526f7e254997d7e8bcd5b8d2de90f13b9b610a1987885efb783941e42cf7bb40642e0781ec9eba6ec021fe50cca6853fe59ece9ae00

Download Submit
/data/data/freeplay2.app/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
12c934890478f4576ab54f997e3f444e

SHA1
ff9aa9a9e4ab07ef18d76e4fe689e5680527c6b5

SHA256
32f66df3ee9d8b4615185fcc98d42b11cb793d9f1f3224452d8385a161199e4d

SHA512
bcda276e2d402841bb57acd01a7d205b2db31250133d686a20884afd4b427998804167e180cc8b94510b8e2c3a3c9e25142b130a73c2fb14a2cd5f78b3a4c0d1

Download Submit
/data/data/freeplay2.app/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
148539b8aa53df0cdb761a5e2db45019

SHA1
95e01dc5951b4e2cce0d86783948b3b38e721f2b

SHA256
cf287071191f44b9c5b44d5a92568af7a260b4d5fc9c731fca4703fe86b6c1fa

SHA512
9df3622e623911eb9b0d0b42d6a703de2f36e16b5d89d356e23a52245410cd449efd1ad22ef9813235545c565a930243b1442b8df3e22a71a8f6b25d23ff4ba1

Download Submit
/data/data/freeplay2.app/files/.com.google.firebase.crashlytics/66507E080235-0001-1101-82FB0FD49E1ABeginSession.cls_temp
Filesize
75B

MD5
0e69b43a01cfb57305941eff15995e11

SHA1
67023ba6ad7b6776fb29a8274cc3bcacdb8fa5ac

SHA256
18d7fd9ab86a51076729f3d542de75c3fbef375172352f0259deaf4753b8227c

SHA512
0e0f2c23a1f5740cc0b1a72be20a7d7fa558255ee6295a3cd28a86b41d7a69929790bccbb372d402b0f1051c1d5f9616b8f8be29a3610fdf5955295e06788217

Download Submit
/data/data/freeplay2.app/files/.com.google.firebase.crashlytics/66507E080235-0001-1101-82FB0FD49E1ASessionApp.cls_temp
Filesize
63B

MD5
f6f7359585302720186ff4f08ffc195c

SHA1
daeffef89aa70e55cbeacbe5c0a2a0baf01a5ba6

SHA256
0341a26b1ece82b3da1de954da8b40561df200a4d84a0ec86ad94f4b816a35af

SHA512
731816c46dbe89caf90070f8e9a0014f8a6c63afd95cca14e858151afca560c3207247e1bd7f38ed9818f7accc6cb5800cf9f58a563793152fc465bb3315fd1b

Download Submit
/data/data/freeplay2.app/files/.com.google.firebase.crashlytics/66507E080235-0001-1101-82FB0FD49E1ASessionDevice.cls_temp
Filesize
48B

MD5
cf9cb0612d588a1f71b63084cea67316

SHA1
3d035bb92fd3f8997160cf8025c40239af74d3ca

SHA256
0d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9

SHA512
70f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600

Download Submit
/data/data/freeplay2.app/files/.com.google.firebase.crashlytics/66507E080235-0001-1101-82FB0FD49E1ASessionOS.cls_temp
Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/freeplay2.app/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json
Filesize
709B

MD5
348cf960ab0152305ffd7b7488470942

SHA1
ad119fc6ea5a873d51320602d7ab676ad9317834

SHA256
b38cd31d5a51ee1864b61a3547467c8a28abcaa194d854a339a78844b6f3c82d

SHA512
9eb594ad68cc510a9cd5d222bb22287b8bcea7f8a79c3d684dfe0f2aa57e5a838dd9851b63a28ee48c80d2edf9e886474118588882ad379fc886883e88f1742d

Download Submit
/data/data/freeplay2.app/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-66507E080235-0001-1101-82FB0FD49E1A.temp
Filesize
192B

MD5
bc5326e80db055fe1bf21a576d651347

SHA1
a5c466228a879bedca27791a06bfa70eceb0563d

SHA256
c760d5762a31c5b004a37fbf4bbbed704c2db7aa642cbd36c59b10e19c5a87d1

SHA512
77054c169f8c824b36305eb0db61bc71d255e310639332fa642d2ba38b15b70f17ba4a56ae4dcca946c26570fef330c3ff6aaf969365a189db706c8567a672e8

Download Submit
/data/data/freeplay2.app/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-66507E080235-0001-1101-82FB0FD49E1A.temp.tmp
Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/freeplay2.app/files/.com.google.firebase.crashlytics/report-persistence/sessions/66507E0802350001110182FB0FD49E1A/report
Filesize
734B

MD5
836da619007c62da5f2cbbb4c01cb1d5

SHA1
170880c6c43a81c7a53c4b42b70aac517f16238e

SHA256
b5e70c2371d48de7dd5c478d5822b3d20c39cc8de1ab5210d3003e8aff900143

SHA512
ddf7203539aea95332cb957dd192fc762d1ac1d6430f52bcd919182bec8a98c636d8c1d8a527f7f06afb0c391866f0a19684a24c56769709221045a69d16378e

Download Submit
/data/data/freeplay2.app/files/PersistedInstallation6905561024990784772tmp
Filesize
90B

MD5
648d351a8de6ee462b4417025b600b4d

SHA1
1c8bdc7223873fe2a263b21b221a4493308ef152

SHA256
36957997dbb1508c5852f3948b0df03091b89a10671e470cf779df5399fe2e22

SHA512
fa533a2374b285b5af70441c4d0efefb3369c0f3182af8dcfe03579ba79fa59415e21000ba7baad64cc749e456ce91de0e772d98e353896f662e12e0072b220d

Download Submit
/data/data/freeplay2.app/files/PersistedInstallation8356715424835052378tmp
Filesize
569B

MD5
d6df7425ba60d9108dfe941427e75fe5

SHA1
ac0aee5cee5a2c0318ad1118cf2dde93629a5ab0

SHA256
fd0f44281f9a103d5e0787f6297893d95f37f17024869f743fe976556a148075

SHA512
d0bacefd7c34538c56fc93ebf131b9c577ff212ac43e4e47fb629de4e5956b5b35dcb4c4dff742f569c4b3fdf66077beb06db259c616beef7157d13b40671f8d

Download Submit
/data/data/freeplay2.app/files/frc_1:921579615390:android:8ca1d4c13dc8f42a7c378f_firebase_defaults.json
Filesize
1KB

MD5
a134b994f510ab3a8439053ddaaaa85c

SHA1
a1c564bab3bbadd39f56ce0bf9cc2095ba2f5983

SHA256
1f695b6067556c3cbf624c05385b366234bfa9830a07d3660a3b7d714434ffec

SHA512
8d3a0e8efb716b774f7674f73ffcddfa3495b8c5c9344ea49aeb0d0d76a4db6af9aa9e868173c9405e8900f736352f742bb6c47f8f9c5b4d904460d1883197e4

Download Submit
/data/data/freeplay2.app/files/frc_1:921579615390:android:8ca1d4c13dc8f42a7c378f_firebase_fetch.json
Filesize
921B

MD5
29f957fec7ad5c902e4834ca21fa7cec

SHA1
9b2c504130bc1af15a6c315bcd35e94dd227bb57

SHA256
6b58ad4e1e62c90047ca74c4442533b737093c68ad9858700064c17f1f64e546

SHA512
6c349418cb331cdca3090d8e9d71368363cc0a699f6f67d23155a8e66d4ef53aa4cd9da077c53e588d296ec2049c01d097716b1115b11d5fe3fbfd05a36742e0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads