dad371ac05fcaee039d6dc6ee76886362dc890fee5dd2fe63eff21219c04fe1e

Analysis

max time kernel
31s
max time network
146s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 12:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dad371ac05fcaee039d6dc6ee76886362dc890fee5dd2fe63eff21219c04fe1e.apk
Size

10.2MB
MD5

4ec1ec4dbcb62e5a6821046d5c6d771e
SHA1

7730695d5a5dd63e3b985b5b5e91f5ddcb90512a
SHA256

dad371ac05fcaee039d6dc6ee76886362dc890fee5dd2fe63eff21219c04fe1e
SHA512

7d007c62f77412b42f799d5b21a271b7105c94b9ff9c3b0716d6f1d04c3428f96b593c315ca0e925bd6a4f23192d3b5a2efc4edb7ee5abc14726e1b103be8d63
SSDEEP

196608:iO9FHhdTaDVQ0QdH4ZnKqZY6FmTfNMpeRjO3E+DsChFhJ/2QFCpsqE2DZtLMA:iO/BdTaDa0TZFoTfNo3LsCD7/2T1ZtB

Score

7^/10

discovery evasion execution persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.frvr.fieldgoal

description ioc process

File opened for read /proc/meminfo com.frvr.fieldgoal

description	ioc	process
File opened for read	/proc/meminfo	com.frvr.fieldgoal

Loads dropped Dex/Jar 1 TTPs 8 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/fieldgoal.ext.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/oat/x86/fieldgoal.ext.odex --compiler-filter=quicken --class-loader-context=&com.frvr.fieldgoal/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/fieldgoal.dat.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/oat/x86/fieldgoal.dat.odex --compiler-filter=quicken --class-loader-context=&/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/TrgdqwyZd.dex --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/oat/x86/TrgdqwyZd.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/fieldgoal.ext.jar	4296	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/fieldgoal.ext.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/oat/x86/fieldgoal.ext.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/fieldgoal.ext.jar	4266	com.frvr.fieldgoal
/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/fieldgoal.dat.jar	4393	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/fieldgoal.dat.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/oat/x86/fieldgoal.dat.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/fieldgoal.dat.jar	4266	com.frvr.fieldgoal
/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/TrgdqwyZd.dex	4416	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/TrgdqwyZd.dex --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/oat/x86/TrgdqwyZd.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/TrgdqwyZd.dex	4266	com.frvr.fieldgoal
/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/fieldgoal.ext.jar	4266	com.frvr.fieldgoal
/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/fieldgoal.dat.jar	4266	com.frvr.fieldgoal

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.frvr.fieldgoal

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.frvr.fieldgoal
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.frvr.fieldgoal

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.frvr.fieldgoal
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.frvr.fieldgoal

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.frvr.fieldgoal
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

com.frvr.fieldgoal

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.frvr.fieldgoal

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.frvr.fieldgoal

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.frvr.fieldgoal

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.frvr.fieldgoal

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.frvr.fieldgoal

com.frvr.fieldgoal
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4266

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/fieldgoal.ext.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/oat/x86/fieldgoal.ext.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4296

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/fieldgoal.dat.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/oat/x86/fieldgoal.dat.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4393

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/TrgdqwyZd.dex --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/oat/x86/TrgdqwyZd.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4416

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/TrgdqwyZd.dex
Filesize
2KB

MD5
6811dfa770557f944be36ac93c63c2c4

SHA1
22f054735adff9a6cb8f5e9cfa5110ff3bb10ebe

SHA256
07d1612e55d00e224d35b545da1f8aeaa9ba013596b742e77cfe7c00890c1d56

SHA512
e86f011f86211296323c33a255665a43d50ecca77d0d69b31af2861de1a1ca6e9451a55e8e260644d749d23afae9233330ec4f81e791e0f01788ca069b8e6d84

Download Submit
/data/data/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/fieldgoal.dat.jar
Filesize
3KB

MD5
fd327e01fc71821d2b808a03ebfc49e6

SHA1
f6b8aebf25afce834c25678f9dd1726953d3bd67

SHA256
947c7fc669b674017cb19e2e4385bf2715de711dc023d07846cfb6daa4bc058f

SHA512
ce538c9ab72bff998d56fd802a96bcf6d97da6b0997f170ad89f7958f0bf988af528c9501533ca39d57ba861fee2c70d0755b420f4a96aea2e50760e67b1f433

Download Submit
/data/data/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/fieldgoal.ext.jar
Filesize
2.5MB

MD5
cca8ec13c13cafcb9230b5db2c37e0c1

SHA1
f891a725b712ff1e0597edc80d4c74785fac8763

SHA256
6362050b9e2e27525fccc94fbacf783b92244a74a215cd0c6e015325e360cf77

SHA512
7615bd27b5dff92bad6647161d1502a4d623b2999562e3e84d6ff4295581e656623c69357a003369e8c451c5f5e9fa356fcfb28b49fe7011fae0b6d30165e3b1

Download Submit
/data/data/com.frvr.fieldgoal/databases/fieldgoal.db
Filesize
2.7MB

MD5
9307d0c700ed10ec34e88d5452c15559

SHA1
0e88a847262b673cd4c5f9c0e80b11c640f93458

SHA256
9de3421e7a29f38dd4b924e49919ee8c30ae6c8ffb4c30101e67e835b97db935

SHA512
8505c3a3c78a139e02e3f690d1a9dcb8d89451c07a4a535b8e3308fa29fe8a6d0e7865ced69c037420be73809de2494fbc3dd2735d6ec6b6305cd4cfb9648fda

Download Submit
/data/data/com.frvr.fieldgoal/databases/fieldgoal.db-journal
Filesize
1KB

MD5
797264137e6f50ef8c698fb24ebf0d4e

SHA1
076b6ba63d045c0f71e8783de748c652c330ce34

SHA256
c65db19323b26c1a4e5435732dc38df1da1db6ab2d00fedad64adf5daac28b6e

SHA512
be09f703bad807fdc92ce6a5817a45d205b913019f4b12cc2707dbba24e0cdeafd920588d55e2031b3dcd5867ded06b3d49406215ecc67f33053fd8cff4ec623

Download Submit
/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/TrgdqwyZd.dex
Filesize
4KB

MD5
3e031fe2a5ad88f1d6b0ea2838a76006

SHA1
c1a7648c2e81c9f5199320c3962d481cfaf44b11

SHA256
3dd829063b0617a6ea0defbccc0dd393e7076bc06850602503be0802b869a268

SHA512
a29ac2f858d3ebb1a47e6299e3fa86a92c89276f8c387f91b1dc4c3045cab2803fce662aaded488be484a4188df6e100a75027a961af3010cd0c2cf4ce6619e3

Download Submit
/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/TrgdqwyZd.dex
Filesize
4KB

MD5
e5b0a16308cd121d14e68c347546aac9

SHA1
7160f500ae51054f102670f0223085b878f4b44d

SHA256
0e1035c6e70c499a336494f0b63ec80fd0e88b00f37e41e239d1ad010dc4ae6b

SHA512
140be091484aed9133f27b7fbf647fc402b66c351ccba3ad2d142a58fc2cc47526b10d2adf5153362dba718b6ae4329c724133ec099c82792008fa46b08aeb97

Download Submit
/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/fieldgoal.dat.jar
Filesize
7KB

MD5
ed1ff72138ad0f8f58ce4a52c24b61ed

SHA1
f8bfcca12b5c1fd2f840be30bbc3437f2f657114

SHA256
a06bddce82a5b4b1a184853b16a44114c65bb9028c3945094c00082af0fd5a86

SHA512
b7e27457083d451ea1f0400faec6d2d668ec270bdb091888c6c31340c4f9fe8493168bc40910996f4e4fcec69db697f547d9d0f4864fca524355d72eb705aa5b

Download Submit
/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/fieldgoal.dat.jar
Filesize
7KB

MD5
8eb3649c30fe58d5e53f5b6dee8a07d3

SHA1
fc9222a04810a11662e28c8272d26e6173be968b

SHA256
d0973f99cdc7f38a25171f854c61a0e78ccbd9b6bb2157a9bb4aab27f3920294

SHA512
a6d557b01d176916eec95d70efc63942e53b38281b88e7eed8ed1e17267c377cfa720fa2f0421c65d23352a57812bd9b9c91e6ba1b189c2213e1e4f2d48ee31a

Download Submit
/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/fieldgoal.ext.jar
Filesize
6.4MB

MD5
a7d1b5a55bc8a575559b536b87a114eb

SHA1
92917c3426de89184f41a861ad19047f029f48b9

SHA256
35863cfff0124d51308475c5f6b933688cd96ad879804348527639a253bcf7fe

SHA512
0ccc617268736d42de04cc8d2bff9c196fe685f16b601707a9c09c1383f2190b24dbaf77b61f6b49f7a2e6c24461df14769efd68ec5769cfdeb0957680fb0051

Download Submit
/data/user/0/com.frvr.fieldgoal/app_jjcf7u96t3hu9578ehfr/fieldgoal.ext.jar
Filesize
6.4MB

MD5
859ab3d16841688db70f2879bdae6032

SHA1
6df811a0651ece59664c35992093fe12a25aa739

SHA256
6eb4d474c75a3c355c59f0b433910d9552f98aa8ac177d27e4d87acb76b7fbb2

SHA512
b2101f07de37c61dcd52e5c156277d5a7f8f562708da682056b0481da7fd6f7f53244cbeda8d2e1226624b5533c3b183196182bf6153701e1f5ecf6dd3c695b0

Download Submit