29f5d4170119074bc3f183ffb3fdd3df58fcc8d1699224479b707446def3587d

Analysis

max time kernel
69s
max time network
152s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
24-05-2024 13:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app1348972.apk
Size

9.6MB
MD5

ab82e8ded42352a5c2c2d5b735dde0b6
SHA1

19b5ca44208e04aad2c2e1720b8f6041b9873bd6
SHA256

29f5d4170119074bc3f183ffb3fdd3df58fcc8d1699224479b707446def3587d
SHA512

8e234bce02a717f0a249d56c8bcfa965ce646369a1ac013d273da87a4d54b30690333f95107f0c6c9a973a6777d58b2c55a065471f0aa8142d5af9f3dedc0273
SSDEEP

196608:hmO4rYye2J4LHARjsz+JCPfvBdae7KVtUBmG8+ZAwzQ6ZLOEmsHzn2:hm1YyT4LgtsaEvBdaeKV1f

Score

7^/10

collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

regio.play01

description ioc process

File opened for read /proc/cpuinfo regio.play01
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

regio.play01

description ioc process

File opened for read /proc/meminfo regio.play01

description	ioc	process
File opened for read	/proc/cpuinfo	regio.play01

description	ioc	process
File opened for read	/proc/meminfo	regio.play01

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

regio.play01

ioc	pid	process
/product/framework/com.google.android.maps.jar	5122	regio.play01
/product/framework/com.google.android.maps.jar	5122	regio.play01
/data/user/0/regio.play01/files/audience_network.dex	5122	regio.play01
/data/user/0/regio.play01/files/audience_network.dex	5122	regio.play01

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

regio.play01

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener regio.play01
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

regio.play01

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone regio.play01
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

regio.play01

description ioc process

Framework service call android.app.IActivityManager.registerReceiver regio.play01
Acquires the wake lock 1 IoCs

Processes:

regio.play01

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock regio.play01
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

regio.play01

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo regio.play01
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

regio.play01

description ioc process

Framework service call android.app.job.IJobScheduler.schedule regio.play01

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	regio.play01

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	regio.play01

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	regio.play01

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	regio.play01

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	regio.play01

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	regio.play01

regio.play01
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:5122

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/regio.play01/databases/appnext_dbs472
Filesize
36KB

MD5
fc572bd518dea6509a2388e84be3f916

SHA1
22543d22fabdf0181217105501be6e9ba3c25364

SHA256
e304777904a7f741aeb9d939ebfecd5c183a96e37bf08fa174d3aadbc28fb3d8

SHA512
43e02e4f5b96d45e084a58cd8504ecdfdccc7494f1dfc8a094d8bfe2e824e15219a945cbc753f58a59d72ae374839ee9bb5b2e0d92805a024b29d3bbe07668e2

Download Submit
/data/data/regio.play01/databases/appnext_dbs472
Filesize
20KB

MD5
0e6d7850fc2fbfd5becb6926c280be1e

SHA1
54ae3ca9a52ea6b399e37f6b1fe8e2748efd3d92

SHA256
c4edba7b7136f85b49ee61d45a3e409a8b1b42cf42cd9963767d86ed0ed2f08d

SHA512
2b96ca960327e4376aa8dbc5b4ddc5a8dc9484293cc0a8dae02be61f4ae0408f07ec111c9636ca08820fe966a0aa08192200582dbced465d0e97ad2bdadee260

Download Submit
/data/data/regio.play01/databases/appnext_dbs472
Filesize
20KB

MD5
e261513628baf79ae92f415afc0b7036

SHA1
20c6100dbf73494b279cb8b5aca1816ddd334d3e

SHA256
52461ea254ceb66d14ec2d6b1c5fc8db9d484fc122e2c8ddd20093e1120c64f7

SHA512
32e6e4e9925b5c46e5cb938f2b3a0b65e7780fcd3473922115feda0cd61922c1dc42718cb382043db60e45b585650f499a50115a465e5b7a2991f5d858609476

Download Submit
/data/data/regio.play01/databases/appnext_dbs472
Filesize
36KB

MD5
606ab074a1bcf2791e04a59fbbc18715

SHA1
834e7e74e07e9d21ad993d7057ac018169a28867

SHA256
062fdf4ef4c11fd0f5c5992005f6ba08340c1a5bb0564c6221e21ff941f747a6

SHA512
39af4a8c2cef5d257aaed8fa6de2aa8073ac43f3823f7f99ab18925ebd67836c8b19caa1afac8e0fcb48405d5c34c98faf6a35e55d573e33520495df176cd595

Download Submit
/data/data/regio.play01/databases/appnext_dbs472
Filesize
36KB

MD5
bbe974b08a30d11ea70227996843bc0a

SHA1
dbcb39716b19f484234c135aa28c177a681b7fde

SHA256
664e8f7cc8873af6384d1ef66dff3dfb6b30368775d8a6571140ab763bae45b0

SHA512
37cce13a0ae7b3b9762e179a6ce72e47b3acdbbcbba2b34ce90244c7037d27c55b9edc390ea79b2deb422edc34fcd6651b05100fd11be71486d3e5638199142c

Download Submit
/data/data/regio.play01/databases/appnext_dbs472
Filesize
36KB

MD5
fb5aa5962db2ec0163dd7d422230e112

SHA1
43e91b7018d0d76d3f78a6a2a8bd38cd7ec70827

SHA256
089eb824006399040a02067653321c3e373378fd7be5c356d743209f8231ae93

SHA512
22e09ac75cf61b3a6e98c4dd7afe7c46009aa3fa37ce66c76be15ac0d6da6f3431cc3a8280f272ec733fc107a7fbbefd3af8983d1d79eb4660ea2769655b4261

Download Submit
/data/data/regio.play01/databases/appnext_dbs472-journal
Filesize
512B

MD5
4ca092d9ffd5ff209b9ffc2a446538d1

SHA1
ace7b06d4e30a07ed7a87a5eb04e144d2551900e

SHA256
485fc0e402574be170c47b753b828d0cf3087fbd1d283571aafacb108545b76f

SHA512
f8e46e38c8cebbf8a96b4cc7c26629b143d786ead98fff28abdcd65ef12154a66604fabf86f2caf9661c6ae44fdcecba5e85dac777b00fc2317c9eec49fddafe

Download Submit
/data/data/regio.play01/databases/appnext_dbs472-journal
Filesize
8KB

MD5
e5ab9b15f6210c43eff4f73c693a7da5

SHA1
9940abb40c98ca529fbc064942f992ffad993472

SHA256
f0abb9f47a0ddf2e8130807cebfb87614e1a9d20b905aac1d0640d1c8f4012b1

SHA512
951e67d89bcee7bf671512fa4ce964c7a1bf7a16b913a2a30a1856f0b354e7cc135d1905652a9d237cfb2ab8ac71e27b9fd0a213ad52638909e711b6e3e79f8d

Download Submit
/data/data/regio.play01/databases/appnext_dbs472-journal
Filesize
8KB

MD5
eefd75e36d53b56bb01bcb74a41fd40c

SHA1
22a0825a92bc4297612763a726c7dfaade8289e2

SHA256
5714fc2fcfbe6edc8b00af8f1e9290f0df40b88a88bb11520920d8e50efab9b4

SHA512
8045a94961f1db476a2de945c96cd38f28fb3b0e94125ff714a868c65432f2dbf258ea7e6c0b2655f271e56e4f0f214d70cd42268854e504f4c5442014c5934d

Download Submit
/data/data/regio.play01/databases/appnext_dbs472-journal
Filesize
8KB

MD5
1e17d2e24b79cd76b2052e0c61425dbb

SHA1
6ffa5ecb0a1a44ff4fc9a22820031f60a5d57f60

SHA256
7696e6cf8552fd65c172d630860398d285063647c6587ac494c3a0fed9bb8131

SHA512
443680c5143255ebd937aa93f61e4a5fafeea4bee9b92c918ac5215fea5fcbb28f0229c8652d0962abb28237715796c132f01864bb2e6c346b973f24933037c7

Download Submit
/data/data/regio.play01/databases/appnext_dbs472-journal
Filesize
8KB

MD5
eb002aa94a351749b05ee90092ca266d

SHA1
426e8601cce3fcf13fc589b6c9fa70b5d1768ad6

SHA256
8ed557940e47277b5a3ce95e92cb2ebc547ca86bbf12def0d69f494495bf2667

SHA512
2b8d96edf4e95062afa48b817752889f4ccf0516945de23d354b5c2fb75867c4d00875d7bf7590b5cc53e8b62afcb00e16cc7eaff300944605e50766fac92458

Download Submit
/data/data/regio.play01/databases/appnext_dbs472-journal
Filesize
12KB

MD5
85c7297264bba498963cff9dfa35f0ec

SHA1
483e209ee215dadb13216d0acb52c410d251683c

SHA256
2e790d78bd9bd37936b72a2d76b9dbbc3ad1931f4535c1acd155a9f573b0e577

SHA512
1bb4294eed454ed775548998eec6a564be8857524e8daadb38619cacaeff7a10b86fb96a06bd90f1a355c7ecfe001bef7ea467ec2de84017cbd2f9425219e76a

Download Submit
/data/data/regio.play01/databases/google_app_measurement_local.db
Filesize
16KB

MD5
3b426844711115a89d562c02265be054

SHA1
c509a433cd79ef6618963d753ba7beda60e051c4

SHA256
aa5fa19d2e9629323c9ecddf657b93f2a3015e19c7f8f2f2a3e41546e8e8e74d

SHA512
ea777e6fee97d0713df7fa61bcb30de03e6e9c224bc4b3550a51e015bdcde30913de884a54fa70f7d9fea91dcf5166451175c298bb6cd5bba4b06fdecacb397f

Download Submit
/data/data/regio.play01/databases/google_app_measurement_local.db
Filesize
16KB

MD5
d1131cc45a682b816a4eb358e2fd8df4

SHA1
3b1b43b9b5fcbc48b8cd8c28cc7c441886028ecc

SHA256
b4a95520a8d3b962b9bc93bdad2b02de5beb021178a47cefc768fb0d1527f87c

SHA512
9da1211bc8de727910434d73daf08b16be32d88ce76168c009b5cc9028b66fda5def27621b5f672f406f71f102ca1841988554c8bf59a686fc9a57f943ba69bd

Download Submit
/data/data/regio.play01/databases/google_app_measurement_local.db
Filesize
16KB

MD5
eb1173b6d9b8b73f8a9433b5e5bc17b3

SHA1
6f08fb6541c019b3970cd3cc9e212d372ac7f93b

SHA256
a5e2f04c06611b82037595807f412e37aca9cb8c21e1aaad13ae378d7649419a

SHA512
1b997be66f7364b7d180521f9e1d9bad8358ff5ea0366ba5939d421cb54edf52cfd922ece35d413d1f619e7e5f49c3a1ec12c7a395e383878674c7f65cef62cb

Download Submit
/data/data/regio.play01/databases/google_app_measurement_local.db
Filesize
16KB

MD5
1240bda1d0ea3ce27f217e4feea84b99

SHA1
352ee510d86c399b927698d5aac7773de45f093f

SHA256
8e0a57ccbf6ee4c76e4601a623a0f7ff423a9078d648d1ec1a0f2a7f5823614c

SHA512
c43203981b3f4f2159441a35ed9ff27fd6f8731935167c5115ecff017fb5916e02e61c9c9fdc412848ab04a4931055746304a05b23891f1915b1ea4d22317977

Download Submit
/data/data/regio.play01/databases/google_app_measurement_local.db
Filesize
16KB

MD5
941ac37c30c04bfe4b76bb1887ecb516

SHA1
75e9a50187e290efa39386d4cfa77e7f0262c51d

SHA256
2b69ae7b55b834cd4b178527287f691e4124dae2be0cd4339741a83f2494dc42

SHA512
b05f91ee9e1a9952562243238c77b8e28e64283ebd29773c00ce22ae4d3c56e85b13b18af0a65a85829f937b1310f8ce782355efef0967515b55ab4908650e69

Download Submit
/data/data/regio.play01/databases/google_app_measurement_local.db
Filesize
16KB

MD5
6fedc026e04fce8ae1a65decf5f84014

SHA1
dbe8ee62bea197e07d5b928c8abd11a4af534206

SHA256
29381dbd0f8cac1e5dd30ed8bbd7c5ab7a20f866561a7ff8387a06fa8aff70b5

SHA512
b7e5f16b6b57c79dda00cf9958530ac0d0c4a63547d3a44e3eaa537c07401167915c5e269994d33e21c41f0ece16a0cf54a1d923f7d3ded51bce2008bb8d0a3c

Download Submit
/data/data/regio.play01/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
ffeca36469828cb8dd0e3186f35564d2

SHA1
8a95d1c86f5a8f5976a56356bfbda02407f37b8a

SHA256
ee8d29321edf814a2eb0b734600d38a59ac2a447276fa55d7d7f2a68d226fd4b

SHA512
c07b384e4c9ae5947a588dad6c69285ad705f7ed0232d4478db2632bb759e27492d3a541ef4a6333f08ded7764eb394b5528d98ba1c75b3006b1bf07cbf72108

Download Submit
/data/data/regio.play01/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
845af00921beea1cadcaf1a04302cc7e

SHA1
608475462fd3f18f15d2a6673df6ba4b6498dfee

SHA256
eeaaebb86dc6529a4a30029aa94eda7fffbbb69a5b1896e71223ac870049943c

SHA512
55852e6cc914cbf5542e337b580ce028243cdf52c5863f56de2cb149c40beeaafe706904142ac73b7fb4750bebbb029aeb20022b901abc84ca4a6f0dace8ba01

Download Submit
/data/data/regio.play01/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
28e82d305a77d18739872224501c732d

SHA1
87fc285a0ecf0fb81987fea170d3a26a51725363

SHA256
654ab8418c83fe542b7b08726611966ce1a64a263a2cf38be8d97cace9e6c2e1

SHA512
667d2c9dd977ba3c4314c0cbabafa4d1021c237dbdb82bf1e58e8d7911aabe98b5981c20940bb83a3f7c1a7771fcf86b1f8cf5a653802ca040255cfed16ce16c

Download Submit
/data/data/regio.play01/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
0af8ef0a33bb9b3766763e100366a252

SHA1
ad01881bca5285302bc6b5f8d134f8f5c8b1f3a7

SHA256
2b69341a7a2ecd43a3ec2fdc3907b3bcf2efdd1684da75f164be94745bed371a

SHA512
447383a31031f198e474dc9c23fb5a851b8342ad3f44726e06a9df53012fff7dbdf992503e2985691db8773e1ae65063495ca887f2f856378418ae5c98fac2a3

Download Submit
/data/data/regio.play01/databases/google_app_measurement_local.db-journal
Filesize
4KB

MD5
5a5be201f38a3effb783edffe2a8ba5f

SHA1
f8b3722ca9fadd76be5ba756c8ed3f648a035963

SHA256
e78587509b15038f6bd0dc1c1872e8d973b16b2e450aadb4b70e2550fdf5fc57

SHA512
e4a8ba86b8eb346646b19be7d050371145f4d7263aa9012ec013490bbe1c0560e948242cd8e31444419e2272e254b62ec42ddbc04bfad13008303556aa985d58

Download Submit
/data/data/regio.play01/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
7430a8f0b3539077aaf25e0506cb5b04

SHA1
d82828fbe878bd917d6e77c06e8df3bb12af7f99

SHA256
46cf90c1d9a9d3105de6b5df6b40e2492879a9340e2cab392a910b0d834102fe

SHA512
18fb5462890b605118232fafa5cbe3609347b1ee56678d757e6450c9769701f1c28a4b1e56c7f8ef1976320a9a25607a930c774e8f2511547cd2bdbdeaa07b28

Download Submit
/data/data/regio.play01/files/audience_network.dex
Filesize
3.2MB

MD5
4905ee4caebdf455b9debee76ea89cae

SHA1
461d5626e22bd87e0f0afa3440d5ce61d2363571

SHA256
0bfad0c78e6e439d2c70d43568d1dc541bff8d4b4c5bfda9e81e03ae790dd864

SHA512
89bce0984264008e30a635852cbd3ba0c822b0917525a9029ff029a33409c161dad0f60ccf67406bea62e3d42ce0364250f3a9f502db8bbcaeba277787b2fc3f

Download Submit
/data/data/regio.play01/no_backup/com.google.InstanceId.properties
Filesize
2KB

MD5
b66d09cc6df5266d5afbae90a7e640ea

SHA1
81c5217246330e42138e7a51aa4d0242753287cb

SHA256
9f40ed51daaa696eddc8294a0aea66c8b1775307b773246f53176854ded0bef0

SHA512
5aa42dd3513b77f6216f0826b9fcef636ded105517e11dd4ed256632bb4ae9d90eae07cb8109fc9ad6edcbed515ee4c79816de8c3e8be1c600db09abd9f2f5a3

Download Submit
/product/framework/com.google.android.maps.jar
Filesize
315KB

MD5
4899aca36d1ed747a447dcac0d101a62

SHA1
32e43edc0bf3e036683ea8639472e6cd31ab9929

SHA256
67a651acd867e046fb4463b31ea584c1468f7243a9d1e2efd34059e8ee2f130f

SHA512
50b23dd279a9efba566c6a6523c7537723c0cd6dd3e4871f1cbdb8d5bc355caa3ddea99452b1c8e5356802f812b3768066a9848b93d715bb8bdfa455b704285f

Download Submit