d47f5b282b7196026f5074c910fabf40318655288296c46d775221913f607bee

Analysis

max time kernel
14s
max time network
140s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
28-05-2024 11:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sound.apk
Size

1.9MB
MD5

be9926e84db517cf83d4fde92668c46d
SHA1

4d1ad9522ebec32f70c935bc72693f45acdbbc71
SHA256

d47f5b282b7196026f5074c910fabf40318655288296c46d775221913f607bee
SHA512

23e85bbc6228ae3aae3a8b151f3d2689e3b9ca01833d23c5d2f3d0dfa38370374c014792a48fa9fee9f757339df2d545531de825dcb9a74e9ace79f989d1f983
SSDEEP

49152:RaBPvfk4whC31jkqwq/IalOoDCzmH3fOrfyXRjFug9/1:6P3k81jNwq/IEDC2mrfI71

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.phoenyx.forcesound
/system/xbin/su	com.phoenyx.forcesound

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.phoenyx.forcesound

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.phoenyx.forcesound

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.phoenyx.forcesound

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.phoenyx.forcesound

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.phoenyx.forcesound

Checks the presence of a debugger
evasion

com.phoenyx.forcesound
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Makes use of the framework's foreground persistence service
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4338

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.phoenyx.forcesound/databases/google_app_measurement_local.db

Filesize
16KB

MD5
02feff2bfa68cc6b5445af67e618cb3f

SHA1
c87f5d74284505f94ac2ba04217b3b901548dc8b

SHA256
7eb1dd7194384790631b376ee7d967e2337c68d5dbe06483b27682e4790b055d

SHA512
b1b88728c0f10361584b5faf010c8d532166067588efbb70ca62436c2e6b0256ca885d206a7f54bdbe65d748a655adbef39aed761889f97f349a4f3f4b1d6846

Download Submit
/data/data/com.phoenyx.forcesound/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7b664782fb50a7db8e043239f398863b

SHA1
a9f6dd09aeae2958f2eeb9c190361bd093877628

SHA256
948857509670cefe069fa77951ae8d08c66c6b87d6ee01fdb67732fc01fef2a9

SHA512
c22c409ee7d0e47348896681630162bce44cc851f504917e893d82f824fed4b8964a9232ffad28add48e9052d997917d127db1931e654ba9e57a562e462fcefb

Download Submit
/data/data/com.phoenyx.forcesound/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fd44c4747ae78792bd0e66aa136e8a61

SHA1
52bf0326c224d9f3bb28d83824eee43d951d853e

SHA256
8c538080443f961102d2776cc37d0ef64a571ad5a027baea446e89c59785df3b

SHA512
6b4cdf53f60bea812025e611c076921d570b7c48235385f85bb7ec16f87c27dd809cb033c1c87a5191e9da421fafc957a7fe332669dd75ed48cefdc088f71a3c

Download Submit
/data/data/com.phoenyx.forcesound/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
749913a840da175f2b5297739a9ac100

SHA1
4e31d3c82010b44542fbdc0bcc3722d3393d17b1

SHA256
79d91515e3afb6d701577bef4af11f3ef4d66058ad759f4f42b4d48ef5caa499

SHA512
567cf9a0467a2299a5680de82b67d1a383d1f6adadd1d010e49fcf74a48c6605fd3e77b1ac7a9073704e20e9af49de308a78392563a88a829e91c0e0b022bea0

Download Submit
/data/data/com.phoenyx.forcesound/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.phoenyx.forcesound/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
dc74327d7cf7d1bc4780328f0c68a61a

SHA1
5bb2519875daa31517634282ffed12ea978cf3a9

SHA256
8bca09d3e17c5f1b3c9797dd345390f8ebb5b6f11b51df50f8a730ab0fb1dcd1

SHA512
f4bc631a7eb6db7fae24a4e4bd9ba7c96e6fbbed3985d030d132cf4d52970a7217ad3b686879e6c88c01bd43ba947f034c09540566d8fca9983d1bdfe5953731

Download Submit
/data/data/com.phoenyx.forcesound/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
051a7613b303d67e2599d004b9eab1a2

SHA1
8d7188e1adf7e40325159054c5e071a708267e46

SHA256
c5d45b4693f3ce988aca49d8fbf856a7467972e2d2f71ca10e5defd77e7ce970

SHA512
1034f4f09c892356077909c347f7e1072284dfa11e12fc352d3294832e913923ccfb9b07ce4ce849d7eb16a515d6b8e45f670140cd704de6d12dafdddb1b4108

Download Submit
/data/data/com.phoenyx.forcesound/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
88a45158368c2501a6a02f2a8c37c20e

SHA1
db9335ceedb6e979c200d0be6908818ce196ec57

SHA256
54b6e2cb95280ca94ad24d36fe7b28e600d81978abba9546c4d1fce22d295f84

SHA512
9f7665eca27be52e3a64d998fe0e159a3ff80259f554972151075c724657b6d483021688923b7044b891cc023d8568f1b3e9ae123d3666d2c460788b9b81b58f

Download Submit
/data/data/com.phoenyx.forcesound/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
15faf3ee94aee23834acd9490e694c3a

SHA1
cbb7837b4b460cda0383a0bf9cb01dc44b7ee533

SHA256
4e2d3fbeef1694728717f9c624fd112049e9633d4c6ac90951af1f55a7da65eb

SHA512
d67e0703f9cc54fc06d0200d78edb1e27d6bdecdd95d4da67bf2f69477a666ec6e90768f61f0e0a68481c98418d1b7bf488885bd79442430d4fcf20f9b00f375

Download Submit
/data/data/com.phoenyx.forcesound/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6655C5040133-0001-10F2-9BEA53E5D285BeginSession.cls_temp

Filesize
77B

MD5
1d727651745c27004f8f900839b6fbb9

SHA1
ea1d8e6e04e300fd6b884a9d7f9fc939af884806

SHA256
1be17a7924e053bfe1ba81acc8219b89fa7cc168b0a9778232a3a565be60e6ba

SHA512
b8d9b506635d5d012411c206c584faa2295f008af6967fd907b5069e5d17debb736a963f6ee6004c53b6b8f93d08a8a6706ca0b53158250fed28107ce53f76f8

Download Submit
/data/data/com.phoenyx.forcesound/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6655C5040133-0001-10F2-9BEA53E5D285BeginSession.json

Filesize
132B

MD5
01737e7c0fe45cbb1c3fffe377ac9d61

SHA1
15491b79b1cad1b2258fe51c9852faad67d760f3

SHA256
82c030c3158b255a8e1454fc5864828a03b1295354047c89e1c92f1fe2fb00ec

SHA512
11d3d6a9c1bdd583cc58d6796f676de31f42a64140ca30c6a63835e8b344159559c145586e404555cd64bf288a2ba0d25f48c7f504a03af78420906789ffe9d0

Download Submit
/data/data/com.phoenyx.forcesound/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6655C5040133-0001-10F2-9BEA53E5D285SessionApp.cls_temp

Filesize
116B

MD5
4b44ec544e2cf067263e550903abdedb

SHA1
c0f0be75bc77b519964645c548ee0873f28134fd

SHA256
29580c46db944f6bbd23af27377df049a7623e6e3b84365f9ecddc71ab2e8f7c

SHA512
376dfc2dac9deae4a58a47b5eb7b4ed71bd94190a3f91dc4ecdd48e40bb430c60a9dd05c433872d052795723b6adb75a1f5ddfbd6cbefda12764f69c22c72671

Download Submit
/data/data/com.phoenyx.forcesound/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6655C5040133-0001-10F2-9BEA53E5D285SessionApp.json

Filesize
230B

MD5
2fc2b444071423ae41eb0f0194fab13f

SHA1
6e229b8bdad955985a7873e7a8fa3eb6bdde6659

SHA256
ff839ea05156624a6d804a475ea9c0168bcce6525514d3d1b302c9fd78a69d68

SHA512
9a09262f8382dd9acdb454df69883efbf02995a36632088534b39e5546691b63b35dc33562a62dd6326b08b436db8be00a750f3919bbe73fa33614a0378c8eff

Download Submit
/data/data/com.phoenyx.forcesound/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6655C5040133-0001-10F2-9BEA53E5D285SessionDevice.cls_temp

Filesize
48B

MD5
cf9cb0612d588a1f71b63084cea67316

SHA1
3d035bb92fd3f8997160cf8025c40239af74d3ca

SHA256
0d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9

SHA512
70f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600

Download Submit
/data/data/com.phoenyx.forcesound/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6655C5040133-0001-10F2-9BEA53E5D285SessionDevice.json

Filesize
202B

MD5
75db92d50c80a89e068550028c62acec

SHA1
d78ea55f5dc682e4da456d26383249f608fe894f

SHA256
1dfc488309883b61beb3462567a9befeaf36bb475a07a7ecef2be60bedb4b5a2

SHA512
dbb81daa5fab357f087dc295e7861444f945eb4c3883a09926b47312ce526bc069266a8a24b2a5b4921fb13e797696c5824195f0a79317e279ccf7855ca2ee13

Download Submit
/data/data/com.phoenyx.forcesound/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6655C5040133-0001-10F2-9BEA53E5D285SessionOS.cls_temp

Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/com.phoenyx.forcesound/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6655C5040133-0001-10F2-9BEA53E5D285SessionOS.json

Filesize
54B

MD5
93023624eb8dff5c20050da136aaae0a

SHA1
acfd1ffed752c28fb135ba83c0c6345ddf2f6995

SHA256
968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c

SHA512
bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

Download Submit
/data/data/com.phoenyx.forcesound/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
831B

MD5
c0084f6b243552c98e6a1e6e650f3c8e

SHA1
d2036e982e4b05c42a12e34d4bc24b6ffbdde58c

SHA256
af69893089c98c766ee11a08d06a7f59f0f37a8253130c475c608a1b1703eca6

SHA512
ede926bc2046a00c11bb2e2416c9f046ca9188a844bc77eed5528c0a40367f9f28eb18a3b6afa9df975c6457073a42e28a8726a435b5ff25da7761df1ee3fe66

Download Submit
/data/data/com.phoenyx.forcesound/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
402B

MD5
376173269cbd09b1b6c1377f5fd0b33b

SHA1
8208d1b46bcf5216eda629496dca596b3ce1df23

SHA256
0afee6b6ed8b9196bd677fdd6c821caeed1baa1b44d7c046d4331234087d4922

SHA512
31b867b6b8ad0296ee602f5883c4511f0279b7e70914131dadb82f968a3bf17f66e5be973721efc1986a344a6f4f1366eeb91aaae5767f5cf41edcfda1350d03

Download Submit
/data/data/com.phoenyx.forcesound/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.phoenyx.forcesound/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_36b6391c-f5cd-42c5-a666-1dd6c4a83837_1716897028685.tap

Filesize
324B

MD5
7d82e881255a7c95515554daaa234841

SHA1
26b14d24161a0d7ebdcf8acda3a377934c530301

SHA256
84ea80cb2f1861db6cd2367ad62e515e9b73f4c4f2083c27214373551270caed

SHA512
68ba3f619c68243fe665f10f9996587c1499398ce374078f8382fab149c9c024bb32e91ec66a0097097710d8f26b67c73d6441e52099dd1c862ba7cb76470d70

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads