Analysis

  • max time kernel
    161s
  • max time network
    137s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    03-06-2024 04:50

General

  • Target

    package.apk

  • Size

    23.5MB

  • MD5

    80940131f04d0ad8b646e676bd605354

  • SHA1

    e20444427ff3924da0382c73e93920ab6519202c

  • SHA256

    88491654c1973434c59c6f5096648976492758790ba88af7d39db3c6cd589d62

  • SHA512

    4221687cc69fdc2ba8475d5de42f77961b72109400c11a85ff63e18a418b5716ac928e10dcc25a26c4b3b98bcd766134ccfa8385179f9bed833516bca63ac033

  • SSDEEP

    393216:y1933fq5D3s7xvIKtS8xqZewuqYuY+Cs8mNYFoclOHUxn8XQ5Lcpcru5cbxbywfJ:wHWsNvp3xq0kYuPzNYGcl4UJRLcpcru8

Malware Config

Signatures

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.rexetstudio.deathrunportable
    1⤵
    • Requests cell location
    • Checks CPU information
    • Checks memory information
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4354

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.rexetstudio.deathrunportable/app_data/eventlog
    Filesize

    355B

    MD5

    be52ac6f47418f07f66ca654deffc159

    SHA1

    4987b0a683cc324ea18eff966f2b4d876a20cfda

    SHA256

    75fedfe87fe4a18dd505be5c390841851b0cdb4acc6f3b2fa74e528aa79c5e65

    SHA512

    cfc0d90bd5f3f51055b63b7e8763d2e1c964963fe401d6b832560d967f2d650c3513c970297e4d653b87240bf85c55f09bde4da0ea0f3773227fa7abe64f50cd

  • /data/data/com.rexetstudio.deathrunportable/cache/__chartboost/CBRequestManager/65580818060
    Filesize

    139B

    MD5

    746b09464e8032fe923b19bca0474063

    SHA1

    5bbc9fdf505ef53602d5b5e8b359d38bbf90d11a

    SHA256

    e2aed0e1ab3f688a70a4a50a9f7d8f6a24fc7cab94c4b9d908a07352d6705f01

    SHA512

    8d492887d3b59dbf91fb2e0ac83a08c60c3e67c2af4d00e91143e32d9f6379271ad24b8b7bc27d9b21621805f70fa5e34f149c3277821c040cd9539c28cb1aeb

  • /data/data/com.rexetstudio.deathrunportable/cache/__chartboost/CBTrackingDirectory/cb_previous_session_info
    Filesize

    189B

    MD5

    8b2f2f8a2e33e35e97a7337b154806cb

    SHA1

    a82a975550dc087a5cc52cc1afc80858ee5a4333

    SHA256

    ba07c34da95089031607c904636902ec79f03cf8aee38bee736ac548e1898b98

    SHA512

    ad1045b344cbb386d18a79b91c580a0a89f1dd83e354af120805d19c5dde634f02732d02065d9ff5b5a5adbbb4c678e75078f035a36479e5dea557ac1344d388

  • /data/data/com.rexetstudio.deathrunportable/cache/inmobi.cache
    Filesize

    2B

    MD5

    99914b932bd37a50b983c5e7c90ae93b

    SHA1

    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

    SHA256

    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

    SHA512

    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

  • /data/data/com.rexetstudio.deathrunportable/cache/inmobi.cache.data.events.number.network
    Filesize

    1B

    MD5

    cfcd208495d565ef66e7dff9f98764da

    SHA1

    b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

    SHA256

    5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

    SHA512

    31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

  • /data/data/com.rexetstudio.deathrunportable/cache/inmobi.cache.data.events.timestamp.network
    Filesize

    10B

    MD5

    0a3d2376996f4cd9ae502d9eff75ea3f

    SHA1

    49f2e0474ce670e8336e52c0da9b329414b6411f

    SHA256

    e80a734e28344830855f36da7b21b4af26c4c64754110e0f09401d2d468041d3

    SHA512

    54c26caee64c6e1fa52e2203f5074c32e2d87a1ecde5958a1b69ccf0da95d53664206c10da648f4d21d5ed7951090f2e0a5672f6da8094e4953c9c77384b5a68

  • /data/data/com.rexetstudio.deathrunportable/databases/im.db
    Filesize

    16KB

    MD5

    446bcead19385f21fa4d50b4009f3500

    SHA1

    08c2973c98014faab74dbde0aacf8814139a8976

    SHA256

    60baa7f0b33e8055faf74e02761daa797763e42a35606f9049be15e46543fe2e

    SHA512

    2ec2403926e3b862eede11756f675ce722b44e0a14e395942e7c80247217795bda677d96f121f7356fc55ffd5bcd23144b222638542d0c35c3a9a549504ac57b

  • /data/data/com.rexetstudio.deathrunportable/databases/im.db-journal
    Filesize

    512B

    MD5

    dbcd544d16e94a79c4249cf8728cf554

    SHA1

    d0c9250e720ce5657d1d10b54c966947ad2f97f5

    SHA256

    9209e26fc60019cb3d783a39bbbd6254f26f2de7c75fe28b6a1f9850bffa4f74

    SHA512

    f7e4866a993a8227461db069a344923a4e42b111b85e3d17e5c1f0d8d5fa58e00d79c52694b3c22bf03d9726d402aedbf998a1865aebb501caff8e8e68f3c1aa

  • /data/data/com.rexetstudio.deathrunportable/databases/im.db-wal
    Filesize

    28KB

    MD5

    0010fd3049f41eac64ce64468f2ad148

    SHA1

    5e2d32d363e93089d839b3e4e0ca524261204538

    SHA256

    feba158710be1aba7081035c3834c68435a3ef302c12f4fb4cc958fbb61e73c0

    SHA512

    0ba2eb57bd909c4954c9d9c13bdc1e35ec327888376c12777a526a197363770d026abe9ab917044aefcd269682670e796b205a14c995e4b25a0ab105448d59e2

  • /data/data/com.rexetstudio.deathrunportable/databases/ltvp.db
    Filesize

    16KB

    MD5

    d5e43cb1cd098bd29f5cd9e498cbd39e

    SHA1

    108986bbfc0e9c742e3f31daebd830b99dd435e1

    SHA256

    a4290d896a3ea6ac52924b2b6d9fc58e7dd95387b2ffff3a4b1e2899fbf88aa3

    SHA512

    0299703cbabaf16a38bbcd444edd699614f76bf7bba5a4e751717dbc3fe84fe850c89945d29c4acbaeb1ddf5237faabd6c89e6ee8f77d4e587ebf8c99f2cb84c

  • /data/data/com.rexetstudio.deathrunportable/databases/ltvp.db
    Filesize

    48KB

    MD5

    47aecb84cc14ac322b7466aee7066de9

    SHA1

    648ed016d28dafb0162e459253e541d0ad037fba

    SHA256

    10be2b5d05791c7b6775f6481067bb848680eeb26ac832350389ecbb027c14d6

    SHA512

    a2f13c55f60dc4ea31f3c39c90ba7fa389099f429829c75f43c42aadbdef71d65b3d9e2cc82e51c1c31d3fae46ad979778bcb07f4498c0434aeef436893843c4

  • /data/data/com.rexetstudio.deathrunportable/databases/ltvp.db-journal
    Filesize

    512B

    MD5

    0a59e238d180dea85647941813be9faf

    SHA1

    6b938082b1eeed708f4d840fb9534f722d7fa816

    SHA256

    4567c6b5146b372c400d5185974aa8bfe17fee69b98cf1ae9bf7696d9049ac69

    SHA512

    fb7ce4a9e65d587261cf84b9f671d2996e182309677a64689ce2776642fef7c98db9f5522e0a98a663c00690b63a851e3e3d8f324d04ab9a5ce9bb06dba3a2f5

  • /data/data/com.rexetstudio.deathrunportable/databases/ltvp.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.rexetstudio.deathrunportable/databases/ltvp.db-wal
    Filesize

    4KB

    MD5

    017e1a264b9c85c17120fdaace17ea30

    SHA1

    a15248a7b5ecaf4ce2a9c0c5d9c0a0697236e3d7

    SHA256

    215750b40f39fb1a16530f5aac1ded60a35ed4695df6e2368bb412195019243a

    SHA512

    56da66e36874d8c8a54e2a3fc2c100796bcc99211c3ff3cc5a11a3e2010aa7cdf018b18a823d42f8569ece4909217bdeeef9fdab5c87f8d0ada20be066ab6ac7

  • /data/data/com.rexetstudio.deathrunportable/databases/ltvp.db-wal
    Filesize

    68KB

    MD5

    82a768a3b2663e0817223363551fcd37

    SHA1

    f94273fab8847f871ab4958812ef83db6b460a6c

    SHA256

    e4ec15481fd3f1ea8547d64aafe71e2dbfb3d0fa8e64336beb800ad08bfc4e25

    SHA512

    9b737ded51b0e67c60593cabf7f2b71afef38e1abd2b934bcb5a56b9d1cb47b34b9de9a6709952ce033459003c0b24b7074547b79422d84edf029e9ab7eafbe7

  • /storage/emulated/0/Android/data/com.rexetstudio.deathrunportable/cache/__chartboost/CBVideoDirectory/5ecba0a617a57109d1598989_568-1590403238.mp4
    Filesize

    1.4MB

    MD5

    8cbc50bb417ce03df3370cfbbd298b3f

    SHA1

    e1f1777a16cc9a5b2f5ae6947c06d830820c16f9

    SHA256

    d070b43c84638c2db991e10f9ca4c0320688813ab7499fcf287df8a1d9e270a4

    SHA512

    4536ed5a30ab2568bcb4da973a8bea3a875867649b9e62eae4a511a54b9105051bbce76f7be893d4c87652b64622daf92966c6f8674bf4a18a1baa04f67f592a

  • /storage/emulated/0/Android/data/com.rexetstudio.deathrunportable/cache/__chartboost/CBVideoDirectory/65292cd90a56dd167d0d9585_568-1697197273.mp4
    Filesize

    1.4MB

    MD5

    f08cc535f59ca1d78f5b5538241dd44e

    SHA1

    d2e72ebccccdce5042022efcf7c474b43a2b9ea7

    SHA256

    cea6bd61b795207f02c52a5509b48ac8189e92ff1ad23023943473411fad3ff2

    SHA512

    f85e7c0e6cb919fe41d1efd96fca0ac7be57d9cc8fb091b79f7c4e7fa1493e7b9eeccc3ae74e00337649982ebd6a5518fc975c2a145c714429fca4e5fa2652b3

  • /storage/emulated/0/Android/data/com.rexetstudio.deathrunportable/cache/__chartboost/CBVideoDirectory/65292ed8200dec2f4dedca4c_568-1697197784.mp4
    Filesize

    1.7MB

    MD5

    05b5ffe604557271d1c4fed59f714796

    SHA1

    e18d0c8a11dc1bf3f154f90a5736b590182e25a0

    SHA256

    8e564489fc5377403fd2231c862402a30360a34c90eb087b6495d690633bcfac

    SHA512

    eccc03245a03b68c577b9091284eaa2ac41cb86fc9d92ea17ffccc1cfae394743ea6f19b92e6dd4fd892870eb69ce955b93d38f03acc56a2ee762a63187c40c4

  • /storage/emulated/0/Android/data/com.rexetstudio.deathrunportable/cache/__chartboost/CBVideoDirectory/6529302b123eae3e43eacec9_568-1697198124.mp4
    Filesize

    1.3MB

    MD5

    a019aae02ef4c58538e01ff4c2a1a2a8

    SHA1

    f01d807e00889aacec60bc092f705328a4a7c28b

    SHA256

    80acdacf51a80a74b477b1151a10912581fef7518899e201a7ddfb6549e4266d

    SHA512

    03360b9006c61378caa1d664630b06c249f549ab4d2d37e842eaea3f70e12566fe0f252752323c41df429a28c9e0c90b617077af8f828640cad4616b3f218341

  • /storage/emulated/0/Android/data/com.rexetstudio.deathrunportable/cache/__chartboost/CBVideoDirectory/6529306ecea591dc0157fb2b_568-1697198190.mp4
    Filesize

    2.1MB

    MD5

    cb85003fff6952cd12c6810d72ca27c7

    SHA1

    fe8bfa4dc90bb88e53d23085dee12e3a0ad235fb

    SHA256

    c4a282febd760452c887b5986d5b3ae1613598bee0e39cf8f194c64b959a027c

    SHA512

    bf28a9430f9873fbe59be69decedfd516f84b9025a1a1adac26b6d4f91fee1a4cf6235071f680dc1bf5f76b466c3dd15e6107dd19bc89fe6049e940324e40b6b