Malware Analysis Report

2024-09-09 13:38

Sample ID 240603-fge21adc66
Target 90958f9c71c6ea2d620e38acca93f0d9_JaffaCakes118
SHA256 ca56fa361c54addb8b8501bf48562750b88f43ce7b26d99ae6ab537cce1d31da
Tags
discovery evasion persistence stealth trojan collection impact
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

ca56fa361c54addb8b8501bf48562750b88f43ce7b26d99ae6ab537cce1d31da

Threat Level: Likely malicious

The file 90958f9c71c6ea2d620e38acca93f0d9_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence stealth trojan collection impact

Requests cell location

Removes its main activity from the application launcher

Checks memory information

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Queries the mobile country code (MCC)

Acquires the wake lock

Requests dangerous framework permissions

Checks if the internet connection is available

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-03 04:50

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 04:50

Reported

2024-06-03 04:53

Platform

android-x86-arm-20240514-en

Max time kernel

178s

Max time network

131s

Command Line

fun.com.rexetstudio.deathrunportable

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Processes

fun.com.rexetstudio.deathrunportable

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.227:443 tcp
US 1.1.1.1:53 s.net2share.com udp
US 1.1.1.1:53 ads01.adecosystems.com udp
US 1.1.1.1:53 adeco.adecosystems.com udp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.180.2:443 tcp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/fun.com.rexetstudio.deathrunportable/databases/adecoanalytics.db-journal

MD5 006a9d7f7df863d46574645cacfde779
SHA1 816525ac73a5f97763183c2ea7daefafaa4392d0
SHA256 5784dfd2f0f5cae07f90edeb521c8b8475355325981d360b2a32c28cd39f7f21
SHA512 ffdbe164fca8f177511dd0ceddfcf0e476d02ae533fbc580c9a6f226870516e92b4b879bbac5128dc91bb0ebc6ad523d14dc30447d7dff04ee434705931cb48d

/data/data/fun.com.rexetstudio.deathrunportable/databases/adecoanalytics.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/fun.com.rexetstudio.deathrunportable/databases/adecoanalytics.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/fun.com.rexetstudio.deathrunportable/databases/adecoanalytics.db-wal

MD5 f709b5f32ac73ac71294c9c4d3fe2ae8
SHA1 6f7562c42695e796822fcbb344a7d140dfc40529
SHA256 79feb53fa5e37244b4f2a2b952952e45e1fc95b4078ce59a8ccd02a121f6bd6a
SHA512 75c929e936ac6c855aaf6f22f5970969620198793c4d9491c456e14cc3e2000d1bd8b2b86fb9e6552f921c603ed58661b4c67e0278182d0841f94297a8769912

/data/data/fun.com.rexetstudio.deathrunportable/files/package.apk

MD5 80940131f04d0ad8b646e676bd605354
SHA1 e20444427ff3924da0382c73e93920ab6519202c
SHA256 88491654c1973434c59c6f5096648976492758790ba88af7d39db3c6cd589d62
SHA512 4221687cc69fdc2ba8475d5de42f77961b72109400c11a85ff63e18a418b5716ac928e10dcc25a26c4b3b98bcd766134ccfa8385179f9bed833516bca63ac033

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 04:50

Reported

2024-06-03 04:53

Platform

android-x64-20240514-en

Max time network

141s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 172.217.169.14:443 tcp
GB 172.217.16.226:443 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-03 04:50

Reported

2024-06-03 04:53

Platform

android-x64-arm64-20240514-en

Max time kernel

17s

Max time network

132s

Command Line

fun.com.rexetstudio.deathrunportable

Signatures

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Processes

fun.com.rexetstudio.deathrunportable

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 s.net2share.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 ads01.adecosystems.com udp
US 1.1.1.1:53 adeco.adecosystems.com udp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp

Files

/data/user/0/fun.com.rexetstudio.deathrunportable/databases/adecoanalytics.db-journal

MD5 c54fe2fc9c3a20b6eece8e7311334dc1
SHA1 c184b2a58f6d7dca98025d3e7b75d91934ccf1e9
SHA256 edcc9ba64735a9cb6ba03045ca6eae0e224daedb8339b73bd2f9b6ee29c49897
SHA512 0ffdb5de04a4c669bf7379c9a4aa068cb0bc639f0a67bb47ac536df4f1e3c425a6f8bc7ac1bb07cc695aece5a73850b883a2420ef223117af1642ab464472e65

/data/user/0/fun.com.rexetstudio.deathrunportable/databases/adecoanalytics.db

MD5 c2509fa3a9ffcfadb9c6176ede2d1783
SHA1 68101be55ee0f4419925ed67acd9cea5e458f445
SHA256 682f3020c1d3478f946f612f15dbf4fdd78f1124b828909e83f387273c5c6518
SHA512 18968ffb41374ccb1af1b46a06c8ab210eebef39bca7863d1ff08c3150971f031a26cd78ae3e91ae20ff594809e4271888f3c06b06a0c6ea71dff07820c28d99

/data/user/0/fun.com.rexetstudio.deathrunportable/databases/adecoanalytics.db-journal

MD5 1899e88c8520a49e18d68e28b8313a21
SHA1 9399aff3f3c8a6f28492f6f65c578a26abd77d91
SHA256 5c796e09bf29197c55ba8c4ead87d480a33ed4c5ebf5ef9101f11a2de78dec5b
SHA512 92000467c62aa98d8778e6e555d452411563c4ca7807d1d15406780f575f8c073e8a99ec2206da511bdcc1ae760ea732bebef570c13cddeedb019510c5ef7c39

/data/user/0/fun.com.rexetstudio.deathrunportable/databases/adecoanalytics.db-journal

MD5 da197c00189d8cb8ce403f895f8d7906
SHA1 107c2c621ddc0dc79898387d7b5d1a660d7ae75a
SHA256 248dcfec0f45ca9dd5b94ceb838a62faefd739b15919053767c159e397f2e487
SHA512 1cec952ab2f3b1eb4bf5ae65e52fd23b506feb0ca9f2103ba6c9820bd9207ddc77f63783f7be0e6689cc99389fdd6b73569225cb4012b83b4cdd30a7510a3f0d

/data/user/0/fun.com.rexetstudio.deathrunportable/databases/adecoanalytics.db-journal

MD5 f3f849d6099cdfc6b77ae57878437606
SHA1 de4e8353fb2b0916b066ba1f82382b5c4a1b8a99
SHA256 0aa2eb88bb8fb66920445384493fb38f473bbfe29ab08e900ed6dfaf695ed040
SHA512 df4225988fc9698185119167f04c5bcfc93cc4515ca4559da9ea8d52aedc2e922e0a3573a710baf92e5368bc8eedf7e7c9b0f53e1e30ad2322f859fe946d630e

/data/user/0/fun.com.rexetstudio.deathrunportable/files/package.apk

MD5 80940131f04d0ad8b646e676bd605354
SHA1 e20444427ff3924da0382c73e93920ab6519202c
SHA256 88491654c1973434c59c6f5096648976492758790ba88af7d39db3c6cd589d62
SHA512 4221687cc69fdc2ba8475d5de42f77961b72109400c11a85ff63e18a418b5716ac928e10dcc25a26c4b3b98bcd766134ccfa8385179f9bed833516bca63ac033

/data/user/0/fun.com.rexetstudio.deathrunportable/databases/adecoanalytics.db-journal

MD5 3310b80ab5a303141c09d51a27b8c9fa
SHA1 f612f9f7740c1ce47ab9279328f5126bcd467a8d
SHA256 f08237d14efcab3ffc95069dd7881f50c3673e7b66bdeda8f35211d3882196c4
SHA512 3b8d94be4c144729f016e45f92e9816e2c5a414624a556d73a4c5cc5bf5477e896d77ead40d639f293bd368a26a43cd822a793625da4bb5d1cdd5b21ebd2a210

/storage/emulated/0/Installer/log/1717390263423.stacktrace

MD5 638800a305a3ef3328fc20df7f847875
SHA1 4fe82fa572d8834a36bc87680215f6874a84d817
SHA256 c351633507a7976e52dbaa007ee0bf746e2ee954c5ffecc28b1cae3b12822a36
SHA512 5efc2d3a51d1a98f3536b37b86669c9d2b500575014f9a4071f8b791c4269635588047e14a7c59ad941bf738d4be958ef531c0b5b8d87cb29cb2fe725938a106

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-03 04:50

Reported

2024-06-03 04:53

Platform

android-x86-arm-20240514-en

Max time kernel

161s

Max time network

137s

Command Line

com.rexetstudio.deathrunportable

Signatures

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.rexetstudio.deathrunportable

Network

Country Destination Domain Proto
GB 142.250.200.42:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp
GB 142.250.200.42:443 tcp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 stats.unity3d.com udp
US 1.1.1.1:53 impact.applifier.com udp
US 1.1.1.1:53 live.chartboost.com udp
US 34.107.157.36:443 live.chartboost.com tcp
US 34.107.157.36:443 live.chartboost.com tcp
US 1.1.1.1:53 inmobisdk-a.akamaihd.net udp
GB 2.19.117.38:443 inmobisdk-a.akamaihd.net tcp
US 1.1.1.1:53 d.appsdt.com udp
US 1.1.1.1:53 v-ak.chartboost.com udp
GB 104.86.110.225:443 v-ak.chartboost.com tcp
GB 104.86.110.225:443 v-ak.chartboost.com tcp
GB 104.86.110.225:443 v-ak.chartboost.com tcp
GB 104.86.110.225:443 v-ak.chartboost.com tcp
US 130.211.33.175:443 impact.applifier.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 172.217.169.66:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 e-ltvp.inmobi.com udp
US 1.1.1.1:53 inmobisdk-a.akamaihd.net udp
GB 2.19.117.34:443 inmobisdk-a.akamaihd.net tcp

Files

/data/data/com.rexetstudio.deathrunportable/cache/__chartboost/CBTrackingDirectory/cb_previous_session_info

MD5 8b2f2f8a2e33e35e97a7337b154806cb
SHA1 a82a975550dc087a5cc52cc1afc80858ee5a4333
SHA256 ba07c34da95089031607c904636902ec79f03cf8aee38bee736ac548e1898b98
SHA512 ad1045b344cbb386d18a79b91c580a0a89f1dd83e354af120805d19c5dde634f02732d02065d9ff5b5a5adbbb4c678e75078f035a36479e5dea557ac1344d388

/data/data/com.rexetstudio.deathrunportable/cache/inmobi.cache

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/data/com.rexetstudio.deathrunportable/app_data/eventlog

MD5 be52ac6f47418f07f66ca654deffc159
SHA1 4987b0a683cc324ea18eff966f2b4d876a20cfda
SHA256 75fedfe87fe4a18dd505be5c390841851b0cdb4acc6f3b2fa74e528aa79c5e65
SHA512 cfc0d90bd5f3f51055b63b7e8763d2e1c964963fe401d6b832560d967f2d650c3513c970297e4d653b87240bf85c55f09bde4da0ea0f3773227fa7abe64f50cd

/data/data/com.rexetstudio.deathrunportable/databases/ltvp.db-journal

MD5 0a59e238d180dea85647941813be9faf
SHA1 6b938082b1eeed708f4d840fb9534f722d7fa816
SHA256 4567c6b5146b372c400d5185974aa8bfe17fee69b98cf1ae9bf7696d9049ac69
SHA512 fb7ce4a9e65d587261cf84b9f671d2996e182309677a64689ce2776642fef7c98db9f5522e0a98a663c00690b63a851e3e3d8f324d04ab9a5ce9bb06dba3a2f5

/data/data/com.rexetstudio.deathrunportable/databases/ltvp.db

MD5 47aecb84cc14ac322b7466aee7066de9
SHA1 648ed016d28dafb0162e459253e541d0ad037fba
SHA256 10be2b5d05791c7b6775f6481067bb848680eeb26ac832350389ecbb027c14d6
SHA512 a2f13c55f60dc4ea31f3c39c90ba7fa389099f429829c75f43c42aadbdef71d65b3d9e2cc82e51c1c31d3fae46ad979778bcb07f4498c0434aeef436893843c4

/data/data/com.rexetstudio.deathrunportable/databases/ltvp.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.rexetstudio.deathrunportable/databases/ltvp.db-wal

MD5 82a768a3b2663e0817223363551fcd37
SHA1 f94273fab8847f871ab4958812ef83db6b460a6c
SHA256 e4ec15481fd3f1ea8547d64aafe71e2dbfb3d0fa8e64336beb800ad08bfc4e25
SHA512 9b737ded51b0e67c60593cabf7f2b71afef38e1abd2b934bcb5a56b9d1cb47b34b9de9a6709952ce033459003c0b24b7074547b79422d84edf029e9ab7eafbe7

/data/data/com.rexetstudio.deathrunportable/databases/im.db-journal

MD5 dbcd544d16e94a79c4249cf8728cf554
SHA1 d0c9250e720ce5657d1d10b54c966947ad2f97f5
SHA256 9209e26fc60019cb3d783a39bbbd6254f26f2de7c75fe28b6a1f9850bffa4f74
SHA512 f7e4866a993a8227461db069a344923a4e42b111b85e3d17e5c1f0d8d5fa58e00d79c52694b3c22bf03d9726d402aedbf998a1865aebb501caff8e8e68f3c1aa

/data/data/com.rexetstudio.deathrunportable/databases/im.db

MD5 446bcead19385f21fa4d50b4009f3500
SHA1 08c2973c98014faab74dbde0aacf8814139a8976
SHA256 60baa7f0b33e8055faf74e02761daa797763e42a35606f9049be15e46543fe2e
SHA512 2ec2403926e3b862eede11756f675ce722b44e0a14e395942e7c80247217795bda677d96f121f7356fc55ffd5bcd23144b222638542d0c35c3a9a549504ac57b

/data/data/com.rexetstudio.deathrunportable/databases/im.db-wal

MD5 0010fd3049f41eac64ce64468f2ad148
SHA1 5e2d32d363e93089d839b3e4e0ca524261204538
SHA256 feba158710be1aba7081035c3834c68435a3ef302c12f4fb4cc958fbb61e73c0
SHA512 0ba2eb57bd909c4954c9d9c13bdc1e35ec327888376c12777a526a197363770d026abe9ab917044aefcd269682670e796b205a14c995e4b25a0ab105448d59e2

/data/data/com.rexetstudio.deathrunportable/cache/__chartboost/CBRequestManager/65580818060

MD5 746b09464e8032fe923b19bca0474063
SHA1 5bbc9fdf505ef53602d5b5e8b359d38bbf90d11a
SHA256 e2aed0e1ab3f688a70a4a50a9f7d8f6a24fc7cab94c4b9d908a07352d6705f01
SHA512 8d492887d3b59dbf91fb2e0ac83a08c60c3e67c2af4d00e91143e32d9f6379271ad24b8b7bc27d9b21621805f70fa5e34f149c3277821c040cd9539c28cb1aeb

/data/data/com.rexetstudio.deathrunportable/cache/inmobi.cache.data.events.number.network

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

/data/data/com.rexetstudio.deathrunportable/cache/inmobi.cache.data.events.timestamp.network

MD5 0a3d2376996f4cd9ae502d9eff75ea3f
SHA1 49f2e0474ce670e8336e52c0da9b329414b6411f
SHA256 e80a734e28344830855f36da7b21b4af26c4c64754110e0f09401d2d468041d3
SHA512 54c26caee64c6e1fa52e2203f5074c32e2d87a1ecde5958a1b69ccf0da95d53664206c10da648f4d21d5ed7951090f2e0a5672f6da8094e4953c9c77384b5a68

/storage/emulated/0/Android/data/com.rexetstudio.deathrunportable/cache/__chartboost/CBVideoDirectory/5ecba0a617a57109d1598989_568-1590403238.mp4

MD5 8cbc50bb417ce03df3370cfbbd298b3f
SHA1 e1f1777a16cc9a5b2f5ae6947c06d830820c16f9
SHA256 d070b43c84638c2db991e10f9ca4c0320688813ab7499fcf287df8a1d9e270a4
SHA512 4536ed5a30ab2568bcb4da973a8bea3a875867649b9e62eae4a511a54b9105051bbce76f7be893d4c87652b64622daf92966c6f8674bf4a18a1baa04f67f592a

/storage/emulated/0/Android/data/com.rexetstudio.deathrunportable/cache/__chartboost/CBVideoDirectory/65292ed8200dec2f4dedca4c_568-1697197784.mp4

MD5 05b5ffe604557271d1c4fed59f714796
SHA1 e18d0c8a11dc1bf3f154f90a5736b590182e25a0
SHA256 8e564489fc5377403fd2231c862402a30360a34c90eb087b6495d690633bcfac
SHA512 eccc03245a03b68c577b9091284eaa2ac41cb86fc9d92ea17ffccc1cfae394743ea6f19b92e6dd4fd892870eb69ce955b93d38f03acc56a2ee762a63187c40c4

/storage/emulated/0/Android/data/com.rexetstudio.deathrunportable/cache/__chartboost/CBVideoDirectory/65292cd90a56dd167d0d9585_568-1697197273.mp4

MD5 f08cc535f59ca1d78f5b5538241dd44e
SHA1 d2e72ebccccdce5042022efcf7c474b43a2b9ea7
SHA256 cea6bd61b795207f02c52a5509b48ac8189e92ff1ad23023943473411fad3ff2
SHA512 f85e7c0e6cb919fe41d1efd96fca0ac7be57d9cc8fb091b79f7c4e7fa1493e7b9eeccc3ae74e00337649982ebd6a5518fc975c2a145c714429fca4e5fa2652b3

/storage/emulated/0/Android/data/com.rexetstudio.deathrunportable/cache/__chartboost/CBVideoDirectory/6529302b123eae3e43eacec9_568-1697198124.mp4

MD5 a019aae02ef4c58538e01ff4c2a1a2a8
SHA1 f01d807e00889aacec60bc092f705328a4a7c28b
SHA256 80acdacf51a80a74b477b1151a10912581fef7518899e201a7ddfb6549e4266d
SHA512 03360b9006c61378caa1d664630b06c249f549ab4d2d37e842eaea3f70e12566fe0f252752323c41df429a28c9e0c90b617077af8f828640cad4616b3f218341

/storage/emulated/0/Android/data/com.rexetstudio.deathrunportable/cache/__chartboost/CBVideoDirectory/6529306ecea591dc0157fb2b_568-1697198190.mp4

MD5 cb85003fff6952cd12c6810d72ca27c7
SHA1 fe8bfa4dc90bb88e53d23085dee12e3a0ad235fb
SHA256 c4a282febd760452c887b5986d5b3ae1613598bee0e39cf8f194c64b959a027c
SHA512 bf28a9430f9873fbe59be69decedfd516f84b9025a1a1adac26b6d4f91fee1a4cf6235071f680dc1bf5f76b466c3dd15e6107dd19bc89fe6049e940324e40b6b

/data/data/com.rexetstudio.deathrunportable/databases/ltvp.db-wal

MD5 017e1a264b9c85c17120fdaace17ea30
SHA1 a15248a7b5ecaf4ce2a9c0c5d9c0a0697236e3d7
SHA256 215750b40f39fb1a16530f5aac1ded60a35ed4695df6e2368bb412195019243a
SHA512 56da66e36874d8c8a54e2a3fc2c100796bcc99211c3ff3cc5a11a3e2010aa7cdf018b18a823d42f8569ece4909217bdeeef9fdab5c87f8d0ada20be066ab6ac7

/data/data/com.rexetstudio.deathrunportable/databases/ltvp.db

MD5 d5e43cb1cd098bd29f5cd9e498cbd39e
SHA1 108986bbfc0e9c742e3f31daebd830b99dd435e1
SHA256 a4290d896a3ea6ac52924b2b6d9fc58e7dd95387b2ffff3a4b1e2899fbf88aa3
SHA512 0299703cbabaf16a38bbcd444edd699614f76bf7bba5a4e751717dbc3fe84fe850c89945d29c4acbaeb1ddf5237faabd6c89e6ee8f77d4e587ebf8c99f2cb84c

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-03 04:50

Reported

2024-06-03 04:53

Platform

android-x64-20240514-en

Max time kernel

9s

Max time network

131s

Command Line

com.rexetstudio.deathrunportable

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

com.rexetstudio.deathrunportable

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 216.58.212.226:443 tcp
GB 172.217.16.238:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp

Files

N/A