Analysis Overview
SHA256
c5b3598e5f57502f4d0bce433cec2fe2774cbc807dc7b239e499cb92357383ae
Threat Level: Shows suspicious behavior
The file 965efa408f57f5b55b4bf5ff3e68636d.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries information about running processes on the device
Queries information about active data network
Queries information about the current Wi-Fi connection
Queries the mobile country code (MCC)
Acquires the wake lock
Reads information about phone network operator.
Requests dangerous framework permissions
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-06 02:55
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-06 02:50
Reported
2024-06-06 03:00
Platform
android-x86-arm-20240603-en
Max time kernel
179s
Max time network
176s
Command Line
Signatures
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.efun.smds
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | sdk-download.efun.com | udp |
| GB | 43.132.64.165:443 | sdk-download.efun.com | tcp |
| US | 1.1.1.1:53 | graph.facebook.com | udp |
| GB | 163.70.147.22:443 | graph.facebook.com | tcp |
| US | 1.1.1.1:53 | game.efun.com | udp |
| HK | 101.32.16.91:443 | game.efun.com | tcp |
| HK | 101.32.16.91:443 | game.efun.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 163.70.147.22:443 | graph.facebook.com | tcp |
| US | 1.1.1.1:53 | events.appsflyer.com | udp |
| GB | 108.156.46.26:443 | events.appsflyer.com | tcp |
| US | 1.1.1.1:53 | stats.unity3d.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ad.efun.com | udp |
| HK | 43.154.211.153:443 | ad.efun.com | tcp |
Files
/data/data/com.efun.smds/databases/crash_reports-journal
| MD5 | 400d676ce8c55721ef98a6cba6f1afca |
| SHA1 | b9f4acc2bf4bd53ad88fbe8c3256b3181e343255 |
| SHA256 | b1254bedd38d2bae005e4e41a4fbd21218dff482c6602c80267254c2d2f96352 |
| SHA512 | 4f20823b3deae59d035494a3d27dcec587ed76767f97ce28cfaf0d395063902faa8ae84937c7bfc8220f6292450d0c77bd43da36201dca7ffcee04a7a1dc5dce |
/data/data/com.efun.smds/databases/crash_reports
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.efun.smds/databases/crash_reports-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.efun.smds/databases/crash_reports-wal
| MD5 | 08db2fa4bda1a4c62cb5e21a07b86c87 |
| SHA1 | c47cdb1e68e4234fb5aa0a06068f0d44d90fa860 |
| SHA256 | c353b32e79580aa6a22e57b799d3672be860bb7d6b61aca696925875188b7486 |
| SHA512 | 74feb653ef91163c222fb11048e81fe65691056f3109c9204d46a018f9205daabce795f0339056d941376530590a6037423562c588d03175e173ec1b1327ea23 |
/storage/emulated/0/Android/data/efun/efundata-uuid.txt
| MD5 | 1861eb0a8bc5209e6f29024ae17692a5 |
| SHA1 | 9493024227c48fc95e796980e14149f994d51391 |
| SHA256 | a8d4b4100263ac9b5fccfe15006d115fcca52e534363db46febdd1c4e4ae98a3 |
| SHA512 | c60d37c47c8bafab275f25e4f0f2ceb586ef148e5bc8f5e3f6d60e2edf5f195c7fdfc1cac7613076cf9bfc066f679433c2f85e1f3eaf01dc96d663cfc090ce16 |
/data/data/com.efun.smds/databases/google_app_measurement_local.db-journal
| MD5 | 75ac1839e5fe57b842d4c0cf4da4c19c |
| SHA1 | cfdca13461c012de398222dc7418e450c742569c |
| SHA256 | 50279da75fd9fcf7131fc4673c82ca19bf29c3854114c97b717fbc956c1126c3 |
| SHA512 | b65e8683fdc90ba04507554822b9dc93f71955584536728e5eb70a4bfb4afeee551efa51a2b34c51fa2499dad6f71f63c136ab6894705984e1bb6c30f87128e4 |
/data/data/com.efun.smds/databases/google_app_measurement_local.db
| MD5 | 7f8d0793e107eafbd1cb2cb373cb7385 |
| SHA1 | b88876b0899cb55dcb48bc8544d2fff1dc27ac6c |
| SHA256 | fc0e2990f27506a0cf1bf7376a0ae448471f14924415f2a5df02a5c6ca971bfe |
| SHA512 | 0d298903206d6746b5f32253eca629d1e41a3a45e10890b61c695b8862bb595124c22b7d7cfbebf4c0a8a1416475f8cd1e468ec50c0599a7cf11aae7e7ef412a |
/data/data/com.efun.smds/databases/google_app_measurement_local.db-wal
| MD5 | 4c432a1be1353f5e8f9a74a97c2b1a87 |
| SHA1 | 08c1fbc53c87ad804e7d7b563081944345b779a2 |
| SHA256 | 2002b03ee00076c0657da015564220f2a8735d32725abbe175d9621623ad5995 |
| SHA512 | b77385343b19fd7fff9348ebf574547209c66438c0a8a7a7e3a2ecf43e88f6843d271720e02f16e4a1a353e3e0631accb042cbe31097444bba46b5f1bf58e3d5 |
/data/data/com.efun.smds/files/efun/efunDomainInventory.txt
| MD5 | 47833d572abd8b39c9fb22a7098351a6 |
| SHA1 | 8fe8c9eb48d2a82838ff051a4ea645926ed98c73 |
| SHA256 | 55167b9eff83062ec27dbe8215ffc9cff39732805c877ee01c562d5a86adee02 |
| SHA512 | 1b5c0e62173de7b8f0ac6ddd242d8a027fc85c044d4db3e153a57e254d89116fd1b9d445be4c6e79fb763591e7b3a5e8b4c6f02200fb6d29a6daf4149e9b9405 |
/data/data/com.efun.smds/databases/google_app_measurement_local.db-wal
| MD5 | 4c5c57798f1600d3d81bfb7b97558e70 |
| SHA1 | 293087aa85d52cdb391c04d0c3586fe89631049a |
| SHA256 | 623f017326f4ef7f39ed806f2732482c9abde4678779f5382d6382b9c4eb71a1 |
| SHA512 | 574a2e909598b7808c0395e86342efaa7841ba0e6012ea04d00964defac9e562bf6df784af899f35eaa1e90aaabeb6c929f7b5bba948765d989a91702c74d27f |
/data/data/com.efun.smds/databases/google_app_measurement_local.db
| MD5 | 6b63b92f6d4ec960961ab1deba76d015 |
| SHA1 | bf6ffccf76f70b897c1a6cb46d129418190f509d |
| SHA256 | a16377ad9b4b59218937f24a93699b9a7cc2409814ad71504ffb45c59fc699c9 |
| SHA512 | 43e6e2290c76065c77021b625e5f31d41df9f98b2efec0db7e363c7b34bbbeccff92699465c899a34400ddd1195d67f580e4f0eb92479defdaebe4ea24fd9e21 |
/data/data/com.efun.smds/databases/google_app_measurement_local.db-wal
| MD5 | 8c93c7ebd28561ebbbf55d2a4bc75bba |
| SHA1 | 392561c5510790671f7ce6ff5b1d7f066637f4b0 |
| SHA256 | ca6d9b570407fe79c8fde340b35653552c19a45984fdc58734e15f5303dac3f8 |
| SHA512 | 9b5a990c4395994cc3816c0c08951e16c3cee1e26d95d2e40cb61a6a4f51eb55f41958ba0ed7182af71c140012b7f2c085b34fa54bad41022cef9b154e39df02 |
/data/data/com.efun.smds/databases/google_app_measurement_local.db
| MD5 | 0b8196081277b054bb75bb94a0141d9a |
| SHA1 | fb3ee63e02b4cb47db7ff6e01a9133d39f372ebb |
| SHA256 | ed5d9f1b129d60c32ade672a8a77acba83d68be4ce3c5ab05072566edf2e12b4 |
| SHA512 | 319c57c22039cd0fd2dcf3761fae21883fc4606f53817b7cfdc61d2e817c1e90be977f9a3a67163bad6ff10a557721b81e5d4dcfa78ff1821e765f011b2439a7 |
/data/data/com.efun.smds/databases/google_app_measurement_local.db-wal
| MD5 | 692db734e653b98e0640f840a4db174f |
| SHA1 | 2d201abe632cbce87ecae1c9058f20c84f8e47ee |
| SHA256 | 143ff7d285292efbefb1657aa7f40dd46381a896bce43d796f3266a172a94211 |
| SHA512 | 1b5581498e3decadf5412824b3542ec4ef7e0a37976fd676e903ec311415edb0a12007351c9371ca61e262f408c387cf38e3c6a6a111cfb0989058afa672e801 |
/data/data/com.efun.smds/files/AppEventsLogger.persistedsessioninfo
| MD5 | 9ead88a8309edea46f943d42ca714b29 |
| SHA1 | f2e5ac6031192d5fffd9474a1654f24fff19e3fc |
| SHA256 | 3a9d8241e90fe42345b3da3f84a38f0902400a7116bd18d235c083ab97f2f6bb |
| SHA512 | b3ff78b67890560b4a7dd9472caf67997bbb355f97bd5746eb92593536b4b76e1e58167c9f7b029b8ff65b77cde87f76efdb37912eff5b19bc3ec12b3170cc4c |