Malware Analysis Report

2025-01-19 07:51

Sample ID 240609-flzbfaeg54
Target GTA-V Prologue ARMv7 (1).apk
SHA256 ac2e0b8ef98bc32dc38fa105b3682597c8705aeb3c4aee8a8c53fac59704c92b
Tags
evasion persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

ac2e0b8ef98bc32dc38fa105b3682597c8705aeb3c4aee8a8c53fac59704c92b

Threat Level: Likely malicious

The file GTA-V Prologue ARMv7 (1).apk was found to be: Likely malicious.

Malicious Activity Summary

evasion persistence

Checks if the Android device is rooted.

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-09 04:58

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-09 04:58

Reported

2024-06-09 05:04

Platform

android-x86-arm-20240603-en

Max time kernel

87s

Max time network

139s

Command Line

com.rusergames.gta5prologue

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.rusergames.gta5prologue

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 perf-events.cloud.unity3d.com udp
US 35.190.78.8:443 perf-events.cloud.unity3d.com tcp
US 1.1.1.1:53 config.uca.cloud.unity3d.com udp
US 34.111.113.40:443 config.uca.cloud.unity3d.com tcp
US 1.1.1.1:53 cdp.cloud.unity3d.com udp
US 34.107.172.168:443 cdp.cloud.unity3d.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/Resources/mscorlib.dll-resources.dat

MD5 21d06dbc8af6432b2b49536ed30609af
SHA1 11a1c0e2ab2f8c06fe4507535ed47e0dd279a60d
SHA256 c5baa176a5b72cd545266340e42102d393a5e43d38c95796bc828918bb95277f
SHA512 2971f54eaa14c3ce6e2352e5a1aea5b044f0894bf4eac92de8cd92515b6473b5ca56ebfcad4369a9d4935cbefea2540a83f332fd4d832c37768310e8776ceb5e

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/Metadata/global-metadata.dat

MD5 d0de76e8943f86ea4b38291b52c55bfc
SHA1 5a9c90adc4d433283276c7c7aea662cabc26d514
SHA256 83cd97ebeee350ec2b5efa84a77fdba18e3a485defff83045b3822886d0ebda8
SHA512 12a256670bf0d0e8099f54970af5494aa2660fd1247e443a5657505623dd32b17c5dfa48d4094820c1851193097da6392d35738bd73d54d16bb93eeaf012434d

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/SymbolMap-ARMv7

MD5 4663fbfefac615ddec824834b2302678
SHA1 b7b3259c6324e69c1f4fdd62ce14ab298df07654
SHA256 3a3d7edff0295ed5a5dd8d3ae8616641dbde10f843bc3a50f013cb2322c44b7f
SHA512 5014ffc55756e40633e4e33df4c1111970f542f4d119ed9e153a37b6c883a216948c6d2b2c0b1bf98cef7e98088914399f6b03c4b994e71172b11328d6868e7a

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/etc/mono/mconfig/config.xml

MD5 f34b330f20dce1bdcce9058fca287099
SHA1 936520d5bb5c00a1985d7a4c4f0ef763a9031862
SHA256 0c56e34c69124510fa8c19e7b4c2ca6c1c4ff460ae19f798dd0ca035809e396d
SHA512 d6d4a8321eb44c117755a41a2590296be86a0568d27a5347f9d7f32f2d151d8f7e169675c83faed2dab5ad0f8d81858f8cd1167e439cd4bff7e68c243e3544fd

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/etc/mono/1.0/DefaultWsdlHelpGenerator.aspx

MD5 66fed2411c14a0fc8ce4c593ef601bfb
SHA1 4680a34aae1193f1e4a6aac1a5dd3c307de257fb
SHA256 d87d5196b2ae2abf4e673315e1fd22c3a44df80192f23e89b78108579c287524
SHA512 331874a9956c87db0646e4d21937a88009804a59fdf5f5882ea5b1dfb7dd7ef17724e09877d98f52e7327bbf38a46dde0c54d5c85f1e860b88322bdfad64679d

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/etc/mono/1.0/machine.config

MD5 4bad452a2ffc4c6f982e2f43fb44f6b9
SHA1 4445d53dc755ca2f977b01bf9d77357b3dfb0cc7
SHA256 eded908c507a7a230ee7ad3146d8893cf140638e6eaeab58bff05c95c2f3a7e3
SHA512 1611968d2c19f3c9472a43d692a4451fd140dec1d6d5da6b819d33e62936f1d69d69e65c13b893158aacf985093bd7167f50d9c80c0789a79303fe66a9ad956c

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/etc/mono/2.0/web.config

MD5 2b6303c4f12762b71051db6e947f90a4
SHA1 a4d7e05516f63d6ab67327b299d4fb2852cb840b
SHA256 3c1a76a5849074b437d297656a208a3bef6d84b982153542b9c797046c601dfc
SHA512 80f5da60654e1851ef21526e434b32d94e18883a08bacbbaa0e1f85b80469c46510b6ddb9b429f16cc4be89c6f2bb2627bbae9cb1d0c7e45b665efb7721c6d86

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/etc/mono/2.0/machine.config

MD5 433d143955ab359dff61c0bff982a176
SHA1 7eab623c58d853d733c0a5e586a47e09c4e3efdb
SHA256 531d0d5bc30466a8a7ea6c032639721d7f16aab57c9701ef0afab5fdb432792f
SHA512 914e7043806fcc2788dbe388f94a2c9cbc6b0d5eae59609ee411a4815926d879b05ba8f338ee07b88e95a44304ebc9cbefa19a948fa52ffc0f786957c9729c39

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/etc/mono/2.0/settings.map

MD5 55dac562878b7dd98ee8a7ad203a26e6
SHA1 d16baa15e7d3042bcf9d7318209c696f4daf2cb0
SHA256 ca89036b7d7f1ae9311a6a2fbcf05fc5b997bd43fd21dd54e11c18018ef65f08
SHA512 987c5cd86a9825953de670e5c15404694feb15cd5fa9afa8af4c2d5bda9d805839c9695d44122b32e0ffafe08d720c3df58000e89c8822fd9a5eb28eaf2ad478

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/etc/mono/2.0/Browsers/Compat.browser

MD5 0d831c1264b5b32a39fa347de368fe48
SHA1 187dff516f9448e63ea5078190b3347922c4b3eb
SHA256 8a1082057ac5681dcd4e9c227ed7fb8eb42ac1618963b5de3b65739dd77e2741
SHA512 4b7549eda1f8ed2c4533d056b62ca5030445393f9c6003e5ee47301ff7f44b4bd5022b74d54f571aa890b6e4593c6eded1a881500ac5ba2a720dc0ff280300af

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/etc/mono/2.0/DefaultWsdlHelpGenerator.aspx

MD5 3b3452c399f27a24ea5a589c7bfe750b
SHA1 b06cb1d09ad3bbdf1d8214c910e3da2a228d113c
SHA256 ae044cd9cc2c7c42f8864195125ab440472d657e5f0d55e131f7890bd45c518a
SHA512 41c099350159e942be8bc04c8f59c7fb0fd4bd99db46f1c0158f0fa053c08ae0c73e9d169f6816b77376283cce5beafdcfe5d3d5e3b98e8b358d67c34b954a04

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/etc/mono/browscap.ini

MD5 378be809df7d15aac75a175693e25fbb
SHA1 2d5454e161de8a5b65910f27bd70d9d0ad8fa476
SHA256 4ddd50f31fb968f30bedefc253a46dc3f2890192d05cdaa9e0a64a056eee807e
SHA512 d0d181e806cbd2c016eb0a8786f7d9db877463eaac0195db4e891be111c9ed87491a1abcfa0d9ed7c2743e004e1f4a3f4789333d0b535e63358c672ae833c363

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/etc/mono/config

MD5 f95c345c1c53b820487f6b72e62d5485
SHA1 957e4e50e74c50347af92abf240c2c7aab3f3f79
SHA256 b585c70c70c88b3e03489361558f5d711c2ef71df9baaf37d92dbf95fbf6cd92
SHA512 6b06434d07ee51be064a3efdca65b73e6c8e7560b43fb61633b08c7d2a0d792fe0670e57088c1dabd23929e0b7f7a27f65f503f2b640587042c8bbe98946368b

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/cache/UnityAdsCache/UnityAdsTest.txt

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/cache/UnityAdsCache/UnityAdsStorage-public-data.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/cache/UnityAdsCache/UnityAdsStorage-public-data.json

MD5 6d7c7741e8811820b98b6bd0d91b256b
SHA1 d378e23abb1217e8ca41f9d02199d0d75d58a70e
SHA256 3c7f7761068071aef2f426ed99ad987edf01ccb1a6ee358a2cc5a2d85708c407
SHA512 66c98fb66010a8a9e948f0caed112f1a2eae9bf780231a40514aa6bacc37d05ae8cd428a2d9b12d77643d2465faf59aa070f4994e1d47b2204c705fad3539b0f

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/cache/UnityAdsCache/UnityAdsStorage-public-data.json

MD5 834c14a74b16c751a509643c45d03ede
SHA1 10c7fea1417e4f9475f1193c2e679c8b026d704e
SHA256 c7a4463c8bcd9e295a9a0d56b9ce19c301282de4d951781c1fd29db568eba789
SHA512 909c3fcd9d1156a1143a4af3a23f9c88e9e85b0f50096f38606ea3e64d25c008d06a1e9f51ce442348d0785c3366978ddd21fb965e425dceff8d1a02649d02ec

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/Unity/fee8ca55-f322-448a-ade3-63171511f3fd/Analytics/config

MD5 8673a8ac0b06a9d056d08d62f857ba4b
SHA1 a351bea1932270bafbe468584058fef20dcfc31e
SHA256 83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96
SHA512 edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/Unity/fee8ca55-f322-448a-ade3-63171511f3fd/Analytics/ArchivedEvents/171790930400000.c9fa2fd0/s

MD5 35e8a19dc9a57fe01ec407174f8b99b6
SHA1 c0faace14ec172fdb5afb7841d6c7676c9358c82
SHA256 845ed436abc09378eb900a7cee1e9a332cdf37a51107b033f90acca8baa28c62
SHA512 01936de56009019500c70aa6044db3f90dc420d0711ab173a3cf3d1ffaa7f9be264870ce2f373eda6f0d09cfdff791f41772ebffb0025d8d70e914f34c30eab6

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/Unity/fee8ca55-f322-448a-ade3-63171511f3fd/Analytics/ArchivedEvents/171790930400000.c9fa2fd0/g

MD5 c81e728d9d4c2f636f067f89cc14862c
SHA1 da4b9237bacccdf19c0760cab7aec4a8359010b0
SHA256 d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35
SHA512 40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/Unity/fee8ca55-f322-448a-ade3-63171511f3fd/Analytics/ArchivedEvents/171790930400000.c9fa2fd0/e

MD5 426ea679cde296dcd28d72528b22b984
SHA1 8d0d10d62428f90db8cf5111e5f6bfa30f46b983
SHA256 a37e25e699386e93ca6f12d4cc04d8dcfa94bd1687176f7fadebbce1dff6b304
SHA512 8fad1dd5ed61569088c0d2d66c663d9d4b9a2375ca93f21bdd85d01182283441b391fec171a54cbfa39d73b80ffcb79d68e609cc12505fd5382b02f0783a73a1

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/Unity/fee8ca55-f322-448a-ade3-63171511f3fd/Analytics/ArchivedEvents/171790930400001.c9fa2fd0/e

MD5 e8c5be020883f1943ee3ae20cbe1bddb
SHA1 7fa9d597c6dab83656f244f1662eaf296c9388ba
SHA256 17dd4a0e78e7bad6e52df1df1ad52a6b6865f6926b86fb14c23e0b550a44be07
SHA512 deeca3795aae1af8b4cd5000a08e9890074dfaddc741ba33ba63212ae14b8c94c2a0cbb3f33182e83608f33068a668dae566890202e3cdfeb629fd9191a6200b

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/Unity/fee8ca55-f322-448a-ade3-63171511f3fd/Analytics/values

MD5 ce5cce1d05ce900dcfd6426caed7aee6
SHA1 081fbb9ed0e6c8b21c5d4f6494ab282986005e0e
SHA256 c7ae65a50e573c12a3b4c4049bfdde93637ed2a7ec59163766ba59fbf703dd25
SHA512 f1ead5557c89a1132bfb59f2c934fd544f01660dc98c6ae9a12f90d45b14d7e4462d7b8ba1b5812942f103f6e21919a34a3f13e853bb5d5b4de2b216a3d5ce53

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/Unity/fee8ca55-f322-448a-ade3-63171511f3fd/Analytics/ArchivedEvents/171790930400002.c9fa2fd0/e

MD5 59f2683d55d4bf0d1083a45749a20221
SHA1 dff91953939a49698dd677152bbcf44173a210ff
SHA256 307aaf8f8e4daba89414d91c133d9d597b1261f44691bf24618d03c2ed8141af
SHA512 7b828c75175fc604f358a9bf80f5df4e3a552f7fcca5f7d8601051c3920cd5dc0b4ae163e620553906c5762003782e9a2e097162d396f1bd9c1a837a12f10703

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/Unity/fee8ca55-f322-448a-ade3-63171511f3fd/Analytics/ArchivedEvents/171790930400002.c9fa2fd0/e

MD5 ea47cb4407d5c38b8351a39e3ec89d3f
SHA1 e8f0b164678ab01737637577b151f059e57617d1
SHA256 d6620f0c2781d6de719bb7c02ec2283351429c3e120538b2d71c95d4323c47b1
SHA512 2334b5df1ff41e531f3c4ade0150d5f8047268a6343c99202400d782ddb1144f20b3574861b95e657c42cb66d65cda50d77f7f785920370885655edee2b10bbd

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/Unity/fee8ca55-f322-448a-ade3-63171511f3fd/Analytics/ArchivedEvents/171790930400002.c9fa2fd0/e

MD5 4d01163b25321085500f504418245a2e
SHA1 ea4e8f9d396ad89b46ae359014d5a326cecd3be8
SHA256 31aba3195e73b3b5954e5f481d5f935c9a1ddfa205c9f709521e6afee4b363d8
SHA512 3d5d93392707294487a632b24b2655debfea207e29c54c2b66f0a480a37310f388733d5bc8c96c78c5bba500ffdc71851da7ee42fb909ea79a2662aa72048f91