Malware Analysis Report

2025-01-19 07:51

Sample ID 240609-fmrb8adh91
Target GTA-V Prologue ARMv7 (1).apk
SHA256 ac2e0b8ef98bc32dc38fa105b3682597c8705aeb3c4aee8a8c53fac59704c92b
Tags
evasion persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

ac2e0b8ef98bc32dc38fa105b3682597c8705aeb3c4aee8a8c53fac59704c92b

Threat Level: Likely malicious

The file GTA-V Prologue ARMv7 (1).apk was found to be: Likely malicious.

Malicious Activity Summary

evasion persistence

Checks if the Android device is rooted.

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-09 04:59

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-09 04:59

Reported

2024-06-09 05:01

Platform

android-x86-arm-20240603-en

Max time kernel

30s

Max time network

37s

Command Line

com.rusergames.gta5prologue

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.rusergames.gta5prologue

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 perf-events.cloud.unity3d.com udp
US 35.190.78.8:443 perf-events.cloud.unity3d.com tcp
US 1.1.1.1:53 config.uca.cloud.unity3d.com udp
US 34.111.113.40:443 config.uca.cloud.unity3d.com tcp
US 1.1.1.1:53 cdp.cloud.unity3d.com udp
US 34.107.172.168:443 cdp.cloud.unity3d.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp

Files

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/Resources/mscorlib.dll-resources.dat

MD5 21d06dbc8af6432b2b49536ed30609af
SHA1 11a1c0e2ab2f8c06fe4507535ed47e0dd279a60d
SHA256 c5baa176a5b72cd545266340e42102d393a5e43d38c95796bc828918bb95277f
SHA512 2971f54eaa14c3ce6e2352e5a1aea5b044f0894bf4eac92de8cd92515b6473b5ca56ebfcad4369a9d4935cbefea2540a83f332fd4d832c37768310e8776ceb5e

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/Metadata/global-metadata.dat

MD5 d0de76e8943f86ea4b38291b52c55bfc
SHA1 5a9c90adc4d433283276c7c7aea662cabc26d514
SHA256 83cd97ebeee350ec2b5efa84a77fdba18e3a485defff83045b3822886d0ebda8
SHA512 12a256670bf0d0e8099f54970af5494aa2660fd1247e443a5657505623dd32b17c5dfa48d4094820c1851193097da6392d35738bd73d54d16bb93eeaf012434d

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/SymbolMap-ARMv7

MD5 4663fbfefac615ddec824834b2302678
SHA1 b7b3259c6324e69c1f4fdd62ce14ab298df07654
SHA256 3a3d7edff0295ed5a5dd8d3ae8616641dbde10f843bc3a50f013cb2322c44b7f
SHA512 5014ffc55756e40633e4e33df4c1111970f542f4d119ed9e153a37b6c883a216948c6d2b2c0b1bf98cef7e98088914399f6b03c4b994e71172b11328d6868e7a

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/etc/mono/mconfig/config.xml

MD5 f34b330f20dce1bdcce9058fca287099
SHA1 936520d5bb5c00a1985d7a4c4f0ef763a9031862
SHA256 0c56e34c69124510fa8c19e7b4c2ca6c1c4ff460ae19f798dd0ca035809e396d
SHA512 d6d4a8321eb44c117755a41a2590296be86a0568d27a5347f9d7f32f2d151d8f7e169675c83faed2dab5ad0f8d81858f8cd1167e439cd4bff7e68c243e3544fd

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/etc/mono/1.0/DefaultWsdlHelpGenerator.aspx

MD5 66fed2411c14a0fc8ce4c593ef601bfb
SHA1 4680a34aae1193f1e4a6aac1a5dd3c307de257fb
SHA256 d87d5196b2ae2abf4e673315e1fd22c3a44df80192f23e89b78108579c287524
SHA512 331874a9956c87db0646e4d21937a88009804a59fdf5f5882ea5b1dfb7dd7ef17724e09877d98f52e7327bbf38a46dde0c54d5c85f1e860b88322bdfad64679d

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/etc/mono/1.0/machine.config

MD5 4bad452a2ffc4c6f982e2f43fb44f6b9
SHA1 4445d53dc755ca2f977b01bf9d77357b3dfb0cc7
SHA256 eded908c507a7a230ee7ad3146d8893cf140638e6eaeab58bff05c95c2f3a7e3
SHA512 1611968d2c19f3c9472a43d692a4451fd140dec1d6d5da6b819d33e62936f1d69d69e65c13b893158aacf985093bd7167f50d9c80c0789a79303fe66a9ad956c

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/etc/mono/2.0/web.config

MD5 2b6303c4f12762b71051db6e947f90a4
SHA1 a4d7e05516f63d6ab67327b299d4fb2852cb840b
SHA256 3c1a76a5849074b437d297656a208a3bef6d84b982153542b9c797046c601dfc
SHA512 80f5da60654e1851ef21526e434b32d94e18883a08bacbbaa0e1f85b80469c46510b6ddb9b429f16cc4be89c6f2bb2627bbae9cb1d0c7e45b665efb7721c6d86

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/etc/mono/2.0/machine.config

MD5 433d143955ab359dff61c0bff982a176
SHA1 7eab623c58d853d733c0a5e586a47e09c4e3efdb
SHA256 531d0d5bc30466a8a7ea6c032639721d7f16aab57c9701ef0afab5fdb432792f
SHA512 914e7043806fcc2788dbe388f94a2c9cbc6b0d5eae59609ee411a4815926d879b05ba8f338ee07b88e95a44304ebc9cbefa19a948fa52ffc0f786957c9729c39

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/etc/mono/2.0/settings.map

MD5 55dac562878b7dd98ee8a7ad203a26e6
SHA1 d16baa15e7d3042bcf9d7318209c696f4daf2cb0
SHA256 ca89036b7d7f1ae9311a6a2fbcf05fc5b997bd43fd21dd54e11c18018ef65f08
SHA512 987c5cd86a9825953de670e5c15404694feb15cd5fa9afa8af4c2d5bda9d805839c9695d44122b32e0ffafe08d720c3df58000e89c8822fd9a5eb28eaf2ad478

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/etc/mono/2.0/Browsers/Compat.browser

MD5 0d831c1264b5b32a39fa347de368fe48
SHA1 187dff516f9448e63ea5078190b3347922c4b3eb
SHA256 8a1082057ac5681dcd4e9c227ed7fb8eb42ac1618963b5de3b65739dd77e2741
SHA512 4b7549eda1f8ed2c4533d056b62ca5030445393f9c6003e5ee47301ff7f44b4bd5022b74d54f571aa890b6e4593c6eded1a881500ac5ba2a720dc0ff280300af

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/etc/mono/2.0/DefaultWsdlHelpGenerator.aspx

MD5 3b3452c399f27a24ea5a589c7bfe750b
SHA1 b06cb1d09ad3bbdf1d8214c910e3da2a228d113c
SHA256 ae044cd9cc2c7c42f8864195125ab440472d657e5f0d55e131f7890bd45c518a
SHA512 41c099350159e942be8bc04c8f59c7fb0fd4bd99db46f1c0158f0fa053c08ae0c73e9d169f6816b77376283cce5beafdcfe5d3d5e3b98e8b358d67c34b954a04

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/etc/mono/browscap.ini

MD5 378be809df7d15aac75a175693e25fbb
SHA1 2d5454e161de8a5b65910f27bd70d9d0ad8fa476
SHA256 4ddd50f31fb968f30bedefc253a46dc3f2890192d05cdaa9e0a64a056eee807e
SHA512 d0d181e806cbd2c016eb0a8786f7d9db877463eaac0195db4e891be111c9ed87491a1abcfa0d9ed7c2743e004e1f4a3f4789333d0b535e63358c672ae833c363

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/il2cpp/etc/mono/config

MD5 f95c345c1c53b820487f6b72e62d5485
SHA1 957e4e50e74c50347af92abf240c2c7aab3f3f79
SHA256 b585c70c70c88b3e03489361558f5d711c2ef71df9baaf37d92dbf95fbf6cd92
SHA512 6b06434d07ee51be064a3efdca65b73e6c8e7560b43fb61633b08c7d2a0d792fe0670e57088c1dabd23929e0b7f7a27f65f503f2b640587042c8bbe98946368b

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/cache/UnityAdsCache/UnityAdsTest.txt

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/cache/UnityAdsCache/UnityAdsStorage-public-data.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/cache/UnityAdsCache/UnityAdsStorage-public-data.json

MD5 209d7186cee841abcbc954314f6cb0db
SHA1 2517650336e9de41e1cfdb9d4701f6f814e9ca84
SHA256 d78086088173ad173e73be760ce2567556fb46a750740345ac7aff25c03c5312
SHA512 d0b6f3a78705673a570de13ec5d8feb9678b105c53e589c4cc85d6e9beb74187cfe72c3c0a6345dae8140eeabb41c577c385c14ce05d92e86abcc38d27e05d77

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/cache/UnityAdsCache/UnityAdsStorage-public-data.json

MD5 a7d1bbb8aed59513e035758e3d881d3e
SHA1 3215be3f2b57050f0f187e732f87e6bacfa38f48
SHA256 c18b5eb870f960a641d10b80c364a0fc220cf4a823592526aade8f93ede6ede9
SHA512 619b40847eb1fc03863e197a204f5411c6732fa9020b77309dcdcc026ceb7a7dc934e1e6b72c6c07b335ba8f415f5877cd3843cb626c7c77eeca83e1eae72f1d

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/Unity/fee8ca55-f322-448a-ade3-63171511f3fd/Analytics/config

MD5 8673a8ac0b06a9d056d08d62f857ba4b
SHA1 a351bea1932270bafbe468584058fef20dcfc31e
SHA256 83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96
SHA512 edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/Unity/fee8ca55-f322-448a-ade3-63171511f3fd/Analytics/ArchivedEvents/171790921200000.7fc15f1f/s

MD5 9709fbec17c0f97e2374d535a35d582c
SHA1 8480989c21d3cfcce9e7d42e2eddedae2a29c342
SHA256 f610ec2adffed0e5e93986e916e9dae1d84f0c461d76d1ea21c2b8dc8d6548d0
SHA512 6e03cdda4b229c6beb154bb60195fb8a3d0887223b98a08717fdbdd3bff9197b2583ba0a5e1a790d7d66ab2c356ee19a4769fd6169546c3f7178d72334398782

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/Unity/fee8ca55-f322-448a-ade3-63171511f3fd/Analytics/ArchivedEvents/171790921200000.7fc15f1f/g

MD5 c81e728d9d4c2f636f067f89cc14862c
SHA1 da4b9237bacccdf19c0760cab7aec4a8359010b0
SHA256 d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35
SHA512 40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/Unity/fee8ca55-f322-448a-ade3-63171511f3fd/Analytics/ArchivedEvents/171790921200000.7fc15f1f/e

MD5 f4aa42fcfe26fc11def1bb832b1f41c4
SHA1 e2a4d9b5a690fc8b8d9dcf4c6ae1530f58458392
SHA256 d84a7f78a246c972e53480624e55744b9f7c872969f44b6d1c1c5f84f4df9443
SHA512 9f3c7e5cbc793a38fdf174d5ead093f863f020dd9c92aec75b36f9c68362a7fae28029336ca592b98c3124633a721b39a36842829bad9692f39bedf8c7a2863a

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/Unity/fee8ca55-f322-448a-ade3-63171511f3fd/Analytics/ArchivedEvents/171790921200001.7fc15f1f/e

MD5 c6af0918f15a63ccb9b9a030073f07b5
SHA1 f292a7ae1cb9495c349093b7b22e643d2a6ade87
SHA256 846510a84da33942546309f328ae6844da99475c29cc8e05cd23444ce3329e3c
SHA512 a13a1519305ada8f0707d13341afacdc0385efd218c0d6a2a7b72e42bcbc0782adc5fcf965705384faf1872af129062c28641208c9d66ff4351fec0cedc9011b

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/Unity/fee8ca55-f322-448a-ade3-63171511f3fd/Analytics/values

MD5 ce5cce1d05ce900dcfd6426caed7aee6
SHA1 081fbb9ed0e6c8b21c5d4f6494ab282986005e0e
SHA256 c7ae65a50e573c12a3b4c4049bfdde93637ed2a7ec59163766ba59fbf703dd25
SHA512 f1ead5557c89a1132bfb59f2c934fd544f01660dc98c6ae9a12f90d45b14d7e4462d7b8ba1b5812942f103f6e21919a34a3f13e853bb5d5b4de2b216a3d5ce53

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/Unity/fee8ca55-f322-448a-ade3-63171511f3fd/Analytics/ArchivedEvents/171790921200002.7fc15f1f/e

MD5 7520432b0a3698735af7c1ef1b8eb877
SHA1 b0a69d896508ff4d603412d3e05969028d6d6272
SHA256 005b4c46bf7f3998c2ab2dca7668c64114b2d601d2ed5fafadb2417c258d9603
SHA512 a0c7891e933e8025b7c2357ad1620bef61579e42e06baf27c1d39a89b248e748224c80b835d5f723125d75c8810c1d5f6e135b9f040aa602be5bfbef38d0ce6b

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/Unity/fee8ca55-f322-448a-ade3-63171511f3fd/Analytics/ArchivedEvents/171790921200002.7fc15f1f/e

MD5 8e9ffed8dcdb5eb0a8c980bb58fcf461
SHA1 f717fecb109ffe76347a2b8b25b5963a9c027f1f
SHA256 e0763a74906e322cb94db2efabaa53078b7dfa13caaa0b7bb6d5e94f84e77a2f
SHA512 d1b6ddd3e0a87c4b308249ccd57d2997946324b14969d6e31e52bd1b2dcb7a197fdd6fd0b28e25233e7a2bb21df89bccf253a2489dd802463068baa326a7fd92

/storage/emulated/0/Android/data/com.rusergames.gta5prologue/files/Unity/fee8ca55-f322-448a-ade3-63171511f3fd/Analytics/ArchivedEvents/171790921200002.7fc15f1f/e

MD5 7d2b9ce73d02c39861cefe6343c79d8f
SHA1 eba5dc84c4aad476fbae9e4d1290acd8eb224810
SHA256 58efeb58609d4b3855840726d89fbe0695a645da9a568ea6ed80f969c1cb4ba5
SHA512 7e1410d20d9a5f2b4713fdf692c6a5fa03ecb4e33b751ea03c662c127f65f59f7d6650c66d75b0f4d3f9dcb43ab0d9749cc9641451b70ad76ce74f9b0ae7e296