Analysis Overview
SHA256
37ff7fcdd8c2ae0103888ddf2cf64f6fe8bfcf49f1f8c31e2cbf49943dd95dad
Threat Level: Likely malicious
The file PokeMMO-Client.apk was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Requests dangerous framework permissions
Checks the presence of a debugger
Checks memory information
Checks CPU information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 23:38
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 23:37
Reported
2024-06-13 23:42
Platform
android-33-x64-arm64-20240611.1-en
Max time kernel
179s
Max time network
172s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
| N/A | /system/bin/su | N/A | N/A |
Checks the presence of a debugger
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
eu.pokemmo.client
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.68:443 | udp | |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | dl.pokemmo.com | udp |
| US | 104.26.6.220:443 | dl.pokemmo.com | tcp |
| GB | 172.217.169.68:443 | udp | |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| GB | 142.250.180.3:443 | tcp | |
| US | 172.64.41.3:443 | udp | |
| GB | 142.250.180.3:443 | udp | |
| GB | 216.58.212.227:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp |
Files
/data/data/eu.pokemmo.client/files/console.log
| MD5 | 8828485b721d8de4f0b822d8e474c6bf |
| SHA1 | 3ad398d57560a65f671cda53650c24fb8cc653cc |
| SHA256 | 411a6a517b92830f3682962520df1a87d08dcbd68b5449d196b9a6c0d9d3c753 |
| SHA512 | 7d66c8e017186d79ccb9de3b39eb8ea0bb2d20dfdce652eae9558842eb4cfafe5fc6d729d95b35f5702057ad735b42a09aabf7e8447cb620e9e60b5f2da6497a |
/data/data/eu.pokemmo.client/databases/com.google.android.datatransport.events-journal
| MD5 | f117913ad83056009439b07332d860d4 |
| SHA1 | b16412587a7e034899723e2460bf8af8d92b6608 |
| SHA256 | 87ab3f61b2cd269b2e9538144d8da434b73a3b80d722c26881aa34c828cfd924 |
| SHA512 | 6193ba938d840a7d4add2c79cd6e4ae88d10422193a22d3e37514fe4f20508240bb2f01f3a24860b85a58a3046de553678360e4da4736940cd1bb0a11d646aa2 |
/data/data/eu.pokemmo.client/databases/com.google.android.datatransport.events
| MD5 | 32a3559cd8adfaa31d9f8a184945268c |
| SHA1 | 33e3a2582078a1dcda6df5699f182b960e1a5d0e |
| SHA256 | 17daf7982d6ff628e363603547d54af3a2d0384053bedf0093dc8bc11049a0e0 |
| SHA512 | cc65c7e4905d1f18e61183d54ed59ccc91ec6ac24c011317d3044f228a4cc3c1a6981f8caa17c4356d8758441f3f781bfdba071590907501f0c84f6946a24c0f |
/data/data/eu.pokemmo.client/databases/com.google.android.datatransport.events-journal
| MD5 | 4a9df35d8a9ba7f63327567e2fbb32d7 |
| SHA1 | b84af79929cc352f98f8f5f8abc60cf8b2dd7b7f |
| SHA256 | a79f903f2daba91f7d2af9e659ebec74fa9a54aa5136e6a727aea4f12ff73302 |
| SHA512 | 2e41285399ec6bfa7523d1e2bcfafb08c4c4da9fdc32e8d9230653828293aef38192739bb10f67a9f92ce017e0ea463a19393746cfd6c08a1f17256ec5d6d1e1 |
/data/data/eu.pokemmo.client/databases/com.google.android.datatransport.events-journal
| MD5 | 4b29fcf8f18d0f212e24bb8749416d8f |
| SHA1 | 95b71891ece35106403a686a6370a21adda45902 |
| SHA256 | 842da3fa154feca30e6a8d75e0d3a1125f89276d1b46910961d9ff624b2e7ae2 |
| SHA512 | 42f1cdb648b4404aac92ece385e415e0434d203beaf999e7a07ba1e75dd3471b78054a80c5b4c64f998730a2aca542febe1581b740069a9c474e82494c629902 |
/data/data/eu.pokemmo.client/files/.com.google.firebase.crashlytics.files.v2:eu.pokemmo.client/open-sessions/666B831A02BD00011112AB7323859CA2/native/session.json
| MD5 | 6bfbb0a1d0b0315654169453fb25c4bd |
| SHA1 | ad2d0d0a580277f5e03fb1c5ced1765b3174644c |
| SHA256 | 7dd8169f934a8f0e6465a41422caaac828f8de87d4bfd3fec6784eeec74c2283 |
| SHA512 | 497ac23d7f9bf72bfa3d5f4e8cf3dd75c49e17261f0bb9345c5945055b91dca1a73c7f6d7f236a985ee69156cdc22aac4f34a2b7d79760a0b3d0a92fcedbb610 |
/data/data/eu.pokemmo.client/files/.com.google.firebase.crashlytics.files.v2:eu.pokemmo.client/open-sessions/666B831A02BD00011112AB7323859CA2/native/app.json
| MD5 | 07c99bdcfcdf4a7dc2c9a319c2235c0a |
| SHA1 | 9b81ff120d97e6e475d451ac27b573113ab0a9ab |
| SHA256 | 12ece26b82a10e1f36fff9e02bd81d9051bc398a20b80b7f8628c2b6e6b77684 |
| SHA512 | a0ccf7e249de95feb4dfc56a1dd8066bdd26ff6e772be5ec8aaf4c7a73762a8b27486b81b97c45c504717ec23df180cab26c0f573d5a9b4c59d785862c19878d |
/data/data/eu.pokemmo.client/files/.com.google.firebase.crashlytics.files.v2:eu.pokemmo.client/open-sessions/666B831A02BD00011112AB7323859CA2/native/os.json
| MD5 | 87e2b9d6edc06545b88235933e703881 |
| SHA1 | b29448a47c87bfe3a59286e3cf4e02eb72581a7e |
| SHA256 | 77b886b74dd48e22effd172c38ee914ced97247f4516c319f09cb8c9ebce4c7a |
| SHA512 | ccccd682e14a485c8c8d13ca0105d196d00fe02bed941d939154a199c14e741eac6522f378f509ed14a52efd38e479930ae223f6f317a35b0787d82e553db3a6 |
/data/data/eu.pokemmo.client/files/.com.google.firebase.crashlytics.files.v2:eu.pokemmo.client/open-sessions/666B831A02BD00011112AB7323859CA2/native/device.json
| MD5 | 1cd7dac218f14887d69c38d27173c805 |
| SHA1 | c688688fd0836da0010b8177bbd27520b9e25f0f |
| SHA256 | ba39dc14a7e15d58fe090a1ac5f1c2d745290b293a28ea958fcdfa63400244a4 |
| SHA512 | 85d11c9073425e343e587f1f265f04366037dff4ffd600dac3b9c7b74a0ce623607cc0631c6802ca27e6ac2d62e9f93846358bff6b6a506c89747721ed7daf6e |
/data/data/eu.pokemmo.client/files/.com.google.firebase.crashlytics.files.v2:eu.pokemmo.client/open-sessions/666B831A02BD00011112AB7323859CA2/report
| MD5 | ef574ec7c00950a4641b5e841636d4a4 |
| SHA1 | 82740280c92818959c61b317256b6404d75e0472 |
| SHA256 | f6a63e704475fa2fea13017a41b1bbbb78645128669834461ad381cde54c5cb4 |
| SHA512 | 164eded6f3540f1dd942635fcdc7a5ca788524f01c494680d606824bec05bbc9091ac429c1f6f8f1556caca84533c8ff65413f0a207e025c73097774b671bffa |
/data/data/eu.pokemmo.client/files/.com.google.firebase.crashlytics.files.v2:eu.pokemmo.client/open-sessions/666B831A02BD00011112AB7323859CA2/user-data
| MD5 | 4a32cd326c70c95f1d799b8c541ad410 |
| SHA1 | d8f5e6fcb097eed1abe03a65089909a4a656b2fe |
| SHA256 | 51704c03dd0bc014334c32b1d5273861896d551c9cf3e284e961b6159e3afaa2 |
| SHA512 | 84aca4e6a3bc300101951481af20eb2b8d981d03708f9a9fd873a7a15cdae039accb63baa2f5d6052c077121636b52c8714603743f53de9dfd2a46fd22756fdd |
/data/data/eu.pokemmo.client/files/.com.google.firebase.crashlytics.files.v2:eu.pokemmo.client/open-sessions/666B831A02BD00011112AB7323859CA2/userlog.tmp
| MD5 | c33583fae4e0b61cde1c5b9227963237 |
| SHA1 | fe2ebe4d27469af1460f7e852031a04208ef629b |
| SHA256 | 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc |
| SHA512 | fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e |
/data/data/eu.pokemmo.client/files/.com.google.firebase.crashlytics.files.v2:eu.pokemmo.client/open-sessions/666B831A02BD00011112AB7323859CA2/userlog
| MD5 | e0b1127ec08ea620aa260a33ecd61284 |
| SHA1 | 7f6cb9ab4a24130f2b6308a3a500e964c781e38d |
| SHA256 | 8b69cbd07a19681fc14858061c91ee0fcfbd493ec3f4fb882e10ffa3b129bd49 |
| SHA512 | a94269d213886c9cd9c3a3c6500e09a7de89f016357d55a474dbf3ae09e4b9b54ef603df55eb3ef639437e574cb2b1244f6bd8ff5458f15a1e5213731148b080 |
/data/data/eu.pokemmo.client/files/.com.google.firebase.crashlytics.files.v2:eu.pokemmo.client/open-sessions/666B831A02BD00011112AB7323859CA2/keys
| MD5 | e85fb2ae231cbec5d831ac137e3276db |
| SHA1 | 31f4eb5083db5144726c4058063a812036e02f39 |
| SHA256 | e676e15cfb6df9aba1677290fd6b49afca445422e704a1c8d462811de4282015 |
| SHA512 | 33d71b4c319450508de0edb3c2d4429e90f6c93e31ef69fa677616db29313d25500652958e21b9fbb32a0d75344d1c6f1afcc67bc430a8695bdd15653713781d |