Analysis Overview
SHA256
91d0401c5d47ff0fa9b944b31469271179dc07489cefbcb2c7f8f9f38a8c5dc4
Threat Level: Shows suspicious behavior
The file brawl-stars.apk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
Uses Crypto APIs (Might try to encrypt user data)
Registers a broadcast receiver at runtime (usually for listening for system events)
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 12:13
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 12:13
Reported
2024-06-13 12:14
Platform
android-x86-arm-20240611.1-en
Max time kernel
13s
Max time network
22s
Command Line
Signatures
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
cm.aptoide.pt
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.74:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | graph.facebook.com | udp |
| GB | 163.70.147.22:443 | graph.facebook.com | tcp |
| GB | 163.70.147.22:443 | graph.facebook.com | tcp |
| GB | 163.70.147.22:443 | graph.facebook.com | tcp |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.206:443 | android.apis.google.com | tcp |
Files
/data/data/cm.aptoide.pt/files/.fstreaming/fInProgress/currentFile
| MD5 | 4bdfd979d143d96aae386ecf01e060cb |
| SHA1 | cc30c5b58196e55d87ca8231a5a18948b72ab886 |
| SHA256 | ab26ec5561013270d27006657e9b800e9c4e5bc0ef78bd598ccd5b54846a2d10 |
| SHA512 | f94a65d897f244f95775a735e44f3f5a08c25ba18265922aa20981d066a415d5c301f785cc94d7b545d1fd28a7bf23e2ae4b1928cacfa6fa9b934337a5f5ec19 |
/data/data/cm.aptoide.pt/databases/androidx.work.workdb-journal
| MD5 | 25bbe31370f5c9f5500185ccd538fd9b |
| SHA1 | fba662bceec901b7825f41a67d4f677a0e148945 |
| SHA256 | a3ffb4263d302118593c06ace88c107c49b02e9ef015b9c2c2980af6c199ac44 |
| SHA512 | 759b6f974066bfa8c72330bf88f96d3a54e1f288eb7f17c72fd93399300df104aac7e11a4aa80db8828604ec09995f2bce8807018d1ac3b1eba7176b7e650281 |
/data/data/cm.aptoide.pt/databases/androidx.work.workdb
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/cm.aptoide.pt/databases/androidx.work.workdb-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/cm.aptoide.pt/databases/androidx.work.workdb-wal
| MD5 | 7080eff9cdc785aad40c3d008b0c5ee7 |
| SHA1 | 631b176a99160dd34a7228bcf69a521d064f2b52 |
| SHA256 | 7caf42aa3fcba8d28f8a426bde31207f365133d098bbe8ee287ee3e2e1345bf8 |
| SHA512 | 8c3630cfdaa646cf6499deffcf294ca9dd3d93d5a53845856e5a5b29f3415a15361c5b58c254ce8b645538bdfa1dab331180d0501e5a99a95c92e400eaef7cff |
/data/data/cm.aptoide.pt/databases/aptoide.db-journal
| MD5 | 9819c517483bf7ef83d3704109e1fc8b |
| SHA1 | aff20979dc6489b49f777fcdf553af787e6e2a5a |
| SHA256 | aee82c756b49f49ac0cddeab6d81bc1c59def413ed0719a2e9d68b1e6dffb627 |
| SHA512 | a1ef2c3a02e1e3dd681b2d7d15e30d5cea6ef25c0ecf41ff6b6d9a2d2656e20531d1d7412daeaaa5645810642a6c915072dbc37b33f76bdee79b8379d3513f3a |
/data/data/cm.aptoide.pt/databases/aptoide.db-wal
| MD5 | 922ec85a0340639c473326648a43d9b7 |
| SHA1 | 7457c0267d666d499a16e786a1efccb2d32be395 |
| SHA256 | bdd9d0c27b2ac06250160c9846e1620461cc54866f016f4b7803ce4ae52c2752 |
| SHA512 | b6045a68283bfbf23186ffc5e3a78984f6cf0c70d9d36bbdcfad69f700d53dfa97469406aa6f56114afe277ee43b669a6a654f3c5448dc989b7956bcb1dc8650 |
/data/data/cm.aptoide.pt/databases/androidx.work.workdb-wal
| MD5 | 57b0c2865b50e46b949cb0e016b493e0 |
| SHA1 | b5c949539323a80199316c898181e9e28779cc86 |
| SHA256 | 2cfb6cfd13119282fc5be5ca276f9c7b64c87a7c993fdbe6f0f7da7854d5747b |
| SHA512 | 531d7b21540d013b303f1a55e999cdce02807dc8a75515f0a1d1053e7aecf02b2354534b7cd42fdca09120a35f0df743534d14b1540e0902d3ffe039812088c1 |
/data/data/cm.aptoide.pt/databases/aptoide.db-wal
| MD5 | 7fb2648f2101a8cc61b5cb49d202885e |
| SHA1 | 9b659a61ac16fabf02e6418a152e9cafd3d3e9d8 |
| SHA256 | c4bbbfb5839ef7b2da9c02a1a858e40889fa0c8cbb04fe0ef31bc1be653566af |
| SHA512 | 03e3898e49ade2230d3bc7d635dd93b0430ee249a2469e50277a7d99f6bb6b7ef0576f470df473e28093cf354c3fb5be40a23125b65ed26a622ed20e2df732ee |
/data/data/cm.aptoide.pt/no_backup/.flurryNoBackup/installationNum
| MD5 | 8766ee066f39625fd70d39d0a2ac77aa |
| SHA1 | 90f41e0caede5197f12d6663b609146c366b2490 |
| SHA256 | d566141c130e7d400746470fad56ed5d8e50ba6f45ccca931af669a9a2ec77e7 |
| SHA512 | aa40201bd918f0b077751628a4cf3af89d135b64ea90967403dac0730a00030b47268e42806cae6518665633c9168a67081720107c19b2d0ba901b40ec014838 |