Malware Analysis Report

2024-09-09 17:54

Sample ID 240613-pdsncsscpn
Target brawl-stars.apk
SHA256 91d0401c5d47ff0fa9b944b31469271179dc07489cefbcb2c7f8f9f38a8c5dc4
Tags
impact persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

91d0401c5d47ff0fa9b944b31469271179dc07489cefbcb2c7f8f9f38a8c5dc4

Threat Level: Shows suspicious behavior

The file brawl-stars.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

impact persistence

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 12:13

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 12:13

Reported

2024-06-13 12:14

Platform

android-x86-arm-20240611.1-en

Max time kernel

13s

Max time network

22s

Command Line

cm.aptoide.pt

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

cm.aptoide.pt

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 graph.facebook.com udp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp

Files

/data/data/cm.aptoide.pt/files/.fstreaming/fInProgress/currentFile

MD5 4bdfd979d143d96aae386ecf01e060cb
SHA1 cc30c5b58196e55d87ca8231a5a18948b72ab886
SHA256 ab26ec5561013270d27006657e9b800e9c4e5bc0ef78bd598ccd5b54846a2d10
SHA512 f94a65d897f244f95775a735e44f3f5a08c25ba18265922aa20981d066a415d5c301f785cc94d7b545d1fd28a7bf23e2ae4b1928cacfa6fa9b934337a5f5ec19

/data/data/cm.aptoide.pt/databases/androidx.work.workdb-journal

MD5 25bbe31370f5c9f5500185ccd538fd9b
SHA1 fba662bceec901b7825f41a67d4f677a0e148945
SHA256 a3ffb4263d302118593c06ace88c107c49b02e9ef015b9c2c2980af6c199ac44
SHA512 759b6f974066bfa8c72330bf88f96d3a54e1f288eb7f17c72fd93399300df104aac7e11a4aa80db8828604ec09995f2bce8807018d1ac3b1eba7176b7e650281

/data/data/cm.aptoide.pt/databases/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/cm.aptoide.pt/databases/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/cm.aptoide.pt/databases/androidx.work.workdb-wal

MD5 7080eff9cdc785aad40c3d008b0c5ee7
SHA1 631b176a99160dd34a7228bcf69a521d064f2b52
SHA256 7caf42aa3fcba8d28f8a426bde31207f365133d098bbe8ee287ee3e2e1345bf8
SHA512 8c3630cfdaa646cf6499deffcf294ca9dd3d93d5a53845856e5a5b29f3415a15361c5b58c254ce8b645538bdfa1dab331180d0501e5a99a95c92e400eaef7cff

/data/data/cm.aptoide.pt/databases/aptoide.db-journal

MD5 9819c517483bf7ef83d3704109e1fc8b
SHA1 aff20979dc6489b49f777fcdf553af787e6e2a5a
SHA256 aee82c756b49f49ac0cddeab6d81bc1c59def413ed0719a2e9d68b1e6dffb627
SHA512 a1ef2c3a02e1e3dd681b2d7d15e30d5cea6ef25c0ecf41ff6b6d9a2d2656e20531d1d7412daeaaa5645810642a6c915072dbc37b33f76bdee79b8379d3513f3a

/data/data/cm.aptoide.pt/databases/aptoide.db-wal

MD5 922ec85a0340639c473326648a43d9b7
SHA1 7457c0267d666d499a16e786a1efccb2d32be395
SHA256 bdd9d0c27b2ac06250160c9846e1620461cc54866f016f4b7803ce4ae52c2752
SHA512 b6045a68283bfbf23186ffc5e3a78984f6cf0c70d9d36bbdcfad69f700d53dfa97469406aa6f56114afe277ee43b669a6a654f3c5448dc989b7956bcb1dc8650

/data/data/cm.aptoide.pt/databases/androidx.work.workdb-wal

MD5 57b0c2865b50e46b949cb0e016b493e0
SHA1 b5c949539323a80199316c898181e9e28779cc86
SHA256 2cfb6cfd13119282fc5be5ca276f9c7b64c87a7c993fdbe6f0f7da7854d5747b
SHA512 531d7b21540d013b303f1a55e999cdce02807dc8a75515f0a1d1053e7aecf02b2354534b7cd42fdca09120a35f0df743534d14b1540e0902d3ffe039812088c1

/data/data/cm.aptoide.pt/databases/aptoide.db-wal

MD5 7fb2648f2101a8cc61b5cb49d202885e
SHA1 9b659a61ac16fabf02e6418a152e9cafd3d3e9d8
SHA256 c4bbbfb5839ef7b2da9c02a1a858e40889fa0c8cbb04fe0ef31bc1be653566af
SHA512 03e3898e49ade2230d3bc7d635dd93b0430ee249a2469e50277a7d99f6bb6b7ef0576f470df473e28093cf354c3fb5be40a23125b65ed26a622ed20e2df732ee

/data/data/cm.aptoide.pt/no_backup/.flurryNoBackup/installationNum

MD5 8766ee066f39625fd70d39d0a2ac77aa
SHA1 90f41e0caede5197f12d6663b609146c366b2490
SHA256 d566141c130e7d400746470fad56ed5d8e50ba6f45ccca931af669a9a2ec77e7
SHA512 aa40201bd918f0b077751628a4cf3af89d135b64ea90967403dac0730a00030b47268e42806cae6518665633c9168a67081720107c19b2d0ba901b40ec014838