5812872a1cfa2c88dd7477881ee7e4015b237f35ad7cb9b3d930d291d560e6a1

Analysis

max time kernel
37s
max time network
46s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
06-07-2024 21:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

freerobux-9-8.apk
Size

9.2MB
MD5

cb15257128695991a490b70a32e2e9f0
SHA1

d5bd6500ae07fe8651956da78bdae50bcb1ac4bf
SHA256

5812872a1cfa2c88dd7477881ee7e4015b237f35ad7cb9b3d930d291d560e6a1
SHA512

405edd8363992e9c918a57fedf497172c64579fbab0894d8ce221a6208d5936f758188c31ac822fb34d598e7b03af69927d7a3c07123c6205f94f6da1e058981
SSDEEP

196608:mO4rYye2J4LHATYmx3ynDstkgGdrjjVUntcOEZdZ7OEf6SZ:m1YyT4LgjCDgUrjZyi

Score

7^/10

collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

freerobux.appkh

ioc	pid	process
/data/user/0/freerobux.appkh/files/audience_network.dex	4508	freerobux.appkh
/data/user/0/freerobux.appkh/files/audience_network.dex	4508	freerobux.appkh

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

freerobux.appkh

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener freerobux.appkh
Acquires the wake lock 1 IoCs

Processes:

freerobux.appkh

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock freerobux.appkh
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

freerobux.appkh

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo freerobux.appkh
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

freerobux.appkh

description ioc process

Framework service call android.app.job.IJobScheduler.schedule freerobux.appkh
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

freerobux.appkh

description ioc process

File opened for read /proc/cpuinfo freerobux.appkh
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

freerobux.appkh

description ioc process

File opened for read /proc/meminfo freerobux.appkh

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	freerobux.appkh

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	freerobux.appkh

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	freerobux.appkh

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	freerobux.appkh

description	ioc	process
File opened for read	/proc/cpuinfo	freerobux.appkh

description	ioc	process
File opened for read	/proc/meminfo	freerobux.appkh

freerobux.appkh
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4508

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/freerobux.appkh/databases/appnext_dbs472

Filesize
36KB

MD5
71e8f7c2c6076fe23bc2d327c36b6741

SHA1
b41546ba5c52491383b0085c6369271e2b477c6b

SHA256
c5853d8ac738f52a04ccca77cf25a04ddc9934c3ebe3fbf40b76802ac9875c59

SHA512
aa797426cdf6468002a73e69ae254a2d71dc893618bc333c2ebde4c4f1427c6a6be9e9599b01750f5042579d61f55cc544a3db9aea3bfca1ab1deec5abba1961

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472

Filesize
20KB

MD5
dc31761cf02c270f0c9fb65680bd4b95

SHA1
9ad130a4c72ac6e468992b18d7f9aa7b038ac028

SHA256
2c7063ef486cffeba7e1c47031c9411e2adba4a12cd2657f13c341e94fc9acb8

SHA512
8d551b2f5a87c9121cae6583d0b8e4dd3f246890bb9c3f8b37e0cee42a94f2358637faf283a2cb02ee5781f1d172c265b535ec856b4b43c786c0a72dffe35fcd

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472

Filesize
20KB

MD5
ffcc007da6b887dec6c0abaff2944a50

SHA1
171b5bc21c6852a102ea1d7798fe87a0fcdc2758

SHA256
d5300b5c7a0b9b72380edfc7aa3fce579cc0dd8d702fad94a4325b0cd94e672e

SHA512
e5db2952310109a96046889ff6fdb3a7ad8bbfcc5029718365388ef80c311dd7006c7a6fc39c5d1caadc15e272aed4c8374ef7004d82255557190da5f57c6427

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472

Filesize
36KB

MD5
a2e9ce191250487ca6f96234482edffa

SHA1
2f646e18e0ff9cb2ad6a33483bae4c9b75e0bed7

SHA256
79be4665f10fabc3b091dcd51aceae57497c9d285f53fd31f36e41d0970de5cd

SHA512
ebb8c171de747ad0efef73ade08cb2c7b7e1fb80cf1573abd62480e7057adccf6aa4f82538302422a823efe92bd7a6e8404a7f7c19164722fbc601819679856d

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472

Filesize
36KB

MD5
de048c950d23ade3d595be6f5dde5149

SHA1
1cefca54177f5a1cb12440b4093a9fd4a9faa175

SHA256
8db4658282e023976ffd3c66d213c47f2cbd28b041c461810580d5611b9287fd

SHA512
3a56b0803615ee317946f217e64a889b7c9bfa6402a9d2b7e69e0a3321b30cd47908b3f2ac852b2e9f9d8d4c00e6cfe4b764123adda65a81e6fefb0195493d66

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472

Filesize
36KB

MD5
8ad7b53458deb2c0e532b219da7f1d76

SHA1
4b6ec50e4bcc51f469e69602215cbfcc3bc1ea8b

SHA256
9d453b777e76b89a1e9a3335c19de3022f0af86305707a3ea609c8116cd73077

SHA512
3da4a91f1d62bf91ac3085f3c257127671622387d0780ff0424ac10a66712aa34edf849a03f3586570aba7b75dac300231937c6db0d1bf84d7669da021a6a934

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472-journal

Filesize
512B

MD5
f682a1faaefa859669bdd869248aa49a

SHA1
695407c64d547321eca2bf0b24d332ae4b6b0a88

SHA256
90b43903a97d670db71e483884c82e8aeee55350ee4c1719cb6770c5117d950e

SHA512
d528f690f9208ec2f6a5f9825036c6e28a3fdfc008b7a2d93178d91de19db8022b52d04453a51c6902cbdcaa98802aa142c7ef29d6c61129295554551379367e

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472-journal

Filesize
8KB

MD5
90e248ab81fe9ade72783ea77be868ff

SHA1
46bed09056ddc5a63424bbb58be0aacbc0c4a49e

SHA256
5f715fcff3dc18da50efc334d61087b27435b4fbd6436fb5186ee62e5458c21a

SHA512
e8b177b4527a489c2a9cd90d839bb74304dc017a032a65d85b5a939ccf057c73ab9878e135aefe14f3bf320c7ecd8cf143f9357bd850af69e556ec608d5f9430

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472-journal

Filesize
8KB

MD5
d29ec6174b2a8cb453f5f5f1c05d7edd

SHA1
1180d6563b944de4b5547fcef50fe4d508e44ca6

SHA256
34a9ceb163b8a3b8525cd0b48461f38217270b0aea31ac2cee308f11be526b5c

SHA512
fb96d870f81619fc142e01ef901f5706ae43955c12dac0c99ad778abebf0d9991d8cd4ff2f1b480aaf4150419cd54bde084fb9b37af9d90ae4bc025d7ee1c4c1

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472-journal

Filesize
8KB

MD5
d55e89c66da31b939fec53b14573113d

SHA1
ee1e3c86a8d375a2d1d820e9680b606224809a2f

SHA256
c66b2ca4df6fe26463a91575ce6df987a373cf90afea05b35b0bf5975c5bdfd6

SHA512
4a279bd4ea1f25e69ac6ec683f3bdb7c3eb1d53602ba7a6b6f076e883816ed9415d04ed07fe298e0a570cc2dfd16396ee94e2e856c50add65d125921ba38cec6

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472-journal

Filesize
8KB

MD5
76398ec5aaa0a5853493f061e8f1d87c

SHA1
0c4724700ccb96ad604c532f8112736469ab74d3

SHA256
c3d3394297e3e6d6779a3883f2a06844739ec88120447409190c138b3825f56a

SHA512
a316b7916c31d4416404fc3e4037758015b614153ca44379650b88a866ebcc03e2672093148c08af1dc656db0d7f2cd3ff23f9a337c4c45f64c7d785bea9b8c2

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472-journal

Filesize
12KB

MD5
9ac0cc5a9732897381c07016e66dd9da

SHA1
20af2dce7741b5d42ba236e0c4a9a059b9fc2d21

SHA256
9d187ceff79d536474b1e61e619b7773d5f6f5861b5522258f7f0085df9d5dac

SHA512
b7f6c96c364fad5841d6adb3816b108dab419bcb1425cee6323a745e130c8fc74f0d91f4109d0116e673dc8cdcaf93dfc7ab50fa17b0aa92c13d633cb8c548a1

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db

Filesize
16KB

MD5
dd86ba8ca8332be839abe05662eeffdc

SHA1
f424ed2fbda9913bce3cebfecb4df0862f4cf370

SHA256
ed3420372ecf7ae52236d827997f5614aae367f27c3d8331a0a7eedd532e8ddf

SHA512
f8d93163e71a6091e90443a3e9d940f9086529133e46b1b7a9dfe89a5f0bbe2498e87fc68fc6d3da607529bfdb570e570183e6d4dc7ffec1cd7c95879538d692

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d2249fa9f7e4cd43234d58f26f0d4aeb

SHA1
abd0bfc0cdc2abe9de3904bde85bf7aa34b37715

SHA256
6bcf732ddc1612e3fcfbfc82e9574472860fd16caed01e5ae4bec233ff9cfd6b

SHA512
37b61db95905b10fa0cf9711ff29364f442ba0254bdd4c1b0dfc9bec17121a601975fbbad08a364ea967a24ad37d190f07d2c283056d8f076ce81314244865e4

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0112c5a2594716e6ca214d987ce7a4df

SHA1
c03cfe734e0d99151c2780084335e14ca8465ccb

SHA256
0a538ab4afd44c5eba8c41ddf5fb04c2cc8b5b459064daf7ec9649e021aa41a7

SHA512
8893326f640671bd9d746639c0bf0e53c430a235608f2d9ca9a5a21b4231fac18e11a3c36422bd26f922f6095c827f325301f804e5d9a25252d2af444f5fbc3e

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4e938494681932d9674a744cbfa015b8

SHA1
3af75cc3baa42bfc419d093718c0a3d8e31ea94e

SHA256
eae29c2573f93ac0501a26ede00c0965dfbd5ee0f100deea0a99e872d521dced

SHA512
3f8f5de682bc2d98f40c864f6f4708a84326e8e1352fac9ab1d348aa57efe36039a8d0b8bcc091ae0207fe1903f36d92b1bbe6574a398570ae9f3609eb2badcd

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db

Filesize
16KB

MD5
edd5065212b706bc8742ba089414de5e

SHA1
bec7e028812cc5f5530f80fe90dcec97fcab76eb

SHA256
75652e61093291e53e385758ce3352173270e31cf8eaa196fe66d1037ee2d476

SHA512
17341dbbf5a597da2f3d78bba538399b55b0f93046b90e459929850091a7a4c088ff157673fc5ffb092d955c58ab2cdf0cd20f096242fae901ae11661f470e44

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5a86590f675502d23ef37788882925a2

SHA1
7b9900f40819ea8632f454f9e8a3ec0903b8500f

SHA256
068a16e642c14b39fe5a768da7cea68974c44ba4ea923e75a2c131e86683ba68

SHA512
8a4a64cc8d451730b08c3d2520b8a64184b20b45a6067e36a3a99e78c0dfe842d8c7dc0d5a8ac743617249d1e05db1f843dc14c6782a600277109142e0798faa

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
651f6345185f340741970cc440e97a8d

SHA1
59bbc71665b134a1e42257c0b9ade8d6c8ee1293

SHA256
a314439b11e560b137b6eff3e1bf8cc0cf7fecbf57be6af45734479fe1f54f72

SHA512
63a227c8462e84f6882c00b8dce60bdac1d9fb048e31cb2cda242a7285760ea80544901b294ded228b676f27688540e507f39fbe523dafaf0582ad8033420517

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
9f987da9ba67502268dac2e95ad78dfe

SHA1
f3857c0d7220cb206b2fbfd0f5b8dd877a3aad16

SHA256
09031479e50632fc341658bba297b6cf1aace5e8db0a0a3e8183c2e49e46a020

SHA512
9ac053ea08e999dd671794dff927ebd61a6fed8e4cd7bd1d392b304e4b13ffcc9e70a4d1f28bbf4ed2ccd830c947652921a2cdc90d04c8619a091b3e56ed0ea5

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
d3356f1e99df63a218c3ef03091b97ae

SHA1
7454c2c08c63fadf4207a0a9fa83bceeca6805f7

SHA256
d3a3baaf3860f27e09b940e2d4f69fe3c12fcd202857fab76bd3283b005b3317

SHA512
311b55b77c6f7b6016ef0408971a93e9dae656421294785d6e7214c7b0c05a545b1728aaa807acdf334cd62bbc344403d5220c627c405a81eee524daea3384ef

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
adba59e71dfaef92defc04cad18880ca

SHA1
1b141936f4803c027055e51f014e4ae5c51befc9

SHA256
d9c469b1aa7a48bec5fc2a0be8a4ff704f96dd021d7f94c8df4bd5be701751ba

SHA512
bf8c6f176e636d39135a253ff4749c7beb6deda60e2e0d69b2acb6e911d6d9ab8a3da5c54db36e3bfec30a4496cf1c049869a80df37d2a05793b133d81868e37

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
f97a06e7c04085cbc8cfc71a6eecb081

SHA1
0d06b09e54f72c3cf168699e13a00bc19499c9f8

SHA256
eca455ca538b313b60054fbd24688ec23b9f44786fe52768c38f358eebe77466

SHA512
00924f59d3bc10c836f6792b1e545ada0a954a8b8e85246130ebbde7c203b290b13ce8124e991ad8106880ba561392dfa295d07dbd9b14507baa154b1ce06c23

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
bf8d1d081bee3b9123c2e2406b73fb27

SHA1
614cd97e4a038731270be6b8fb400840bcb76d94

SHA256
2c2d44a392bd9cd99e845a2227dc85ea98cb67e296943bab035d2f139b0d7a94

SHA512
f1680739c541e4a815f8f1906187eec177049f2ea5bff18cf83eee140e9f21e3d11538532ffc07da2583979ddbea3b90c0823a23777d522ae9a88d1bee5f8ae6

Download Submit
/data/data/freerobux.appkh/files/audience_network.dex

Filesize
3.2MB

MD5
4905ee4caebdf455b9debee76ea89cae

SHA1
461d5626e22bd87e0f0afa3440d5ce61d2363571

SHA256
0bfad0c78e6e439d2c70d43568d1dc541bff8d4b4c5bfda9e81e03ae790dd864

SHA512
89bce0984264008e30a635852cbd3ba0c822b0917525a9029ff029a33409c161dad0f60ccf67406bea62e3d42ce0364250f3a9f502db8bbcaeba277787b2fc3f

Download Submit
/data/data/freerobux.appkh/files/vinebre_ac.txt

Filesize
19B

MD5
6ba414de84c9ff3865cc95bef5807df6

SHA1
2530d7553cab2aec24efa0e9a8b2bc2a8f49f7ec

SHA256
ef32bb09754d228756385169fd1a0a91e025d115e7b3dcc9e6c2136e66e95d0e

SHA512
0a6cce2213eabab29cf72acb3351993417aba92efa89dec2809b7bddc168d0df3c14fcc7bc1046ba8e7197b2f6b0c22d960b710df2d01ef7fb1978d7d5d96869

Download Submit
/data/data/freerobux.appkh/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
6c2ee5a063437324453f3847fcb50686

SHA1
4159bee93c4069c56990dfb3d63d991f5cf08560

SHA256
0743f302587ec891dc7036c0f7b0e70e49b3d7e61d76e3ec913d2abea37b79de

SHA512
3ea212203e05f566c39ff1575783d5dc48d4c7fe9a5b058169b7192f565434ceeaa900485ea3e9cb2586072d978d41f79cabb693eadbf3227a720af844b16b84

Download Submit