5812872a1cfa2c88dd7477881ee7e4015b237f35ad7cb9b3d930d291d560e6a1

Analysis

max time kernel
47s
max time network
154s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
06-07-2024 21:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5812872a1cfa2c88dd7477881ee7e4015b237f35ad7cb9b3d930d291d560e6a1.apk
Size

9.2MB
MD5

cb15257128695991a490b70a32e2e9f0
SHA1

d5bd6500ae07fe8651956da78bdae50bcb1ac4bf
SHA256

5812872a1cfa2c88dd7477881ee7e4015b237f35ad7cb9b3d930d291d560e6a1
SHA512

405edd8363992e9c918a57fedf497172c64579fbab0894d8ce221a6208d5936f758188c31ac822fb34d598e7b03af69927d7a3c07123c6205f94f6da1e058981
SSDEEP

196608:mO4rYye2J4LHATYmx3ynDstkgGdrjjVUntcOEZdZ7OEf6SZ:m1YyT4LgjCDgUrjZyi

Score

7^/10

collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

freerobux.appkh

ioc	pid	process
/product/framework/com.google.android.maps.jar	4997	freerobux.appkh
/product/framework/com.google.android.maps.jar	4997	freerobux.appkh
/data/user/0/freerobux.appkh/files/audience_network.dex	4997	freerobux.appkh
/data/user/0/freerobux.appkh/files/audience_network.dex	4997	freerobux.appkh

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

freerobux.appkh

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener freerobux.appkh
Acquires the wake lock 1 IoCs

Processes:

freerobux.appkh

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock freerobux.appkh
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

freerobux.appkh

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo freerobux.appkh
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

freerobux.appkh

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone freerobux.appkh
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

freerobux.appkh

description ioc process

Framework service call android.app.IActivityManager.registerReceiver freerobux.appkh
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

freerobux.appkh

description ioc process

Framework service call android.app.job.IJobScheduler.schedule freerobux.appkh
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

freerobux.appkh

description ioc process

File opened for read /proc/cpuinfo freerobux.appkh
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

freerobux.appkh

description ioc process

File opened for read /proc/meminfo freerobux.appkh

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	freerobux.appkh

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	freerobux.appkh

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	freerobux.appkh

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	freerobux.appkh

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	freerobux.appkh

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	freerobux.appkh

description	ioc	process
File opened for read	/proc/cpuinfo	freerobux.appkh

description	ioc	process
File opened for read	/proc/meminfo	freerobux.appkh

freerobux.appkh
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4997

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/freerobux.appkh/databases/appnext_dbs472

Filesize
36KB

MD5
fc572bd518dea6509a2388e84be3f916

SHA1
22543d22fabdf0181217105501be6e9ba3c25364

SHA256
e304777904a7f741aeb9d939ebfecd5c183a96e37bf08fa174d3aadbc28fb3d8

SHA512
43e02e4f5b96d45e084a58cd8504ecdfdccc7494f1dfc8a094d8bfe2e824e15219a945cbc753f58a59d72ae374839ee9bb5b2e0d92805a024b29d3bbe07668e2

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472

Filesize
20KB

MD5
52af5f512aac726c329dc4b04bf2b39b

SHA1
4216628e68c9281d20003d7f3d0e82e7ef61943e

SHA256
d3482ca581a0ecceb257f31386538d8d711d1fddbdcd8da21f52f7ba220b8ef5

SHA512
e1b2d6f27f54243417a3753c0e84ced47312c96cfc8d8e887dd86009c3ab2e1aa88d65968b21e88b277dc7ada996914b90747b5012eee2b4ed7014e74f9451c8

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472

Filesize
20KB

MD5
3f7a0906de7390dc4845e7d69d3b7844

SHA1
bc60037e8654c1d6c48de2d1cda36106fc4102c6

SHA256
e7478e06b8ac0917d6e1f5fd51b5d2c47171784430a0c8c125820cd10a0dc136

SHA512
9e74c773184462f777bbc011d0c4757068563136ef09659412735b4fc8593dd47154a539ba1eb727aed81142463485e684ac949495a17363c6ab428c44ee964e

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472

Filesize
36KB

MD5
d9c296541761f4b8c014c411d24333c9

SHA1
df03316e9d0c5ef0f5b66e694708823d54e65291

SHA256
0cbb3d6a0d3cab2ea2893b78e1715061ca80260833548c991139291467f849f8

SHA512
fb9e8b07fd19514ff0ca9f700ed16975abf7691da2376b39fdede291441dd379f48aaee80c39f927ba08962c72b5cb3fc56c85db54acfe1b3a375ec58f33d4f5

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472

Filesize
36KB

MD5
bbe974b08a30d11ea70227996843bc0a

SHA1
dbcb39716b19f484234c135aa28c177a681b7fde

SHA256
664e8f7cc8873af6384d1ef66dff3dfb6b30368775d8a6571140ab763bae45b0

SHA512
37cce13a0ae7b3b9762e179a6ce72e47b3acdbbcbba2b34ce90244c7037d27c55b9edc390ea79b2deb422edc34fcd6651b05100fd11be71486d3e5638199142c

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472

Filesize
36KB

MD5
ab4069d68da56f36c76569c2281f0636

SHA1
11c3e43dddce5a9f4c4333b4839d4e527fe17201

SHA256
635aa7c4c254fdf1dbbe8187dbc1134cf10f6844a84f978b8df9aeb5cee14a78

SHA512
54fad5c41bafd275b7d7b88ce32b8e11c06559b46ab6bcbc8d600db0074b49b7c51a768be7bd6562d304e9df5eb05bd8454da4cd13160678822cc99f729f6386

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472-journal

Filesize
512B

MD5
753dd56970e2952f988165847e00b3e2

SHA1
b187bae64574c8d79726cb529dd4a6646e67e1aa

SHA256
76048708ba1bcfbc323b8f38cb5bae32434189b3cdc47a27dad944ae5802d8ba

SHA512
339705f55e657d6e0de04f9cf776aa18e7464acc46366ddbc56140c256b51302721c45d6747f3a7ecdd2a4dc6bcdec0656aea4cc09ac631dba0fb51533871335

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472-journal

Filesize
8KB

MD5
dcf39e732674dc86f5754c088eb3736e

SHA1
06735a13bc6415345fabc3ddf69ee1d624a94c5b

SHA256
977e432fc38ecae6c330221e356f7850e0c833776d3d51e2fbb464a867f0059f

SHA512
f4b7a1df10340deb690fcdf90a7991d65a10d6afc1de71fc9eeb141e95db97f7e0af4124c1919e654017d9ee9156fe0048c4df43bf3695c17fc3d5452b42aa04

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472-journal

Filesize
8KB

MD5
b9401c165eb674f2ea3ccd8a6552dd39

SHA1
b59a7faec1dba3914301fa336e2f2c50341e5ed3

SHA256
2ebee1ef058222d3fd356c111066adc5b3f84026081f9d465d6aa19bc4ae99df

SHA512
10c3bf9acba6c3c870f65b3c6a008340049e6c9c4a9b03ef22474070bcf141d3af86ee5671714abb8c437d161cf90ad9b8fff3600b027f2db504a60391c25f37

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472-journal

Filesize
8KB

MD5
fbd86ab5716abfb4fad8ff17332ffeab

SHA1
0d6272945fe8f5f49db4dafdcb0f0f473fb1b130

SHA256
f0c0ad1e45a9857431285240f8f28f6f4d0d7ff55a5146c33fd5a177b9e6a286

SHA512
77ba0678a36907fb93d69aa7e27a3f05defb3f96e0c609c8c32feaecdd7e3fd3786a7b7d9ea632674374949cac4c69877cd9fe4871e481846ada716443ec4529

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472-journal

Filesize
8KB

MD5
381861ce6d91bdba1ecce5acb263f1d5

SHA1
533fe8d7e456522fba86c51af59c44897ba3054b

SHA256
30c1b9190a7bf2dced88fbdb2f8af60e055685036242eb79759a963f4c3144b3

SHA512
a7e170d55b922a8f831dd0bec2b7317a7cac272b8d60f2c558859b361f0ef53cae671fc6f2714d56acfb860842bfb65df4599136ed3ff6c5dadd362b9bdcec33

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472-journal

Filesize
12KB

MD5
13d63385627e5f5bcd9ab8861b891b7f

SHA1
0d867034d5525a92dbc57101d3a4d3b35b148062

SHA256
a9c700921b40dd06f087639768a03ab281ed11e41886e20441c510241e53a4af

SHA512
8ac6123a63092136e4f85cc4e822cd27dd113e1d4fe11c3c3ebaf293cfa77eebeca2af717fd59d8cea87950cd9613d3cde638bebcc62cdc29a62b31447b8118e

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3b426844711115a89d562c02265be054

SHA1
c509a433cd79ef6618963d753ba7beda60e051c4

SHA256
aa5fa19d2e9629323c9ecddf657b93f2a3015e19c7f8f2f2a3e41546e8e8e74d

SHA512
ea777e6fee97d0713df7fa61bcb30de03e6e9c224bc4b3550a51e015bdcde30913de884a54fa70f7d9fea91dcf5166451175c298bb6cd5bba4b06fdecacb397f

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ecca961f90e80ddb216f4abd09fc6fa7

SHA1
caba2df6f30b57750f403b837f29eb22352ed061

SHA256
bf918808f596818267bb69939aa965f7f2136b7678396bab23784865971e3a23

SHA512
ef0dab7264569062936a0335146774c6af3490cffcefe13f0555aa9fa0cc30f892c99f6577c2b00f6db3aa8198551462f3fbba0365242a3b474ccf4fd5bb9f9b

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7dbad48a3a74fc74a8138453b7b15a01

SHA1
b747183c35671446b25081d6361e17f89d0c36d3

SHA256
43f7e8679704f968f9c4f1ace266fc7acf39a34d9212cedcf43a2009d6b19348

SHA512
a62ac9f33b03ef4b41ffab1218354ba6b41e2470c8e3f2b0524bffb3452e9b13baf93c2063acc8761741577ad2284587ff70c38aedeab9e959d907812baa1cde

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db

Filesize
16KB

MD5
60a59b220fbe0a394cbcddd1dfc519e4

SHA1
67e98e05f586edecb94f13c7a7213bac5545f30a

SHA256
76c4285983ae36988472a8900ff8e3a1fd0f44acc8acae56aa0406afaddb3e38

SHA512
018610e464a529ec9b08b666a3c311c008f50d89d4c6d6ac7a535b9dafcc5869a8de4a86efa1a91ad095c70a0dbbf0b8b6cf242fee501190c298792a8911fe7d

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d8355540a6c39ce10d301708484ceed1

SHA1
ac940fce8e175c4aa91e2856821ce4a0c7ff0b78

SHA256
258a9df82b3c58cc0839d823cb12c95ba52d87565c3a72668c6a6fa0f5562f37

SHA512
068160ee1d36e574a40dd02357bbb13a2469207ee8b8ba7f45c0c5d16b325682fccdea91d0b6f299835b780dbfb1577294c34a3eb9911394c6b42c9a22ad113a

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db

Filesize
16KB

MD5
13d4a98e5d9b78fbcfffe6a4e5674e9e

SHA1
ac4aaba1027e013c62b1d83e5691e37d5b45257b

SHA256
feb3890de0b319bb614088e942065fdc8c9e9bb1ac7670559189d1ba42bb62fb

SHA512
1562b764ca51fd4afa4d227ba016bc61cd0e5c71e9d1499b3340788d369a737a42aec082c9ebc698a8c7d9ca45eda9cfd07167f9752f8a94f77122d3cf15957e

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
341c8761a128e07b45cbfd054406cdac

SHA1
c8ffdebb3b410ca0817470b475a1fffb7f0f467c

SHA256
7ebf130bfa44ec628ac06bd8b54b51be59748b1af30abd2a02620f6c5754e3f6

SHA512
1f1b7296998da279af391b204c3bc8f146cb8b8cae79d3c24b21de2d8273bd789e804dc67e4b6996e92f23b8f5c73635060f4e74cbb47547deac5b13dba8aaae

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
64303bc5e34e5c577cf8f2bdaf31d0ad

SHA1
a1487d58ca964086409e687528b2cf6d4b22f23c

SHA256
a76a5ac3b7f9200bac60db54a11e56a27708d327af01044e5fe529f6f46ad2e8

SHA512
0217779bb5149acaa28627d433e4e55fc13ee594fc5160089499b6ef6d6269a2d28362843270a79b944bb1861b5dab277d2037dea752878b79f53dac04b7f599

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
91c088c088377e1ff7380a0ea1235a7f

SHA1
9869eb230a51e104c20490df8810421df6eb7637

SHA256
60c894b5564c4edd9d8c29e8f432df71b0acb8b3337ada7a6583f1226c55d718

SHA512
7f68f0471fb3b20d353dfda91a3305937f87f83c981b83eefd8ac55793489a68ac8d2107f55c8e30ab71d0c443b4d6ae7a473f1a95b08f382027c45af165ba2f

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c31f92ba81028aa99e82fe55d3dadfc7

SHA1
69ad19d483e3b909c949be0f2b20fdcaeedba301

SHA256
e4d8cbe48cb44ffc4e41d7a840d38c7c395374a4bd32c0654332c6f575a22cb5

SHA512
52db6e24a1fc50a4a2c36f14f58416f58534a7ea244624a1dfb6488ea91c7e269b12797c62aee68c4e13f5b42ff0d92b98fb341a7e1f40d019d4ea45b299f099

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
56bfe40eb1e79055112e6da3827c210f

SHA1
99a46b98de3a64a95e54153089f68305a7448bd1

SHA256
2fc796bceeee1942378d957ac8fc809ed9086760b30ccf465c2c16fd005a67ff

SHA512
9867c3029d8e2157bfcf48d84f22f5f27779972d03fe50ded98dc8d7edade77e589d29e938fd7b72611007443db7e96ea849e093d6a16f6f0bf1dae4f21e1c03

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
78b848301c44269aad4c43f31c26d6c9

SHA1
a817cc6f7ea0e084a0ddbc82dbdb683a7f92becd

SHA256
83cb8de8339932af7ab3e8e0c40cb76fbc3fe727d85b0192cc48e2f95de94fb9

SHA512
9584a4fbf35b6508c17c59e5272b03e2165484577a82c7811112602943fed156ab077361e4ec50d538678f59943fa9b302966cb91b232c3d7b702b4d2b2d4dfd

Download Submit
/data/data/freerobux.appkh/files/audience_network.dex

Filesize
3.2MB

MD5
4905ee4caebdf455b9debee76ea89cae

SHA1
461d5626e22bd87e0f0afa3440d5ce61d2363571

SHA256
0bfad0c78e6e439d2c70d43568d1dc541bff8d4b4c5bfda9e81e03ae790dd864

SHA512
89bce0984264008e30a635852cbd3ba0c822b0917525a9029ff029a33409c161dad0f60ccf67406bea62e3d42ce0364250f3a9f502db8bbcaeba277787b2fc3f

Download Submit
/data/data/freerobux.appkh/files/vinebre_ac.txt

Filesize
19B

MD5
6ba414de84c9ff3865cc95bef5807df6

SHA1
2530d7553cab2aec24efa0e9a8b2bc2a8f49f7ec

SHA256
ef32bb09754d228756385169fd1a0a91e025d115e7b3dcc9e6c2136e66e95d0e

SHA512
0a6cce2213eabab29cf72acb3351993417aba92efa89dec2809b7bddc168d0df3c14fcc7bc1046ba8e7197b2f6b0c22d960b710df2d01ef7fb1978d7d5d96869

Download Submit
/data/data/freerobux.appkh/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
02595267298c1456072bc89fcdf1b1b8

SHA1
e0096a9eda68c915796557f955d14cb5f313a5d8

SHA256
d2906e848ca34b3360dcb7603ae9e1963385afc61c15c8a14c76da84f520340b

SHA512
d576951a0275e86d6275d53de3638fcfeb6703d491f3b1f1ba9d4ed0b7e93898bd394eb294c53163e3b31714fcdc6dcb1b7cf8da7ad0b6e9fcc03428b1dd361e

Download Submit
/product/framework/com.google.android.maps.jar

Filesize
315KB

MD5
4899aca36d1ed747a447dcac0d101a62

SHA1
32e43edc0bf3e036683ea8639472e6cd31ab9929

SHA256
67a651acd867e046fb4463b31ea584c1468f7243a9d1e2efd34059e8ee2f130f

SHA512
50b23dd279a9efba566c6a6523c7537723c0cd6dd3e4871f1cbdb8d5bc355caa3ddea99452b1c8e5356802f812b3768066a9848b93d715bb8bdfa455b704285f

Download Submit