5812872a1cfa2c88dd7477881ee7e4015b237f35ad7cb9b3d930d291d560e6a1

Analysis

max time kernel
93s
max time network
176s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
27-07-2024 13:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

freerobux-9-8.apk
Size

9.2MB
MD5

cb15257128695991a490b70a32e2e9f0
SHA1

d5bd6500ae07fe8651956da78bdae50bcb1ac4bf
SHA256

5812872a1cfa2c88dd7477881ee7e4015b237f35ad7cb9b3d930d291d560e6a1
SHA512

405edd8363992e9c918a57fedf497172c64579fbab0894d8ce221a6208d5936f758188c31ac822fb34d598e7b03af69927d7a3c07123c6205f94f6da1e058981
SSDEEP

196608:mO4rYye2J4LHATYmx3ynDstkgGdrjjVUntcOEZdZ7OEf6SZ:m1YyT4LgjCDgUrjZyi

Score

7^/10

collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

freerobux.appkh

ioc	pid	process
/data/user/0/freerobux.appkh/files/audience_network.dex	4475	freerobux.appkh
/data/user/0/freerobux.appkh/files/audience_network.dex	4475	freerobux.appkh

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

freerobux.appkh

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener freerobux.appkh
Acquires the wake lock 1 IoCs

Processes:

freerobux.appkh

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock freerobux.appkh
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

freerobux.appkh

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo freerobux.appkh
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

freerobux.appkh

description ioc process

Framework service call android.app.job.IJobScheduler.schedule freerobux.appkh
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

freerobux.appkh

description ioc process

File opened for read /proc/cpuinfo freerobux.appkh
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

freerobux.appkh

description ioc process

File opened for read /proc/meminfo freerobux.appkh

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	freerobux.appkh

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	freerobux.appkh

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	freerobux.appkh

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	freerobux.appkh

description	ioc	process
File opened for read	/proc/cpuinfo	freerobux.appkh

description	ioc	process
File opened for read	/proc/meminfo	freerobux.appkh

freerobux.appkh
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4475

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/freerobux.appkh/databases/appnext_dbs472

Filesize
36KB

MD5
71e8f7c2c6076fe23bc2d327c36b6741

SHA1
b41546ba5c52491383b0085c6369271e2b477c6b

SHA256
c5853d8ac738f52a04ccca77cf25a04ddc9934c3ebe3fbf40b76802ac9875c59

SHA512
aa797426cdf6468002a73e69ae254a2d71dc893618bc333c2ebde4c4f1427c6a6be9e9599b01750f5042579d61f55cc544a3db9aea3bfca1ab1deec5abba1961

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472

Filesize
20KB

MD5
2de8d1d8f3060d2cfe0311f95564eab7

SHA1
f225752fd40dac647dc2ed2327456251b6a267ff

SHA256
6e35e812b56592735948232552a75da87107fd99ee663ce83967b98c6415858e

SHA512
52d0308e3f9ca13b1e4e84802a4ac98027c805367ebd072977749f72bac1001a0749c84312d2a708dca6b6ab5ed2060a97fc3c2208d80139021ef2cdd0c65ba2

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472

Filesize
20KB

MD5
3f64879dfa19af476ab5bbba44341760

SHA1
bc7050d08a6d1a59af2b33a4bd6d0650638ddb79

SHA256
3185ff5912a33e6a7dd82cd3ece3708d851fe73dfa4947172482940631c09f2c

SHA512
705fd7dbf0c837a7d14c5a3731a33ba429fb63c445a12d657771d222243beea503ecfcd1e190816fd971f8b536ccb2526074ca0bd640403061d1a25c5eb77f98

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472

Filesize
36KB

MD5
8afd8d2405a909dfaaa061012e75f259

SHA1
f5f9f7f4579862d3b7f74d0a5b4429590071cfbe

SHA256
93c69e61c9c21b2df70576fe3788ef2df3bca885c71de216ef00357727bb0a3f

SHA512
eaf9c6668dde38ca201e67f7e1f621af090f950877b72fa30b047ec8db37d640a0024a58edff3e671e5bf95aede166ab2861a6821ae68c6e2426683d3f8c3d6a

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472

Filesize
36KB

MD5
de048c950d23ade3d595be6f5dde5149

SHA1
1cefca54177f5a1cb12440b4093a9fd4a9faa175

SHA256
8db4658282e023976ffd3c66d213c47f2cbd28b041c461810580d5611b9287fd

SHA512
3a56b0803615ee317946f217e64a889b7c9bfa6402a9d2b7e69e0a3321b30cd47908b3f2ac852b2e9f9d8d4c00e6cfe4b764123adda65a81e6fefb0195493d66

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472

Filesize
36KB

MD5
ff0f46787b4de7902682562362c4d777

SHA1
2c529d192862f8a2031e23ec495c69c36752cd12

SHA256
b65f4d49682f00053fec616ad235df70869c5189307cd800de535c567453c11e

SHA512
4e948de5c4fa4ac102faa8446d76abd3297fc1ab2e27fb50756ce6fb7d0bb42369b02acc58c8f851b1dee6847d095029b1a227a72227dbebc88786bb0f0b4712

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472-journal

Filesize
512B

MD5
a6190c0b83c5013a0e2c8b4b40e45755

SHA1
917748492f3cffba974c3a4358f75672e7c8cbb2

SHA256
d76e9a48a0b902a47f9ff80d562c5fc475f02dc30f538a430fcc47d0654c813c

SHA512
761e106043306a67f25ab44a86e1700fc31d72ae821095974496a7042c1c9c7313e3fd694db3addce6a1f2da511ad05e48eb4899273c04d58d6c8ea6e89a15ed

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472-journal

Filesize
8KB

MD5
6b72d23e505d34aaf5380bb5087f83b0

SHA1
7771008dd5f659ef67e2413fd7b45885a0767569

SHA256
7b6ecc613f75fbb0dc02a1ade267cad4d8f63ec01336d151880c4d2008686ebe

SHA512
1ddd64919d6d483a62f2a788a38651385e032b9969245e4fba14eb1ace83455c4c0d0b0bfad3b0bafdc7eb3f831e8772d31185555dda99080a9410bedce449e5

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472-journal

Filesize
8KB

MD5
32eb5e5ca10c838a396635f7c7d612d8

SHA1
95bf66705a037aa8f304b1cdb443de7ef9120933

SHA256
b4892c81bb021dc08e3867b6651912f9738d08710393021bdfb7f399a75e16bf

SHA512
a5e5fa4816abbc887f5f95b58bc7bacb1b2505480a4ae8bdc518ac457388d8811a868b26636e12d72a90c5b969f39071c69e1685c7fca8b7cff4d6fb14accfc3

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472-journal

Filesize
8KB

MD5
702827089ab3a340eb68ea8d1072664a

SHA1
52ea4f55f21a8d380b84b25cab94ab4355fb6dcd

SHA256
f4f6d8b4886c1cd259f0291f5f81616e43a6a5b591d0573e9d9d85dc7448f067

SHA512
5c4d776fcbfea71488d386fb3d2bdf566905540af93ea24835c1e03ae0fde2c12360d2e3ae5bb43c1bb2a1e335c6ca1ec4b297b9f51df746328bf999411c4179

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472-journal

Filesize
8KB

MD5
1be8ecdcc7322da845eccb8392763894

SHA1
73e9f3d64f97f12952442e7b78df1adb2fbc5b48

SHA256
de12f96a9da549ec70042186d47bddce6a95a5f1adcb399266106eddeff07038

SHA512
9bf2c7f9168732ad7073ace6d85fa02a397060fc22f35d71bfb9dd8dfb7be065ee0772313b30b16c4930a601d87cac7b3506a5a0561f4f14500212239278f75e

Download Submit
/data/data/freerobux.appkh/databases/appnext_dbs472-journal

Filesize
12KB

MD5
bea6419e3b0af197bd2866c388ad194f

SHA1
152d44795196921040645090d390531c6cc992c1

SHA256
326505db9f9694076104b69b294474d3a07009ebc88ba8c92758e0c71aea9d3f

SHA512
06a8313fcf97df17b86fa3a80c193bc44ce72792cb2a24ef6ca1028ae0b356263b2f10779cee9782399b3ec6bf56a036af5caa71ee237e6b7586d62c27f74eb7

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db

Filesize
16KB

MD5
dd86ba8ca8332be839abe05662eeffdc

SHA1
f424ed2fbda9913bce3cebfecb4df0862f4cf370

SHA256
ed3420372ecf7ae52236d827997f5614aae367f27c3d8331a0a7eedd532e8ddf

SHA512
f8d93163e71a6091e90443a3e9d940f9086529133e46b1b7a9dfe89a5f0bbe2498e87fc68fc6d3da607529bfdb570e570183e6d4dc7ffec1cd7c95879538d692

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c4fe1edb7e5bc6a185da2f8024196e5a

SHA1
56b51e8316582fc2faa5246adf4d1f39d76bf167

SHA256
62b36377a802bef59180f119f4a7a5aef1e40502a7d50e4b6bac7d5a6e0c7f43

SHA512
d0f46aebdf3646cac23125fb1d1c1953960e496b03f3fd10f15afbb00a352c4bd7b52cdbdefd2eeadbf378d9c3eb5fe9372ed0817b830b4ffda8f4020eb2f39c

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3ad66039137ab942b2c8814bb873512c

SHA1
213f5e43a988572c5a8c54dbbd52fb5fb33997af

SHA256
5581a0940c1591c6ebf7e94a6e69b9903d2a418830c09c43fa0dba8ca97e80f4

SHA512
a5f7b78c7089d1eb5245eabadb65a5e0611bf7710f3c62ed7e11a2535b296ab4be006e98fadcaf978ad68a8916f36615bca6c6a4f4354f82bdcfe3452e82355e

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6774de248513270434bce562a432ebbd

SHA1
49f3361044000c44222524bb928156810be24947

SHA256
b0ff9ac5593992a733bd7f1700eeeecce9707caf32f6d04fd0235cbf59554210

SHA512
72b21eb18a41e191a78ab7d3609f4ec315aa383fd00caca840f2456568329d139dd6a5b989bf9202cfbce81d5ea3e15498b37034ab6599fa0e74196f21f80189

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db

Filesize
16KB

MD5
29508388b509e1753a8a223e130bd6d4

SHA1
a377d7ea99a3ef8944dfe240c9dcf925617af5c4

SHA256
67385b886147db41fec86aa36b9e83c3351666f6cf3cdef0ec862e746694355c

SHA512
36864935c5d88d2d01738a57aab49b418dcf0bfb654f86772b3c452dc6a7d37fd271a6103a52e878bf3a170d3b5365dfcbdefbed3cc9b0174ab2345659474123

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f768ef72ea397ae1c03fa07329080c8f

SHA1
ed591099b4a0acd1b3f8a9920c67fce818cf3931

SHA256
b207d4488c243bd281c9fd8ed7572ad81c25fe25eeb571deebf9988496dca99e

SHA512
3a73191ad97628b339b97443e30914c74c3e22dd771e333d064879b30b045d39d2365d2e2850762d25c5f8f79d7bfaef27e4b1cb41e3ddbb0b7dc53ef19e7a98

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c821f79eddbf0e8f6d0c6f4aa29446cb

SHA1
f45af818596b697aec68e78d2199c8a4d13316ed

SHA256
892111c0a7e489a681d21ac3150070c8900ba0046e1ddb152eec86f365da2334

SHA512
2336c3f48e6d323d9ff3931c794ad1a174ca8ff27ba1db225817772a9a8cb8838be9408e393c9fb5bea598284deef5fe623c96f43baa9e33d86a50ecb1f1a8e7

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
0ffbc4842640eb23dc5c7d403beb777c

SHA1
59490b76a0e9bd7cf0061886fd8a140bd8b8a330

SHA256
a9e1597fbfb4fce8631065aa69e51319a5311b2724c927d94cb1f4a56220ae6d

SHA512
ed0151fe96ace23092d634a855bd83f64ff02cfae0c9a8d597d1a2e929db6f6770659397906f16fc24b172944672447c50e42c9e315250cb135dd3871909cfed

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
6709ae4c8a03f5d7bafa8c469ed27e61

SHA1
54cb0f80c0dceca1a396d469f9e298bd99148b79

SHA256
8ad9ea1be00bd2eae74c0daba9e5d20c2d7c5fc7634b2cbc52b6074ca1f4cf8f

SHA512
587e54357a8dcdd86b0ede8148cdf31f605b6b185fc1553072afff3ec88273f78e4f9adee04516f7a196c618268927b39a4023902e949aea3179d9ebfc99c029

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
1d0f0221b7ce4060961442948db3df50

SHA1
3d3fb7e95250a87abc1fc5f5cbe3a2041dc814ca

SHA256
2db33895ae12971f87775191e19d281aed02e113714c245b0049c0474130f244

SHA512
0c4182c98cdb327a3ac529029929f35dd9e0e9f66fe49339e3cb65e3cb6362067a50fbb3ccf68e0e304c2736bcef199cc4492ba34bce7ad2240738d2dcc4c990

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
7d8f66034638ed14c9982125e094c8c3

SHA1
72f346111ca48f78214e71db0506d9c161ddaac8

SHA256
45c0ac3ef1b9cd7a89b4add2fe028ced336ddde41ea3a6e2aea30990964cbae4

SHA512
a76b63624f1ff9b80539fb4364669808d7a3a5f42f6da560ac33d22c22acba90411ed2334cc232e424fdfbfc0792ad272b09e8eaefc1bd574ab090f8374ec484

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b16766e5da76b204c9b47a6d3d7b60e2

SHA1
d0b56f329ca515f40707f0fe40babc13bb1d5a3a

SHA256
f4b16efea45748339fb035adc7c7ce6bc2b39b7444cd31387e7de6371f198bb9

SHA512
60030ce5d4a5c781c1f4014f62b3c4d3338a28aaf5ba338e048129992f9938d98b48ce79b1c279ec56620ef805d943bde0acf0d430a0b0c9a1dffe0f95c4c0a5

Download Submit
/data/data/freerobux.appkh/files/audience_network.dex

Filesize
3.2MB

MD5
4905ee4caebdf455b9debee76ea89cae

SHA1
461d5626e22bd87e0f0afa3440d5ce61d2363571

SHA256
0bfad0c78e6e439d2c70d43568d1dc541bff8d4b4c5bfda9e81e03ae790dd864

SHA512
89bce0984264008e30a635852cbd3ba0c822b0917525a9029ff029a33409c161dad0f60ccf67406bea62e3d42ce0364250f3a9f502db8bbcaeba277787b2fc3f

Download Submit
/data/data/freerobux.appkh/files/data/appnext/videos/video-737971-15_1687165995.mp4.tmp

Filesize
727KB

MD5
c4a78100f3cd1861d608cd0c165f4e39

SHA1
1d5a68904bacf851d5fc6d25ebfdd621f377ea9c

SHA256
51dd4afb695afde7b97e5555f1a90f3d66c374ea80c989ece5434c58f8865f66

SHA512
aef2016794723d6021b834a658f6ebd573ee4ec840fe9b58c83920f0345ea74abcde150c3fbdfb730ae836ba50bb76190a6d398961b457c1656d9dcc395b490d

Download Submit
/data/data/freerobux.appkh/files/vinebre_ac.txt

Filesize
19B

MD5
6ba414de84c9ff3865cc95bef5807df6

SHA1
2530d7553cab2aec24efa0e9a8b2bc2a8f49f7ec

SHA256
ef32bb09754d228756385169fd1a0a91e025d115e7b3dcc9e6c2136e66e95d0e

SHA512
0a6cce2213eabab29cf72acb3351993417aba92efa89dec2809b7bddc168d0df3c14fcc7bc1046ba8e7197b2f6b0c22d960b710df2d01ef7fb1978d7d5d96869

Download Submit
/data/data/freerobux.appkh/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
ae592c59a4816dae6facf05d23b933b1

SHA1
d5f4c04c665289460bff94ee3430161a9a2996e1

SHA256
a9a27e13ac0138960eb61b1d2a45536c1aa2fecec57400b2e686c9c2abe566fe

SHA512
e9bec68e130477648a521c8c08ea3c7266182d8d12b1050646fc490ad74f56b676fe8127dc501667f5429630670d2286df2afb32a6c8602b8f2df24cc11fb083

Download Submit