Malware Analysis Report

2024-10-16 05:23

Sample ID 240803-et3hdsxfmf
Target fnaf2+aptoide.apk
SHA256 a57cd5e6da100b43b807552f98fc2ff97308ca4b777656e7cc3c8146781f8003
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

a57cd5e6da100b43b807552f98fc2ff97308ca4b777656e7cc3c8146781f8003

Threat Level: No (potentially) malicious behavior was detected

The file fnaf2+aptoide.apk was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-03 04:14

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-03 04:14

Reported

2024-08-03 04:18

Platform

android-x86-arm-20240624-en

Max time kernel

115s

Max time network

131s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.3:443 update.googleapis.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 216.58.201.106:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-03 04:14

Reported

2024-08-03 04:18

Platform

android-x64-20240624-en

Max time kernel

116s

Max time network

158s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 accounts.google.com udp
GB 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 108.177.15.84:443 accounts.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.180.3:443 update.googleapis.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.204.74:443 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-08-03 04:14

Reported

2024-08-03 04:16

Platform

android-x64-arm64-20240624-en

Max time kernel

66s

Max time network

74s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 web-static.archive.org udp
US 207.241.237.2:443 web-static.archive.org tcp
US 207.241.237.2:443 web-static.archive.org tcp
US 207.241.237.2:443 web-static.archive.org tcp
US 207.241.237.2:443 web-static.archive.org tcp
US 1.1.1.1:53 accounts.google.com udp
GB 64.233.167.84:443 accounts.google.com tcp
US 1.1.1.1:53 wayback-api.archive.org udp
US 1.1.1.1:53 archive.org udp
US 1.1.1.1:53 web.archive.org udp
US 207.241.237.8:443 wayback-api.archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.237.3:443 web.archive.org tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.180.3:443 update.googleapis.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.213.3:443 update.googleapis.com tcp

Files

/storage/emulated/0/Download/.pending-1723263313-fnaf2 aptoide.apk (deleted)

MD5 7e244260fba0e0318d182953fd054ecb
SHA1 819fcd3ea8733e39f8c4c63b65192fc939bbab83
SHA256 c01b58c23c3b0841a7356406620f2749ecba99b079ce660279286d0833a11484
SHA512 953290bb330abf9fd29eea44b9e8a6a45f8fbc3b298c76ed99dd4371561797d96ca067b9486d5b167a635c6dff7cb48ffa696304c7ccc1f85a9a6a2050f7390f

/storage/emulated/0/Download/.pending-1723263313-fnaf2 aptoide.apk

MD5 154741d5256128ec24b13fb1132ac24e
SHA1 a836264c3bcc90b9977e057c64e0178c4cc55ffd
SHA256 f7bff63427ecc7bd068e35d8d94bcd8912c79f2a53bb7e3ad735e614064c3c13
SHA512 43944b6ca61e1697ab12a38209e0e2412bc992b3756a141e150c13317f88acec7c131232cb402f3230dc515b792967f62532282f5537a49bba934c87f035b3da