Malware Analysis Report

2024-10-16 05:23

Sample ID 240804-mle15atbkm
Target fnaf2+aptoide.apk
SHA256 a57cd5e6da100b43b807552f98fc2ff97308ca4b777656e7cc3c8146781f8003
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

a57cd5e6da100b43b807552f98fc2ff97308ca4b777656e7cc3c8146781f8003

Threat Level: No (potentially) malicious behavior was detected

The file fnaf2+aptoide.apk was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-04 10:32

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-04 10:32

Reported

2024-08-04 10:37

Platform

android-33-x64-arm64-20240624-en

Max time kernel

184s

Max time network

207s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.196:443 udp
GB 142.250.187.196:443 tcp
GB 172.217.169.42:443 tcp
US 172.64.41.3:443 tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
GB 216.58.212.238:443 tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
GB 216.58.212.202:443 gmscompliance-pa.googleapis.com tcp
US 1.1.1.1:53 web-static.archive.org udp
US 207.241.237.2:443 web-static.archive.org tcp
US 207.241.237.2:443 web-static.archive.org tcp
US 207.241.237.2:443 web-static.archive.org tcp
US 207.241.237.2:443 web-static.archive.org tcp
US 1.1.1.1:53 accounts.google.com udp
GB 74.125.71.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.google.com udp
US 207.241.237.2:443 web-static.archive.org tcp
US 207.241.237.2:443 web-static.archive.org tcp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 1.1.1.1:53 wayback-api.archive.org udp
US 1.1.1.1:53 archive.org udp
US 207.241.237.8:443 wayback-api.archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 1.1.1.1:53 web.archive.org udp
US 207.241.237.3:443 web.archive.org tcp
GB 216.58.212.238:443 udp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.3:443 update.googleapis.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
GB 142.250.187.196:443 tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 142.250.187.196:443 udp
GB 142.250.187.227:443 tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
GB 216.58.204.67:443 update.googleapis.com tcp
GB 216.58.204.67:443 udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 172.217.16.228:443 udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 142.250.200.3:443 update.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com udp
GB 216.58.201.110:443 tcp
US 216.239.34.36:443 tcp

Files

/storage/emulated/0/Download/.pending-1723372439-fnaf2 aptoide.apk (deleted)

MD5 ee443614e639fdcf35e17fb2bc332077
SHA1 36eb5d496aa9627a74d822d460631a02a1a7cf84
SHA256 225aec9f8298ce389192a078202c1337329744b640c642095e352296e848f763
SHA512 c0653250db649993616c5e3e728100cf192a76cd0fc97e12154722a70b3468e94c409b8d6e0fb95fbe125e3556436a4c8460175de7e5b976291c47e4615aeb20