29b3c01e9878fa097bfa76d3c3f718f264545be3cce605288d0f0d66794e0ba5

Analysis

max time kernel
3s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-es
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-eslocale:es-esos:android-11-x64system
submitted
02/09/2024, 08:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

among-us-v2024.8.13-mod3.apk
Size

716.3MB
MD5

65861ee6b4a64a40cdaa65bd3167d899
SHA1

7c70f8f055c26fa5932f19923e97abbfc70091e7
SHA256

29b3c01e9878fa097bfa76d3c3f718f264545be3cce605288d0f0d66794e0ba5
SHA512

7f66a27ffb98a396b07090c9f5d3e701c4336c9d725c92e4485f465190fb0cd073e4849fa8ea5928f2de6f60cefac2965d0b411cd63de4bfae572406241daf76
SSDEEP

12582912:cqK28/SC8qVYj3sS6rtkyxAA2wiHcZTsDV4GG9tRoxNTzkqmie1eqc2/t/rR:cH28/SC8qVYj3kayxAA2wiHcpNoxNTzi

Score

8^/10

discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.innersloth.spacemafia
/sbin/su	com.innersloth.spacemafia
/system/bin/su	com.innersloth.spacemafia

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.innersloth.spacemafia

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.innersloth.spacemafia

com.innersloth.spacemafia
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4576

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.innersloth.spacemafia/cache/sentry/c763c68f1ffcbcbe9486dbc44fd01b0f0ec2b4da/.options-cache/environment.json

Filesize
12B

MD5
dedcf97dec548910cc8edae172ab5bec

SHA1
a37f222f2a89b4098cf681951ee75d76bd1f75e5

SHA256
80be2eb0944c0453a6ad339a56e1c8f39f8cc57a4e627758246ccfd274176fd8

SHA512
5e0d2b9be27ce24d6baa109ec8b2cb7e7ed3deb5622bd87ea621428857a8b8cbda98871552eb7e26df145485e83b2b3397cdbeaa4d806e955b4eeafb4a85d13a

Download Submit
/data/data/com.innersloth.spacemafia/cache/sentry/c763c68f1ffcbcbe9486dbc44fd01b0f0ec2b4da/.options-cache/release.json

Filesize
20B

MD5
b5d2496c1a361c27d55204f803ec442d

SHA1
636ae24430063c809be174306d8c671857818376

SHA256
24aaaf0d5325b8ca39219a0b46c610ab3cc3c2323684b906f78a21c181332767

SHA512
c70e587e89c56efb40d1f4fd070a3c223dbe9d6e4fd611c6d56a165071eec28a043dd02867aeb470fbe5249fb9fd7c1852ffc7b1374482742e87cee3b1b74d37

Download Submit
/data/data/com.innersloth.spacemafia/cache/sentry/c763c68f1ffcbcbe9486dbc44fd01b0f0ec2b4da/.options-cache/sdk-version.json

Filesize
464B

MD5
a77344d7e570ba8605dd23cb7ddff617

SHA1
345d88c4efef4240cf3a9f5f57ef2ba9ebebe023

SHA256
2a7123dad1487dc1c28e87bfb4432024496729d5a46ee461774226b4ba2f100f

SHA512
957cfa22ab8a75392c386355a32e9f57ad82e455d782ae6dc06c31ea965ad5c1813b4fe22ddcf2b55be7e3966babcf576a64d6ac7f7863e8875cb40c9b6c95ff

Download Submit
/data/data/com.innersloth.spacemafia/cache/sentry/c763c68f1ffcbcbe9486dbc44fd01b0f0ec2b4da/.options-cache/tags.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/com.innersloth.spacemafia/cache/sentry/c763c68f1ffcbcbe9486dbc44fd01b0f0ec2b4da/.scope-cache/breadcrumbs.json

Filesize
138B

MD5
4f42e8e2f7ca3135b407791dceb4671e

SHA1
d788d195c21f11e7560aadd54635e3a86529a407

SHA256
29b7877677beaab2fa279995b542dc9ef85b7c3a78ac5e53e518b1af9d24fb0c

SHA512
d6557b7749c8716f6475a704525ade92785a80dfae9c6cca95856ddc63fccccdba7b1837af4abf70abefda2a5639220d30a411754965a5c61bd8c82303be405b

Download Submit
/data/data/com.innersloth.spacemafia/cache/sentry/c763c68f1ffcbcbe9486dbc44fd01b0f0ec2b4da/.scope-cache/breadcrumbs.json

Filesize
523B

MD5
c98b9f5d33d0e0172837d47e1c05d58d

SHA1
1370385a1940445aad90ba4889e2512d69de7fba

SHA256
43afd2e6d02edf3517469cc3440b2eeb4c49d09ecef651dffd22719e7a35c30f

SHA512
ab66198b22544d0b0efb343c0765ffa9ea8e49122ed5562d31c2bb6b9b964f3dfaa02047f4668d53fb46fbe122701964b8f9925fb53c6f9d4c525f8dd06d0e46

Download Submit
/data/data/com.innersloth.spacemafia/files/INSTALLATION

Filesize
36B

MD5
6a3a368e01646364c8a49fae54d41d8a

SHA1
943aec9531910c2a9fd1b05f385bf8649b227ca1

SHA256
93ed429f83c526c9cf3f3c2e2326bafff6b3db537d0df1feb0f4518cc4d6ebe4

SHA512
0c929a4b3398dba9fee7c2e7d76a9f6b6cb9fdccf6637e809d2728a6c7e1e5acb6decd8994235eaec48f4f75629ba17d984e70cbb3b56a784bab24d0915bf3be

Download Submit