dd5c87b925a0c29b9f7767c7e4704a50d91aee0db428cdf25ca87f1ca9b66172

Analysis

max time kernel
4s
max time network
132s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
18-09-2024 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hotmoviesv3.618adultcontentpremiummodapkcrackshash.apk
Size

5.3MB
MD5

65e0a4f776a2c8c2da5bead2b983c10f
SHA1

04fbdefecfbd10cbb79082d60d2cc6ef657c6c51
SHA256

dd5c87b925a0c29b9f7767c7e4704a50d91aee0db428cdf25ca87f1ca9b66172
SHA512

b061fce29d06d91b54ebaaa2213d22f596eeb442b979b982f5a3e868a22e0a358891ae299e910de39b2e063ec149225babbdb72ba4fae294bccdc0b669c4fa0d
SSDEEP

98304:e7a517r0+hh0xvIpRIZKR7ls25aQlQ9btgx4S1XX+OCvibXXWRwBmOQzJOmjMq:aC17rbgGHZmQ40XXieN6Mq

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 9 IoCs

evasion

System Information Discovery

T1426

Processes:

fun.playme.wobljr

ioc	Process
/system/sd/xbin/su	fun.playme.wobljr
/data/local/bin/su	fun.playme.wobljr
/sbin/su	fun.playme.wobljr
/system/bin/su	fun.playme.wobljr
/system/bin/failsafe/su	fun.playme.wobljr
/system/app/Superuser.apk	fun.playme.wobljr
/system/xbin/su	fun.playme.wobljr
/data/local/su	fun.playme.wobljr
/data/local/xbin/su	fun.playme.wobljr

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

Processes:

fun.playme.wobljr

ioc	Process
/dev/qemu_pipe	fun.playme.wobljr
/dev/socket/qemud	fun.playme.wobljr

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

fun.playme.wobljr

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	fun.playme.wobljr

Checks the presence of a debugger
evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

fun.playme.wobljr

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	fun.playme.wobljr

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

fun.playme.wobljr

description	ioc	Process
File opened for read	/proc/cpuinfo	fun.playme.wobljr

fun.playme.wobljr
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu pipes.
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4962

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/fun.playme.wobljr/databases/StartApp-d6864f2502af7851

Filesize
16KB

MD5
011e51a81088b236084d08e91a56be38

SHA1
c0b015d8023e1e74ddfc594a7def99419dd1f12b

SHA256
71b78e6893d079f1f3bb1c7e5ca2ed62f33fdfa4a04b137a3fcda0850e4e9852

SHA512
f0321df9c77b2276bb7c86cd6f01e90a629b654d708cbe6a846245b68ec07080bf3103fb708393e620271f0155ec3ca4585f208bfd6e725deda05209fc640c9d

Download Submit
/data/data/fun.playme.wobljr/databases/StartApp-d6864f2502af7851-journal

Filesize
8KB

MD5
ba844c020e232b42205bbb1516c9e2da

SHA1
8ce27ae33155b0ed98b036fb8fa9eb05aa086fb5

SHA256
7940447ec5a9e8f2ab893335b164d77b5de4d6af97aac1179c13663255f9364f

SHA512
208f6384d434229961f14292429d701c1640baceb9b82e7d72e2d5cc34244e87c2f6322330946a0b22acc93f337633e8292b55c1b45e0e4736ffa18d189535c8

Download Submit
/data/data/fun.playme.wobljr/databases/StartApp-d6864f2502af7851-journal

Filesize
8KB

MD5
5d2d8e9f9c98490533873ab77cb89eb7

SHA1
53fa08217381c853044f400e496509add60188e0

SHA256
6a7e385c072a546215eb516cc1644b4f2e87c9d7b3a59382b5a6847c62ca4a80

SHA512
6a0a64f29b4511225442d28ec643891f6e559fc25562a18eece6cc20adb8a9e9c8c27c23741b5ed7ded01088f9e6df38ead4c89f2831cab2721d8d69153f2eb8

Download Submit
/data/data/fun.playme.wobljr/databases/StartApp-d6864f2502af7851-journal

Filesize
8KB

MD5
1da021ec8387c98072aea8a6db37b36c

SHA1
9c8053c0bd11901e8d227134b6169a0e325db0fb

SHA256
d9a167f22ce8a84dc4c2c7632fca1cabdc3ea2a43b503f0e74ecdfa0d5e4f60f

SHA512
85a88fd9c34149ffb4fce46e43a87191877776b6a1f0a94a2b41d08172323a59cdbac28c249a4bc423cc2d4c5ce403939e0247080e9cddb99a73ce008cded370

Download Submit
/data/data/fun.playme.wobljr/databases/StartApp-d6864f2502af7851-journal

Filesize
8KB

MD5
75b931c90178be4c29985a4f8ba35026

SHA1
0471c8a8e6cd29aaa3ed84d93d9850c5e03b47aa

SHA256
4aa46ca135b3f8b64bd756993bf3c327ceb5dc8ce47780d7dced9aea4c1d6d5c

SHA512
411ee125b089ccbe98a26f9aed6e6656432092f4057db2a869f4c9d40d554a3c6fa34b658211e9be88d544bd25c074c429426d3c28cf42116119357cfd9bee78

Download Submit
/data/data/fun.playme.wobljr/databases/StartApp-d6864f2502af7851-journal

Filesize
512B

MD5
109d11e5cb6baca6acf41bcd67ecee1a

SHA1
db2b55a13cde55909462a62789fb15587e375e94

SHA256
abb06b7b313e6082d8c092f5f735ac32ee9ff3e0461c2c7ee9606c55af3a130a

SHA512
0befc6aa31846762602d080739ad6bacd68546e8a7dd0dc89edaa4cc5fdbad2ff7c2742eb96094029f6613cf24419c632bea199ad7f03e39702af8be6c3f3b55

Download Submit
/data/data/fun.playme.wobljr/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
a8aac280006c484037b386eb5340599d

SHA1
c2fce3c637a80894add6a65e25fdb7aaf5a88ac4

SHA256
d500724cef9b7c6a2b0b23dac492214e23007629807d278658dfab92854f1194

SHA512
26fbba5f181b090777eaf68b6e57fb15a5d69e465bf860a9279a0cf0cca0141aa299b3977295a07fe75744f368ce63c2933a4e2ae9968ab8d5add85ff115d890

Download Submit
/data/data/fun.playme.wobljr/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
d8bce83c9a46ae3dbe765ff9ea56ffbf

SHA1
3b2636d4a3c2d61d6592871043e87018568d4747

SHA256
cefaf8f114a35b27f2189d9e6db15ba1e1b999d3c2dd1e41fb12c2e5979d47f3

SHA512
0e27ddf13f378cc62dcdf0a0736832562e8ff6ee92b0db9f0e92eecce2eae6018413e2ac0d43580742e59b437b8a2b9d179d9e92a25696cb657935bb0570a58f

Download Submit
/data/data/fun.playme.wobljr/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
18254b56304868db0c04b7931e075c81

SHA1
8c65f40c4c5afef4231ab7bf1d6b8278377c2647

SHA256
6c84429edc6e8f0d9569b0cb13ab84611a71e335fffc8ea05a6d24d0a2920a6f

SHA512
86c876ac3d9948644c7a8e08ce4f0ca24b326dd53a66a090d9f0e6a8851d40a04743c712004366dafa17cdf8035c777d747e61477e97c5c871cfe8a49a9cc27f

Download Submit
/data/data/fun.playme.wobljr/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
a4a128780c7f122567bb649734f45cca

SHA1
7e103736a28d03bb84f78b493004fae9190c9687

SHA256
27fb083f50c9d212a94e936e83215a23a505d3118eb28ac5b060d360680eaa8d

SHA512
cfe514a3057860a7e6a6e1884a1f595e329568f12937d9acae521c67f3e66a8589a18edb9970877a8673232c94c962b950e49347842263309e9c6b5d64035aab

Download Submit
/data/data/fun.playme.wobljr/files/.com.google.firebase.crashlytics.files.v2:fun.playme.wobljr/open-sessions/66EB1C4303AD00011362F5F4612E4764/report

Filesize
787B

MD5
c231ced128a849217762fd1954feb4b8

SHA1
3a6aefd5e6b9ed8f97b63704d21e534f5c615abe

SHA256
0e68fb96ef84a315829b2f276c7b72de5a3df1d15ae85e5a7dd66c8945e683ef

SHA512
a90cbf6e82aaab9133e9b405a12fc4f844fe275019738f62b55dc23032853bc9b129dfd5717c4e66be911d8a4dc30689da22071416dda1f226e2de67948993d5

Download Submit
/data/data/fun.playme.wobljr/files/PersistedInstallation3847335883049214159tmp

Filesize
567B

MD5
3716591d18f596a535717e8567c72140

SHA1
446dc1ddc0dbd349000aa461ab7d67c1b0761624

SHA256
05d4f474d9d115d40e32a86f6461dee222ab78b695e822aca5bc5ccc171addd5

SHA512
70dda62f47e186070b72ea435ea22d1339797d8ab173ce9e5b2e755953b2abd6531d905ddae1781d84973aafab3e898d75f30e5a00d9045097d8864e0a3dea18

Download Submit
/data/data/fun.playme.wobljr/files/PersistedInstallation45921887948254735tmp

Filesize
90B

MD5
50fbd3b660893487319de7871257c73d

SHA1
fcab0ad508c6e0acd28cb22cf3c696e87cb0aa6e

SHA256
c590cd55e3947261317f362e42a7d09cc3060dc3e6f3e9cbb76d62a4bfa9cf89

SHA512
aa3ff4c4809d53a2adc7eacd5bd612b7bb65d9678183a05d65a6a998f9b3f927fd46a8c11cd7d914b148c4217408d60949195ab85c971fd4d6cbd7aaa1de6fe6

Download Submit
/data/data/fun.playme.wobljr/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
33B

MD5
35b51faac8b5af3886e70bb5a885dab1

SHA1
e6cb282da46cd4bf113e25c8573268578dcd11b6

SHA256
af5b3362ec35985974c6b73eeba53e5063861f2491252d61d8cd42168aa5ed6b

SHA512
6ad5e9766cc03a4436e1440b9e47c44da6c6440a3c94b1cc988f8c5680043cde6f7b7e02b2b4c71b25df4209c39ed099fb65fdde02a9f09464609a1abe6af8fa

Download Submit
/data/data/fun.playme.wobljr/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
75B

MD5
944e6a5a08cb971370c65c06061f0ab4

SHA1
84d47725cc29bf167b782c702575bce4bf2ecc5b

SHA256
ba8f4af0e35f93cc15649f4c51969f5279421fc12deeafaddec5e5c48aa58dab

SHA512
bdc404233927a6a99160492d0b3e2cf00776d51b33612b8c9ecba395747b3572cf1790269fb199915aafe84c546d30e3259833c9d00af8c412823396882ca783

Download Submit
/data/data/fun.playme.wobljr/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
121B

MD5
ffcbf87665a36fc21782400bd0537e79

SHA1
3dbfbdbfdcde953317b089f9a9fa0bbe50c698ee

SHA256
a21d3bf2cca0951e9e7b3fed43cafe9f89a4cf9d844c82279b260852d0ee473d

SHA512
7f98ac150c422eb4f1126d86501d0435817ceaa7eb5549e4d21a295d57be3d3fed4388cda782c084130c4ac8d57a4f225139a2e42e8a12b34cc1679140d16b57

Download Submit
/data/data/fun.playme.wobljr/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
163B

MD5
dcf7d6c1cfd5e7b56074e3001577c78b

SHA1
b8eba89aee9f6688ecda6675ef8ff4998da0b141

SHA256
ba0830617929c78abca9391c2059f89c78049911f502ef5525d39341e4da2b91

SHA512
42d75be824d69de23d2e8605d60c3608db20ed5c059f5b67c63ca2845484c67150aea88a3aae36aae12a4ea266fb6b469d09f765bbcd444350d836ab83f7695d

Download Submit
/data/data/fun.playme.wobljr/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
212B

MD5
dc695e73d78bdd9431a4621b1c4c5dd6

SHA1
8c75d8965650219474b81c0c9b1c64230e5bc181

SHA256
e87859bea900eb66d56d28eca085c605a18188925fe49d8ac4acac9913eb510a

SHA512
b5a43fc182c63b1baf6dea34e3b9842e10c702d158f6db666ec0ae733cb07b6c136c9947a13e1276bc06d0ff15c7c0cd0f78442c32b9e1e04fe9d048d57637c0

Download Submit