dd5c87b925a0c29b9f7767c7e4704a50d91aee0db428cdf25ca87f1ca9b66172

Analysis

max time kernel
4s
max time network
133s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
18-09-2024 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hotmoviesv3.618adultcontentpremiummodapkcrackshash.apk
Size

5.3MB
MD5

65e0a4f776a2c8c2da5bead2b983c10f
SHA1

04fbdefecfbd10cbb79082d60d2cc6ef657c6c51
SHA256

dd5c87b925a0c29b9f7767c7e4704a50d91aee0db428cdf25ca87f1ca9b66172
SHA512

b061fce29d06d91b54ebaaa2213d22f596eeb442b979b982f5a3e868a22e0a358891ae299e910de39b2e063ec149225babbdb72ba4fae294bccdc0b669c4fa0d
SSDEEP

98304:e7a517r0+hh0xvIpRIZKR7ls25aQlQ9btgx4S1XX+OCvibXXWRwBmOQzJOmjMq:aC17rbgGHZmQ40XXieN6Mq

Score

8^/10

discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 9 IoCs

evasion

System Information Discovery

T1426

Processes:

fun.playme.wobljr

ioc	Process
/system/app/Superuser.apk	fun.playme.wobljr
/data/local/su	fun.playme.wobljr
/sbin/su	fun.playme.wobljr
/system/bin/su	fun.playme.wobljr
/system/bin/failsafe/su	fun.playme.wobljr
/system/xbin/su	fun.playme.wobljr
/data/local/bin/su	fun.playme.wobljr
/data/local/xbin/su	fun.playme.wobljr
/system/sd/xbin/su	fun.playme.wobljr

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

Processes:

fun.playme.wobljr

ioc	Process
/dev/socket/qemud	fun.playme.wobljr
/dev/qemu_pipe	fun.playme.wobljr

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

fun.playme.wobljr

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	fun.playme.wobljr

Checks the presence of a debugger
evasion

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

fun.playme.wobljr

description	ioc	Process
File opened for read	/proc/cpuinfo	fun.playme.wobljr

fun.playme.wobljr
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu pipes.
- Queries information about active data network
- Checks CPU information
PID:4633

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/fun.playme.wobljr/databases/StartApp-d6864f2502af7851

Filesize
16KB

MD5
7dd387f4736bd34f3f64677637d43d12

SHA1
5831654f8b6143f10585a0ef2ac967b11da5e6a3

SHA256
979d7c462856b02ec2800088e43fa2dd23d85e441f93434e225e3051003f5a3a

SHA512
9b8a14cfc9304fa0d01b86f92fc5edbd319a0ad632db2cfab84cd3a7e1603bbec2c50663e8a6ab786ab12877513e266011e56cf2fa883bcc8562591f626f31c5

Download Submit
/data/user/0/fun.playme.wobljr/databases/StartApp-d6864f2502af7851-journal

Filesize
8KB

MD5
555b366852c49cb5a823c48f8ab4105a

SHA1
334c1f53f608d3d3fcfc148277d053696ca4ec8a

SHA256
db122ad9c0c8644fa7914a2a25bfeb05507215c00f2b855f7b149b2940d0dcb2

SHA512
525c6937ecda96354c7cabc2c60b9ac624ef95c788e62ec26cb0601caa9aae32530a042b953368f899570d564dc967490ff1c692d368e441d50303573cda38ca

Download Submit
/data/user/0/fun.playme.wobljr/databases/StartApp-d6864f2502af7851-journal

Filesize
8KB

MD5
29450118b1866f1a38bcc6e5c926e2a0

SHA1
e970a3440ee673f5219d64ce65764e6bc91155cd

SHA256
631f3a42644304fbcbde1d4206bc1007e548162f5d18684a961c09a01be8a2d3

SHA512
4a6572c463c363cfb68c6ad45ea7169013336b5ea890938c2ebcf8e4471733675d3c077bfd121b604de7b794d0aa002582a0d1b8e836950927f0e6d44c302987

Download Submit
/data/user/0/fun.playme.wobljr/databases/StartApp-d6864f2502af7851-journal

Filesize
8KB

MD5
00faef33aac1c4b9e4a4ffeb6da93e69

SHA1
df78e2208c94173de37e8d92ca0e0d26ee3dd1c3

SHA256
51797fa279600124167cdb67c190d63959627a389789982f65e2cf7ae072c52f

SHA512
f1fda294b0dbee3d0e8b60264bf87b38be291d8531ca04f0246fec865003086dc2468b2f90575fffd56883495536b28ddead239adf97d4a941c12d490698ced5

Download Submit
/data/user/0/fun.playme.wobljr/databases/StartApp-d6864f2502af7851-journal

Filesize
8KB

MD5
640c31bd227e387eb2a3b0ac429b3670

SHA1
50daf7e5df937b4ed9f9cf437671bcb91bff0a62

SHA256
5a15858f08553f8a3c00bb7fd4671bc10a31acb40abc2bd92ae093d1d6b61bf2

SHA512
3344b56d15bedec03a145607209be8496b7942f4c5a4e9ef1a07ef7c96a700cac06b2554e117e43707d1315c14e206062df153c5cf75a1593992ee32f9f02212

Download Submit
/data/user/0/fun.playme.wobljr/databases/StartApp-d6864f2502af7851-journal

Filesize
512B

MD5
be6c87dbcff0833665b7e4120e990759

SHA1
f1c060076a60956c23b336fc675acc1162cca354

SHA256
8821dc3d59ec4c087bfce0d84bd5ed9629c4adaa8b63c05e1b3cb6e39ac55a41

SHA512
4d35fba91ff789ebfdfd432f119d6e967fba2318f2a2b2d1e1687285c6e162ccff2ea85b95f2eb157ea977a15ac5d001fd52f3ef474565a3d202358377b073dc

Download Submit
/data/user/0/fun.playme.wobljr/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
c76d80cbf4abb3c234ef36db23a4001e

SHA1
9ada37f8d84c008936093f66f1ce6d68c46de52c

SHA256
5f6872f55c7e36c819cb4c5aca7071fcdff1d73ca76f54a31851370a386a8f5a

SHA512
f9c76adde99595fc34618630b99de9ebb3cc38be48bdbe9cd404a8f86c7550c1180330a93ba7b6c2428bf0a21f403b4932ab4bdbd677ef8905f947277ac40091

Download Submit
/data/user/0/fun.playme.wobljr/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
395e91327b8e943e48d0e099628cbc87

SHA1
1b5fec1127847ebfc42b0ec9a8e8c9fbdf308173

SHA256
8ae23432567e5e186cdd2cc80992aa8ecb4a8d342a8767905706522643d92c21

SHA512
c32c61a78cd9160ef86916a570b22459a1bdee1ead83674106c0dc8daff24c23ead702b253c938622e1b6c0d3cd7f489ad652d3e68e9c10077d489e259186d64

Download Submit
/data/user/0/fun.playme.wobljr/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
a50233dbc065a6d454e7b34f1fe710ca

SHA1
526d9fbf91093ff28399a24f48c5d35c4111fc5b

SHA256
4ebdb271eba6a440ce270cada09669dc37977454d1b020afd08daafc1106677f

SHA512
1a31da4920deaf90fc6f3a7129c1485b9c2d3c4953ab8188021b90947a62d9f8aad8c5c57d0c7dfeae49111802b2faa00cefae9963d37e17332180ba8ae50303

Download Submit
/data/user/0/fun.playme.wobljr/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
0b8ba924c4852cb6bc5440bc5baaae1f

SHA1
78d3572853ec3ba9552e5e02e5a0edebae057b41

SHA256
f60ce0aad625b414803d16d0a232bfedd4ec6f74f0be865a99ca0e04a534072a

SHA512
95b44ee4ece5552ef192ba15ffa6a20fc848cc6b3791c5b4d2d7aebbf3d0bf8901142bd475c2323f1e68b867dac8080b9b81ac1ff460541714d39fba0e99e34c

Download Submit
/data/user/0/fun.playme.wobljr/files/.com.google.firebase.crashlytics.files.v2:fun.playme.wobljr/open-sessions/66EB1C44037500011219D3F82530FABB/report

Filesize
787B

MD5
5679b07c52d3cc3f912382990447da7a

SHA1
398bff030fb23eabc21020b0cfd1e7e820454161

SHA256
e5f5e3b39d46b06ac89229560382cd69a3e46e419bfe0811d22512f1fddf2e05

SHA512
fc96d1c45cf8341db97116977c3b350c258ce2b8db3078278ea4f793482c6d3956bf8c2a3bcf8eaf4cc5373a89c843ae7b5ed68293e612fdd2cff356a2baa348

Download Submit
/data/user/0/fun.playme.wobljr/files/PersistedInstallation2742859869001447109tmp

Filesize
90B

MD5
8901025dff39e930eb8c5ea956a6026c

SHA1
15ff06270ae7ae1d3675edb20adbe61603e73537

SHA256
0cc06698df72848537ad55b753be60308f9fae3b41ae7411b898246ce8755389

SHA512
57e5e88ffa897c49c889ba2ae358fb23587b41f7e5a7642f6b11972fbcdd2675fdcb898c05b84733a6ddd410fc4808461da5bf3ac0c5bffb5ce9ca30b7abc1d8

Download Submit
/data/user/0/fun.playme.wobljr/files/PersistedInstallation4292590080646267355tmp

Filesize
568B

MD5
9cbd4cac675e4b25d1981ef96a07d81e

SHA1
36f5ef91d1691f65ac889ec0bde39f5998edcd63

SHA256
0684db01bb18a2f1826d33cbeec4df09b84cfa3aa72bd61425bd269a7ea7995d

SHA512
7f14b90fc6a8591e9eaa4f0149a03672319fe5e3b453af78917d52239ee81c476ad4e2b8ef8f6961386fe6cd52bd7cbdf856c475cec80ed0d4570cfdae21e065

Download Submit
/data/user/0/fun.playme.wobljr/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
33B

MD5
35b51faac8b5af3886e70bb5a885dab1

SHA1
e6cb282da46cd4bf113e25c8573268578dcd11b6

SHA256
af5b3362ec35985974c6b73eeba53e5063861f2491252d61d8cd42168aa5ed6b

SHA512
6ad5e9766cc03a4436e1440b9e47c44da6c6440a3c94b1cc988f8c5680043cde6f7b7e02b2b4c71b25df4209c39ed099fb65fdde02a9f09464609a1abe6af8fa

Download Submit
/data/user/0/fun.playme.wobljr/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
75B

MD5
944e6a5a08cb971370c65c06061f0ab4

SHA1
84d47725cc29bf167b782c702575bce4bf2ecc5b

SHA256
ba8f4af0e35f93cc15649f4c51969f5279421fc12deeafaddec5e5c48aa58dab

SHA512
bdc404233927a6a99160492d0b3e2cf00776d51b33612b8c9ecba395747b3572cf1790269fb199915aafe84c546d30e3259833c9d00af8c412823396882ca783

Download Submit
/data/user/0/fun.playme.wobljr/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
121B

MD5
ffcbf87665a36fc21782400bd0537e79

SHA1
3dbfbdbfdcde953317b089f9a9fa0bbe50c698ee

SHA256
a21d3bf2cca0951e9e7b3fed43cafe9f89a4cf9d844c82279b260852d0ee473d

SHA512
7f98ac150c422eb4f1126d86501d0435817ceaa7eb5549e4d21a295d57be3d3fed4388cda782c084130c4ac8d57a4f225139a2e42e8a12b34cc1679140d16b57

Download Submit
/data/user/0/fun.playme.wobljr/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
163B

MD5
dcf7d6c1cfd5e7b56074e3001577c78b

SHA1
b8eba89aee9f6688ecda6675ef8ff4998da0b141

SHA256
ba0830617929c78abca9391c2059f89c78049911f502ef5525d39341e4da2b91

SHA512
42d75be824d69de23d2e8605d60c3608db20ed5c059f5b67c63ca2845484c67150aea88a3aae36aae12a4ea266fb6b469d09f765bbcd444350d836ab83f7695d

Download Submit
/data/user/0/fun.playme.wobljr/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
212B

MD5
fd4bcc57fa07ab54dbfa65d785049137

SHA1
376cf1082f1e606ab7615227a611fca75c25cbe4

SHA256
670c00a60cfb7979734afa71aee3d18d114cae82404d77319988b69d3a4fcc19

SHA512
df46848fe4dda3d1b1d9553c31119fe040991cc99e24c328497c2d326e90e868ca3593fef09ea95d8783ca8509e10a32e15ec02bbab4b651873c96a765c8b1c1

Download Submit