5444d3a9559c2d76d8b1e6e058f671f9b9a091cc9e2c45af4ddf751e5d2b84ba

Analysis

max time kernel
149s
max time network
153s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
13-10-2024 11:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DuolingoSuperPremiumv5.151.6FullActivated-WwW.Dr-FarFar.CoM.apk
Size

59.5MB
MD5

62ab9af731f35177b5632054d10eb870
SHA1

490d5897c47e80b1dd737d849481db6b17091b44
SHA256

5444d3a9559c2d76d8b1e6e058f671f9b9a091cc9e2c45af4ddf751e5d2b84ba
SHA512

72ff817912f110d572c403de1db25f7e6b848165de1d2ceddb93a99100c5d89ad826e1c7037220158aa8d61454a690158ecf04bc4d5f44099eead183f44e9779
SSDEEP

1572864:OMxHpk0B+2shdLMD27aKvphWqjFueq1IijlkxjgD1+iVKx2xG+1laC:OO2GsMC7aKvrWmFvmrv

Score

8^/10

discovery evasion execution persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.duolingo
/system/xbin/su	com.duolingo

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.duolingo

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.duolingo

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.duolingo

Checks the presence of a debugger
evasion

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.duolingo

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.duolingo

com.duolingo
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Schedules tasks to execute at a specified time
- Checks memory information
PID:4479

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.duolingo/cache/okhttp/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/data/com.duolingo/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
6d9ca0a600edac3ef66f623f46655755

SHA1
bcec261ece00897f3e4e5dce5b025c5db05c9cb1

SHA256
ca70a628c4dad73a20ec221640c0b272333287ba0eb2a2eb4eba9645637ea1fb

SHA512
608c1cc487ba35abee594e302c6938abd782a204300fb77de61a7788050ef95fd2e0f1d206828c4a5d8afc11674257cd3ca2bb83becabe4065449db444420ff0

Download Submit
/data/data/com.duolingo/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
5f3d8beeb666937c3b80228077d065ff

SHA1
f2f6fe698d2f6200357855c2c451322a3759d7e4

SHA256
9f17dbf3e3d948834d17acf9f7fd77ca8ed4841fad9a9f3a08e5c5bd516551ae

SHA512
a6d00c6383207dcfe61c7f1206a5dc016e824ffb71729eb0589e097429be31476f25985962d185b85d7a642aec10500f507cc16865234c13239c28b45eb55f26

Download Submit
/data/data/com.duolingo/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
989faf4647eca246759183873d998cce

SHA1
f5ac2b6f0715c056f86e45656a6370290b423736

SHA256
13eb38617edbce437b6617eaebd356c679121b25bb6b29204f2a8994f986726c

SHA512
cd42998a0170d9c7750c6e3e7d044ab0a0ae9c61cee3470b2ed2ea37f18d467bb7f293019d79790d23743bc6201c3603a227b61fd938c40a91d37d5d73576a5d

Download Submit
/data/data/com.duolingo/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
29fb784525f2bd3bfdb2aed8748983b5

SHA1
33600a4b752a0c1b9367e2f5ec103a1855c20b9c

SHA256
d2a5b783e2ef673d70ca32ee8a538a60ceb0a5c90feb94b95e99fb5c0f11d002

SHA512
4b17c8d312a6e9d47b4e133eee7641687ead91cba363687e75a02873850af6758ac189c5bbc88dbe826dc0ca51d047f49408768be192aa5e62efda0b199d68a1

Download Submit
/data/data/com.duolingo/files/.com.google.firebase.crashlytics/670BAB9502C20001117FFCB1DCBF8CD5keys.meta

Filesize
557B

MD5
f5217828d4ff8944078b6a1ab5b0ab5a

SHA1
1f9b8f8e467ba3b741b4565af11c469a29d69e95

SHA256
763c7466aa737edad41d2c99d0c1374d049db25ef94739e405371837f0ad48de

SHA512
1df2276c6dc9e00b77d685a46ca72e2f948253bacd787ca72848d275ff3e434993946838845124a86d14f94a6c3e1642f7b3c8209fbe0d49c45980341ad5b10e

Download Submit
/data/data/com.duolingo/files/.com.google.firebase.crashlytics/670BAB9502C20001117FFCB1DCBF8CD5keys.meta

Filesize
491B

MD5
0abf3542c183d4c1ee650de475726d3e

SHA1
b9e42604a0ba90cf8861cf4066b2b4aa74d9b684

SHA256
7f520d85aa3625bbaae67e9f6e743832294ba7f278dc2238d9ba4937aff23266

SHA512
5120bcaff373f7d123ee400a2b7357b061fc316d634c7ab5f0545b876c94cff047495dfd0886289e6fc74298ccb21fec9334f9da8a2d25745cd2cdef91b335e4

Download Submit
/data/data/com.duolingo/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-670BAB9502C20001117FFCB1DCBF8CD5.temp

Filesize
67B

MD5
c033c7488ed13bfc77774152a8293d02

SHA1
c8b961034cacf601d166096103bbb1db94c42613

SHA256
647548504af25779708922f97bbfe804f084242b9297b8cde9776e5ec4394513

SHA512
9f16e8e2f3a7dc2bea259a692cedaed0615f127572d7d1c134424e647e925b0002a85e8c0beade9fda70dbe1a44c685e54f3cb1f71f24086bf806fbc277709a6

Download Submit
/data/data/com.duolingo/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-670BAB9502C20001117FFCB1DCBF8CD5.temp.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.duolingo/files/.com.google.firebase.crashlytics/report-persistence/sessions/670BAB9502C20001117FFCB1DCBF8CD5/report

Filesize
740B

MD5
48dbb2fc66b01d040f7e0c6bfaff8582

SHA1
0118fea338811b5b94308feecbe96405b108c442

SHA256
c041dc29ed00fef5f0d93b834a031474482ee495a5c38bed294449dc4078409c

SHA512
381f84024ea925dd68f45efd19c1ecab1beea6bcddc083f19b0d47f11096ed022c432e3aa829d22f75980806c6501a908ebf6bab6bd0e8abe4e3af85e89a472e

Download Submit
/data/data/com.duolingo/files/excess_events/event_store.ndjson.tmp

Filesize
1KB

MD5
479b3895e1bd11b26449aac5530de34e

SHA1
85653061f6f67a84bfa42b63b478bcc5879d2e13

SHA256
b7eca0dd82d15c982a14f1ceeb104df28af3d86446ed713fd0e0b67694f4ece0

SHA512
422c616b6e02e386aa14a33d4e385002acd58ac306e59d33e47b6bceacbb79877d28c97e58e338af931f2ec2d4d886a1c821a12c71c8cb8f625bd9331cb16a02

Download Submit
/data/data/com.duolingo/files/excess_events/event_store.ndjson.tmp

Filesize
3KB

MD5
d0aa72fadc989c6270b6a189b5d5b13f

SHA1
760b11cdbaea1a8fa470d7fe772635f2d3b45f55

SHA256
c38ce07ecac0d7740c99c7cc8638c720016bd17c6977a395b8ea5e123f8aaf96

SHA512
f91731e98b9fc4598815925860957a7a20100e49a1eca9f691c99d45365e3f31fb77a29eb1812b982ee983f20bb53b59bdc08267b33fd903efe680a985dea1fe

Download Submit
/data/data/com.duolingo/files/excess_events/event_store.ndjson.tmp

Filesize
5KB

MD5
a26ceb9c460729f0ae5a4e0bbb16891a

SHA1
2ac1f2407568a41b06ad8ddc17ded859e4726a89

SHA256
2b59aa6f5298103345f159a98f3791f7d784fc19aea884affc29b1301ddf9d11

SHA512
411b38154b21d37ebef2eb4be318052b4581dd2ffc645eee1c64fcb1fb7bf2f0a74fba4839ae7a322c5397d02e866d447b94c6359c0c2bc8835a84d8d114b5b0

Download Submit
/data/data/com.duolingo/files/excess_events/event_store.ndjson.tmp

Filesize
7KB

MD5
4160b4a74a3b5635536ceaeaa281a263

SHA1
32acdbc666c8675d28ab75d44217fe02a8c7d5cb

SHA256
09afecbf14fce947c03134c3e6189f3faf351643e1042d7eecb0a112c44e54b0

SHA512
0107cb3a0fef6788a551c9443fce6362a593965707e2d96c37011aee7b1132a1e0d1b264c520b73f70c189e3b09783049f6742d28ed602acd485a21ce10d3a23

Download Submit
/data/data/com.duolingo/files/res/v2/rest/2017-06-30/config.json.new

Filesize
5KB

MD5
f13537a94df94aef4bf6ec45f8961461

SHA1
f7e6a54edeb1e689daa6dda66458b3adb0905945

SHA256
febb57b3ff5ad0b23ede4257d489e6aaaf2f24cf11521f80db81c8106da286f8

SHA512
1610b26adc09269be49a04174c08d8bca32691b7414b8c5891d280d8076b18b029400f89365a0e36a23cfa1cc969696f6492fceee74458b47118cb79bb68e14e

Download Submit
/data/data/com.duolingo/no_backup/androidx.work.workdb

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/com.duolingo/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
d5f013587d123e4459c2de9e509cef23

SHA1
83ef0a491b0668f012d902be48ea5f6c16d20039

SHA256
06abd91b208bd5d8c666526ef4228ac5d6c3276fd3ff3da41f8e2d6ddd80bc3d

SHA512
7b0199772de439bf77a0798ba9e844d823ab53e6cd545043da03f559d1fc5e0895e18a41963ca121f1c4e0fd1f2668d0831000eef5a165acf39000ea77500cf8

Download Submit
/data/data/com.duolingo/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.duolingo/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
dde0cddd951b5a7d6a1c3862a7df2175

SHA1
d6aab4642fd731df42b3a45dc2e8838a91c7c76b

SHA256
f240176f72d90dd14a58fe17a763690a0d6e02a007ae16a262c78038cad9d5c1

SHA512
176240dd80b46307cabc73ca1f0148d0558053b0576e791ef64a39e872575bc1e453ae42b08c1fd37150d607c48347c781abd66a49320ef4f9806a6966e48eb6

Download Submit
/data/data/com.duolingo/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
bcce542d10fb62bf67752fffdbc26230

SHA1
f0de5e31147ae87728d1de4d4278b8f00982e38b

SHA256
662a6ef74dc0221368834cc06eb99abbd8af9a705836e1ac9b9b1cc684a5e266

SHA512
54f50c70a78f3d6447d99b0dc107af07e190236ad377ebee4929461d8b481fd94f369cbdd24cf0255121e2159496964bb70140fdec44ae0ac59c09cf52b1d7fa

Download Submit
/data/data/com.duolingo/no_backup/androidx.work.workdb-wal

Filesize
249KB

MD5
87c5cbe12753e03880b41846f2ec5116

SHA1
5906e2f6e8799a3ab3eff309b8789188e55e59b8

SHA256
5c5169d06c92efdc0fd7221bd08d8762ba45849dab294f65fcafa76826215148

SHA512
7c69142b3ff0f355eea07fde56a2160aadc0275c516487bbdde170e7664e0848be3761772fe10a6129d8b0be8de7f91ce8f78195a2422cff706558e0d8a641bb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads