70796fbe34ee7cb73c700f6a817b133ad95727543aef6c992182ec144cc92e5d

Analysis

max time kernel
92s
max time network
139s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
10/11/2024, 10:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

one.apk
Size

7.7MB
MD5

d55b4144c8fd49874e211c5f202835ec
SHA1

8afc38d0ee5ac2854d9dae63d1f075654b0dbe14
SHA256

70796fbe34ee7cb73c700f6a817b133ad95727543aef6c992182ec144cc92e5d
SHA512

593457518ec0d62f70e7b37f11d84d2f131f3263f6bb940c43c4d5438ebdf56441c820988607f66174ac429609e9fe188c6ac0097cb570ed9c730bc75514233f
SSDEEP

196608:pr4lU2ceS9+PwE1xsuc6P3bXwlOtluPsUKDptefRc:pi3BIE1xfb+sUq6c

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	live.oneplayer
/dev/qemu_pipe	live.oneplayer

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/live.oneplayer/files/audience_network.dex	4251	live.oneplayer
/data/user/0/live.oneplayer/files/audience_network.dex	4325	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/live.oneplayer/files/audience_network.dex --output-vdex-fd=78 --oat-fd=80 --oat-location=/data/user/0/live.oneplayer/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/live.oneplayer/files/audience_network.dex	4251	live.oneplayer

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	live.oneplayer

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	live.oneplayer

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	live.oneplayer

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	live.oneplayer

live.oneplayer
1⤵
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4251
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/live.oneplayer/files/audience_network.dex --output-vdex-fd=78 --oat-fd=80 --oat-location=/data/user/0/live.oneplayer/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4325

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/live.oneplayer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e586b06f91f9a297afb0619a96b204d8

SHA1
83c75bd8ad192d53c17d4072e875aa40b5728be1

SHA256
d6d5841587304e47fda49ed8dd94f13bd551bf6da64d5bd48345bbd2699d3c68

SHA512
d620c90c764bc1553a7ab0cfc2b5851cc5c4dcc19f64973c85d1afbaa707a68fc1dccf075e3d83392684597e3300bf9eb06d8109db8e8a9c547197de57f8a25b

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
8ba8b3bc0c4277d549f643f82331d3ba

SHA1
14f2d63d44410e84311359f88c90efb7102c1d52

SHA256
964c045161e706a944fe2c4f3f2f26e3a32b3de4c2d1f192132d3cc2c3edcff2

SHA512
1d8e0bd626f3b837f18eb71a77e6c4b052e5b0bb8e306629b06963529c89402b90915ef0c443e311036e006cb685e949d0f98e73564b8cfbbea1bc5c50e849fe

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
58e5694a7a0d69ba37f2adbfe27ccc31

SHA1
0958ec845133595fd58437984c075ff40fbe0530

SHA256
42698c1557f61bdf4588c5e0ca458291d4c3d4645c73c4edf6af4ee1b3e00860

SHA512
862e5c7bb8d285d8ff58e57cb0c5569bf3589791b594dc683091370c864e7357b14a4bec4896babff7bd6e6b538dc907810df394803c0d9a278bee480a9f82a8

Download Submit
/data/data/live.oneplayer/files/audience_network.dex

Filesize
3.2MB

MD5
da2b94774dcd96d257284f7710cd09c9

SHA1
6825ddecefc435f1de0608ace7f4c7cdd982473d

SHA256
08db2ca6e3f51676dc1c9b114d522ac5ed211ae2e359bf6270066aca651e6932

SHA512
9d548c66030456cf28b4efc7e1c399e455daaba6a4e5f44072e4852f62305547b7d0344d7328f514e901c29130ab5c6cce1c0df5d8dfedfa129083ca1712fe82

Download Submit
/data/data/live.oneplayer/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/live.oneplayer/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
11a12822a964f5fd0c191c8475f852b7

SHA1
73df3181dea154cfefbeb83a51f880d5a3843339

SHA256
35145be9f2c7563105c9374ac76f6ba3e2c542b68126e006a4c7106dc5cafb25

SHA512
667c46f9ad774b935bab15e460544c1bb1af10fa2c8f96d16bb38df26f50a1b110c49760a2f5b7f149a59e872f863a00147325675fb2e19a4d97ce9b6635d706

Download Submit
/data/data/live.oneplayer/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/live.oneplayer/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
e7bf2c356ffabbfeaca5a3de6a9eb77f

SHA1
63ed8ff17169e0f5b640800c8db00bfa923b5879

SHA256
77e64b9562a27292ac3c19b1da8cecfe560b43041464c9ab191165d243ebfcac

SHA512
faeeb95d84753549d0f1dfc20f0217a30986d34eda10128c26c8c8448a614eb7e0e4004208b8b46789e98f1d4fa5b650a7cabba2727408efe96b5e39d778ae6a

Download Submit
/data/data/live.oneplayer/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
a91f83f0a222873834406331fd6c842c

SHA1
9b81a10418e09486603589f78140eedc0a1bfe13

SHA256
584df9baa675b7b3d08f5e5e1b73077c23f76fc34996cb2329b045f282b74eea

SHA512
c3a8bf10f6c4a7969feb18be2b8cac928f02abe5f6fa4189c08d8dcf63582e7199b2ff3b18dd05006b394892d663f3906d8fad33058067f334a4d4953abb5e7d

Download Submit
/data/data/live.oneplayer/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
70ae8c877f0c7a06659f052f07323692

SHA1
3eee967dc6a35944bc880eece5d736a8daabfbb3

SHA256
25c7b7109725ebee3825b74d88847910003f9aad833e3e420ec58cdfd57f034d

SHA512
11b59d85bfb09ba04bebb15fc2d133ff4b12e4b01c6337e2d48c171361f6d8d383a5aada0a1dc210f9433c8c3da945ea064ff85fda8d519e3d5b356eab2a5759

Download Submit
/data/user/0/live.oneplayer/files/audience_network.dex

Filesize
3.2MB

MD5
c182f01349440c426f8ca2373a6bd8b7

SHA1
e3a63d7a6118605a010b61f7cf8b0e228a041246

SHA256
4978887b084805cb6aa975ac738095a53c67dace937b9cf04dad16a3c23dd847

SHA512
d63ce797ebdeacbf78a5946e02439b6ce6f326f7ae6d2d72e471adefc12ec45e90619fefb6ee2a9da8cfa9c16411009b1621430cb4e4ee561081d7e28c564021

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads