70796fbe34ee7cb73c700f6a817b133ad95727543aef6c992182ec144cc92e5d

Analysis

max time kernel
12s
max time network
146s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
10-11-2024 10:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

one.apk
Size

7.7MB
MD5

d55b4144c8fd49874e211c5f202835ec
SHA1

8afc38d0ee5ac2854d9dae63d1f075654b0dbe14
SHA256

70796fbe34ee7cb73c700f6a817b133ad95727543aef6c992182ec144cc92e5d
SHA512

593457518ec0d62f70e7b37f11d84d2f131f3263f6bb940c43c4d5438ebdf56441c820988607f66174ac429609e9fe188c6ac0097cb570ed9c730bc75514233f
SSDEEP

196608:pr4lU2ceS9+PwE1xsuc6P3bXwlOtluPsUKDptefRc:pi3BIE1xfb+sUq6c

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
evasion

System Checks
T1633.001

Processes:

live.oneplayer

description ioc process

Accessed system property key: ro.product.model live.oneplayer
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
evasion

System Checks
T1633.001

Processes:

live.oneplayer

ioc process

/dev/socket/qemud live.oneplayer
/dev/qemu_pipe live.oneplayer

description	ioc	process
Accessed system property	key: ro.product.model	live.oneplayer

ioc	process
/dev/socket/qemud	live.oneplayer
/dev/qemu_pipe	live.oneplayer

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

live.oneplayer

ioc	pid	process
/data/user/0/live.oneplayer/files/audience_network.dex	4987	live.oneplayer
/data/user/0/live.oneplayer/files/audience_network.dex	4987	live.oneplayer

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

live.oneplayer

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener live.oneplayer
Acquires the wake lock 1 IoCs

Processes:

live.oneplayer

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock live.oneplayer
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

live.oneplayer

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo live.oneplayer
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

live.oneplayer

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone live.oneplayer
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

live.oneplayer

description ioc process

Framework service call android.app.IActivityManager.registerReceiver live.oneplayer
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

live.oneplayer

description ioc process

Framework API call javax.crypto.Cipher.doFinal live.oneplayer
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

live.oneplayer

description ioc process

File opened for read /proc/cpuinfo live.oneplayer
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

live.oneplayer

description ioc process

File opened for read /proc/meminfo live.oneplayer

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	live.oneplayer

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	live.oneplayer

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	live.oneplayer

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	live.oneplayer

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	live.oneplayer

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	live.oneplayer

description	ioc	process
File opened for read	/proc/cpuinfo	live.oneplayer

description	ioc	process
File opened for read	/proc/meminfo	live.oneplayer

live.oneplayer
1⤵
- Checks Android system properties for emulator presence.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4987

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/live.oneplayer/cache/image_manager_disk_cache/6c958a1e130d08aa0e5db73529ac772901a67c6cbc04a85f021c894257bf754e.0.tmp

Filesize
25KB

MD5
633712e466a67e179b8d9dd877cbdcf1

SHA1
09d0c025fa80f8a9e3a83af95f932ce53eee67be

SHA256
bc0f4c5f078da55a95de3e45e841a01526603aaeceeac58b63bf84f6775434fb

SHA512
d65d572ace760972eed79f024f0f52b6f0ac9f3ec206b9ddf9cebd1b74c8d39744c9d8c80910242abc8c8cfbd133e98b585e748d77a2a75532f6a103a3bfe029

Download Submit
/data/data/live.oneplayer/cache/image_manager_disk_cache/7b5a812ee62361bb510d95e00a086401c9025d483b626ffc37169edeb547704f.0.tmp

Filesize
1KB

MD5
bbd3abba9b1a7b4b49aff6af2a1c7c0b

SHA1
95115487977e3c1956cc96437b55749550b28529

SHA256
2260b157cc7539fcc35ac33834f97c6040a86a37aaf81fd145a7ed91ab1108cb

SHA512
8064ab2041835b45145469ad921a6061fb00150fdb4024766eb0c28bc6e5e8c7c71482c7c91eca00e799681ecb55b686ec3d35f3bc3270f203f66ae460a27a8b

Download Submit
/data/data/live.oneplayer/cache/image_manager_disk_cache/journal

Filesize
326B

MD5
a0bc80dab6b8e38274b99febe24c745e

SHA1
0f35272b5d7d80ad2c611d3f61b7ae8ba79655a2

SHA256
22e696b7441c76b635b622a451368d1a457e657fb8c2fc590296226e510132e9

SHA512
7911827c1207e67d5c6a80e8055ed5a293b9b342278e2902827299f088960889b5e4eaf24174026ce699228bcd82610e4755a8509f41aabf6da66436f8d8b450

Download Submit
/data/data/live.oneplayer/cache/image_manager_disk_cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3718fe22bae8bae1e331235f33a50df1

SHA1
49da4868dbc66dc154f81351161641042a1eeb26

SHA256
147279221addf611423b11636b5bc9982ea01f82ba7f4f5f7107f863de4b62cd

SHA512
db186a340ff83b98ea2142f8aa1b1846cee2cd735e484699bf3484f24e1fe3d8fb3ad9309ceb10c51977ffe114f7d70ca9d9eb02f982793e1f669e8ce4be0d22

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7637fa900d29d6e7df8beb3551adab1b

SHA1
06317a0ff889e0f60e499fd27d4f2d3d5b1580e3

SHA256
a7f53e525d896c4820b925abd89f674fd5dd09de5b32c77a69aaf19dd6efaa38

SHA512
8bb374aeb0ff99d53fe4ab8a346daf6e9d92f9385f34e7dd7a63dc446a199f43dd317f9b25d8b2217408678fd7eef5babac51b5adbe06c234e3ca75019b72f78

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0b211ff6e1f53e0e2763e784deae4021

SHA1
b7e27349a686b8d5158faa7472f020fe8d1bf267

SHA256
a76673213a820aa2ff0662a82c748733a028935cec62c63aa5def1b9fdd0cfc3

SHA512
ad5e9fbddd515ad3abbfac5a0b9fc69df9d1a5e21221d82b4c5081044a4f4c45505bccff62b8c8b1e05cabe3668ccf022944035aa67f71bb3b77ab88fffae9c7

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a0ff4dd177f83551ec655d8102d0c639

SHA1
66414ea5a163790f5d2cbfa5bf03739d672d9ede

SHA256
437abdf60557593e5da3f1b59b95b35f44fdd86aa31c49d8e7802a9210d8d61f

SHA512
d09f260fbe59504052d911ac907efc5e9ea023c361e38007bef5bfbcbce8cde562f579f74348d6922354f4fc4b56e700db65866f006411ebe3467f799b7832cd

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9cfaeb43e8f74f0c75e85347c24ed158

SHA1
ab659848e12bfcc03d37da69cc6b3acbfca16547

SHA256
31cd246acd6a2512ffda292894197ab852634e57ff28af1b91157bcb58031e18

SHA512
83dfc88d4d662a6b50c0ade6250948f6e94f96e3ae4905c7d73b4727bfc0aaf2c88261803f5b1e53cf02e5a8e9dbfbb83111a069451e8edacdd8537823ba06d6

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f9a689ccca2b0d52daaa2820156516bd

SHA1
8206a59c5a7a70dda3130bd9666f257ab0e23327

SHA256
871e95a6987b425926ea86b17dd924487db5d7b6e137a944fea5bf06ff944eed

SHA512
09f2931da8e0e32029384feb7764361df543e4364ce5628c9db8693ccda35271a460ed13c2f7ad1a34516d30089545d83fffb54594b64f0607bdd261f8fc2c9d

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
844a5b156a2da5a93e0117f29607fc1b

SHA1
66eca31441dcb8ef0a23927a2708b233ddaffb06

SHA256
c4afe23fe94aff455042ff206a5633657ac7ce1f602f36450d1dac2f47b39fdd

SHA512
95f39f9c271ed8afd27cc0298080e8bd884d0f35b573a3df613d84cafc5d9e5b484fb6ecf4963a3226a0736819b5119c454339c54a3dd866f031ce47607f070c

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c4907b9cd508efb1123fb6bd54ee6308

SHA1
65daadd3a24dc1e1afcbe3569a601abfa11e76eb

SHA256
cc1023bd61060c43b1b56b27f4012492dce2fa7da398d544a89eb54e1dd00fc0

SHA512
3cafe356e4bdc4bf9f8c17f6831983394efb07289a8271acdd46a1ec04c552288d2e6e443ddb66b33945b226056aa3d79208f446cc910a124b32ac03ea7faa1b

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
efa5eeba9f175ba1cf38828d312b6d50

SHA1
7a5999500b9c086e0fe93ae1934c4ea4ed05b948

SHA256
5091446928b21b6f00b8020ea440d028e3548a04e2da270cb37419fbae9c5bf2

SHA512
4374ab863571c08f70715a7e4e0007d09bfb287bc5d937c7931e4b4f758d298dd97bb29246ef644d1ecc741c2c9daa7b4eff834f3a5764ea0700de608bb83afe

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
4d6cc99c06ce703a78218dd6580b3cbf

SHA1
1505c76c82cf962d395a3553bc6c657c758302c3

SHA256
d60ae899ef8d25b4dfc1ea15add6e1fa9a5f6be7089708fa9e5cbbf1667255ab

SHA512
ee14b1eb0244856e4816f0af56d2c444046a3c12745873571a4a7f60fea34a3bbd3354832b9552c532c7f8662f81d34ca083cc400adc7796e2d14f2e0a632c9c

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6a3a8f4bf84bb9f1b0269a8f4ac6c759

SHA1
458f322cf5285b55cb8c493605bd6ec99f35a408

SHA256
d674dbd2ac1b24d6faa8a21cda0e747d3d1b9dd767f7c0674f266a278453d14a

SHA512
ed59f3ac278319ad860ec29c783cd7d08a60417ec22b51b91043a3e7751c383e42e3206c950e952c570c0013053fcf38a7ac2b69a2e2a79897e83092e2132541

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5170fa46d7338a32f9acf572832a5324

SHA1
521577e7a9d700b2b4b9fba9ff68162064f599a7

SHA256
67e878568493247f03289573820ea71a2402105cdae281ca7e5a54d5a03c3989

SHA512
75e4bbffe3b684b8a8da609bb12c0541124f1726c45fa7e635bf23d0059e00c903d7cb3702e3b07429e2a7bbe706978f7c6079e5b017f3d9fc95a60f812fdf08

Download Submit
/data/data/live.oneplayer/files/UnityAdsStorage-public-data.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/live.oneplayer/files/audience_network.dex

Filesize
3.2MB

MD5
da2b94774dcd96d257284f7710cd09c9

SHA1
6825ddecefc435f1de0608ace7f4c7cdd982473d

SHA256
08db2ca6e3f51676dc1c9b114d522ac5ed211ae2e359bf6270066aca651e6932

SHA512
9d548c66030456cf28b4efc7e1c399e455daaba6a4e5f44072e4852f62305547b7d0344d7328f514e901c29130ab5c6cce1c0df5d8dfedfa129083ca1712fe82

Download Submit
/data/data/live.oneplayer/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/live.oneplayer/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
e78b4bcc3d3a8de9405a1bfc71bf4c01

SHA1
ec04a77c3a3c53f109b7296b33e5a5c63b1ef0c9

SHA256
99a3bb98e729628c74277676166715f3d33215696698d439681d9a0f579d4a8b

SHA512
c48ad74abeb5eb0a2c6a3d409a2b6bb474efcd00e06eb5bbf9815a119c6050a3f26d3550acdc3b78ee818cb3c8359b8cbea95203842eb2622f275ca04fcfb637

Download Submit
/data/data/live.oneplayer/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/live.oneplayer/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
a4d361a2cb12d1f34c545687dd040a8e

SHA1
207540099ef1d7e5550b0a47b6f92757a8e81d86

SHA256
7f3df1edbed9f1f78103ab80ae5b3d8bff357d4d09b448deef2b82295e963da2

SHA512
147bde99d6c8b791afb05cd68819cff205c79e74c72e055df398a8d8d50b46bea4bffb89a6e4bcbec08441db9021e7c5d4bed256c8f67bade20eb789d15aa438

Download Submit
/data/data/live.oneplayer/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
6ccbb5412c55739274f11affd11839b9

SHA1
4bd27228380eb043857235cfb8eb83b2fdd06229

SHA256
b2eed558bd8826cd9370fb7d64f8d2d0a41b5e65c0bd00e1084d180408f388b5

SHA512
f05697ae8a807af741db7049e7549dc914a276d600454f31b8324b7be2de03df5de0bcd0b9e17c7b9cdd74f4d833e3c07ae755cdd13cd2301b9aa9c4ffc5727b

Download Submit
/data/data/live.oneplayer/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
1359f9468da37787513d786e652c4754

SHA1
a21acafacf0f372b044ab57db2cd2f23b4389de7

SHA256
0100a1ea51599030dce451c28bcb46fe629e1a325725afbe368cba1aea448b0b

SHA512
98ce214d09bf7914d6d5f044627a1d54fcf4d36729301345cf1a01f192bdf1a018fc6d3f2a523902bc83542a284cfa6fd10a4a514e42b3cfcac86930bbb5907e

Download Submit
/storage/emulated/0/Android/data/live.oneplayer/cache/UnityAdsCache/UnityAdsTest.txt

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/storage/emulated/0/Android/data/live.oneplayer/cache/UnityAdsCache/UnityAdsWebApp.html

Filesize
2.2MB

MD5
ec0be7729506bf50791fa8831a1fc680

SHA1
9ddaaddef48db397270eba733a39b4e30eb1a39f

SHA256
3a523de9bbcb80dc3cd9ec2c2d87a46bbd5cfa8017f1e03786317292a8e6d5bc

SHA512
f98fcc152d485d35718150d4ea3e59f6a91dc61dddf6fc851d0775f719253b24b1972f34b9d5b124a0c5f24464b0e14596afd354bd976567532892054300d5ac

Download Submit