Overview

overview

10

Static

static

10

OnePlayer_...re.apk

android-9-x86

7

OnePlayer_...re.apk

android-10-x64

7

OnePlayer_...re.apk

android-11-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    138s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    10/11/2024, 11:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    OnePlayer_1.2_APKPure.apk

  • Size

    7.5MB

  • MD5

    6ddbc371fa3b2fc5228e0428b17d3cf6

  • SHA1

    b15da4fe4acb5da38741507ca25d46af14aea1a9

  • SHA256

    3cacfba713f28437ceaebb97b75cf37850cbe4a0c4834f1c592a57d766bafcf8

  • SHA512

    9e39140d1edd3bab1ac5ac2aeaca1adcae33c1c091851de144415876ad1c958e16440bccdf6b2dc550d49ccfb5e45857e08f74b85c8885448b46a9c243bd72bd

  • SSDEEP

    196608:gr4lU2ceS9+P9lOtluPsUKDptefViX0+3u4P/c:gi3BSb+sUqgvr

Score
7/10
discoveryevasionimpact

Malware Config

Signatures

  • Checks known Qemu pipes. 1 TTPs 2 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

    evasion
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • live.oneplayer
    1⤵
    • Checks known Qemu pipes.
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Queries information about active data network
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4240
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/live.oneplayer/files/audience_network.dex --output-vdex-fd=78 --oat-fd=80 --oat-location=/data/user/0/live.oneplayer/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4313

Network

  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
    semanticlocation-pa.googleapis.com
    IN A
    142.250.178.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.202
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.10
    semanticlocation-pa.googleapis.com
    IN A
    216.58.213.10
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.10
    semanticlocation-pa.googleapis.com
    IN A
    216.58.212.234
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.42
    semanticlocation-pa.googleapis.com
    IN A
    172.217.16.234
    semanticlocation-pa.googleapis.com
    IN A
    216.58.212.202
    semanticlocation-pa.googleapis.com
    IN A
    216.58.201.106
    semanticlocation-pa.googleapis.com
    IN A
    216.58.204.74
    semanticlocation-pa.googleapis.com
    IN A
    142.250.179.234
    semanticlocation-pa.googleapis.com
    IN A
    142.250.180.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.234
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.74
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.42
  • flag-us
    DNS
    oneplayer.digital
    Remote address:
    1.1.1.1:53
    Request
    oneplayer.digital
    IN A
    Response
    oneplayer.digital
    IN A
    172.67.163.216
    oneplayer.digital
    IN A
    104.21.73.158
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.187.206
  • 216.58.204.74:443
    tls, https
    202 B
     40 B
     1
    1
  • 172.67.163.216:443
    oneplayer.digital
    tls
    1.6kB
     34.0kB
     20
    34
  • 142.250.187.206:443
    tls, https
    817 B
     40 B
     1
    1
  • 142.250.187.206:443
    android.apis.google.com
    tls
    5.5kB
     9.5kB
     16
    27
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     336 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

    DNS Response

    142.250.178.10
    142.250.187.202
    142.250.200.10
    216.58.213.10
    172.217.169.10
    216.58.212.234
    142.250.200.42
    172.217.16.234
    216.58.212.202
    216.58.201.106
    216.58.204.74
    142.250.179.234
    142.250.180.10
    142.250.187.234
    172.217.169.74
    172.217.169.42

  • 1.1.1.1:53
    oneplayer.digital
    dns
    63 B
     95 B
     1
    1

    DNS Request

    oneplayer.digital

    DNS Response

    172.67.163.216
    104.21.73.158

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.187.206

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/live.oneplayer/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    9b51ab3f0cbe40efd36a0b456022f559

    SHA1

    15b15aff91f965ce58b060a302ed8d6ff946c817

    SHA256

    fe0845014a2ea66e8a49cb37c2e60db79b9c591801cf175ecdf48014f089ccaa

    SHA512

    d26f393343fe711d7920d629cb9416c123398df627c182ab7bc8a7beeb0d4ab8044e31d9134ad5dbe86a8c3e10161f92fa5c4dd74b95d6c1c6a05125af7a3737

    Download Submit

  • /data/data/live.oneplayer/databases/google_app_measurement_local.db-journal
    Filesize

    512B

    MD5

    975aa37a01ae4c0f190c2e8d3672297b

    SHA1

    a7274469c7328fe2f9d5c45a8f3aa582a83778a6

    SHA256

    a4a6c2cbb46d8f749133784441d9226522d7ad4fc603e9bc44d10d35d93cb087

    SHA512

    5a47d7b474c6dac155f736ce96b82978bb354ee051503dbad0219cee5aaec084901585dc797feccdd8eb39afa4987f3e7f72ffa51071564a19749b7b13f6cd81

    Download Submit

  • /data/data/live.oneplayer/databases/google_app_measurement_local.db-wal
    Filesize

    36KB

    MD5

    4d21defc93f2c535faa289db18bac897

    SHA1

    9af004edaf67e6f19948b7399014aa8a1615e547

    SHA256

    924490102d96650646e82be11c46a7834b0defad6b5bed739243620570177b1b

    SHA512

    3215a912d3d7b5a4b17ea25ee46666fcc3b6c586583b8d8137892ce7a2997e959b33bda93f3d79087a1fdee0e3bd233b1f5b1e0cad38c71c4072198efcf5d832

    Download Submit

  • /data/data/live.oneplayer/files/audience_network.dex
    Filesize

    3.2MB

    MD5

    da2b94774dcd96d257284f7710cd09c9

    SHA1

    6825ddecefc435f1de0608ace7f4c7cdd982473d

    SHA256

    08db2ca6e3f51676dc1c9b114d522ac5ed211ae2e359bf6270066aca651e6932

    SHA512

    9d548c66030456cf28b4efc7e1c399e455daaba6a4e5f44072e4852f62305547b7d0344d7328f514e901c29130ab5c6cce1c0df5d8dfedfa129083ca1712fe82

    Download Submit

  • /data/data/live.oneplayer/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/live.oneplayer/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    db6f71e4a416db2db266ef79ba1ab211

    SHA1

    d04c94ecfc8ec3938797b74a8ecd7b5d65260774

    SHA256

    bb83efe4f1e9caedf44d8136d48c60a1f998c5fe8550dad09f14f0dedc01a76e

    SHA512

    fabcbeee82fba6ab88378d20b190c37f5d46e4db8cf4ab3bed2248f2c80049104ecaea685d5135f6b7d02e20e2338d8a6825434a5330ab6c2cff79a6f5e4be51

    Download Submit

  • /data/data/live.oneplayer/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/live.oneplayer/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    01bdcca0e9a1617574e280e2c4f5ba4a

    SHA1

    25161aa98bdaaf2a466e93a96d7550a4ba8d625d

    SHA256

    348cb0139de6279cdf2154c0976c7379174171a31a562368161d2c627a687d36

    SHA512

    501d9fec91c14ecf9a4a9a2e08692506a439085bd316c2fbc376a726106748b6ddba82e47cd0ac22f21351454c44fed91e973a3690d056533d0ce5d39fbf6c70

    Download Submit

  • /data/data/live.oneplayer/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    7058c6a0c88d8219134588025f61da56

    SHA1

    9dfc49bf7e02e1c180879312e8782aa8f8519ea0

    SHA256

    0343981bc7578636483917393e0391dbfdf36f4ffd8bab69f2f5fe1e30b48de1

    SHA512

    e1a826290dbfc71108f82977fea23c43a9ab31c04b089fc1614ae0ab24f376bd81e9630a38cd664834b711c10b8ab171bcede89b113e7b90dc8266363a972635

    Download Submit

  • /data/data/live.oneplayer/no_backup/com.google.InstanceId.properties
    Filesize

    2KB

    MD5

    87b2d743c098eff78bb6471c4984e90f

    SHA1

    a320607b45ecd94a62ae1be7dd02101df2e31acf

    SHA256

    acde7cdb2e1940c413a926de89135ad92cff95567dd710d357cb0b9a8e6c6220

    SHA512

    3b6070db4250723d779e1753867197dddad99a2ebdd36054eaf5ac61ac5191e5b3fe8a293abe8190bdc266d8ad98556c391a3039df727ce6bfbab8982b1337eb

    Download Submit

  • /data/user/0/live.oneplayer/files/audience_network.dex
    Filesize

    3.2MB

    MD5

    c182f01349440c426f8ca2373a6bd8b7

    SHA1

    e3a63d7a6118605a010b61f7cf8b0e228a041246

    SHA256

    4978887b084805cb6aa975ac738095a53c67dace937b9cf04dad16a3c23dd847

    SHA512

    d63ce797ebdeacbf78a5946e02439b6ce6f326f7ae6d2d72e471adefc12ec45e90619fefb6ee2a9da8cfa9c16411009b1621430cb4e4ee561081d7e28c564021

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.