3cacfba713f28437ceaebb97b75cf37850cbe4a0c4834f1c592a57d766bafcf8

Analysis

max time kernel
11s
max time network
151s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
10-11-2024 11:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OnePlayer_1.2_APKPure.apk
Size

7.5MB
MD5

6ddbc371fa3b2fc5228e0428b17d3cf6
SHA1

b15da4fe4acb5da38741507ca25d46af14aea1a9
SHA256

3cacfba713f28437ceaebb97b75cf37850cbe4a0c4834f1c592a57d766bafcf8
SHA512

9e39140d1edd3bab1ac5ac2aeaca1adcae33c1c091851de144415876ad1c958e16440bccdf6b2dc550d49ccfb5e45857e08f74b85c8885448b46a9c243bd72bd
SSDEEP

196608:gr4lU2ceS9+P9lOtluPsUKDptefViX0+3u4P/c:gi3BSb+sUqgvr

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
evasion

System Checks
T1633.001

Processes:

live.oneplayer

ioc process

/dev/socket/qemud live.oneplayer
/dev/qemu_pipe live.oneplayer

ioc	process
/dev/socket/qemud	live.oneplayer
/dev/qemu_pipe	live.oneplayer

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

live.oneplayer

ioc	pid	process
/data/user/0/live.oneplayer/files/audience_network.dex	4942	live.oneplayer
/data/user/0/live.oneplayer/files/audience_network.dex	4942	live.oneplayer

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

live.oneplayer

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener live.oneplayer
Acquires the wake lock 1 IoCs

Processes:

live.oneplayer

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock live.oneplayer
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

live.oneplayer

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo live.oneplayer
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

live.oneplayer

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone live.oneplayer
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

live.oneplayer

description ioc process

Framework service call android.app.IActivityManager.registerReceiver live.oneplayer
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

live.oneplayer

description ioc process

Framework API call javax.crypto.Cipher.doFinal live.oneplayer
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

live.oneplayer

description ioc process

File opened for read /proc/cpuinfo live.oneplayer
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

live.oneplayer

description ioc process

File opened for read /proc/meminfo live.oneplayer

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	live.oneplayer

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	live.oneplayer

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	live.oneplayer

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	live.oneplayer

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	live.oneplayer

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	live.oneplayer

description	ioc	process
File opened for read	/proc/cpuinfo	live.oneplayer

description	ioc	process
File opened for read	/proc/meminfo	live.oneplayer

live.oneplayer
1⤵
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4942

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/live.oneplayer/cache/image_manager_disk_cache/6c958a1e130d08aa0e5db73529ac772901a67c6cbc04a85f021c894257bf754e.0.tmp

Filesize
25KB

MD5
633712e466a67e179b8d9dd877cbdcf1

SHA1
09d0c025fa80f8a9e3a83af95f932ce53eee67be

SHA256
bc0f4c5f078da55a95de3e45e841a01526603aaeceeac58b63bf84f6775434fb

SHA512
d65d572ace760972eed79f024f0f52b6f0ac9f3ec206b9ddf9cebd1b74c8d39744c9d8c80910242abc8c8cfbd133e98b585e748d77a2a75532f6a103a3bfe029

Download Submit
/data/data/live.oneplayer/cache/image_manager_disk_cache/7b5a812ee62361bb510d95e00a086401c9025d483b626ffc37169edeb547704f.0.tmp

Filesize
1KB

MD5
bbd3abba9b1a7b4b49aff6af2a1c7c0b

SHA1
95115487977e3c1956cc96437b55749550b28529

SHA256
2260b157cc7539fcc35ac33834f97c6040a86a37aaf81fd145a7ed91ab1108cb

SHA512
8064ab2041835b45145469ad921a6061fb00150fdb4024766eb0c28bc6e5e8c7c71482c7c91eca00e799681ecb55b686ec3d35f3bc3270f203f66ae460a27a8b

Download Submit
/data/data/live.oneplayer/cache/image_manager_disk_cache/journal

Filesize
326B

MD5
a0bc80dab6b8e38274b99febe24c745e

SHA1
0f35272b5d7d80ad2c611d3f61b7ae8ba79655a2

SHA256
22e696b7441c76b635b622a451368d1a457e657fb8c2fc590296226e510132e9

SHA512
7911827c1207e67d5c6a80e8055ed5a293b9b342278e2902827299f088960889b5e4eaf24174026ce699228bcd82610e4755a8509f41aabf6da66436f8d8b450

Download Submit
/data/data/live.oneplayer/cache/image_manager_disk_cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
bb620a5b766e9a06af0706bec5c87534

SHA1
769aba79cb1247b6fda6b52513c58079c7f98b96

SHA256
8e0af5808f21a869fb4a37bc902b705a2ca2e5bb8d09bb7fe66b2a005836e3ec

SHA512
e273f3624f29d381f96618a18931b6ccc6bb91ba59acee26e4626cb30d3a8fb1afd1b7adadc96523f5c3c8fa2cb3e88cd20ce1edbce2e37752af36d1d6fe9cd5

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7637fa900d29d6e7df8beb3551adab1b

SHA1
06317a0ff889e0f60e499fd27d4f2d3d5b1580e3

SHA256
a7f53e525d896c4820b925abd89f674fd5dd09de5b32c77a69aaf19dd6efaa38

SHA512
8bb374aeb0ff99d53fe4ab8a346daf6e9d92f9385f34e7dd7a63dc446a199f43dd317f9b25d8b2217408678fd7eef5babac51b5adbe06c234e3ca75019b72f78

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6553b0d75316bbd478322f2cbbdd7063

SHA1
9f8f1319248a970f71e4a0a38c1968b6c20ca60c

SHA256
e414846723336367467f5e06572d9491b272cc6d815d9548246e5ec8f0fa82c4

SHA512
6116e2892549e6467ed77d22051abd3f3bad1a63e58b0c626ffd714138205018ba8a7116a46e1b077bc0738fd5b282a3aa8150d7b2701c56678e71c1e84d707c

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7055f5bf178f118f79e5409ced1486c4

SHA1
1f6ca5a7399b4d5c8d3f91f1c7687274f4a8e7bf

SHA256
2df972999ef77df6121af84588298e434bfd399b36877bccadce0cfbbc45c63b

SHA512
6af2c83b552a16235c6c7a4430e9fbef60adbbefd327669e4fa4dae380a85a882fd9814fd8bc99e64ee13ae070d36d81378e01860aae84b439feb001a0516ca8

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
cac0fd70342c490e786a332656f7db71

SHA1
21b63aeebcb1f6b87579a29ffcee67904f1e3473

SHA256
323c94047621217740c7b927fc952268fe61268ce3e993a351c79ca1a214f0f3

SHA512
21366a7659058fbb6737fee33565e4565f97b1ac606bfec7fcf6ccba4a4668b2fd9308ca8946bed867ccb16dceef2e0f02364aa0697c23c46b25de8dda0da21d

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
556a7970333ab5cd15c24f7040e9c5b8

SHA1
a749c8483726fce1205c81c42724114483f9527f

SHA256
614bdd30f1c2ec4e3b598762c646a918f78ef44f0e827dc648322058c503cf98

SHA512
3aa5df9892d1696a5833c9312df790c0b3269206487f297205786ccaaaf7d3b98dbc2b09db3bb2f4e37b2a8c50f6a3f5d4eeb664cf775cb726a3599222bda9f0

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
f89cad26839af7bc4f38fdd8bc436fbb

SHA1
4eae1e6b436c8ad2fad41f93faed5f82987a61c5

SHA256
08946abd2a2880dd5229f894e2201518beb1679c66f79edde812cd41ea3da4e5

SHA512
ff474243e33ba4c850a399557ba786a9e3921b4c087632aeee026dcf1f1245f7b7770fdc317c8f7618e09c324129355d4b1a3ad4f38242299dda02bb8a62a493

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
e77ef628dd10c605065e483630de7f6b

SHA1
c34d5bfec4cdbee391b00b4ffb0dcdcd1f04d8bf

SHA256
c04837b724bfe31eda54378c0b3d490bacfbfb92f45d9eea32137583db5b9aa9

SHA512
0e9d52c6c35ab4fadaa4e57b54ee6ebaff307ec81ea7fa2805a6faacf8e795e21ce0e16578ad52a0bcfd0e2b78a1dda3f9d6cb21099cc09881ffa4da2c42bac7

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
07955832893bb776266f00e38b9c5f2f

SHA1
664cb644dbca2e76d7e46cc2946bca22e0790e5e

SHA256
72227fe4b1027d34cbb9252613c3ce25176cadb66565151442ed64d86a3b3792

SHA512
dc85f6ca0d207a66643fb3ca8764da6afcb0d1a0cabed1efb17791222e968206f69a942d0aa0cbbe46068c4ddb5613f98c7ba908bc09292cabc80bf943ef9343

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
cc5ef87f4b49aaf0e6c524b31f6448bf

SHA1
ed1a5ef3ef80f93a9d24e0a2637d3cf2a1aee199

SHA256
4c456ea623c8b92b143aa67ff6b64de8258102d83c20d11ddd6b466b7f79e6c8

SHA512
ed84fb1b91187290339c372cf9c758dc83ecc6eaaac8fd587a4214d08170af7889427355e1950f4fdf28ab0c59d2e05874931c6d6409c63e2edcf2bea37af033

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f3eab9d4d25f30cb786d60943c21c6a6

SHA1
e29e29908799c9ebb193c83e79773696a5ed43b0

SHA256
ff354b385b13b4a765f504004a00e5d654a5d98abfddb424fd272bb8523d35a2

SHA512
f6a12b98c263182fddaf8965d2b0659139251eddda209aa4ffeabdeb1aaf2c1283620f0edc3fda28a3d0dbc776d1b0a22ae49d113cd63b202445d6c6ff18433b

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
1ce3701d5a8d8f7b31d72b3e1413bc68

SHA1
535127bcaa3abfed75dbecb6ee9475dcf19d9632

SHA256
91e259fc45a19c1f1b1d73649e010f07c18e385a7160ac03d2f7747468b7de33

SHA512
6d1329a1e688b8bed473aba267405e049d29641b1b421a132eb1bc49b14c17c9acabec8d71430ba0bda3b69fcf624aadbeb2dc70d8f72246b6473dd835ef5e12

Download Submit
/data/data/live.oneplayer/files/UnityAdsStorage-public-data.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/live.oneplayer/files/audience_network.dex

Filesize
3.2MB

MD5
da2b94774dcd96d257284f7710cd09c9

SHA1
6825ddecefc435f1de0608ace7f4c7cdd982473d

SHA256
08db2ca6e3f51676dc1c9b114d522ac5ed211ae2e359bf6270066aca651e6932

SHA512
9d548c66030456cf28b4efc7e1c399e455daaba6a4e5f44072e4852f62305547b7d0344d7328f514e901c29130ab5c6cce1c0df5d8dfedfa129083ca1712fe82

Download Submit
/data/data/live.oneplayer/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/live.oneplayer/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
0b76a0228ab2db8db2748b2791dcce3d

SHA1
927364078f15bce829c4f1557e71a19c69ba71c3

SHA256
a6a88aa444bfd4069ed83bf48e8540eafd9abdc6fe5670a4f2310e8df8a0394e

SHA512
d8aa736d3cf007c03cb74dc64d5bd0571143acacfdff6809810d3c45a885109af70e54532db539816430ab827c4dc235f3253199baa2731534a60227fd7d76fb

Download Submit
/data/data/live.oneplayer/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/live.oneplayer/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
a81a49885b99d677c4d166bbb8a022bd

SHA1
afd41e48521b4897ed3c32214a605db6f84812b9

SHA256
f91421409d3c79eeb89bb635e586aaf8ee5d25d57507dd535b9301f42108c0a6

SHA512
998745ec8dfc3b9e86709521bfc36c453b148f28a8905760cfbeae20f583a6f8f401d8803e4f0b471aadf4566818ec1b41398b5cc22d50c57c137d55250b77cf

Download Submit
/data/data/live.oneplayer/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
0f361cb9202d2634f73b02f48ccd0d90

SHA1
1c2f5b21b108badf6f0e3ceb59ceb82ac5e9b859

SHA256
7ede876528adc2ea664ee44b961b20df8cd1eac64166179d1c5dcc7f08a376cd

SHA512
a7df7b5a2c15309daf44e1f539d7c9793b7003d7829e788fb3d076288610b680444826820bf26f0c59b7e9405c1f8b043103d8881cbd565599b26097585a0376

Download Submit
/data/data/live.oneplayer/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
cd70d3193a7d94051aabc019c925ae02

SHA1
6ab66163f9694ef92e44945da61bc9fd3281f520

SHA256
efac10db036ebeb8637b236e43207fcd11ee3a97287bc3cef78a8275ed3be9a4

SHA512
5d5c2e70fcee474aafa2cea56830d85c6a52a69704f61243d3257d204245527ca69db53a8dbfe85a1f62cc7e7a406e8d9f59609200d549182f2e9c0fe97a0365

Download Submit
/storage/emulated/0/Android/data/live.oneplayer/cache/UnityAdsCache/UnityAdsTest.txt

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/storage/emulated/0/Android/data/live.oneplayer/cache/UnityAdsCache/UnityAdsWebApp.html

Filesize
2.2MB

MD5
ec0be7729506bf50791fa8831a1fc680

SHA1
9ddaaddef48db397270eba733a39b4e30eb1a39f

SHA256
3a523de9bbcb80dc3cd9ec2c2d87a46bbd5cfa8017f1e03786317292a8e6d5bc

SHA512
f98fcc152d485d35718150d4ea3e59f6a91dc61dddf6fc851d0775f719253b24b1972f34b9d5b124a0c5f24464b0e14596afd354bd976567532892054300d5ac

Download Submit