3cacfba713f28437ceaebb97b75cf37850cbe4a0c4834f1c592a57d766bafcf8

Analysis

max time kernel
46s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
10-11-2024 11:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OnePlayer_1.2_APKPure.apk
Size

7.5MB
MD5

6ddbc371fa3b2fc5228e0428b17d3cf6
SHA1

b15da4fe4acb5da38741507ca25d46af14aea1a9
SHA256

3cacfba713f28437ceaebb97b75cf37850cbe4a0c4834f1c592a57d766bafcf8
SHA512

9e39140d1edd3bab1ac5ac2aeaca1adcae33c1c091851de144415876ad1c958e16440bccdf6b2dc550d49ccfb5e45857e08f74b85c8885448b46a9c243bd72bd
SSDEEP

196608:gr4lU2ceS9+P9lOtluPsUKDptefViX0+3u4P/c:gi3BSb+sUqgvr

Score

7^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 TTPs 2 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.bootloader	live.oneplayer
Accessed system property	key: ro.product.name	live.oneplayer

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	live.oneplayer
/dev/qemu_pipe	live.oneplayer

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/live.oneplayer/[email protected]	4511	live.oneplayer

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	live.oneplayer

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	live.oneplayer

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	live.oneplayer

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	live.oneplayer

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	live.oneplayer

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	live.oneplayer

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	live.oneplayer

live.oneplayer
1⤵
- Checks Android system properties for emulator presence.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4511

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/live.oneplayer/cache/image_manager_disk_cache/6c958a1e130d08aa0e5db73529ac772901a67c6cbc04a85f021c894257bf754e.0.tmp

Filesize
25KB

MD5
633712e466a67e179b8d9dd877cbdcf1

SHA1
09d0c025fa80f8a9e3a83af95f932ce53eee67be

SHA256
bc0f4c5f078da55a95de3e45e841a01526603aaeceeac58b63bf84f6775434fb

SHA512
d65d572ace760972eed79f024f0f52b6f0ac9f3ec206b9ddf9cebd1b74c8d39744c9d8c80910242abc8c8cfbd133e98b585e748d77a2a75532f6a103a3bfe029

Download Submit
/data/data/live.oneplayer/cache/image_manager_disk_cache/7b5a812ee62361bb510d95e00a086401c9025d483b626ffc37169edeb547704f.0.tmp

Filesize
1KB

MD5
bbd3abba9b1a7b4b49aff6af2a1c7c0b

SHA1
95115487977e3c1956cc96437b55749550b28529

SHA256
2260b157cc7539fcc35ac33834f97c6040a86a37aaf81fd145a7ed91ab1108cb

SHA512
8064ab2041835b45145469ad921a6061fb00150fdb4024766eb0c28bc6e5e8c7c71482c7c91eca00e799681ecb55b686ec3d35f3bc3270f203f66ae460a27a8b

Download Submit
/data/data/live.oneplayer/cache/image_manager_disk_cache/journal

Filesize
326B

MD5
a0bc80dab6b8e38274b99febe24c745e

SHA1
0f35272b5d7d80ad2c611d3f61b7ae8ba79655a2

SHA256
22e696b7441c76b635b622a451368d1a457e657fb8c2fc590296226e510132e9

SHA512
7911827c1207e67d5c6a80e8055ed5a293b9b342278e2902827299f088960889b5e4eaf24174026ce699228bcd82610e4755a8509f41aabf6da66436f8d8b450

Download Submit
/data/data/live.oneplayer/cache/image_manager_disk_cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f949665d0b1b7d2573e60418b838f5da

SHA1
95e54f0ce21810ea324d2c40466e4a94e681e45b

SHA256
d0714c64e08f5fabd1a97d931d5f1c9ebc114d7f007f7e37490ee31bbfb24a1a

SHA512
cb4c3b22181765beaa25555e5114ca89461943a8618df413b820ca54574b9e78494b7dc2d493749daaf03a809c3302588205a71aa1d082dc0ba68cce8c85a783

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d58a21dd780cee548cbdef81d20d793b

SHA1
fb37e340ad370858604de5cafb0d7885aa9d691f

SHA256
9ddd6448554e05f109bcab74eb63c20ebd9612a1b88f701563419c914cee2298

SHA512
8fcdbca20211f084c65214eea093bd8e5ffa24577193c030468f27064df1b035312fb79b36e344b3592ff845ab3f343b080e5fbec27e46f553fc368ba4091baa

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5f068971b11ed7c63dc594520b5c1520

SHA1
925b9ef3b47e39008eef49815482bab56efe7694

SHA256
7a3892a4d2a881320069088de0aaa172546bbb866508d0bd9ce243bae9404103

SHA512
abbf9ca8d34719115157edbe8e7fe7d55a1ec214563b3c66fabc8279477e102fc8f1ea9634350829e11cd0311ce3bb3cf7e67eae167d812ddca8f5897ad965cb

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f481668c493326f04c986c1cfab248ff

SHA1
f5c9c802971bb1b900e3319b2a329448ae4722dd

SHA256
8219abc6866a8b5e0718c308a91c6629ca5d534b5daba02ee5eda393b3594ee2

SHA512
7cea8dfd923f4b0d993d859e4e525001e7b3364f3d1d4aed32228c7aa6ed8436066fc6ea3f350dcc2cc0ab4311d89ed0d81e1275d7f36f00d6c0c6456ee2207d

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d52294100cf0f97ff2f0259970c13e7f

SHA1
2dbd6cd1e6fcdb95c39c014b3c19d08bbb457d77

SHA256
b5dcb6d7dfa428e0aea021d3bc96da549cf3747c21fadfe4fcee0a875d4c0949

SHA512
7b5bbc1ccb50328562dfc11d9f7afc46143f899f55d53a12611905fdd13f46b73a29f149f20f45cb9cd5dbdd613f7a1241626c15e6979ff44c6c600ffebac5da

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3065f3a01915c30c28fa52c2d507038d

SHA1
4fef775ea92213549f70095e07cd7616c7bdd21d

SHA256
ead893e7f7090b9a0c138cfaae334893901ca55ee0242a2ab102220e95822547

SHA512
19a3fbe48d708296b7ae4d8940604b3f30cd3a17d93bd4d3ea6650e0e6981efec876adfc0b9346550d9bc4949425d61c25709f45883536e19c178ca6e8dbfdb4

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
4a952a854fc9d4f9a8c1f4cb72c29b67

SHA1
e7a4e0d72202aa22aa2c496f08dfa2ae1abd3b12

SHA256
a856fe84908274731bdc7b9f573d5b3131db7530c577299a87ad0fa4158515ca

SHA512
d7bcd6c86cde3018bef0aed0a4ae3e3d3ec9c055554f73aef1030467e1fd667370daec30bb7efb8962329d11b06cfa8b8495dbeb9a81988ba980c5cc75ab2419

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c79f1859bb1fd57ba0396c768988d927

SHA1
f1aaf87aeafa77cbcd5ab49ba1a215fefbc5e1fa

SHA256
8d9aeecc3c4b57c8e1f03402b78bb00ef6ca520bcfc07317dc89b8a954e405ea

SHA512
9d3d5ba2db4ed6fb72ca230bcc85d26e96bcfc8f14402d9e4c6aa737ed11e1b169c4428113704d6b3327267693047b7d78bbc1a9405481c61777afc2828ab850

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
fbb810ee1107f130bdef752b8e8810e6

SHA1
210013cb3c6a649070ca0313ec74337be60c5c04

SHA256
69fc71667495a836a3cd43ec679fa50a543cf471642dea409988c0fc138928e3

SHA512
1b90f62dc03cb2ce4d3419cf3db7269253e5932aeb5bc86ba5e6729bf85139b2e489f6531509de8ee6e209b458010d4384128dc64118afc54c3a3d2960bbe40a

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
0301f2edcec163bb5c05cf3bb977c941

SHA1
0d0b874ddc3bf0d69316d71beab916aa5cccc8ed

SHA256
41be4ac6a457b9459327b4904de70ed558c6f5c55725586e4e9bdb6c7062c0ce

SHA512
d93883c348f40965e6d05facfb479412c502c71427cf13e957cbb27baf781934a157435ba51919e1410d29333dd15f13819de52376de08230bee2096db732d37

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f2f3d5723a9ca001669208e76ac95ba3

SHA1
d6c3c9d8bc48150d55df0b6a52b6e6f5faeaa270

SHA256
babbacfe09f717f084daa534decf6b7975d785553470a4e79ed2d5d2aefa1b3b

SHA512
ef8df1b328409ff1ff75101836b589b44d4cb3df6f5eab82fccde023ab72ce613ac5e65669ba62d69557df852802a4bcad40ce6e95a713249d8b74f8aed64e96

Download Submit
/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
32ff9f876b6f466cde521086c4fa25dd

SHA1
c8a61aaac2e57f76a390286e3d63e8f841c83b43

SHA256
637e527ce7cf37b0c51dabdbe1bc747363a94249191b9b0106576d626d9b629e

SHA512
9e1cfdd62739e026bf4aa340f3cb3e03f10b1aa05775089a5d32ce8904209d1a73e6c2f279e7f273cfdc113cb4757bcb831fcb4a41605670e2d5adcc0714c9bf

Download Submit
/data/data/live.oneplayer/files/UnityAdsStorage-private-data.json

Filesize
41B

MD5
16d3e6eac0e79222a9b368edac765b34

SHA1
48d5e621fcdd84108f5750d6905180b622715b11

SHA256
3a518b70256a689906d6740062462e3124aad6e55c5aa47339a87a56e4933ee7

SHA512
d0aaacf86100135241426e2a0e9ba44414aa456cd708124e2f9c3a8037e008870cbcb506d316e4fe7cfe1d6dc3073393989a6f3c29f7cfabd6b0f65057afe747

Download Submit
/data/data/live.oneplayer/files/UnityAdsStorage-private-data.json

Filesize
623B

MD5
ab0112d27e229c875695263108b85c75

SHA1
a2205aad9d98952d7bf9d1cc50de131fcd1065c8

SHA256
19a678a270fb47868d843ee2f9b2e3b4b14d30cbe2602f4e7a66c9efaab46e62

SHA512
74724b00f5dfe54c7e9070fdb9fc1e07262a3f266efd1a444b8cf0255bc4ba5c5d6a6f32e2a600d6958e452899c35c8a7fe7e2d0caccd037de74021ab688d515

Download Submit
/data/data/live.oneplayer/files/UnityAdsStorage-private-data.json

Filesize
1KB

MD5
1c853f4d721af702d0731a098f8f508f

SHA1
89d6f62c438f932c7cc9300ee41d517a23a6ec48

SHA256
b5d11b487896984dfee6a82b51eead3c58c2715d0fa00ff4a5fe19d7a154568f

SHA512
6ef2ae38459d039d85767399b80e96beafbbf92fbb4c06cbd50efff24fad422a8db56fe6391d9ba229805c40a8e98eda93d6daf0a26565c6bd73fe890c713a18

Download Submit
/data/data/live.oneplayer/files/UnityAdsStorage-public-data.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/live.oneplayer/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/live.oneplayer/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
069db638826ea9dd723932cd092f2e34

SHA1
6e91e8b7c57df90a78910837379328a8dd99d32d

SHA256
aead741bf21cd3167cf26bcb81a8098371aabc63988de402a9267bde25d8362c

SHA512
3703fa9d35ccf7ac5d5087352cb8fb0364829aba2858619d8154b3c730683dec59f6386fd07b529cbf7675d284d990134108f0548ff54248fdcce0c0b5ff4130

Download Submit
/data/data/live.oneplayer/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/live.oneplayer/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
c3a1b09bf4fe0ee788e1ee5b06d39209

SHA1
158997342c9e069a21d29983146dd27fa240baa3

SHA256
249d9fa60ea0ff12c211608ed2d57a3374cc56c40f11667623cef0bf71b949ff

SHA512
00ab41ad6ee279e7cf4896d99709d3cb168a5c900481698cea1ea07753b6f7c577444111db4881ca299e296f8f4e26e46e91e70ecb74e8f8b6a36d048fc66638

Download Submit
/data/data/live.oneplayer/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
6c3ba78de2ec841233888f10d6611f28

SHA1
ed195ddf8318fe0051be653e7be6560dec339990

SHA256
d0594b8d3f8565a1f98eb08aed08cdcc08c8206576a3d20325ccefe6e8ae46bd

SHA512
d14c59db4861b0391b70d9e2dbf5186fd1c2f27ff80817cf8e422e3a462ca403154b2a0e653c2297134ac5185fd7dc2d44a9ffdd182a8411ae3dc13474b2c469

Download Submit
/data/data/live.oneplayer/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
c64f4cc34227e3bf197840b08170194b

SHA1
794c7699f8fa63d10e97a93d1bb1506bbc2d922e

SHA256
a172fd26a52c0e709311447a5ed87abd43470cabf5b34ddd4f8af6471d7abdef

SHA512
37a716561735ba1163321d372d8c850abb0c6dbd117e5c00c18ef5eb9a4a40d1650c5efdd89daf7cd0ed574f7dfd655f1a0573923c633c3d1ce14ba55edf5f3d

Download Submit
/data/data/live.oneplayer/oat/x86_64/[email protected]

Filesize
512B

MD5
bded4e0061e4e2c1c92058c3f8f568a9

SHA1
cece14cc6317a481a05a312cc4ba8f01f2fa390e

SHA256
91d79fb93c7a79bbb66a2dd13b493ede83566dd0c032303a29798d1600198b85

SHA512
250fff5924ef98c273add25188d312fb02f6c7655451a2499099af6f5c259ba11b31dddf819f934d899da0837a0510a68f97a298e452f26df9357fe0a075102b

Download Submit
/data/user/0/live.oneplayer/[email protected]

Filesize
3.2MB

MD5
da2b94774dcd96d257284f7710cd09c9

SHA1
6825ddecefc435f1de0608ace7f4c7cdd982473d

SHA256
08db2ca6e3f51676dc1c9b114d522ac5ed211ae2e359bf6270066aca651e6932

SHA512
9d548c66030456cf28b4efc7e1c399e455daaba6a4e5f44072e4852f62305547b7d0344d7328f514e901c29130ab5c6cce1c0df5d8dfedfa129083ca1712fe82

Download Submit
/storage/emulated/0/Android/data/live.oneplayer/cache/UnityAdsCache/UnityAdsCache-8acdfcef857188bd468230b21ed279401f6eb0cd38de52b6951e69cde9bcf44d.jpg (deleted)

Filesize
15KB

MD5
700a5405708d550686b659d402c5a591

SHA1
684f51b6fb6b3a84ff98b621a1d3f75e0d96fd02

SHA256
83fc830f0079d01c647675f80d1a81e7f0e8974734b2a38cb1234b7265ab635d

SHA512
8b30cb78003a597b5b3971df31eb2583ea0432feb02a78223307c27fdbc39d9776b562e49f67fd7cc4f50521786ec895c747871ec52ff7196d89b583a5234137

Download Submit
/storage/emulated/0/Android/data/live.oneplayer/cache/UnityAdsCache/UnityAdsCache-fce4f5844bd3d1889ba6200340683b0388cd1b063db8606f0030645cec25d32f.mp4 (deleted)

Filesize
1.1MB

MD5
381ff4ccb7233fe1ab6b5001da2d8062

SHA1
b47f0363cd6ce58fe1d4915a91759ab46e25867c

SHA256
20d53772d2b5a347ac99cd980734cdbd6cd4b2ef4c822452e6876e9cd0e5c606

SHA512
1fabc38022da18a19347a4189ac6a38b4c77ee8af9000dcef21ccc21a60ea8575544de575fe34b443c8ec5292e8cb15cd4ecdfb1baf735167816337b43a9dad2

Download Submit
/storage/emulated/0/Android/data/live.oneplayer/cache/UnityAdsCache/UnityAdsTest.txt (deleted)

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/storage/emulated/0/Android/data/live.oneplayer/cache/UnityAdsCache/UnityAdsWebApp.html (deleted)

Filesize
2.2MB

MD5
ec0be7729506bf50791fa8831a1fc680

SHA1
9ddaaddef48db397270eba733a39b4e30eb1a39f

SHA256
3a523de9bbcb80dc3cd9ec2c2d87a46bbd5cfa8017f1e03786317292a8e6d5bc

SHA512
f98fcc152d485d35718150d4ea3e59f6a91dc61dddf6fc851d0775f719253b24b1972f34b9d5b124a0c5f24464b0e14596afd354bd976567532892054300d5ac

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads