5812872a1cfa2c88dd7477881ee7e4015b237f35ad7cb9b3d930d291d560e6a1

Analysis

max time kernel
53s
max time network
60s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
19-01-2025 07:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

freerobux-9-8.apk
Size

9.2MB
MD5

cb15257128695991a490b70a32e2e9f0
SHA1

d5bd6500ae07fe8651956da78bdae50bcb1ac4bf
SHA256

5812872a1cfa2c88dd7477881ee7e4015b237f35ad7cb9b3d930d291d560e6a1
SHA512

405edd8363992e9c918a57fedf497172c64579fbab0894d8ce221a6208d5936f758188c31ac822fb34d598e7b03af69927d7a3c07123c6205f94f6da1e058981
SSDEEP

196608:mO4rYye2J4LHATYmx3ynDstkgGdrjjVUntcOEZdZ7OEf6SZ:m1YyT4LgjCDgUrjZyi

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/freerobux.appkh/files/audience_network.dex	4246	freerobux.appkh
/data/user/0/freerobux.appkh/files/audience_network.dex	4507	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/freerobux.appkh/files/audience_network.dex --output-vdex-fd=93 --oat-fd=94 --oat-location=/data/user/0/freerobux.appkh/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/freerobux.appkh/files/audience_network.dex	4246	freerobux.appkh

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	freerobux.appkh

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	freerobux.appkh

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	freerobux.appkh

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	freerobux.appkh

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	freerobux.appkh

freerobux.appkh
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4246
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/freerobux.appkh/files/audience_network.dex --output-vdex-fd=93 --oat-fd=94 --oat-location=/data/user/0/freerobux.appkh/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4507

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/freerobux.appkh/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b73abaaf265b3b5896da54262f138023

SHA1
5629657e0548383e8a0004067593e4d15600e8b5

SHA256
96d58bee874158685ce97a9d026c41846e98fba900fbf7272ed9cc7ed7941be4

SHA512
a917cffac88821780f1229033677747ede0e83d714cf90549d4acfb69c529bfdbed8ca54ddbbfc8b1c78301eb7424eb7a31cb22ed1cad799aa9c902d126d737a

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db

Filesize
16KB

MD5
32302c7d5d235c8823dcf6ce1eb29c5b

SHA1
154f6e689f845bbfc350a52c5349c6cd389d5347

SHA256
5719c9620be70e47afdfb1fb67a329f677d047a30fc00313648af0a0d34b51a7

SHA512
ec197a97fea07a2dbd95b20cb636dd05cb91931b0c25e48308bf01fefa25849870b7eef1e3c6e4a39deac6275d48fd40cd899975de2ad16d7e4dc092894224ad

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e1b96df98139751769099978badf819a

SHA1
fd5f792f3f1086035c838dc9bb70c7f2cbe04149

SHA256
a3ece82464f32a34bfd5d5e46f01c6a84a74258c1dd1cce118cea113376ede40

SHA512
8881afb9b283ae40065183dd0b18cf60adf2cbae01e2fd158f94fb57c674121df4c3f651df9595fe2f5a6a3b6ce7c008508cb3937d841ec863a7abb180389575

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db

Filesize
16KB

MD5
676fff6a01ccffef2fc8836f6d1b5559

SHA1
d2902c1cb6ead9be0fa674959f52197248b24bf7

SHA256
4d51fc89b52cec1fb62c519bb7632145345b8e4d2939aad8f04d52dfdc7b9a8a

SHA512
dad3f1c1a9822eb71275ead78ddc8fadb418c0b04112ac1aa7b91cb73cff414a8e55c5331b40c9ac531f51c528002e6307aaa0a18540dd0b3668bcb4ba1f7b95

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db

Filesize
16KB

MD5
862868fe988d8745eef0ef18b8fab378

SHA1
10a51cf65b4006ca9ce207bd8e91070cdbf92660

SHA256
5e65403fd1e8d2e928a4d24dc20a361d6e80118c3a9d1d61b021c74a7b326a4e

SHA512
4ead5e62411cc226548a5c66a5d9990130f250274a0afb97b4236d13649f037ee5fb03a079db12215cf76b5de2a5c424e04df1faf6cdaef3f26be364bb602008

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f4c57b5f601b0f11dec7225222ec45c7

SHA1
4a5f6b59c9b42c8cc5fcca956088e302c022703d

SHA256
00939e4bbae5fab8f91335cb6aba2bb0d6be2efdf7f611e1623aaf1e9fdee121

SHA512
8e7326f60bdeb99b977cf84108dd23dd0d4207c0b8afd903a81cac5121c7bc00c3f4dbf220b894a3774544371a50b176a48ca89ebfdcf06d44a6a069f88da17e

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
cd2de3c8e281594309b43358b91711da

SHA1
e874240abffc9af6e9e5d2b4e52a6afd679945e7

SHA256
4d88738c2bde8dc5f669332d6fbd92b7414c3f3c89c5814b4e4ae924aae890d6

SHA512
f5e52479d98fb08514cd5aee1f0e40d5c0aa2d870c5bfdd4933809a825d28ef0bcbeeb6daad96e34c443be38e398a929f3af6d86648ceb81ca33f0b7e948b08a

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
1f80c8d0f5e5d6ff33b3b9a18283444e

SHA1
671d19479ef44691fc5693e46d2befe6bc6b0aa9

SHA256
857169c607bfb7aeabf559d5f980d29eba85361e9bdd7d9a77ba678af93690c8

SHA512
73088c336fbbc5370c21f239638741b1907293f93dd3cf4a095d21b79f9b9555fe1cc4497002abf110531781dac2d732ff5154b354be5ad6a8fa5a3eb0efe9aa

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
fb6798de60ea0d1d4e6d7365754b5367

SHA1
ba8957a6774e1b007f6ed39ea7b9080cd5079c3b

SHA256
029b1236c2c1dbbee28424e24a2d3a9c865419fbf50c4c0d67243a69c33f5efd

SHA512
c83994a3485705b216be64b995f380f06f734b503bc0eeaf74f492258efecaef66c9a956bd28105590bcf43fcef668de782351030d4411c032e19e205ed5ecd6

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e2523a5497c4e291d02e6c3b0daba17f

SHA1
a6db1dd8dc7966af250d11ad2a9bd51dd59d1cc1

SHA256
7168841d420f7c9e7e7bc2cc0aa74931b1c2619c93300bdd10aba303a173090f

SHA512
5f52ea6254557bf92e31c12e88d602ad09fa034b2a885968ebbffb4c933929eb0ee273d240e16cc87d25351ba9b6a1322811f571921559129037dcd51028348e

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
38348ca9dea3c33a7a4b3f8065a5aab5

SHA1
ed28402130079f9c8e885cbf46e8666e3098925d

SHA256
a7187605f21018912d56f6a0cb010fb0b9da8c0f20cb81d5a5faa21589675880

SHA512
0ea9b015d15465c2cc0f4569246906048b188d21d63683e8769447f7b389a61152b25625d78d1bc7aacb0333e8f3ea9a31df72c78274480d900ff40402330caa

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
1c28003b08d720a2e39fa7b233ddf707

SHA1
c7acd4afab98fd4da3e1b58312876e3085d8df39

SHA256
a4263fe5f46d46114e0ff9d6b92e64305f8294f3c814902988e6e7c965ebf118

SHA512
f8be9bc55570da9a454c62168e8855ab3c525ccc8bb66409418cdc051c3eeee999466ba2b30b726437017f6a71a9c1fd23ca91f8d10a60dd5cd91b7376e0e820

Download Submit
/data/data/freerobux.appkh/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
4458ce67cafb84ab36022fa2145a55ce

SHA1
afaf45ae669a3cd59b6656b7e6822f03aca86cca

SHA256
cf748ed8112d18f1f6ffd14ac4dd44499d0d37a6e0dcee3ebb1af8e9a15dbac5

SHA512
c92609ef3ec45ee6dbca83db82172962fe50021b7ebcde45176eb4524a82e22e75ad783061d2289101e7099a4d7e5a7825b7d76e601af2ef2c219bd9d63cdda5

Download Submit
/data/data/freerobux.appkh/files/audience_network.dex

Filesize
3.2MB

MD5
4905ee4caebdf455b9debee76ea89cae

SHA1
461d5626e22bd87e0f0afa3440d5ce61d2363571

SHA256
0bfad0c78e6e439d2c70d43568d1dc541bff8d4b4c5bfda9e81e03ae790dd864

SHA512
89bce0984264008e30a635852cbd3ba0c822b0917525a9029ff029a33409c161dad0f60ccf67406bea62e3d42ce0364250f3a9f502db8bbcaeba277787b2fc3f

Download Submit
/data/data/freerobux.appkh/files/oat/audience_network.dex.cur.prof

Filesize
346B

MD5
34ddcd2a572d4bea95868147467bf82d

SHA1
9f50f5d5616904ac9c48c70c9d74c263ecf4ba61

SHA256
281c0142d44e3b035ed0eed50d0fd064108f33f9a3c5d563383d3b84dd6572ef

SHA512
78a53cf7cce811174fbf73a9827c6e42f2eb5df229c0d3c11e158009fcbbf661ffcf77f08ec59b947273fa077af668e57058d80268ebbbb45b8bde62f592662a

Download Submit
/data/data/freerobux.appkh/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
695af767b14e7eab0635fa55760119d3

SHA1
f86c4f2b80f7f10d7be12eef0323cb80f77261c9

SHA256
fb465098f73a7ca1542a4e4357360d033cb593e34b012684d25828c0cb79355e

SHA512
65c07739a16742304da60f9929107cc2234fca1caec53274120d9831ca0fd275639c20a415965a1ab81792a0327619fef1410f180d957d3f8e3c73824d4df60d

Download Submit
/data/user/0/freerobux.appkh/files/audience_network.dex

Filesize
3.2MB

MD5
ee2b9a04cd72ebd68698c64b68080c1a

SHA1
19b1e3933e4c98cf9204a2753c339bd430fc4143

SHA256
5959c653491523d6b9241d91b3a3dba3f17a14b56eefffdab7baa490f93bb257

SHA512
19c31c39ed3ce9c0eb20a05a91d085329ec36feaa75bca39a7eb1992316e32b6db61547db83262b2c8c20e1790de74e8c6207c46edfcfee62230a3efb747db21

Download Submit