fdb31f0e679d6a14cf430e5340eec5c3a165cde34baaf4ddab64600ea76463e0

Analysis

max time kernel
1s
max time network
37s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
20-01-2025 05:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

com-fastemulator-gbafree-1400051.apk
Size

4.3MB
MD5

d0d2be57be1fe3682bab1460376f7633
SHA1

b1d1b8812c49cfe75559f0a3efcd43506a4a5c1f
SHA256

fdb31f0e679d6a14cf430e5340eec5c3a165cde34baaf4ddab64600ea76463e0
SHA512

bb1712ebcd1381139bfd9730b5f276f4d1f9fee7026628ae7bb8f803ba02a49e866e24c663fe6ed67b538e69d7429797352b1fb5fffc81839d69f5540b926016
SSDEEP

98304:dDO+PvIZmlXKWZurPucpFqkElQAq60BNy6DPUS/ALNN:dDOXZmFKWe1qkgQAq60P8S/c

Score

8^/10

evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 8 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/data/local/bin/su	com.fastemulator.gbafree
/data/local/xbin/su	com.fastemulator.gbafree
/sbin/su	com.fastemulator.gbafree
/system/bin/su	com.fastemulator.gbafree
/system/bin/failsafe/su	com.fastemulator.gbafree
/system/sd/xbin/su	com.fastemulator.gbafree
/system/xbin/su	com.fastemulator.gbafree
/data/local/su	com.fastemulator.gbafree

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	com.fastemulator.gbafree
/dev/qemu_pipe	com.fastemulator.gbafree

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.fastemulator.gbafree

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.fastemulator.gbafree

com.fastemulator.gbafree
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu pipes.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4310

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fastemulator.gbafree/files/shared_prefs_sdk_ad_prefs

Filesize
153B

MD5
65026ee778e1372d9f4aed742772e893

SHA1
5a5f1c821d7639424f3c75a44468ab5f7dd4e8cc

SHA256
15070f52136d5a8332f8d70f790bd7bb04cd6a99b386d40e0abedc40c42caa3c

SHA512
589c4a12c6b6ec1a1cca957da758aaa900e68a23b4bc2f42524b0e8dd34f6c5378541d9293eae1ae8d478bf5b5229ce4218c058fc3b399eb5756afeb05c68616

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads