bb05afdfb25cba5df3c31fc3493d04bf725898e6e835a80924f13df3bcb4d4e3

Analysis

max time kernel
31s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
30-06-2024 21:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

legion_anime_33.apk
Size

23.6MB
MD5

9989ee4a6e93602bf15b5b6f87e3e36c
SHA1

327c2e60b964c9343fa3b78371870ee389ff5e66
SHA256

bb05afdfb25cba5df3c31fc3493d04bf725898e6e835a80924f13df3bcb4d4e3
SHA512

2bf2185c3f34176ce8a030c172f4b50cf94e95423ddea31be422ab7a46935bd98cd6936d1be447d1ba0ea9757c9e43c366c7c26e2e45f379ae83cb544040ed89
SSDEEP

393216:z+HK6NQ/lNqZUGaQ0xTpz/iREIfasvciT+piJv7GO8RMfGVYDW5LF1MCDxs:z+HK6NQGZxL4lgfTgiJviOgMfGVYDW5G

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 5 IoCs
evasion

T1426

Processes:

aplicaciones.paleta.legionanimefullwhich su

ioc process

/sbin/su aplicaciones.paleta.legionanimefull
/system/app/Superuser.apk aplicaciones.paleta.legionanimefull
/sbin/su which su
/system/bin/su which su
/system/xbin/su which su
Acquires the wake lock 1 IoCs

Processes:

aplicaciones.paleta.legionanimefull

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock aplicaciones.paleta.legionanimefull
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

13 raw.githubusercontent.com
14 raw.githubusercontent.com
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

aplicaciones.paleta.legionanimefull

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo aplicaciones.paleta.legionanimefull
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

aplicaciones.paleta.legionanimefull

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone aplicaciones.paleta.legionanimefull
Reads information about phone network operator. 1 TTPs
discovery

T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

aplicaciones.paleta.legionanimefull

description ioc process

Framework service call android.app.IActivityManager.registerReceiver aplicaciones.paleta.legionanimefull
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

aplicaciones.paleta.legionanimefull

description ioc process

Framework service call android.app.job.IJobScheduler.schedule aplicaciones.paleta.legionanimefull
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

aplicaciones.paleta.legionanimefull

description ioc process

Framework API call javax.crypto.Cipher.doFinal aplicaciones.paleta.legionanimefull
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

aplicaciones.paleta.legionanimefull

description ioc process

File opened for read /proc/cpuinfo aplicaciones.paleta.legionanimefull
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

aplicaciones.paleta.legionanimefull

description ioc process

File opened for read /proc/meminfo aplicaciones.paleta.legionanimefull

ioc	process
/sbin/su	aplicaciones.paleta.legionanimefull
/system/app/Superuser.apk	aplicaciones.paleta.legionanimefull
/sbin/su	which su
/system/bin/su	which su
/system/xbin/su	which su

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	aplicaciones.paleta.legionanimefull

flow	ioc
13	raw.githubusercontent.com
14	raw.githubusercontent.com

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	aplicaciones.paleta.legionanimefull

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	aplicaciones.paleta.legionanimefull

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	aplicaciones.paleta.legionanimefull

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	aplicaciones.paleta.legionanimefull

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	aplicaciones.paleta.legionanimefull

description	ioc	process
File opened for read	/proc/cpuinfo	aplicaciones.paleta.legionanimefull

description	ioc	process
File opened for read	/proc/meminfo	aplicaciones.paleta.legionanimefull

aplicaciones.paleta.legionanimefull
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4267

which su
2⤵
- Checks if the Android device is rooted.
PID:4634

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/aplicaciones.paleta.legionanimefull/cache/1658186039475.jar
Filesize
10KB

MD5
d532cbd4f180fe5fc0d6bb5f0e1677a2

SHA1
991f862931b10f1e4efcb27f60dbc596ca4fbc95

SHA256
5af63d2127385ce87df5e729040874f5043b20ce14e4c60dd95e410d660355da

SHA512
a071eadc4a25a4ce82510e5c6acc34f6d9c324e782be149209eb9f484fa6f1f8809261627368573be434ab513e1f66bf2dbb48cbc849b431d9dfbccdafce4dc4

Download Submit
/data/data/aplicaciones.paleta.legionanimefull/databases/OneSignal.db-journal
Filesize
512B

MD5
b9a7769f93c03bea515ae1384d1ad78e

SHA1
e03f5eb7001449856125d140291e1b8799a2ae1c

SHA256
cef847910d2eb622815d8f048c2415cb0cc962ed3ff6c8c40ffb9e6b3cbe9d0f

SHA512
6ed23086761246dc500590c47c0d8fb64dddb94e220ff457db2b37cac05f31d318e0872ef406f02afe0d8eb79e51f5cfe85a92364c22529139f018f25670d8ad

Download Submit
/data/data/aplicaciones.paleta.legionanimefull/databases/OneSignal.db-wal
Filesize
64KB

MD5
2a312d7f6d1c7f8a085698898432e7cb

SHA1
e91fb257fbc0684b76515da433471b177052cba2

SHA256
d7539934e2f282261fb300479bfb7796b5113943e91319cbf1a9da1d9ba3d840

SHA512
9b2ad51d593bf9eb3b7dbf1142d74a9358e5ecaf1c74b26b522963dda0240f79238f1ad3829d6b42059c1bbca34e2a07690840ab8c34363c8fe30e0c25bdf21c

Download Submit
/data/data/aplicaciones.paleta.legionanimefull/databases/com.google.android.datatransport.events
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/aplicaciones.paleta.legionanimefull/databases/com.google.android.datatransport.events-journal
Filesize
512B

MD5
61cedbe3208cbf22e21ed51ea1c56266

SHA1
4d0cbed76add2997b112b77628e3f0c0f31e09ea

SHA256
945b5b8f5f020f15d1a5c27b337a5b5158b1ce7922580457b65e8460827ec39f

SHA512
b24ec675c9c2f68d385812543617ef693c9f1ddb8b258c557a0629beef93808cbb4b89a949b0ddaf5b5a476850be59ebc1b6bed5191a29ebb83672aec9dc8c99

Download Submit
/data/data/aplicaciones.paleta.legionanimefull/databases/com.google.android.datatransport.events-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/aplicaciones.paleta.legionanimefull/databases/com.google.android.datatransport.events-wal
Filesize
68KB

MD5
00f12eacfe1738acf4428587941da4f7

SHA1
927e80c5957a988c37c33078494817837090e7d7

SHA256
57b9c84b5b9c1e0e6f01742d0010a700f63949f3ad860a5327ac3f060c408201

SHA512
24cc7bed1bb58fccc9272c32563886b196736061fed3cf5715da406f22a72b57d7cba474f6230ee93130a44f03e85931847fc1a82cb4de787b268635ae41a56a

Download Submit
/data/data/aplicaciones.paleta.legionanimefull/files/PersistedInstallation326943944517958760tmp
Filesize
90B

MD5
266978aede3f9af1cf569fa3bd5566c2

SHA1
85b71db5cda4bf4db9ea9593af166c7f093b0393

SHA256
ff23e8ff4b8213bdd8a23974191af7746950ffeb91b88c04f6436c7593f68c6d

SHA512
4575fffc1fc8657f0833e2428a4d90d14839a16151fc9ca9484317738dce1ffc8f16aa95314bf4eb4077e83b322c2237a0cd3e54ba7aa65f89fd0b066df270c9

Download Submit
/data/data/aplicaciones.paleta.legionanimefull/files/PersistedInstallation4102921773641105328tmp
Filesize
567B

MD5
0bc3b32539142d1757475a1364628ae0

SHA1
7ec8c3dc76ea845a4c7cbba8e45e508f8abe7438

SHA256
207824fec2299643da232555ab6c6f2d041bd541366738247bd5fe0cc3f65e68

SHA512
6f809f265c3c0a883202825cf5c55cb1c43d7d305185ef7f2545b0c756ef03ee39a2c29bc460e01d4f2f828a3c01014d2372befbf87c247016bd9e96fc4ccba8

Download Submit
/data/data/aplicaciones.paleta.legionanimefull/files/PersistedInstallation709671149384944259tmp
Filesize
567B

MD5
5bcad4707fd415107e5a5b6cf2e84615

SHA1
6e71632ed38afbe3385b55f4e1d9a4e4b6b57bf3

SHA256
b0c0ed79369126955d731e6b4e196d8653fdbfc8b695b62201cd9123558b588a

SHA512
c704d7988e6ac3f013b12c65f20acb25f89b434f5e355f2c7bc9a2667664c7169f462c9725a5d89d8f2b359b5a7449c80dfb20688ca3143666fd079d3c925aef

Download Submit
/data/data/aplicaciones.paleta.legionanimefull/files/PersistedInstallation937791852127245598tmp
Filesize
90B

MD5
ae0e464f37bb7ce19b99582de61ad60f

SHA1
03b0a662f620b26623c03f836c1b1887001c3846

SHA256
49db62633b4c73f9f3ba19461475fd82547a4745d4821ed95934c516506c94a1

SHA512
953ffa7c876d396e21b923fc13978755bc41d78b6f8b95351b9c3832ae6a881e46877abfb25908fda9dfa393953ebd2b461fa306d420da78dd2183a817fe35fc

Download Submit
/data/data/aplicaciones.paleta.legionanimefull/files/UnityAdsStorage-private-data.json
Filesize
57B

MD5
7a74b6f8d459ebff48425030bb2b81c8

SHA1
708a1e9d6d8dd063babb89f4e5fb4126e3beca1d

SHA256
69dfa1a1ff5f3b490bddc0bbf7e01c3e9280e5e312fdb32ebd86d477153a6d0d

SHA512
1f213d1edc39d2207930cdeb51d7cf8c22cf49ffd32c27626a68dcfbf6023ce65af3375a36986a47dc1684a512483ba2a79ba3dbbd4a955587880198b4c5d681

Download Submit
/data/data/aplicaciones.paleta.legionanimefull/files/UnityAdsStorage-public-data.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/aplicaciones.paleta.legionanimefull/files/adc3/026ae9c9824b3e483fa6c71fa88f57ae27816141
Filesize
41B

MD5
907d6b32343a9544abfebbfda1d60f8f

SHA1
e798b20c79ca9ffe999f0a7ae022e83ddc2fb56a

SHA256
1f6b1ff373011afe53a75a0873624cbc11c1de95d5d713ae8dec3f99ea5b0e84

SHA512
cf0c2770a34665adfe837d2f8c1d472aa4255e67be2847080b51f0c23ecee8c980d9072368c1168c1486de39ac55cc0d60e1110d7b496672207d8f8e518372c1

Download Submit
/data/data/aplicaciones.paleta.legionanimefull/files/adc3/AppInfo
Filesize
33B

MD5
c71d659f41da169eb309713fd46aebe0

SHA1
c1a479de8e80b090b5039bb9c8f02afe0791f28a

SHA256
5134463bd525451e80f264cfd8d2257eab13eb0e0a1a524987955a6e3c266f3f

SHA512
39e445c95729ef830dda2c747e0d6872920a6b9624f86c19daab726c8a7dea05e23eb31460baf59b8bc98a97588d67f43e26b351cee747e215a4b09349ec6ddf

Download Submit
/data/data/aplicaciones.paleta.legionanimefull/files/adc3/AppVersion
Filesize
26B

MD5
19f4216a84adc8356e694d30c738d9fe

SHA1
c0da34a476ae074bf7295fe9aa89750fbe3877a6

SHA256
5d640fc09b8c06ed055c5578545fbfa2ca0458262c8c41013dd9ded6d9cc60f4

SHA512
5d378c0d43576ac29cb2f2ddbd0d9c9f49de3fbaf850cc13098fa9a6b3cc67683fd60601e165ae22bf963e31cd78cdf3c1b9bed1f94f7014e5aafc3324099787

Download Submit
/data/data/aplicaciones.paleta.legionanimefull/files/adc3/AppVersion
Filesize
78B

MD5
9e6dfd9420f4e468900d78d40695a26a

SHA1
e069e80898e0b3f294724fb4dfe8cb8533806c09

SHA256
16372370b20b6afff863005a8f1af1651e7b01a60dda085cb9c98958ade68d1b

SHA512
909843456a41df7c847e0921a7cea49e1a034b93f444006c413e29341e8f45e68ab8f87342cf0a96a8d8ab3bdd629c7e58e0f28d6d322e201ac1f136d006a1b7

Download Submit
/data/data/aplicaciones.paleta.legionanimefull/files/legion.realm
Filesize
24B

MD5
a6574431b943e0bf47642c666f3fbbe7

SHA1
79191cabd86accd903f27c523c95ef19933c64d1

SHA256
60692d3a39b5fa2c7ea60c7be7014c2069f7c0a3fedafa269addd8143ec15f6d

SHA512
c438e1cda3bce0de04a34e3f53f17f7cdd235e80c656c31e43a21b37e77dfd90de14c17a5c6719b84a14899ff41107a75790b35306c7ecb1674d6f60de9bbbef

Download Submit
/data/data/aplicaciones.paleta.legionanimefull/no_backup/androidx.work.workdb-journal
Filesize
512B

MD5
26450620f7eec868cec22f2e46a62f52

SHA1
d3bc392dcf0932218f5d5c354266494f1c703439

SHA256
3763b8289df4fae2c5af0db1b2e611b03331457ca5c3b1a3358670821cca1498

SHA512
078a18ec8a8e4fc74650d2f854eac96e0be5f1ba27f2e42eab8ba3b3b6933e6dced0724a9278f76b080fe4d446b18c2795373202618ff0d5888b615428d1f1cf

Download Submit
/data/data/aplicaciones.paleta.legionanimefull/no_backup/androidx.work.workdb-wal
Filesize
16KB

MD5
f370d079b5e1ac669a7461e63cf157b5

SHA1
66d7cf00b24c7b97dcb4608f0860c5d70b3bf0a7

SHA256
44ae06f9a78901d68aa96bdefaac9d7bfb387128f07eb97e8a6db2f2281e0120

SHA512
0fbfd710010ba3e6fb5e9621eb74639a93a084daa01f1db471981194b3c47d9987a6941727f414a794fa420d4ae9a745e1d3a4ae0edd2876d3998a33a8182ce9

Download Submit
/data/data/aplicaciones.paleta.legionanimefull/no_backup/androidx.work.workdb-wal
Filesize
108KB

MD5
1089599ff83b233b3a6c6f45a21f1640

SHA1
09ee83a122a62c6eaa3de09435d3688a8d1d4a9d

SHA256
7bb68f15d0c82d1cd2448d556807df28e9e76b28b7dbaf286ce55949b1ba7e16

SHA512
fb894854d6a91a7eaf1e8690e48441ba43cdb357fb6cd9a021bf988ecda7b18a273409fc5cbd5eb70712f2319404a389604321ed6090fbb05539a055593d2267

Download Submit
/data/data/aplicaciones.paleta.legionanimefull/no_backup/androidx.work.workdb-wal
Filesize
265KB

MD5
1d978d0a440b0c736f67caf9aa3ce6d5

SHA1
9e4445bb8983932ed77678ae8b54d49d4c359bb9

SHA256
2d6013c9db4edd99771406ee7934f6945f0b9699ff524992e317e4181b9c31d7

SHA512
9e6c18658b09783437c2c3021715e374df3ef30b812aeeefae063e81e24895617198ebdf08c63c24a4b198a8e0a28b464da630b6bb510124572b2b0167af270a

Download Submit
/storage/emulated/0/Android/data/aplicaciones.paleta.legionanimefull/cache/UnityAdsCache/UnityAdsTest.txt
Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/storage/emulated/0/Android/data/aplicaciones.paleta.legionanimefull/cache/UnityAdsCache/UnityAdsWebApp.html
Filesize
2.1MB

MD5
c85bc19319085e176804a9208d346c27

SHA1
4a188f0561f1040b6e6d93a3caa22d7792796050

SHA256
9994c98a403b1b1030bb03af05167cb8451ba0c26c243526153ed465eb9a3d36

SHA512
2a336267a718bdbc7729bad0cf89f14a242ba40289ea170b7e493cd6440fd09ee6e0695dc6e8a13c8912cbc6fe1483c497e81061b7deb7b2e3231c31e2c53d9a

Download Submit
/storage/emulated/0/Android/data/aplicaciones.paleta.legionanimefull/cache/UnityAdsCache/UnityAdsWebViewConfiguration.json
Filesize
774B

MD5
cd24e66e3e1b1cc23184d145aca8c11f

SHA1
311d4f67a16fbd3c33b5ed1df697f63104b43a57

SHA256
47db02afe54baf43470a416a2cee45f973cf7689bb5454f24d4ef026c3d9796e

SHA512
1c4217d712a28e66e2beccaf2d15b99f64b912dbc44062c6b478c8b40b11e094d26b644437e441b9954ff9bd90d17bfbf8ad56e4c7cb2c10e39d2b238753f38c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads