b551587ee971147907be2d9f15bda2c8eb6bccdaf90ff195aaef8bece6ba983c

Analysis

max time kernel
122s
max time network
136s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
30-06-2024 14:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Futbolplay.apk
Size

19.4MB
MD5

58a29c8a32ef94dc7a57d34f7ba876ef
SHA1

8dfd50b7b4a6cfdf65304b54204d2b2b30d89701
SHA256

b551587ee971147907be2d9f15bda2c8eb6bccdaf90ff195aaef8bece6ba983c
SHA512

ba7e8d4cbed7c276c8dceef5878358bd3a717a6c4ee3213a79ef67cf1a7e3447fec8f178ef6d669085b73a48d47235ee10c21a0797fc9b717add5b1cb654fb98
SSDEEP

393216:kghITr8Du4lCg6pQJu2imVZBALfxccBOdQyYomhbPRISKP32N54Oxo1:Aruu4l6iZiCYPU8r5PR/KPMTxk

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

futbol.paraguayo3/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/futbol.paraguayo3/files/audience_network.dex --output-vdex-fd=43 --oat-fd=107 --oat-location=/data/user/0/futbol.paraguayo3/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/user/0/futbol.paraguayo3/files/audience_network.dex	4319	futbol.paraguayo3
/data/user/0/futbol.paraguayo3/files/audience_network.dex	4494	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/futbol.paraguayo3/files/audience_network.dex --output-vdex-fd=43 --oat-fd=107 --oat-location=/data/user/0/futbol.paraguayo3/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/futbol.paraguayo3/files/audience_network.dex	4319	futbol.paraguayo3

Acquires the wake lock 1 IoCs

Processes:

futbol.paraguayo3

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock futbol.paraguayo3
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

futbol.paraguayo3

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo futbol.paraguayo3
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

futbol.paraguayo3

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone futbol.paraguayo3
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

futbol.paraguayo3

description ioc process

Framework service call android.app.IActivityManager.registerReceiver futbol.paraguayo3
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

futbol.paraguayo3

description ioc process

File opened for read /proc/meminfo futbol.paraguayo3

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	futbol.paraguayo3

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	futbol.paraguayo3

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	futbol.paraguayo3

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	futbol.paraguayo3

description	ioc	process
File opened for read	/proc/meminfo	futbol.paraguayo3

futbol.paraguayo3
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4319

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/futbol.paraguayo3/files/audience_network.dex --output-vdex-fd=43 --oat-fd=107 --oat-location=/data/user/0/futbol.paraguayo3/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4494

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/futbol.paraguayo3/databases/google_app_measurement_local.db
Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/futbol.paraguayo3/databases/google_app_measurement_local.db
Filesize
16KB

MD5
21e6c54859006135969e4c9ee3e10548

SHA1
2c61c0eb6f8e2e144b747c704329fca9e57ef03e

SHA256
0aef74ea27106b0b92edcb0478f18a1c59f210f6a52220803cb30e5bc3111217

SHA512
8e5cd331660bffa1bae875f2dc70650a904148331f16826729f19c18f727356f953b892af57505b49885548d4481e180a4f6f2d1b370202e4229c923ef01b768

Download Submit
/data/data/futbol.paraguayo3/databases/google_app_measurement_local.db
Filesize
16KB

MD5
60d326e1b7c14ff4002fcf342490bc67

SHA1
3006983d22fc13398258126dcb09123dd16f6434

SHA256
68cd2f5e2e682f474f2efcca55e6ba08e06f6fc98c097f9de485c5b0dca6117b

SHA512
86feb2385b8d66d2dbbd3194614278d7843b5d75918922b257b21cc4baa00421f380ca09e72c9c2cc3ee270c3ea498b42f27ff287a1d5560d5e04e1231be5332

Download Submit
/data/data/futbol.paraguayo3/databases/google_app_measurement_local.db
Filesize
16KB

MD5
11834ae3b13460f4193afd2218349888

SHA1
cc1afdc72ff11c08f20aa3d21420e06b3f934ba1

SHA256
120d627f5d4a06d70c1d8d2816e2ae09274998c1b6ed2371bffa79f084bc9750

SHA512
7ee37a10b8c8624d4bc8bdc65703dca1c97494e76bbaeec8da912c6c483c7683a003b0e7b5be80a32c87ee72dba8df1ed958709b815c6bcb75440e7894002f26

Download Submit
/data/data/futbol.paraguayo3/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
eb261046aa13cf3add9c092e969c0e05

SHA1
73d26a1b901c4a8a1ca5f437bb05f7fb2431ea75

SHA256
3dfbdda07af43ecdf27a9fd1a770e5ee5de64f1cc470a43008076b8e548b5dc0

SHA512
91ff35a4369a9c317bb966a7f9e3e38ce21162a938bd5d915658de38af7d45456e9669983a343a91cd300f0bf8fc12c9408c38067e30a74284147a3f7c2c3466

Download Submit
/data/data/futbol.paraguayo3/databases/google_app_measurement_local.db-wal
Filesize
36KB

MD5
46a6d8943d666620cf63539e2592ee8f

SHA1
d8f2e8c06a328fcc44ac31fb352f0cdbd51bb741

SHA256
4ed3efc8bd35ae0739b14a040651fe552f2a1723a03b77d77e3d049190f50dc4

SHA512
833a368a16e1d1a176d06d12d57f6958ae677e4b441937fae1ca2825f17231559e35a577b75643868e3fbeb570d4293cb5ad199e9d84797c5785026b9b33e266

Download Submit
/data/data/futbol.paraguayo3/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
ab468fbfa806a0fa11e0430cbb0922a4

SHA1
49b733d62bbf581301289a6129dadb6eec0883d9

SHA256
5db5e04eefa3f31d9c782ab09cc480c1d71d11d201177561d9e7e845bc1a9d2b

SHA512
d612cbf009b4f32fc4c460a11049211e5bac860ff75145890d798f2c3de05c68a861070f9e8b56bd98a4ed67ee18f0a6314b7bf7fd472a2dbbb4c21d424f0aab

Download Submit
/data/data/futbol.paraguayo3/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
d0a08091f8b63612426a2a3bdad239e6

SHA1
a6cfda77c194b25526b2366151dfe938ef9e5aa5

SHA256
7bb1d094eedc4feba68f25f66b2b8396231b509eaab0e872396fad78dc348ab3

SHA512
5e516e1c216bc72f1fef9ef4625f64ec5c2a8843ae00c02676c291ed86e6675d07e3cae49ec1c62397fbc69fc54e70c9844a910c89a26f445c2e201c7d3b4b69

Download Submit
/data/data/futbol.paraguayo3/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
14c10d2e1d3f71aa7a7b76e117690dd9

SHA1
e375764db54ea44ec831c42843a3a869db68970e

SHA256
071c6d5c140671c53b6484a305af95878c0903bce02a0d004410928d8c0e85ec

SHA512
533c330c03cf3175f494282b9f5b96d89f9244b6f14675263413eb65f0d40acfef8c226be0fd6531d421ada959a92ac7725eae9f1d8d69e5b1c979aba7803c11

Download Submit
/data/data/futbol.paraguayo3/files/PersistedInstallation3867865476467341540tmp
Filesize
79B

MD5
9a20cef634a3f429d2fe04f0ebbc73f9

SHA1
6b7d97de1dad79d89acad32a113aefb627e4f82d

SHA256
3e527e98596c206a964bce2ec21e5d34e5c8b63c9dac67fcf0b14efb336f3a07

SHA512
f27ea9eb7cb82815405a16748030be132bb9a2a0a2e02ccc2a25fadb3ccb59231776551bf57e301d86dca571930c48173fbfeccb4221e841cbe476cb3dae4809

Download Submit
/data/data/futbol.paraguayo3/files/PersistedInstallation5665697663977763978tmp
Filesize
560B

MD5
f590c5c5498f65be10726b869269518b

SHA1
418f7c7fa274cb4bf0cf6eadc8f235dd00336195

SHA256
9c860869d0620af8466af25eff10ce188ae7eff42e4259689f05867f6a6fcd2a

SHA512
bae83799602b72a35e9bcff2003f2e80c5e26be40cb69ea6ddd5048c7ee444e3d279f7751456e44e1ab65166dcbc915c855f856e9b6ab77bf434ef0ee6db23ea

Download Submit
/data/data/futbol.paraguayo3/files/audience_network.dex
Filesize
3.0MB

MD5
b18ab03453d5d70113873d8c45c10d2f

SHA1
ad3c48b1ca11b9c84f380b9ae7a025f957f3d02b

SHA256
bee390afa2267bc48829ee7a0f4286895bf32ba2443ff447451f515818f7203b

SHA512
63e75b38dd472b2de19f6e513026e732ca040699437be4a1684827ab2ba4baf2077b053c0ccc4a702b72bfbc2ed7e343296b9a9f85ba906be37bdd6f905694c8

Download Submit
/data/data/futbol.paraguayo3/files/oat/audience_network.dex.cur.prof
Filesize
347B

MD5
a798a91af4c60cb5e6ce2e60bf1b9750

SHA1
135c739c01cf4c409f246f5c8d4996d069bf44ae

SHA256
451e64b1fddc7a61759c0907af06dffee3506ae96150e1c0b4dc956f6af6fbe9

SHA512
0ef13e72a468273650519975fcd6ba605a65e17b4fcb36177cacfe865389ee4e539de30d6efc7cc6b03b0345ad04cae385e7a12a1e67177a454edecf17d7805f

Download Submit
/data/data/futbol.paraguayo3/files/vinebre_ac.txt
Filesize
19B

MD5
6f0dbfc6be6a196e18c871fcbdd1d275

SHA1
06d96bf40bcecd63ca2a871fed88e00e85fa640b

SHA256
392324023956023fe16ab4c1442d355fa0595e3b09b8a05d196b6a2e38153d20

SHA512
62918b7aeac3b0bac5449db7384e7b336c5931fd7a36783cc973a3deb89ae5da5d692a21b441117beac7bf5341883c7c58869cc25a1dd516bda50c53c205656b

Download Submit
/data/data/futbol.paraguayo3/no_backup/androidx.work.workdb
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/futbol.paraguayo3/no_backup/androidx.work.workdb-journal
Filesize
512B

MD5
62366e4513e36576adcb2587140299c2

SHA1
198cd8f8f40977045673e145ee538f994bdfbe95

SHA256
dd5b2c53b95c26e6a7a8cf2bb22ede09cbf6ac21fcdfab54b78976c2f915377f

SHA512
43573a64c42c90cfa12f036d129c4119d72123536967a4dcceab0438a7fa18c9b9d181f9c422c9b65a7022f3e2f96eef41ac692bcbd38aa4020874dc9c40d8e5

Download Submit
/data/data/futbol.paraguayo3/no_backup/androidx.work.workdb-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/futbol.paraguayo3/no_backup/androidx.work.workdb-wal
Filesize
16KB

MD5
a6ea299c6ca20be297f731e64500ca0f

SHA1
ae0bf1bf997d03ac9c295fa0e57f9ec5c5e23d5b

SHA256
7aedf9dc0e890b7cca0be509e49e6882cbb68a786a9eff189acc0def0f75397c

SHA512
49e1c1733a8fd494a2f235b033407215e76ab0f34450b45d7f0b6917e6a63857dc30629ac0d601b14efefece7d7669957d7cb474a3e06d53941c57e2440d12e1

Download Submit
/data/data/futbol.paraguayo3/no_backup/androidx.work.workdb-wal
Filesize
108KB

MD5
bf6ca9b139b2246e770327b9df7a312e

SHA1
e86c938be6508aa79382fbf3bc073e0204c6b8bd

SHA256
024cb1b726df4ed63d8ce163f00911701eb44c6be8f26b35edbc8e335b63a5ec

SHA512
2a0680279ea2bcbe4342f236921ae7a0decd0853886a1c94257c94cbd8bb238704bf26e68e61e87b05433813e28690efdf3a7638b6631da8183c65c0ad647731

Download Submit
/data/data/futbol.paraguayo3/no_backup/com.google.InstanceId.properties
Filesize
2KB

MD5
9b9924a9b4d8af1bf5017b608cab2118

SHA1
f51ba15d18ad7c94cfffd3d1a58844540ff31f34

SHA256
88d22531d23473b22ef808cef6a26daf40860e213d224aadc5334a82747485a3

SHA512
8d425824e49998634c4570ba5ab7d8979c656ce5b203afb6035f79316b236baebfda67d6c889a63f7196698c74c4f9cf20e44e737169752e9460f98f9766ba4a

Download Submit
/data/user/0/futbol.paraguayo3/files/audience_network.dex
Filesize
3.0MB

MD5
a31c863b7843d64af8070b7e12b6a3ca

SHA1
e94376c90f3c4aa57a1f278f5357f506fdd7087a

SHA256
24eca4bfe4321e3e99a16bd96a6678e3be23e706d1bff0d99a9d641c1329ed7a

SHA512
88eb89220a0fbd8ef088bc93c3a6635cf01ce9bb3d2377fcb5368c69f77a5a545fcd6b2314e8ca900fcfd4565ef2c60a7edbfb57f5c8987d80efd9fabdf0f534

Download Submit