File name:

F-Droid.apk

Full analysis: https://app.any.run/tasks/65bf9b98-5a79-401a-b3ea-b9751719155e
Verdict: Malicious activity
Analysis date: April 26, 2025, 23:44:55
OS: Android 14
MIME: application/vnd.android.package-archive
File info: Android package (APK), with gradle app-metadata.properties
MD5:

C5ADF6842D8341FD839CFFFBA884BFB0

SHA1:

69790371F62B21DD9D3E6BB17B95C9985CA7E5B2

SHA256:

B64651849ECEB57459049E7017E043008FCE8F146AAD1D34D98F0027D87E4EEF

SSDEEP:

98304:Uda/sI0tgUy2bK8ijFikRp4UgcJn/aqlIqqFj4DWrZq666EY+nxMeS/zhCjebzYW:K39XhWhfkJrjkM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Updates data in the storage of application settings (SharedPreferences)

      • app_process64 (PID: 2291)

    • Uses encryption API functions

      • app_process64 (PID: 2291)

    • Collects data about the device's environment (JVM version)

      • app_process64 (PID: 2291)

    • Triggers notification to user

      • app_process64 (PID: 2291)

  • INFO

    • Verifies whether the device is connected to the internet

      • app_process64 (PID: 2291)

    • Dynamically inspects or modifies classes, methods, and fields at runtime

      • app_process64 (PID: 2291)

    • Gets file name without full path

      • app_process64 (PID: 2291)

    • Retrieves data from storage of application settings (SharedPreferences)

      • app_process64 (PID: 2291)

    • Dynamically loads a class in Java

      • app_process64 (PID: 2291)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.apk | Android Package (53.2)
.jar | Java Archive (14.7)
.vym | VYM Mind Map (12.6)
.xpi | Mozilla Firefox browser extension (8.1)

EXIF

ZIP

ZipRequiredVersion: -
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 1981:01:01 01:01:02
ZipCRC: 0x2ee0d5b5
ZipCompressedSize: 51
ZipUncompressedSize: 56
ZipFileName: META-INF/com/android/build/gradle/app-metadata.properties
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
125
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start app_process64

Process information

PID
CMD
Path
Indicators
Parent process
2291<pre-initialized> /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
12
Text files
5
Unknown types
0

Dropped files

PID
Process
Filename
Type
2291app_process64/data/user/0/org.fdroid.fdroid/shared_prefs/org.fdroid.fdroid_preferences.xml
MD5:
SHA256:
2291app_process64/data/user/0/org.fdroid.fdroid/shared_prefs/_has_set_default_values.xmlxml
MD5:
SHA256:
2291app_process64/data/user/0/org.fdroid.fdroid/no_backup/androidx.work.workdb-journalbinary
MD5:
SHA256:
2291app_process64/data/user/0/org.fdroid.fdroid/no_backup/androidx.work.workdb-walbinary
MD5:
SHA256:
2291app_process64/data/user/0/org.fdroid.fdroid/shared_prefs/at-start-time.xml
MD5:
SHA256:
2291app_process64/data/user/0/org.fdroid.fdroid/databases/fdroid_db-journalbinary
MD5:
SHA256:
2291app_process64/data/user/0/org.fdroid.fdroid/databases/fdroid_db-walbinary
MD5:
SHA256:
2291app_process64/data/user/0/org.fdroid.fdroid/cache/oat_primary/arm64/base.2291.tmpbinary
MD5:
SHA256:
2291app_process64/data/user/0/org.fdroid.fdroid/app_keystore/kerplapp.bksbinary
MD5:
SHA256:
2291app_process64/data/user/0/org.fdroid.fdroid/cache/dl-712333284513154220compressed
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
16
DNS requests
13
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
204
142.250.186.163:80
http://connectivitycheck.gstatic.com/generate_204
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
449
mdnsd
224.0.0.251:5353
unknown
216.239.35.12:123
time.android.com
whitelisted
142.250.186.163:80
connectivitycheck.gstatic.com
GOOGLE
US
whitelisted
142.250.186.36:443
www.google.com
GOOGLE
US
whitelisted
142.251.31.81:443
staging-remoteprovisioning.sandbox.googleapis.com
GOOGLE
US
whitelisted
1775
app_process64
142.250.185.174:443
play.google.com
GOOGLE
US
whitelisted
1775
app_process64
205.251.242.103:443
amazon.com
AMAZON-02
US
whitelisted
1775
app_process64
65.21.79.229:443
f-droid.org
Hetzner Online GmbH
FI
whitelisted
1775
app_process64
172.67.15.47:443
cloudflare.f-droid.org
CLOUDFLARENET
US
whitelisted
1775
app_process64
37.218.245.230:443
staging.f-droid.org
Greenhost BV
NL
whitelisted

DNS requests

Domain
IP
Reputation
connectivitycheck.gstatic.com
  • 142.250.186.163
whitelisted
www.google.com
  • 142.250.186.36
whitelisted
google.com
  • 142.250.184.238
whitelisted
time.android.com
  • 216.239.35.12
  • 216.239.35.8
  • 216.239.35.4
  • 216.239.35.0
whitelisted
staging-remoteprovisioning.sandbox.googleapis.com
  • 142.251.31.81
whitelisted
play.google.com
  • 142.250.185.174
whitelisted
cloudflare.f-droid.org
  • 172.67.15.47
  • 104.22.3.52
  • 104.22.2.52
whitelisted
amazon.com
  • 205.251.242.103
  • 54.239.28.85
  • 52.94.236.248
whitelisted
f-droid.org
  • 65.21.79.229
  • 37.218.243.72
whitelisted
staging.f-droid.org
  • 37.218.245.230
whitelisted

Threats

PID
Process
Class
Message
Misc activity
ET INFO Android Device Connectivity Check
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
F-Droid.apk