Overview

overview

7

Static

static

6

virus invisible.apk

android-9-x86

7

virus invisible.apk

android-10-x64

7

virus invisible.apk

android-11-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    21-04-2024 10:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    virus invisible.apk

  • Size

    1.7MB

  • MD5

    789a4f14dcba5d270730ab95f0cc230a

  • SHA1

    f377d584cffb7d263a71bb66315f13cf130f61a3

  • SHA256

    7281ef02bb73c92d2245645ac1a3b08966719457fab87e74a4463911310718b6

  • SHA512

    9a99b00158759599ebdbb41926c9948a428c2c72bcaa4a98e407ff209e12d7e217b08217d0ddb13d2735ca20580d72d27ca23343cbb8c8c9709e898094f364b4

  • SSDEEP

    24576:kHeVbupUASUT4vcOwxBSHu2ajHf2xg4MLL/UFvhiOZyPa0lHNzde1Ej0:0GQ94knbJTOxg4MsFv0kEl5Nd+Ej0

Score
7/10
collectioncredential_accessdiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.tankbattle.games.free.nearme.gamecenter
    1⤵
    • Checks memory information
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    • Obtains sensitive information copied to the device clipboard
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    • Checks if the internet connection is available
    PID:5145

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tankbattle.games.free.nearme.gamecenter/files/2f721622.dex
    Filesize

    1.1MB

    MD5

    11aacf1657c9733c5b9091c01829fe1b

    SHA1

    414d116a1ee0473c606b58da44734f8f1c391006

    SHA256

    f1a671bac898e7993232dc8a4c0f0348a0c56a7c495b509f5aeff3b688b5f4b9

    SHA512

    f0270b324d5755b7716f4439f5dda57e723e093037c28879a2f580ca11fcfc826251033d96b83f9da0b4a14369babf0b8347e8c4290e803deade203bc1a71502

    Download Submit

  • /data/data/com.tankbattle.games.free.nearme.gamecenter/files/MMK
    Filesize

    740B

    MD5

    cd0cfc108a38f85d0924479d7f2d2bd4

    SHA1

    c7c74c46e489692fb90a5f7ecd048b3947e4e448

    SHA256

    f0a222bb525c867faab53d22985c5f29bd6809ccc88a52438747f2f29c94fd64

    SHA512

    d0cb3645456a7ee8033127c97c9a42b75ed3cf5ffdb5ae32b1458c279beeae379ff0d5e0eff849904a59825612fdc7ef2b76cf68ae5037d434dfce8c50a6911f

    Download Submit

  • /data/data/com.tankbattle.games.free.nearme.gamecenter/files/PersistedInstallation872735943364319614tmp
    Filesize

    566B

    MD5

    8de8ba2cf4db034b2d4259e6371d24cc

    SHA1

    cf6d5ea24da511c061ab026de20e28ffeaa1bf7e

    SHA256

    af7b8c5dda500b892d03dd4cc229d812db4e22dde72ae3febec914f186cda7f3

    SHA512

    30fc31ced2ecd02ef8ba0b91f70c4d1e2f8c62519d5fe3e37a649f93e83fd64cbcc1c0942384f73085e63fa025d1a08212cdc048f2c353c476df34e86970efac

    Download Submit

  • /data/data/com.tankbattle.games.free.nearme.gamecenter/files/SbHZ
    Filesize

    229B

    MD5

    ed4c99ec1b1541a43f96d40aa46d2472

    SHA1

    e0018434988f82bd159357dd2fa954a69ac88959

    SHA256

    9c01203e998d4459e45dd3fd76aad340d7b91bfa5e8812e390a3b6a0cfea4c0c

    SHA512

    24cc287804d000eb9100820a4344fc8550cabcef5e328c8ce7a29352e6848651b036757b38c4479ecf3b67dc308cb459d7de5bd16fc7c2c1825cf3255627be7d

    Download Submit

  • /data/data/com.tankbattle.games.free.nearme.gamecenter/files/SbHZ
    Filesize

    229B

    MD5

    d62633fc2137681dc04b7922e2a15d26

    SHA1

    8c1b59b57eda7c7f19c91d11ab305d06552a2b54

    SHA256

    b0df6462b4a588b6c3c6527ebbacb473a02100d2bbfbfca452405209b7df7b98

    SHA512

    c7f28031056cc36bce2a03a955775a92ffa9d248800b9548e76af24ac6656e12b133c286113f5fbf77c5b9fed9cd2aa180d2cc16a23c77c9610b2662ad918caa

    Download Submit

  • /data/user/0/com.tankbattle.games.free.nearme.gamecenter/files/2f721622.dex
    Filesize

    2.7MB

    MD5

    29c4f5590d6d094b0be5fb343e705aeb

    SHA1

    e2adf655fb4ac2500435dc8fdc8b8b2dd3b6e052

    SHA256

    586483ad23d52d083a3ebac2e3f17280624c02bc1003e3858e0396ae860e7f41

    SHA512

    9d8aeb86f38189032c9b9d75c1b0587f6d8369d18a0ba8e58ba50dc2f571993f806553d9c93538644b1d49ac9b46af10ee3643bde8985b8e04a0805989cff124

    Download Submit