ce9beaa632a73a20b1467ab45878975bc1fe6188449fe459c09f170f6d4ca886

Analysis

max time kernel
128s
max time network
143s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
25-04-2024 16:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

minecraft-1-18-31.apk
Size

150.4MB
MD5

b6de74310c32403c8262daa026b4f3ef
SHA1

6e8413d0cf3a24fbd8489c0bee5b9a9d66f82d87
SHA256

ce9beaa632a73a20b1467ab45878975bc1fe6188449fe459c09f170f6d4ca886
SHA512

ac09dbaddf8b7c0c23a46b2f4d2aa809c86e95b7a319199fd26cb4c0d879c2540b4228d9dc6da90c9c979e1051cad674227974b0abcd677b88e45d11ed09c457
SSDEEP

3145728:ACvIk6AZ2RGiMsZVrRy+oqYZu+7yzCm9cxNlOAjR1e7ZS6+7Fs0ZNe:AuncRGivZVXdYZu+7ymCUlOAze706+Rq

Score

7^/10

collection discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.mojang.minecraftpe

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.mojang.minecraftpe/[email protected]	4610	com.mojang.minecraftpe
/data/user/0/com.mojang.minecraftpe/[email protected]	4610	com.mojang.minecraftpe

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.mojang.minecraftpe

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.mojang.minecraftpe

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mojang.minecraftpe

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.mojang.minecraftpe

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.mojang.minecraftpe

com.mojang.minecraftpe
1⤵
- Checks CPU information
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Acquires the wake lock
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4610

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Stored Application Data

T1409

Command and Control

Exfiltration

Impact