c54dfac7b253b319799bd21fbf0577b25ae6a80e6cc7ea3f533dfb5b478f4e16

Analysis

max time kernel
16s
max time network
157s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
27/04/2024, 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HappyMod-3-1-0.apk
Size

16.2MB
MD5

c25607a1fd692ebf31204cc1b7184266
SHA1

1b8ae282efaa220818c56202c1dcbe66591718d3
SHA256

c54dfac7b253b319799bd21fbf0577b25ae6a80e6cc7ea3f533dfb5b478f4e16
SHA512

db6a2efb2d24cd9d63522753777022febf15cf7e4c8d9e4fab117787f78b9b53990f1df7f17f03ec072497f0efbe299ff30640a8dcf5d4ee99d2b32219d923ad
SSDEEP

393216:wp0TcbMT8phcEb7Nqa4Lt2aUw3YI7luOP:wacQTkcEEzMaUI59

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.happymod.apk/files/prodexdir/00O000ll111l_0.dex	4189	com.happymod.apk
/data/user/0/com.happymod.apk/files/prodexdir/00O000ll111l_1.dex	4189	com.happymod.apk
/data/user/0/com.happymod.apk/files/prodexdir/00O000ll111l_0.dex	4189	com.happymod.apk
/data/user/0/com.happymod.apk/files/prodexdir/00O000ll111l_1.dex	4189	com.happymod.apk

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.happymod.apk

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.happymod.apk

Checks the presence of a debugger
evasion

com.happymod.apk
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4189

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.happymod.apk/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.happymod.apk/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
a199c9dde5a87974070696b4da200a13

SHA1
9a70cc897636630c70fb822c6df276dcc8314021

SHA256
0a7ffe533433412669cf8db6315b351455c164e53d4400fffca8d456a6aeb671

SHA512
93aced962fff7f42bffc49b61f76e91882803567f63dcf226f6d2eb77879b22bcd7dfed5d2e7972e62feeb097f48de58c039a44f2d0a182941bea3d0b2012ac4

Download Submit
/data/data/com.happymod.apk/databases/com.google.android.datatransport.events-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.happymod.apk/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
7345a1b7e654ff13695001fd11c9a7f5

SHA1
a7fc46b33a7a24bdb337c0440178f556f81721bc

SHA256
86ef73935aa92eeead236a5a3885c417f494f8a38b522bcd5163a54dbc23a8bd

SHA512
4c61c50e7458afd27d1f6423d8a274fe21e0439fd28afb374a9f496004f470a352d185b620d3bd14bb246dcc200d83766eb691286135c73b48658947bf3593e1

Download Submit
/data/data/com.happymod.apk/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
63c538f3c33ce5315fc0f73c8e2f0c9e

SHA1
a84f308a7ed8724e6540da9e35940285235c6fae

SHA256
932e3396bfc211eac78fc345cc86978d10e4f72670c55a0f3b74dc3f44e2e2be

SHA512
713d0071adb8afaca7a1ff26fe20118c2713ea713876405f6968c59e75865eb579ba0898f55cb7018ab324779d9295715d2a0dd10caac178051972503f17c140

Download Submit
/data/data/com.happymod.apk/databases/google_app_measurement_local.db-wal

Filesize
32KB

MD5
2c08077ac5840adbb26dc4387ade467e

SHA1
ca72a5693029cc4cb5346ca0b3052f02d15ec512

SHA256
5ec62843c253dce53e6036c8fc754de760d6dc27bffb02e0a108021663486d1e

SHA512
5c154331f33658e468aa959dfa79901667440a1acd017bd47f7f734b1504e6111ee458c5a66f123ca48947d03677888a1d4f85556c82fc56245f68f1f0f5c51a

Download Submit
/data/data/com.happymod.apk/files/.com.google.firebase.crashlytics.files.v2:com.happymod.apk/com.crashlytics.settings.json

Filesize
712B

MD5
5ccebd27f8ee23b0bf66293cea2e917b

SHA1
a447ed88969c3c287ee8693a0dff62d335a5146f

SHA256
aebb26e4025a5c7e0e108064d18d3dec7f4242c3c5d1caa4ebd7ccbcccabdce0

SHA512
699fd1ac8bc4bf068f2ac3e73b7204284b92fa8f32d9ac336699bcaca8ff158cd378ab633ea1243fd1dc2c3be0c1efffd4a979412b8574463f05738e98e41ee9

Download Submit
/data/data/com.happymod.apk/files/.com.google.firebase.crashlytics.files.v2:com.happymod.apk/open-sessions/662D644C00F80001105D6280362C3610/report

Filesize
791B

MD5
0672ae5fa77d1ea0b6f8832be2de23f9

SHA1
c1d0513137ce393367582bd55e5329925ca31104

SHA256
00aae5f7f4c117f0ebf65871608ba7c6f71fa66924e6230e69790867373181eb

SHA512
999df8d72ab793083558c3bc745c19886a86ba6b8c9e323a25622ce2ac377657a18a9778560429bfb17b29a496b270d8b7f0d8595c262ad6b65e834f16d5299d

Download Submit
/data/data/com.happymod.apk/files/PersistedInstallation1827333579865935624tmp

Filesize
570B

MD5
d382d643c4ee05a9722ce45e8b52a0bf

SHA1
1f6d27e1226cfd3f0b6cc187fdef663f51797cbe

SHA256
da9c7ebcc13e17c07bea8a14f60d9a0f897cca6e63116a30d97f4f606e8ab8d4

SHA512
fb76607c6ec411f6157039aeb63320ea11b539e3ef331124143e16229edde678fba08daad3b07d7e9bfff2dbcbd4e4fcf79a33729c42ad75da486415f8f2945c

Download Submit
/data/data/com.happymod.apk/files/PersistedInstallation8943588534688856378tmp

Filesize
90B

MD5
0353be79a43ecd49bc984f70968dc606

SHA1
c3fe193f92e1481af1190d645bb2adadeeff578b

SHA256
58cfc08420338f5892d9108cad2b4c8a5e595e5339e34916ff4ecee90c3dfdfb

SHA512
888254ab0fa13803271f97ad0d7cc5b8af4e99e68391019856019727916990a67f6164045a2fd1fd1178bca7d33dfb48c4e0eb8a807a5aa89321a05571cad32e

Download Submit
/data/data/com.happymod.apk/files/datastore/firebase_session_Y29tLmhhcHB5bW9kLmFwaw==_settings.preferences_pb.tmp

Filesize
33B

MD5
a65b9b3e4670dc3b48a9609f816ad531

SHA1
682a73f2c248815fba0cb50c45031a53d6f8dbcf

SHA256
a4aaa2a4e0cb12123b405a9d33bdd7edf8cbb41ea92e75deb1ba21bf1db5b2a6

SHA512
6c06e6791dd41c1c8d8e0246e9bf7fed81dbdb5e918e7dd78cc2af1f002f8a532ec28335b229a0ec5c1ee220861092cb1a7c7f4060663394e420d80ed391179e

Download Submit
/data/data/com.happymod.apk/files/datastore/firebase_session_Y29tLmhhcHB5bW9kLmFwaw==_settings.preferences_pb.tmp

Filesize
75B

MD5
06bd63584cc699cbc92ade3aeab0ac42

SHA1
e21167e5419847271e7f67b3b286916b8124165d

SHA256
1e58e88b20702d0a80025c1fbacc9ad5fe2565311e2230d581d669fbd7e8b0ef

SHA512
675f177e388425023df5e19cda634ab1e7673681feabfa7bb860089105353166491d15b8c86b5408833230dc5b0ac43e2b5a61e1d36ea0b40d6ce7166bfc385e

Download Submit
/data/data/com.happymod.apk/files/datastore/firebase_session_Y29tLmhhcHB5bW9kLmFwaw==_settings.preferences_pb.tmp

Filesize
121B

MD5
1fbccf7b936a9b713de5d42c6d8a075d

SHA1
7c8bbdf9151e7f53e2675329d471e552446e9ad3

SHA256
232f9626cbee2e063e25f61a08f46575d019b62f02a6753c1325957a95e1c513

SHA512
b9177426b3facda6d86b5a83d05805a4dd2f5357d4979ca7282a13ce3f08ef7e7a0c5922675ada826bde264450b1b4ddcc54eea4de62249fd3eab1ec9acf32cf

Download Submit
/data/data/com.happymod.apk/files/datastore/firebase_session_Y29tLmhhcHB5bW9kLmFwaw==_settings.preferences_pb.tmp

Filesize
163B

MD5
14770edbc1290230aebe82f8dcc730a0

SHA1
f86874de3ff45c2dd7c982f9ada6b5fc979f082f

SHA256
7495b9faf55ff02d0a2906ca3e3f4b356abd96e421815f9d07f893682da6eaf2

SHA512
c6be6c93262e0c42527722af20fdd3be2c9936eb601280c36492e0bb2151bb63f88bfb150690ae361c75d01a33647c2440bb49e290af38c5c5af5a707320e3de

Download Submit
/data/data/com.happymod.apk/files/datastore/firebase_session_Y29tLmhhcHB5bW9kLmFwaw==_settings.preferences_pb.tmp

Filesize
212B

MD5
dd4940d607a23ab9d85bb520a89b8014

SHA1
790c02c1a54e04381032269bbd048bf19a078313

SHA256
3299ecfff20e9771f7250f49dd28d4f2c0fc86122087f0e3603f6a7b256692af

SHA512
198aa7d591ff2955567af3a770bfd447f8cd85f65fe9a0c496bccedcc4f9a70c6195a94a9c0aba0c6a0a7386d7f6afa628ae83e69db6788e70771a5bd5d620ca

Download Submit
/data/data/com.happymod.apk/files/prodexdir/.updateIV.dat

Filesize
12B

MD5
37e5c51f9263b609e5c19d9044df0fc9

SHA1
592f7d43b33642e977a3b09cc411f134347cf688

SHA256
892cc6483a52c56433888ee0cf8b9643c3dd7c18b6b0857ff8ee39dab88f4530

SHA512
d83a6fe0cd18619c7ea640dc199f7c3b75f0e257c640cbbb582c8f6e26c0704c9c9e7e00409151c98b290eac6135babd14bc69b7cf9638ee8d730baa49576281

Download Submit
/data/data/com.happymod.apk/files/prodexdir/00O000ll111l_0.dex

Filesize
7.2MB

MD5
41ee8680bc3ee9d1f32804a07d177e9b

SHA1
727dea05826c8d2c27def4f5dbeef6a9b1714e9a

SHA256
92d875fe3a286ce9b9a7e784c43e59498dba1a6fd4ef9cd59a026a24c0f2bf48

SHA512
dd3e49e769038ea57e1a6b852f62753b02f9fae41ce52ca24aca42d7ebaf97a4161e8350693df490f890ab8154d3f82b77343019f3204a1826378f89f8b559f1

Download Submit
/data/data/com.happymod.apk/files/prodexdir/00O000ll111l_1.dex

Filesize
8.8MB

MD5
77fc8388dbab3498fab52f9c3543ebfe

SHA1
128acec29ba8624181433c8f9ed4d997ede069bd

SHA256
adce20efde1e5bbfe5f8f8b7fce09c8b69003ce9c841a9ecf397912ad9702f7a

SHA512
f2877516ac0a714770e2c01b81e6d6ecd67fd1c50dc66bd19f55792c53d5ac5fb936a9810be9f4424d664afc5b43f961b58be1a1415f34079b0bff1eca2c8449

Download Submit
/data/data/com.happymod.apk/files/prodexdir/0OO00l111l1l

Filesize
7.1MB

MD5
60497547e5fd370b3a70dc79e2f3dc51

SHA1
e4a91e71f6bb17a630f4a0ac85c25eb2de277b31

SHA256
efa3ff9dc11ffe47672e6ad5241ada76f89499ee679c2aba0f2a3b5303d55e8d

SHA512
a145fa478afd665d9467731ab6fd7692987e34be46a8f12f6f3ec08e7c100d7e2a05345c804a730590119bf345f9e9c546c2ea80a565b9720730190ebeb07741

Download Submit
/data/data/com.happymod.apk/files/prodexdir/libshellx-super.com.happymod.apk.so

Filesize
276KB

MD5
7597005fc8bde831e322201a202a4f6c

SHA1
3de26a1fc12a3f34203bc705168a96427b72fe3c

SHA256
76d7003c6b340258168c070e204bd2d3d5d271794873399ce950024c94cb9af6

SHA512
6d676bcf1e74ee34d5e7d12f0c61534d74cc3cd9d7cba7a01c1d8861d192d907b3fa441f46eb3b7170a3990a1f2d18fdd040e6b322e46b7f245fe2d55b0cb056

Download Submit
/data/data/com.happymod.apk/files/prodexdir/o0oooOO0ooOo.dat

Filesize
144B

MD5
d3029fd4365e016cccd713d81e528f25

SHA1
0351063c2d64437c1a2d9faf06ae18c184e6547f

SHA256
4d9e81cd757ebcfc9ef7aadd8d034bfd86a7b23ef09e4d0924cdd788f9c63279

SHA512
ba99a519b1c5ea4a0664a23efc77d893b81a163fc86f4697d4250b8465ee6c73a354941b6a2892ff62df20a0a6868ab313f6f84e92eeb871323f6b29e21cd743

Download Submit
/data/data/com.happymod.apk/files/prodexdir/tosversion

Filesize
35B

MD5
63c2b8a4825bfa8a2c234f153388c28c

SHA1
9fc6794ae87c9f2bf68c2de7709f4869b9b2fbb2

SHA256
7ce40e1de874ec52816b0ae225ce4a4838700477627a4b9eba8ee5cfec3ed9a5

SHA512
d9924b6fe2167d491e22bf21b1d809f52b0f47bd94acc5ee7e77843aa46859aafb8e0caf845d69855667803cf624fd2d81029dce7a3342f096c14431bb310c52

Download Submit