Overview

overview

7

Static

static

6

wr-grimval...25.apk

android-9-x86

7

wr-grimval...25.apk

android-13-x64

1

install.apk

android-9-x86

7

install_mod.apk

android-9-x86

7

Analysis

  • max time kernel
    457s
  • max time network
    550s
  • platform
    android_x86
  • resource
    android-x86-arm-20240506-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
  • submitted
    07/05/2024, 04:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wr-grimvalor-grimvalor-unlocked-125-androeed.store-0-1711309925.apk

  • Size

    692.3MB

  • MD5

    eb5bcfe51348e7fafc52788921578c19

  • SHA1

    2438f5a33e944ba2c2fa9a416d4e4c411a5cf666

  • SHA256

    91bb125af1330d5be013b3092117d970d78dae2c01530845880ab67a73ebc95c

  • SHA512

    5052ad1ff91513327803225b02ac9f55a396bab7fa98f9966bafa8a82b032d2f84f3a6e399e3330495c5081c7c7d9fad148da0db1566f96be340b790217ce82a

  • SSDEEP

    12582912:Q66eqAPlI5RhdqisHASUG3C3E+94kwCqrnQqy+0pynmzaOibhf/PWP+sqGnLTeG:R6eqAWhECGy3EnkwJrXy+qynDOibB/PG

Score
7/10
discoveryevasionpersistence

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Requests allowing to install additional applications from unknown sources. 1 TTPs 1 IoCs
    evasion
  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion

Processes

  • com.androeed.installer_com.direlight.grimvalor
    1⤵
    • Checks CPU information
    • Checks memory information
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Requests allowing to install additional applications from unknown sources.
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4313

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Android/obb/com.direlight.grimvalor/main.46.com.direlight.grimvalor.obb
    Filesize

    492.0MB

    MD5

    5b76ee004d82033d4d53ee6b0b000100

    SHA1

    274513bbced8c9aab4a71b0e5dfa082b0d027f5d

    SHA256

    5ce37fc0b87ed99efcd283dcd9a4d9d82f5fb67e14f465367fea0243033efbf5

    SHA512

    2bd599efa535c757f3f5486a094df9fd877588555f0f2034c6edec74721c6cb2881986ffa1dd6c4d13b4e4c076ea14edadf0e803153e2ebec4b04ca6d4925a82

    Download Submit