266e98e3d7250a03cc85c3396870b4af2c619837a9729942287f06a0786c2a5d

Analysis

max time kernel
5s
max time network
185s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
17/05/2024, 18:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

117e1331306fec02b1ffe6b68d148cc9.apk
Size

1.3MB
MD5

117e1331306fec02b1ffe6b68d148cc9
SHA1

13c2878aeffdb2f36f85ee73f7d2219b827947da
SHA256

266e98e3d7250a03cc85c3396870b4af2c619837a9729942287f06a0786c2a5d
SHA512

4635b85427bb23596b3815e03fd49dc5b19e902fbaff4c20a091aaf2ba4eaab7d4b2adc476e1c82b2dc8395c3f22ba2a6dcd0a8bf192c8d48b88d77388ec1dbd
SSDEEP

24576:ePE/dMkyedinzRfuZ/Wmomsge6lOXZz0EmLtfI9hYM9Wk6Hs4zN7o+UFshcsM:w8MkyedMRGZgmsVSOh0EhGyws4zN7ovz

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.dotgears.flappybird

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.dotgears.flappybird

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.dotgears.flappybird

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.dotgears.flappybird

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.dotgears.flappybird

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.dotgears.flappybird

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.dotgears.flappybird

com.dotgears.flappybird
1⤵
- Checks memory information
- Makes use of the framework's foreground persistence service
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4267

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.dotgears.flappybird/cache/ads7112819823999949229.jar

Filesize
2KB

MD5
d80f6d032778b02d10a9c9a2f1a24714

SHA1
e34d4ea9618b1b499b65032723ea029ab3998500

SHA256
ee2de01a238f9e1834f9f9934dd1f5b267bdf9747965641d2fd636d740041f9b

SHA512
34fa52d41831142f86999ac407aafeb2b69bb4cd45ada9f739be84c80deb0414d11d6784f385eec287e4f6b5bdf29ba1c9a6a77c07707d66a73c60eb389136e1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads