Overview

overview

7

Static

static

6

03c65a2a28...9a.apk

android-9-x86

7

03c65a2a28...9a.apk

android-10-x64

7

03c65a2a28...9a.apk

android-11-x64

7

Analysis

  • max time kernel
    176s
  • max time network
    151s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    24-05-2024 12:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    03c65a2a28a282490f73912e36657bca5b5b5b137b7b1e7bb55c72bcfe72799a.apk

  • Size

    1.7MB

  • MD5

    53901acffac8a2708e4bcc64a39db617

  • SHA1

    2ca00b21d898b0758c6cf962e669711415eb0218

  • SHA256

    03c65a2a28a282490f73912e36657bca5b5b5b137b7b1e7bb55c72bcfe72799a

  • SHA512

    874190ae7c9303396f54e0f1baea3b7b1710a4e2809cca00aafbd048d753de4b14462f514c5021001d43be6fbc4b2fe1d1e7214a0099da9c001454769f8f908e

  • SSDEEP

    24576:iK4MuX+W7IJxYqoIg9V+sj8vl8nhDlviMzHWqg0QcECqabv4eEj1:iK8+WU7Yqo9uqslALzHWKvR1v/Ej1

Score
7/10
discoveryevasionpersistence

Malware Config

Signatures

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.herocraft.game.yumsters.free
    1⤵
    • Checks memory information
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    • Checks if the internet connection is available
    PID:4353

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.herocraft.game.yumsters.free/databases/com.google.android.datatransport.events-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit
  • /data/data/com.herocraft.game.yumsters.free/files/769da750.dex
    Filesize

    1.1MB

    MD5

    22c5c6a8c9a3c5298c2d1926be3b7873

    SHA1

    6afe67570d282ffbc555333662568a220eac0c05

    SHA256

    d89ec84d8a3cba8ce10e36e69e0faf3a6c17f1c03d20e84f84df641bebeafa0d

    SHA512

    13934dfbc6f6d0a5ede7f8568b62a155e65ceff6e91f0aed1382e8f600bd6b33092330a8a6d6e02ef1b15cc4a8a8efb2d137bdd08f0d238f305f365a30a60119

    Download Submit
  • /data/data/com.herocraft.game.yumsters.free/files/PersistedInstallation7270536521574536174tmp
    Filesize

    562B

    MD5

    ae4bd6351923bd439daf98faff5099ee

    SHA1

    cdc83acebc64b09159c8a30017c85b13ecb18a76

    SHA256

    df6dec617ac10a7ad741a3fc030ddd2f380023abedb2d95b95d84cbf56c8d192

    SHA512

    1136ab257f3ebc9695d30dbd33466b2b00f7b27715e571a96cccd8a9d6a7a9053c8f4b9d4312b4cdb7eaefeb9be2d0678e26a0e7f2c404630a12bb4c3e3e56c3

    Download Submit
  • /data/data/com.herocraft.game.yumsters.free/files/fLKVg
    Filesize

    222B

    MD5

    95025fefcc8092b8a97421df07b0e5c9

    SHA1

    27462f998f2d2f7a4ac3cd2b206598025d190cf9

    SHA256

    1e930480236c7b5016bb83688c3916818093be34f1c88b67da0d5cc8c99ba503

    SHA512

    d98851218ac06d5602523efb6a26a45d1dacab38fddc1c456caea75c8e1a94f3409483462afaeec178a24477f4b847003f5c26dc96ec4e29161af5340bbf6391

    Download Submit
  • /data/data/com.herocraft.game.yumsters.free/files/fLKVg
    Filesize

    222B

    MD5

    832a25406d4f9f3b3e0390ebda5addca

    SHA1

    15319e7a092d20a9f28a49b8526574f44c61bb6d

    SHA256

    c785eebc32e4bf0477e53a8b058b542201c89e310f2108eaf11f4f1ada7cfcdc

    SHA512

    b077809e465731f2cf6e22107134d5243beeba738558ce20ab38c44957f73a9db371d8df0b0032f5bd71418c02708b439bb5d4fb53376bc9ba65d0d3740c675d

    Download Submit
  • /data/data/com.herocraft.game.yumsters.free/files/o
    Filesize

    703B

    MD5

    46c8b46f11139d7560d821c2a98671eb

    SHA1

    f60d588bcd3eb55facf54acfd76a684255d01258

    SHA256

    28866b2aace7f46c6f2d4344b8641e307367921181b141f5f377aa93ae6e00b0

    SHA512

    3a71419b2cd661453d15e3503831321897b0d0f1044199a35ecd72af435e2dd28917328b07436b902c134428e7dc6ef553591d8ba725b22f8ccf2e08fc904530

    Download Submit
  • /data/user/0/com.herocraft.game.yumsters.free/files/769da750.dex
    Filesize

    2.8MB

    MD5

    4ca3f7f1feda4f6283fea9b1e2766efb

    SHA1

    3377dd0f6bfe31270085bcd07e0c3d174c6a5547

    SHA256

    12fc5ebd038de4dcc76c2b2c49f17ed5a7ecf4c3a5206037eb95994ef22d439a

    SHA512

    4828a7c9d5beca27537d2373941da941f6f22bba0b22fa96ac307e4142948f7807ca4dc20fd402bd4a5c8c0533ec0c22fbc9fd2b6e00f6261082572c61182bdf

    Download Submit