03c65a2a28a282490f73912e36657bca5b5b5b137b7b1e7bb55c72bcfe72799a

Analysis

max time kernel
177s
max time network
151s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
24-05-2024 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03c65a2a28a282490f73912e36657bca5b5b5b137b7b1e7bb55c72bcfe72799a.apk
Size

1.7MB
MD5

53901acffac8a2708e4bcc64a39db617
SHA1

2ca00b21d898b0758c6cf962e669711415eb0218
SHA256

03c65a2a28a282490f73912e36657bca5b5b5b137b7b1e7bb55c72bcfe72799a
SHA512

874190ae7c9303396f54e0f1baea3b7b1710a4e2809cca00aafbd048d753de4b14462f514c5021001d43be6fbc4b2fe1d1e7214a0099da9c001454769f8f908e
SSDEEP

24576:iK4MuX+W7IJxYqoIg9V+sj8vl8nhDlviMzHWqg0QcECqabv4eEj1:iK8+WU7Yqo9uqslALzHWKvR1v/Ej1

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.herocraft.game.yumsters.free

description ioc process

File opened for read /proc/meminfo com.herocraft.game.yumsters.free
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

com.herocraft.game.yumsters.free

ioc pid process

/data/user/0/com.herocraft.game.yumsters.free/files/769da750.dex 5168 com.herocraft.game.yumsters.free
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

T1541

Processes:

com.herocraft.game.yumsters.free

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.herocraft.game.yumsters.free
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.herocraft.game.yumsters.free

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.herocraft.game.yumsters.free
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.herocraft.game.yumsters.free

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.herocraft.game.yumsters.free
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.herocraft.game.yumsters.free

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.herocraft.game.yumsters.free
Acquires the wake lock 1 IoCs

Processes:

com.herocraft.game.yumsters.free

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.herocraft.game.yumsters.free
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.herocraft.game.yumsters.free

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.herocraft.game.yumsters.free
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
File opened for read	/proc/meminfo	com.herocraft.game.yumsters.free

ioc	pid	process
/data/user/0/com.herocraft.game.yumsters.free/files/769da750.dex	5168	com.herocraft.game.yumsters.free

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.herocraft.game.yumsters.free

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.herocraft.game.yumsters.free

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.herocraft.game.yumsters.free

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.herocraft.game.yumsters.free

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.herocraft.game.yumsters.free

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.herocraft.game.yumsters.free

com.herocraft.game.yumsters.free
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:5168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.herocraft.game.yumsters.free/databases/com.google.android.datatransport.events
Filesize
56KB

MD5
91c04a852362175d71d6d42f628362f1

SHA1
dc1f332c0010a7f96564a43c59665903ff5f5307

SHA256
1f6e2315c548cdb41950770917c39ecc283f4726dcf97fc89739756682271126

SHA512
9e398d41aa400914c8eb54ef151958d9a5f33bb2312dab3b57857e833e9596ad3a26253a4ca8c356083d2deaa8893539203c33799eab8fd4ff158ea3715e3b68

Download Submit
/data/data/com.herocraft.game.yumsters.free/databases/com.google.android.datatransport.events-journal
Filesize
512B

MD5
71b79ae32f7e22d3b97ffc40b2c57bd7

SHA1
46373dda6e2e00f8f1f7964e922675143a84f403

SHA256
e56d7248b4f34dfe8f0583b2777f71f370228530aed40a1baf504764a5586455

SHA512
c85059b15cbaac1b3bc9523ae1188ed06fdc2943ba19aca3db090803875e71b16f3824639735ef2e0e1036ebad103661370a76345608257e8bc7463835f6a99b

Download Submit
/data/data/com.herocraft.game.yumsters.free/databases/com.google.android.datatransport.events-journal
Filesize
8KB

MD5
525cb95f22c87a5f76e5f6fbd60ef896

SHA1
a409f4d619cb1fe9119bcf316a9bc616f471788f

SHA256
4da92abae5417759b7dcfcbf7c62d41df30d738a877dba4a6ba303a2b44ced2e

SHA512
28cc60e0f3f063d2d9725e7eef0fbbe37b401785b2f62121cf3b66037533598cb07578274fa126f9785be22e83ba0276556e4fe269fb90faf03a6975c80b7a14

Download Submit
/data/data/com.herocraft.game.yumsters.free/databases/com.google.android.datatransport.events-journal
Filesize
8KB

MD5
cedc47e97dd60b853a9e7b683c3402fd

SHA1
ed0358b6784cb66e1839ec62f9fcb59e21273e2a

SHA256
5abd32710ad51277cdbc551ccb840977b4cad38b433f96c9b269133836b9306c

SHA512
f9250ce5c32fb6471e9ea76c0ab954dd3aa97547511641576778559cfae5bef908c277bf78bec1ac386ac210a3ffceb432fdaf8d5026ca811f0145bfdf411691

Download Submit
/data/data/com.herocraft.game.yumsters.free/files/769da750.dex
Filesize
1.1MB

MD5
22c5c6a8c9a3c5298c2d1926be3b7873

SHA1
6afe67570d282ffbc555333662568a220eac0c05

SHA256
d89ec84d8a3cba8ce10e36e69e0faf3a6c17f1c03d20e84f84df641bebeafa0d

SHA512
13934dfbc6f6d0a5ede7f8568b62a155e65ceff6e91f0aed1382e8f600bd6b33092330a8a6d6e02ef1b15cc4a8a8efb2d137bdd08f0d238f305f365a30a60119

Download Submit
/data/data/com.herocraft.game.yumsters.free/files/PersistedInstallation6858581767669404023tmp
Filesize
565B

MD5
f914ff42db13131892eb6b3e0fa13c80

SHA1
8a25143c82c9e2f2eed95cea4a056ab04d18c671

SHA256
64c3689c73de9708412060bd447b1eb914df66e17357d4375dcb34bab68a9915

SHA512
dff3dbab00001141e0aec21c328a7dd710eb53e846e18338b9b03fbf1ac9b416ac123e71b4873eebcf1aa4624782447d406cbcc13361eb23a084406ba1d3b3e7

Download Submit
/data/data/com.herocraft.game.yumsters.free/files/PersistedInstallation7095763980375912727tmp
Filesize
90B

MD5
a22c9990f89ea3da658358cb7437cfb2

SHA1
54ed0a4110cbb9d68f97314d49fe0a5ce717a801

SHA256
279f52d8da1f84f742e4a354033919b5fc9d1fdf42b73d7869f72d88647d4591

SHA512
795c15704ba5574f2b93832708787e42e102f3230975d7d5fc4bee52c478f8884e97f80642803ba1ea83b7729a8d524e376f8e657647fac845363b376b3727ee

Download Submit
/data/data/com.herocraft.game.yumsters.free/files/fLKVg
Filesize
222B

MD5
8038485b4566f53f694e8deb2fb8fcac

SHA1
4aa53523e15cfa0037a19941944d2e017aa52706

SHA256
e14086f2749bb70810946f35d533d0a51986212d8f80109379c329fddc906fe1

SHA512
842a1264b9061c1ab1cd14aa2af8b51ebc60e8e1644e11c4f898edb0a523ae1b34dbaa50e6f10407c926d0d4385c565dfb5b2871346cefb8713aefb9741efbec

Download Submit
/data/data/com.herocraft.game.yumsters.free/files/fLKVg
Filesize
222B

MD5
5a53a4d6b4990faf575d348645fd0e70

SHA1
866146a4e726a565f68153524457742ec767702b

SHA256
76e26c02e6ee55a991cd6374302003390016386e2dea8f1ffed2272283a47488

SHA512
2ac67dbae32ec482c2d753eb3ad15f849b635aaa9424b1b3ea2387357bc6c1c509f98d40a0e1510b95936e4e96f3526cf181c3d269dd5a34db0808c4cf47c0fe

Download Submit
/data/data/com.herocraft.game.yumsters.free/files/fLKVg
Filesize
222B

MD5
e84d440aa5ac1602197e968cbffef70e

SHA1
fa664e8f0bb22833fb4fdbb8d7e055b3ce58d221

SHA256
e24f3ae6f73a4a76c775d60e6bc79f5e6f01731383c38ceb144634191df0405e

SHA512
44b0f2be24e600810aca9a359f5e3b378a547b1c0e43090eea1c1bf9f971cf9bddb544d5b36d4fb64d933e4668dd7b3a55539cdbccc532bbaa0098747c00b750

Download Submit
/data/data/com.herocraft.game.yumsters.free/files/o
Filesize
392B

MD5
47a6149f6ae3513a82ba2b2edbfdc7bb

SHA1
a5955970f165b1a1c68a1e3e569cf73be13e42d6

SHA256
3b1c3251e0bdbbbfa2c9a00dc5c7c8c5e8ccaa81f91e79149f6fad79ddaf01ac

SHA512
7b977bba5b2252f7923a7785bc95f990e7b28fc8ba578cec0171aaeb0bf0c0800c35162c9ed9708687deab4ddc997ec8dac0ff52357d30ceb1ac279a9c86d551

Download Submit
/data/data/com.herocraft.game.yumsters.free/files/o
Filesize
692B

MD5
12bc5729b649c2b5cf10a951aa67e59c

SHA1
a489c0317f44b60b71627846c429c0911450b624

SHA256
83f9ff6d667f7d3e7d8fe03cc9cd55094da01b3828b0ab9a0f35dbd93fb680b9

SHA512
d28c19363ed726cca3eb0678715b57a55776ba0f09a6ed4c553edf37c3d4846c8a7fd9d5283f4825d0e8595504caedde17a973dd28d283eebdd33051ca632e2b

Download Submit
/data/user/0/com.herocraft.game.yumsters.free/files/769da750.dex
Filesize
2.8MB

MD5
4ca3f7f1feda4f6283fea9b1e2766efb

SHA1
3377dd0f6bfe31270085bcd07e0c3d174c6a5547

SHA256
12fc5ebd038de4dcc76c2b2c49f17ed5a7ecf4c3a5206037eb95994ef22d439a

SHA512
4828a7c9d5beca27537d2373941da941f6f22bba0b22fa96ac307e4142948f7807ca4dc20fd402bd4a5c8c0533ec0c22fbc9fd2b6e00f6261082572c61182bdf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads