03c65a2a28a282490f73912e36657bca5b5b5b137b7b1e7bb55c72bcfe72799a

Analysis

max time kernel
177s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
24-05-2024 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03c65a2a28a282490f73912e36657bca5b5b5b137b7b1e7bb55c72bcfe72799a.apk
Size

1.7MB
MD5

53901acffac8a2708e4bcc64a39db617
SHA1

2ca00b21d898b0758c6cf962e669711415eb0218
SHA256

03c65a2a28a282490f73912e36657bca5b5b5b137b7b1e7bb55c72bcfe72799a
SHA512

874190ae7c9303396f54e0f1baea3b7b1710a4e2809cca00aafbd048d753de4b14462f514c5021001d43be6fbc4b2fe1d1e7214a0099da9c001454769f8f908e
SSDEEP

24576:iK4MuX+W7IJxYqoIg9V+sj8vl8nhDlviMzHWqg0QcECqabv4eEj1:iK8+WU7Yqo9uqslALzHWKvR1v/Ej1

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.herocraft.game.yumsters.free

description ioc process

File opened for read /proc/meminfo com.herocraft.game.yumsters.free
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

com.herocraft.game.yumsters.free

ioc pid process

/data/user/0/com.herocraft.game.yumsters.free/files/769da750.dex 4657 com.herocraft.game.yumsters.free
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

T1541

Processes:

com.herocraft.game.yumsters.free

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.herocraft.game.yumsters.free
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.herocraft.game.yumsters.free

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.herocraft.game.yumsters.free
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.herocraft.game.yumsters.free

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.herocraft.game.yumsters.free
Acquires the wake lock 1 IoCs

Processes:

com.herocraft.game.yumsters.free

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.herocraft.game.yumsters.free
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.herocraft.game.yumsters.free

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.herocraft.game.yumsters.free
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
File opened for read	/proc/meminfo	com.herocraft.game.yumsters.free

ioc	pid	process
/data/user/0/com.herocraft.game.yumsters.free/files/769da750.dex	4657	com.herocraft.game.yumsters.free

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.herocraft.game.yumsters.free

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.herocraft.game.yumsters.free

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.herocraft.game.yumsters.free

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.herocraft.game.yumsters.free

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.herocraft.game.yumsters.free

com.herocraft.game.yumsters.free
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4657

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.herocraft.game.yumsters.free/files/769da750.dex
Filesize
1.1MB

MD5
22c5c6a8c9a3c5298c2d1926be3b7873

SHA1
6afe67570d282ffbc555333662568a220eac0c05

SHA256
d89ec84d8a3cba8ce10e36e69e0faf3a6c17f1c03d20e84f84df641bebeafa0d

SHA512
13934dfbc6f6d0a5ede7f8568b62a155e65ceff6e91f0aed1382e8f600bd6b33092330a8a6d6e02ef1b15cc4a8a8efb2d137bdd08f0d238f305f365a30a60119

Download Submit
/data/user/0/com.herocraft.game.yumsters.free/files/769da750.dex
Filesize
2.8MB

MD5
4ca3f7f1feda4f6283fea9b1e2766efb

SHA1
3377dd0f6bfe31270085bcd07e0c3d174c6a5547

SHA256
12fc5ebd038de4dcc76c2b2c49f17ed5a7ecf4c3a5206037eb95994ef22d439a

SHA512
4828a7c9d5beca27537d2373941da941f6f22bba0b22fa96ac307e4142948f7807ca4dc20fd402bd4a5c8c0533ec0c22fbc9fd2b6e00f6261082572c61182bdf

Download Submit
/data/user/0/com.herocraft.game.yumsters.free/files/fLKVg
Filesize
222B

MD5
4fe6721905cd93d9c0e8e129be6c94b9

SHA1
d886b3aece57bce075ef7aa8c69763752c2dfecb

SHA256
104b4f1c034ff661425c27011441cf94b0af578a28aa90b68f2662fc405d096b

SHA512
217adac7acf17ebd20bbd19e6b6827e5a86ca2d100ce7fbb3b780dbf8ef29adaf385d9f3483dd44c90b6b558e829e89e5486d1fac787b8175149ad1b4df506ee

Download Submit
/data/user/0/com.herocraft.game.yumsters.free/files/fLKVg
Filesize
222B

MD5
b21f2bd7b408b5f64e9fc6dc6a4d559b

SHA1
cb5b4728ef8daee0dac850e40655a9ae13122f36

SHA256
d0c58968ae1ed5e90f647b072504f9d55db9d7ee90fa2119b5db7eafae461f3c

SHA512
0455507aeba06939386e6937e2ca1e647f71c7a0d684ad6cbf278f6a4d4d5869711d02031b1e6e8d4268a474eb5116d844464dde72ea2540cd03d3c56874dd80

Download Submit
/data/user/0/com.herocraft.game.yumsters.free/files/o
Filesize
708B

MD5
8f356aec45a5d00e4bea6c5be4f9caa0

SHA1
a7836b8291ee917be2d15141e11512fe3649edf5

SHA256
aaa09ff8d4f5edf529ef15546947df35fdc49bf03c2bfdcaca3475892f015c9d

SHA512
53bf515a2fc82d94ded01be13904f7f36f0ef3cabe0b0eb8babc05488f24e0d9d57e222a623d9a13bb4c48f3fcfffaeba78c98a10a6c919f4ef07bc0493a1c2c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads