Analysis
-
max time kernel
174s -
max time network
187s -
platform
android_x86 -
resource
android-x86-arm-20240603-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system -
submitted
08-06-2024 18:28
Static task
static1
Behavioral task
behavioral1
Sample
The-Army-21-MOD-ModCombo.io.apk
Resource
android-x86-arm-20240603-en
General
-
Target
The-Army-21-MOD-ModCombo.io.apk
-
Size
51.4MB
-
MD5
bab103367037f1ce789254ec6d05dc38
-
SHA1
41551f274192aadf2908ee7ada158650984e2b17
-
SHA256
8ad128256d6d0ca9298ed448a6649c349b40d82396543269471b1a44d4fa978a
-
SHA512
75d24cb8edda30c870c3eb133881eca946b665c44d213710cf862e52d9b2a9b531c4c674a879a745beccb7e76ecea5de4b5d9bce66d19ebc298f1f4b5eaefd14
-
SSDEEP
1572864:pTA05ICxHGWpnmLUegFVEvY3Nm09WgqGb+VT758Uw2cbQl:pTA4LtGWFOzgPEvY3NZ9wn958Czl
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
ioc Process /system/xbin/su com.firestudios.thearmy /sbin/su com.firestudios.thearmy /system/app/Superuser.apk com.firestudios.thearmy -
Checks Android system properties for emulator presence. 1 TTPs 3 IoCs
description ioc Process Accessed system property key: ro.hardware com.firestudios.thearmy Accessed system property key: ro.product.name com.firestudios.thearmy Accessed system property key: ro.product.device com.firestudios.thearmy -
Checks Qemu related system properties. 1 TTPs 1 IoCs
Checks for Android system properties related to Qemu for Emulator detection.
description ioc Process Accessed system property key: vendor.qemu.dev.bootcomplete com.firestudios.thearmy -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.firestudios.thearmy/files/audience_network.dex 4288 com.firestudios.thearmy /data/user/0/com.firestudios.thearmy/files/audience_network.dex 4288 com.firestudios.thearmy -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.firestudios.thearmy -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.firestudios.thearmy -
Reads information about phone network operator. 1 TTPs
-
Checks the presence of a debugger
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.firestudios.thearmy -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.firestudios.thearmy -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.firestudios.thearmy
Processes
-
com.firestudios.thearmy1⤵
- Checks if the Android device is rooted.
- Checks Android system properties for emulator presence.
- Checks Qemu related system properties.
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4288
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5859a9a57d49a040324c01fcbc085eca2
SHA118ba5d127f7b1f491363418bda6adc63cc73140b
SHA256f2ecedd0a9942224f468dc2ee51ea2ae312521762dcad4bea0eb7c0a9033f3cc
SHA512aa0bb5038093772064ff58815712499be8e72185a9e914036a72c430ba82c3dae92911d47c8be9591fd398c1bd3d92b72728d69f2a2289f308c0fefd8f79bae9
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD585f1a7f495144bfa9ba090b13d921ebb
SHA1d99bd6a35e4aa529d8a8ca3a6566d1f1b04acd27
SHA256e4045b95c6d22e91045758a93971041f7c84b7709d7f6fd240925fd9fcca3715
SHA512f142f7c9f4458841bd2bad8d7eb311064908493838427645e7f43afbbfd740962cfb68e538680b355905e1c8df1b3d59579a302459211abb219a82107c63f1e3
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
68KB
MD53fd9d7c1b223d170d4cbcdcad2af4c4b
SHA1b8340af27a62f84e563a81c7e35ab57b53160ce2
SHA256c01be6d7eca1745b828771a8bf04530fb6207d83976235d9b103baeb3a381d9a
SHA512833619204fa79a4fbb58f4fd32829d02708f29fa326bbec651f02d40d1b20fce465f7437adcbdfde8881397362f209f006e4063732f1703e107e8c2928a25707
-
Filesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
Filesize
16KB
MD5d81e347fd0e63630a7cc1976731bb9dd
SHA163a7f656ba0ad12380b0de57bfd4657fe6867878
SHA256a6fca2187cd0c90fcc1f7a514d2c231750240ea0a4d3971dab86dc7157aca1f5
SHA512dd928dd1012f177a4d9269b0bd19d6f3c49140d1eb8e35999619bef9ec64f7b3457884e08b7e812c395b7f7c42cc2b099aeda7d6e39febed07f9c7d7eab5910c
-
Filesize
16KB
MD5c2264d34702fd6fd1d1f1861c19373be
SHA138cb8b02358c7ef4bf69fe60f5a5842312103bdd
SHA2565582cf633ea2f6d0e4de37efb4f8390a2e7b31000c533d3bf9162eae43a2a1c6
SHA51290eede5e362b070ff8305d5983ae525145f2e505b6497f2d138ec809ff318c96cb4d866132a5e3b961e83a63008119e1429ca030b90f72df77683b76f0faaaba
-
Filesize
16KB
MD593ace8167f4f23229208f61fc7f66c28
SHA1a3c0322251f136167f2e344e95d5c6447fccf666
SHA256da245221b9622b3c167c0681265c5e791feee0bf39f59f709efd6a498d328ca7
SHA51229f00385a1cd0439d0ecd3347ebf59b14923138957383a813b4d52288f48ede86a300be4a511ca0f1a186bf517e357be0a327b9c578275f0067ad341ecbc051e
-
Filesize
16KB
MD500681ad904bbf7961a0319fffeefc251
SHA17ca239da05ddc58a42631189a6e8b1bce1c8d1a3
SHA2561366d0b9588206907d18a2966d02a9e4323fbb34ef3931e21760c84a6e10b78a
SHA512b29a8dc19f893ebb05e32039d3ffb0220eace82b80f68a9f852838a8c96713fe5b79f2c98cfc28b5cb62c2f0a33e1163735b2c80615e211ad87c1588ded050ba
-
Filesize
16KB
MD55fbdd243431a734f0f062841d8267ba9
SHA14f4432cae25802003652801f68ac9c9ca75272e2
SHA2563360361e195c3c53f42ed2a1b3e4bf2c3b419b3828557db1ec204d2a0e45b345
SHA5128085291190709473c004b4ecaec7f512298bfea291bf194470d6412ba590d38eebabf8b6b34d955c3a301dfa048d9729f7123d07899a442f8a70b88ce0ec3a65
-
Filesize
512B
MD51bd2db95eb2a5e5a0356ac5408529fcc
SHA1143ca18db7c366d52a688011cb0bd3234c33324e
SHA256a4a48e3b0452751b6eaab31d432fbee98cec3350e04aae6341d1fc6f2de4463f
SHA512846281c1f408d9bd0a70231bbbb30c0444f4b3cf55d68016c6178a006e886565685e5bb86d9619fa88ff06a4823a9d5605205193b3ecb407ef858045658b6672
-
Filesize
36KB
MD50f04eb6c6e99b65cac4caa2e44ce0c37
SHA1b7016987d202c22f0ab2b33037b82c4791c5e879
SHA2560bb4348173a3f46aac29db6d94d3b14b4bd91718fd199b2add289611f74cacdf
SHA512e6990e5b25952803187f12b0ae8eae1091949504cc3993c85f4f1b33db546d3d62c1a7679f3daebfe8884fe35c146cb7ebec1ed08c2e01d7254a2638705b8f75
-
Filesize
4KB
MD59cf6681c765e391182dbab197a322c1b
SHA1aec47f8848638842d8155118bb0b5e3901cf2c2b
SHA256b3e0920c635e5df26f4a6ba1922a9ac28c16adc33813c77020ed8d37d61170a3
SHA5126b04ef31922de50bc509a0224a237209e4d336933a161abdd2177e2cdeef05431fb9e237bad00ddd886a6014803cf6a92ba2105700b7e1a6b0fd510ba5e364a9
-
Filesize
4KB
MD50ad92daacf3a825296fc65e1e3dce002
SHA1ae4189df43a50f43ee5f06d94639f95e9f82cf80
SHA256d9b05ddfc6af6f6d613efeb5425f0959bc7f9269c6cb2db3e541e35eae034f71
SHA5123050166c66e8451fbd9866194405cbc4ed15865722d9785d99ad3e01f681c0e5d8f4db980bf06e96ddc1eba9561f878d318ea4c9997dc8b952f92171798f23d3
-
Filesize
4KB
MD519c67483d2b3adbc7a3e71a9ae6f2731
SHA160f19f9c8fabdb3199d39d64d1bdbf3e86a91e5b
SHA2562e0cfd54299d1c43d01258b843c2f57e75c4be8447e30972b14817da2b4ed60a
SHA5120a7bb434a3f0a643cc7e048bdbc0775cfe4c92321d117da8c8acd4e2e160651d0fc8409d7b681e70809452beb7d92c45316b72bc368ecac333b76f7144fdf393
-
Filesize
4KB
MD50099ca40297e0c48620b0264447a4615
SHA1d81291e47ffcd86da10f3fb6b10cafac724f277b
SHA2561a52f45639a68ea5058bc1c2c7d8867999da17e13fcb0eecdad7ae9d1f803342
SHA512ad63e5685079f9b9e9588ea0d5b0f7e92b2a254fbfdabbbf167d2fec55f96baa9c96869108f3b74833d4700a8d441306c7c72e06ca960085aa8810669965b629
-
Filesize
4KB
MD57ba910cafd5a8548b3cf2d0171bed019
SHA1df171b8dc05fd08ed301adbe734cba242ac7dcb0
SHA256f4d9c26a68fe04a0c426acabe16312883348893cd2ed89d66040a4cef3d1c09e
SHA5127ca7b67b83d89e964c0b7c9e5d43ff52070b78a7e6f7e6c5b7ff806851c8f47fde1e30b415e0b5ebf2582f7c5af7a4af6cbe15463bdf2a304737ae01cbdfa917
-
/data/data/com.firestudios.thearmy/files/.com.google.firebase.crashlytics.files.v2:com.firestudios.thearmy/open-sessions/6664A50703E1000110C018800886AAA2/report
Filesize815B
MD50489b28ae1ac0dca46f54baa510dfd27
SHA108fd5da89294997aec4e5f1cd28a8df38c4ed31f
SHA2563fa0e287baa28474d12d974e7f8861a54455023dac560ecedb4f84f7690380c7
SHA51298d80f5451f8aaa1365ecbff9fdc8a39bb8b67ac810f6e4540d2b6dbc5dc4fe21503ac3ccbee42fb90f8dd2ca2c3f7cf019e3fd6b876a88ae85a73a59938a1ea
-
/data/data/com.firestudios.thearmy/files/.com.google.firebase.crashlytics.files.v2:com.firestudios.thearmy/open-sessions/6664A50703E1000110C018800886AAA2/userlog
Filesize198B
MD532228a6ce07fec58942543c81d991a01
SHA1d8dbd2d3675e1ae207c307949b463c020ef114a1
SHA256d4266a562b831cbb348c8383af39273ec7672e043c0c0ec07ce797ef9a72b67c
SHA512c8a8792709b1f5885fac1298233babb70798230f1c19ef9b13159e7afc25cacb76b5d87dd36c84a428fc8df27d97b9f7c453d4b6136507d98869137853b03750
-
/data/data/com.firestudios.thearmy/files/.com.google.firebase.crashlytics.files.v2:com.firestudios.thearmy/open-sessions/6664A50703E1000110C018800886AAA2/userlog.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
Filesize
90B
MD59e8de9a845160290289272e95c174a67
SHA19e039ab24ee76a8cad073ff4b919c7ae02c191c1
SHA256aebf9d9f4db14e838d4a2608c8f907da4ca221ef2f8aee4b4389bf1d0ae50b6b
SHA51218038c1c5dce1ae5d9e850928edf5b64b22b63b9f79477fcea409f218f7d15e518008eda467d5a7fb731debe841495f5b561c93ce8330bfc2ec8d9a773736f56
-
Filesize
569B
MD511c73dcbd5cc57d817b1d2edf6c57736
SHA1b96d4c51e1f65fd20dfbace52879c71f67640db0
SHA25624f5be5c88d90d4133de24368c79227acf7dcb7bb29507eca74879151b5c676e
SHA512ed243a0dfd03449a365a9291d6a68cbafeb7a50c20f37694b4ffbf5ba67f53da78a35c185e2d02e6d293e7501f0406a91eff9d2dcf416b0a9e8cce20ab1dee0d
-
Filesize
3.1MB
MD55bec99a09f298f6488a91eea062b9aad
SHA1959a17093354fc207f67efb5d210669d68b94c4b
SHA25677fc2eae1b80b190e43d031600ba6c1e8b80ac1457e960cd3bdccfae98dc24b7
SHA512aacb7d917dd0c2d2204f993f1bfee9583bd794cf6d2fe5344ad44995078b64e9ab4287378df87e58f427bead7671091840bf0ffda2f51f427fbd01901a4ae3be
-
Filesize
512B
MD5ef03e8d7c6e0cf581c55694edefd2f00
SHA1b760da238bc2828751eaeff1aa285f3a9135f734
SHA256378d2f82f4d3d0974b943586b02eebd33329122dc528dcc9ed6e660fcb3112bd
SHA512230193ea1c5f2ed5775399605492361a1eb9e2dd3c1be8fc997f7c1ea6978b851ac553c1c65d135f67911d1e297a37de101772fbcd6cbedbd0167b7246dac7f7
-
Filesize
16KB
MD59fc5c7888eff7d37a3272dbad40b6268
SHA10104537c4c47b8c7fa96d52e3fc07a45463dd27a
SHA256ccc698a1fb1a5ffa8f68b6184acb7a986021258b80413e548af5f3c11cd7aa93
SHA512b84f246aab19eb20a9974ec0aa3742175834ab3769aa5cad1bad5305d1b28a76078a8431a3d214b4a07c108c5b6c06259885c37aa71dac5c9643d518f8c82b42
-
Filesize
108KB
MD55c63a752f1d4faddccef63715e58df3d
SHA177b5be8a0b5a4e1120e21b9edc2034736749489e
SHA2564d04fcb6e2d7be31f87217ddc9b150215b9eca35b285ec2586d5aa73d8359cbd
SHA512fd308454130c4d782311d67b4d5f604ecbdb00fffbea28b4003fb03db341ba03fb94b6eb6afa529f8afdaf2dbf927bb8dee602fc86fc4702171f93782ff7108a
-
Filesize
512B
MD5de5087cdc0484aaa18e749530cd2629b
SHA1e5f3eb56bf9eba671ca77ba712cb04f440bc0485
SHA2563e8537e7effdd210373e08b1b89b566713d3fb05c87e630d7e5e8cb24705aa81
SHA512287748d748d2bd9c237ac133c550e70be9cd102b87bb11adefc14330605137e15c9c9eeeadadc17f1f4e2c34e0270cfd3ec3a9e6d087ee7c27f26da59c1bd546
-
Filesize
257KB
MD514271cde6d80c048e2a4ac016624777b
SHA1937d264e9915a32c87c281edc16a9b21e419d8f3
SHA2560c7df1c567fc1833ec1f95981c67334f96f44deb4feed9d38cb8169a1dad0390
SHA51247120cb5cc97b57e2966320315d28b496a4f5e3d7670f30f2f796677c0baf8fcb06a91bdcf6ba5f3d99ab36317995954d64779c61aa97a14041cb1b6e782c08d
-
/storage/emulated/0/Android/data/com.firestudios.thearmy/files/Unity/16f1dee1-40af-45a8-96fe-65eef8d3a249/Analytics/config
Filesize293B
MD58673a8ac0b06a9d056d08d62f857ba4b
SHA1a351bea1932270bafbe468584058fef20dcfc31e
SHA25683b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96
SHA512edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f
-
Filesize
8.4MB
MD5749b88ce84814c6a2a4d4dfb79e4583a
SHA1cb8bc99b22f00a25a73c94a1417b6070df4f85a0
SHA2564334afc43c817dc1992f707bad4c5261a8c924a6d4bcdd3dcbef0c7a14136082
SHA512bac9aa14b72661e1def8a172b8af8a6e6f082c57edaf43472f683044a8e8c90e8ffb505fb2ccbd6d92026389353306ee623a061e6cd4c70f22ce6c2034d59adc
-
/storage/emulated/0/Android/data/com.firestudios.thearmy/files/il2cpp/Resources/System.Data.dll-resources.dat
Filesize91KB
MD54860ddd4350579f8fcacb1881582335a
SHA1493c03e9cfef6f72a00f92023cdb88527dfdf72c
SHA25698a7950ec6de3242c2e190dfa630188dfa32511a125542b94baa952d1c757d49
SHA51251421a1e79914cb6d828305103c5f7cdb020d98107586abd7e04614f65bae8004101e5567a873f52fe2daa3a7984bf4f7a4930e628cc5f86e709e3a37f812a95
-
/storage/emulated/0/Android/data/com.firestudios.thearmy/files/il2cpp/Resources/mscorlib.dll-resources.dat
Filesize329KB
MD521d06dbc8af6432b2b49536ed30609af
SHA111a1c0e2ab2f8c06fe4507535ed47e0dd279a60d
SHA256c5baa176a5b72cd545266340e42102d393a5e43d38c95796bc828918bb95277f
SHA5122971f54eaa14c3ce6e2352e5a1aea5b044f0894bf4eac92de8cd92515b6473b5ca56ebfcad4369a9d4935cbefea2540a83f332fd4d832c37768310e8776ceb5e
-
Filesize
36B
MD5f0d212650c24f9f2cd497a45deeaa61b
SHA18b825d65ae69c4ccfe73466fc83d1d8e28e0e471
SHA256397672f351444845bfe16b5c221873b23f7d122983fe4cd0a77912c267066585
SHA5126438ac0620a2888bd4c56944ad7f4ac0a1d058f86032df23368b5ae7d597667f3aa923d5246f4d45dc47c33fe9346460ab92b4232d93f879b0c15325f3ccdcd0