Analysis

  • max time kernel
    174s
  • max time network
    187s
  • platform
    android_x86
  • resource
    android-x86-arm-20240603-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
  • submitted
    08-06-2024 18:28

General

  • Target

    The-Army-21-MOD-ModCombo.io.apk

  • Size

    51.4MB

  • MD5

    bab103367037f1ce789254ec6d05dc38

  • SHA1

    41551f274192aadf2908ee7ada158650984e2b17

  • SHA256

    8ad128256d6d0ca9298ed448a6649c349b40d82396543269471b1a44d4fa978a

  • SHA512

    75d24cb8edda30c870c3eb133881eca946b665c44d213710cf862e52d9b2a9b531c4c674a879a745beccb7e76ecea5de4b5d9bce66d19ebc298f1f4b5eaefd14

  • SSDEEP

    1572864:pTA05ICxHGWpnmLUegFVEvY3Nm09WgqGb+VT758Uw2cbQl:pTA4LtGWFOzgPEvY3NZ9wn958Czl

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 3 IoCs
  • Checks Android system properties for emulator presence. 1 TTPs 3 IoCs
  • Checks Qemu related system properties. 1 TTPs 1 IoCs

    Checks for Android system properties related to Qemu for Emulator detection.

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Checks the presence of a debugger
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.firestudios.thearmy
    1⤵
    • Checks if the Android device is rooted.
    • Checks Android system properties for emulator presence.
    • Checks Qemu related system properties.
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4288

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.firestudios.thearmy/cache/app_resources_lib.jar

    Filesize

    4KB

    MD5

    859a9a57d49a040324c01fcbc085eca2

    SHA1

    18ba5d127f7b1f491363418bda6adc63cc73140b

    SHA256

    f2ecedd0a9942224f468dc2ee51ea2ae312521762dcad4bea0eb7c0a9033f3cc

    SHA512

    aa0bb5038093772064ff58815712499be8e72185a9e914036a72c430ba82c3dae92911d47c8be9591fd398c1bd3d92b72728d69f2a2289f308c0fefd8f79bae9

  • /data/data/com.firestudios.thearmy/databases/com.google.android.datatransport.events

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.firestudios.thearmy/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    85f1a7f495144bfa9ba090b13d921ebb

    SHA1

    d99bd6a35e4aa529d8a8ca3a6566d1f1b04acd27

    SHA256

    e4045b95c6d22e91045758a93971041f7c84b7709d7f6fd240925fd9fcca3715

    SHA512

    f142f7c9f4458841bd2bad8d7eb311064908493838427645e7f43afbbfd740962cfb68e538680b355905e1c8df1b3d59579a302459211abb219a82107c63f1e3

  • /data/data/com.firestudios.thearmy/databases/com.google.android.datatransport.events-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.firestudios.thearmy/databases/com.google.android.datatransport.events-wal

    Filesize

    68KB

    MD5

    3fd9d7c1b223d170d4cbcdcad2af4c4b

    SHA1

    b8340af27a62f84e563a81c7e35ab57b53160ce2

    SHA256

    c01be6d7eca1745b828771a8bf04530fb6207d83976235d9b103baeb3a381d9a

    SHA512

    833619204fa79a4fbb58f4fd32829d02708f29fa326bbec651f02d40d1b20fce465f7437adcbdfde8881397362f209f006e4063732f1703e107e8c2928a25707

  • /data/data/com.firestudios.thearmy/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    7237409e0640cfab7bdbd429bf821a3b

    SHA1

    4c3da934842f8d4835dfe2a9c275a300e5123309

    SHA256

    5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

    SHA512

    c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

  • /data/data/com.firestudios.thearmy/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    d81e347fd0e63630a7cc1976731bb9dd

    SHA1

    63a7f656ba0ad12380b0de57bfd4657fe6867878

    SHA256

    a6fca2187cd0c90fcc1f7a514d2c231750240ea0a4d3971dab86dc7157aca1f5

    SHA512

    dd928dd1012f177a4d9269b0bd19d6f3c49140d1eb8e35999619bef9ec64f7b3457884e08b7e812c395b7f7c42cc2b099aeda7d6e39febed07f9c7d7eab5910c

  • /data/data/com.firestudios.thearmy/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    c2264d34702fd6fd1d1f1861c19373be

    SHA1

    38cb8b02358c7ef4bf69fe60f5a5842312103bdd

    SHA256

    5582cf633ea2f6d0e4de37efb4f8390a2e7b31000c533d3bf9162eae43a2a1c6

    SHA512

    90eede5e362b070ff8305d5983ae525145f2e505b6497f2d138ec809ff318c96cb4d866132a5e3b961e83a63008119e1429ca030b90f72df77683b76f0faaaba

  • /data/data/com.firestudios.thearmy/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    93ace8167f4f23229208f61fc7f66c28

    SHA1

    a3c0322251f136167f2e344e95d5c6447fccf666

    SHA256

    da245221b9622b3c167c0681265c5e791feee0bf39f59f709efd6a498d328ca7

    SHA512

    29f00385a1cd0439d0ecd3347ebf59b14923138957383a813b4d52288f48ede86a300be4a511ca0f1a186bf517e357be0a327b9c578275f0067ad341ecbc051e

  • /data/data/com.firestudios.thearmy/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    00681ad904bbf7961a0319fffeefc251

    SHA1

    7ca239da05ddc58a42631189a6e8b1bce1c8d1a3

    SHA256

    1366d0b9588206907d18a2966d02a9e4323fbb34ef3931e21760c84a6e10b78a

    SHA512

    b29a8dc19f893ebb05e32039d3ffb0220eace82b80f68a9f852838a8c96713fe5b79f2c98cfc28b5cb62c2f0a33e1163735b2c80615e211ad87c1588ded050ba

  • /data/data/com.firestudios.thearmy/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    5fbdd243431a734f0f062841d8267ba9

    SHA1

    4f4432cae25802003652801f68ac9c9ca75272e2

    SHA256

    3360361e195c3c53f42ed2a1b3e4bf2c3b419b3828557db1ec204d2a0e45b345

    SHA512

    8085291190709473c004b4ecaec7f512298bfea291bf194470d6412ba590d38eebabf8b6b34d955c3a301dfa048d9729f7123d07899a442f8a70b88ce0ec3a65

  • /data/data/com.firestudios.thearmy/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    1bd2db95eb2a5e5a0356ac5408529fcc

    SHA1

    143ca18db7c366d52a688011cb0bd3234c33324e

    SHA256

    a4a48e3b0452751b6eaab31d432fbee98cec3350e04aae6341d1fc6f2de4463f

    SHA512

    846281c1f408d9bd0a70231bbbb30c0444f4b3cf55d68016c6178a006e886565685e5bb86d9619fa88ff06a4823a9d5605205193b3ecb407ef858045658b6672

  • /data/data/com.firestudios.thearmy/databases/google_app_measurement_local.db-wal

    Filesize

    36KB

    MD5

    0f04eb6c6e99b65cac4caa2e44ce0c37

    SHA1

    b7016987d202c22f0ab2b33037b82c4791c5e879

    SHA256

    0bb4348173a3f46aac29db6d94d3b14b4bd91718fd199b2add289611f74cacdf

    SHA512

    e6990e5b25952803187f12b0ae8eae1091949504cc3993c85f4f1b33db546d3d62c1a7679f3daebfe8884fe35c146cb7ebec1ed08c2e01d7254a2638705b8f75

  • /data/data/com.firestudios.thearmy/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    9cf6681c765e391182dbab197a322c1b

    SHA1

    aec47f8848638842d8155118bb0b5e3901cf2c2b

    SHA256

    b3e0920c635e5df26f4a6ba1922a9ac28c16adc33813c77020ed8d37d61170a3

    SHA512

    6b04ef31922de50bc509a0224a237209e4d336933a161abdd2177e2cdeef05431fb9e237bad00ddd886a6014803cf6a92ba2105700b7e1a6b0fd510ba5e364a9

  • /data/data/com.firestudios.thearmy/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    0ad92daacf3a825296fc65e1e3dce002

    SHA1

    ae4189df43a50f43ee5f06d94639f95e9f82cf80

    SHA256

    d9b05ddfc6af6f6d613efeb5425f0959bc7f9269c6cb2db3e541e35eae034f71

    SHA512

    3050166c66e8451fbd9866194405cbc4ed15865722d9785d99ad3e01f681c0e5d8f4db980bf06e96ddc1eba9561f878d318ea4c9997dc8b952f92171798f23d3

  • /data/data/com.firestudios.thearmy/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    19c67483d2b3adbc7a3e71a9ae6f2731

    SHA1

    60f19f9c8fabdb3199d39d64d1bdbf3e86a91e5b

    SHA256

    2e0cfd54299d1c43d01258b843c2f57e75c4be8447e30972b14817da2b4ed60a

    SHA512

    0a7bb434a3f0a643cc7e048bdbc0775cfe4c92321d117da8c8acd4e2e160651d0fc8409d7b681e70809452beb7d92c45316b72bc368ecac333b76f7144fdf393

  • /data/data/com.firestudios.thearmy/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    0099ca40297e0c48620b0264447a4615

    SHA1

    d81291e47ffcd86da10f3fb6b10cafac724f277b

    SHA256

    1a52f45639a68ea5058bc1c2c7d8867999da17e13fcb0eecdad7ae9d1f803342

    SHA512

    ad63e5685079f9b9e9588ea0d5b0f7e92b2a254fbfdabbbf167d2fec55f96baa9c96869108f3b74833d4700a8d441306c7c72e06ca960085aa8810669965b629

  • /data/data/com.firestudios.thearmy/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    7ba910cafd5a8548b3cf2d0171bed019

    SHA1

    df171b8dc05fd08ed301adbe734cba242ac7dcb0

    SHA256

    f4d9c26a68fe04a0c426acabe16312883348893cd2ed89d66040a4cef3d1c09e

    SHA512

    7ca7b67b83d89e964c0b7c9e5d43ff52070b78a7e6f7e6c5b7ff806851c8f47fde1e30b415e0b5ebf2582f7c5af7a4af6cbe15463bdf2a304737ae01cbdfa917

  • /data/data/com.firestudios.thearmy/files/.com.google.firebase.crashlytics.files.v2:com.firestudios.thearmy/open-sessions/6664A50703E1000110C018800886AAA2/report

    Filesize

    815B

    MD5

    0489b28ae1ac0dca46f54baa510dfd27

    SHA1

    08fd5da89294997aec4e5f1cd28a8df38c4ed31f

    SHA256

    3fa0e287baa28474d12d974e7f8861a54455023dac560ecedb4f84f7690380c7

    SHA512

    98d80f5451f8aaa1365ecbff9fdc8a39bb8b67ac810f6e4540d2b6dbc5dc4fe21503ac3ccbee42fb90f8dd2ca2c3f7cf019e3fd6b876a88ae85a73a59938a1ea

  • /data/data/com.firestudios.thearmy/files/.com.google.firebase.crashlytics.files.v2:com.firestudios.thearmy/open-sessions/6664A50703E1000110C018800886AAA2/userlog

    Filesize

    198B

    MD5

    32228a6ce07fec58942543c81d991a01

    SHA1

    d8dbd2d3675e1ae207c307949b463c020ef114a1

    SHA256

    d4266a562b831cbb348c8383af39273ec7672e043c0c0ec07ce797ef9a72b67c

    SHA512

    c8a8792709b1f5885fac1298233babb70798230f1c19ef9b13159e7afc25cacb76b5d87dd36c84a428fc8df27d97b9f7c453d4b6136507d98869137853b03750

  • /data/data/com.firestudios.thearmy/files/.com.google.firebase.crashlytics.files.v2:com.firestudios.thearmy/open-sessions/6664A50703E1000110C018800886AAA2/userlog.tmp

    Filesize

    16B

    MD5

    c33583fae4e0b61cde1c5b9227963237

    SHA1

    fe2ebe4d27469af1460f7e852031a04208ef629b

    SHA256

    35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

    SHA512

    fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

  • /data/data/com.firestudios.thearmy/files/PersistedInstallation554933261123532726tmp

    Filesize

    90B

    MD5

    9e8de9a845160290289272e95c174a67

    SHA1

    9e039ab24ee76a8cad073ff4b919c7ae02c191c1

    SHA256

    aebf9d9f4db14e838d4a2608c8f907da4ca221ef2f8aee4b4389bf1d0ae50b6b

    SHA512

    18038c1c5dce1ae5d9e850928edf5b64b22b63b9f79477fcea409f218f7d15e518008eda467d5a7fb731debe841495f5b561c93ce8330bfc2ec8d9a773736f56

  • /data/data/com.firestudios.thearmy/files/PersistedInstallation6201371352522376086tmp

    Filesize

    569B

    MD5

    11c73dcbd5cc57d817b1d2edf6c57736

    SHA1

    b96d4c51e1f65fd20dfbace52879c71f67640db0

    SHA256

    24f5be5c88d90d4133de24368c79227acf7dcb7bb29507eca74879151b5c676e

    SHA512

    ed243a0dfd03449a365a9291d6a68cbafeb7a50c20f37694b4ffbf5ba67f53da78a35c185e2d02e6d293e7501f0406a91eff9d2dcf416b0a9e8cce20ab1dee0d

  • /data/data/com.firestudios.thearmy/files/audience_network.dex

    Filesize

    3.1MB

    MD5

    5bec99a09f298f6488a91eea062b9aad

    SHA1

    959a17093354fc207f67efb5d210669d68b94c4b

    SHA256

    77fc2eae1b80b190e43d031600ba6c1e8b80ac1457e960cd3bdccfae98dc24b7

    SHA512

    aacb7d917dd0c2d2204f993f1bfee9583bd794cf6d2fe5344ad44995078b64e9ab4287378df87e58f427bead7671091840bf0ffda2f51f427fbd01901a4ae3be

  • /data/data/com.firestudios.thearmy/no_backup/androidx.work.workdb-journal

    Filesize

    512B

    MD5

    ef03e8d7c6e0cf581c55694edefd2f00

    SHA1

    b760da238bc2828751eaeff1aa285f3a9135f734

    SHA256

    378d2f82f4d3d0974b943586b02eebd33329122dc528dcc9ed6e660fcb3112bd

    SHA512

    230193ea1c5f2ed5775399605492361a1eb9e2dd3c1be8fc997f7c1ea6978b851ac553c1c65d135f67911d1e297a37de101772fbcd6cbedbd0167b7246dac7f7

  • /data/data/com.firestudios.thearmy/no_backup/androidx.work.workdb-wal

    Filesize

    16KB

    MD5

    9fc5c7888eff7d37a3272dbad40b6268

    SHA1

    0104537c4c47b8c7fa96d52e3fc07a45463dd27a

    SHA256

    ccc698a1fb1a5ffa8f68b6184acb7a986021258b80413e548af5f3c11cd7aa93

    SHA512

    b84f246aab19eb20a9974ec0aa3742175834ab3769aa5cad1bad5305d1b28a76078a8431a3d214b4a07c108c5b6c06259885c37aa71dac5c9643d518f8c82b42

  • /data/data/com.firestudios.thearmy/no_backup/androidx.work.workdb-wal

    Filesize

    108KB

    MD5

    5c63a752f1d4faddccef63715e58df3d

    SHA1

    77b5be8a0b5a4e1120e21b9edc2034736749489e

    SHA256

    4d04fcb6e2d7be31f87217ddc9b150215b9eca35b285ec2586d5aa73d8359cbd

    SHA512

    fd308454130c4d782311d67b4d5f604ecbdb00fffbea28b4003fb03db341ba03fb94b6eb6afa529f8afdaf2dbf927bb8dee602fc86fc4702171f93782ff7108a

  • /storage/emulated/0/Android/data/com.firestudios.thearmy/cache/ga.sqlite3-journal

    Filesize

    512B

    MD5

    de5087cdc0484aaa18e749530cd2629b

    SHA1

    e5f3eb56bf9eba671ca77ba712cb04f440bc0485

    SHA256

    3e8537e7effdd210373e08b1b89b566713d3fb05c87e630d7e5e8cb24705aa81

    SHA512

    287748d748d2bd9c237ac133c550e70be9cd102b87bb11adefc14330605137e15c9c9eeeadadc17f1f4e2c34e0270cfd3ec3a9e6d087ee7c27f26da59c1bd546

  • /storage/emulated/0/Android/data/com.firestudios.thearmy/cache/ga.sqlite3-wal

    Filesize

    257KB

    MD5

    14271cde6d80c048e2a4ac016624777b

    SHA1

    937d264e9915a32c87c281edc16a9b21e419d8f3

    SHA256

    0c7df1c567fc1833ec1f95981c67334f96f44deb4feed9d38cb8169a1dad0390

    SHA512

    47120cb5cc97b57e2966320315d28b496a4f5e3d7670f30f2f796677c0baf8fcb06a91bdcf6ba5f3d99ab36317995954d64779c61aa97a14041cb1b6e782c08d

  • /storage/emulated/0/Android/data/com.firestudios.thearmy/files/Unity/16f1dee1-40af-45a8-96fe-65eef8d3a249/Analytics/config

    Filesize

    293B

    MD5

    8673a8ac0b06a9d056d08d62f857ba4b

    SHA1

    a351bea1932270bafbe468584058fef20dcfc31e

    SHA256

    83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96

    SHA512

    edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f

  • /storage/emulated/0/Android/data/com.firestudios.thearmy/files/il2cpp/Metadata/global-metadata.dat

    Filesize

    8.4MB

    MD5

    749b88ce84814c6a2a4d4dfb79e4583a

    SHA1

    cb8bc99b22f00a25a73c94a1417b6070df4f85a0

    SHA256

    4334afc43c817dc1992f707bad4c5261a8c924a6d4bcdd3dcbef0c7a14136082

    SHA512

    bac9aa14b72661e1def8a172b8af8a6e6f082c57edaf43472f683044a8e8c90e8ffb505fb2ccbd6d92026389353306ee623a061e6cd4c70f22ce6c2034d59adc

  • /storage/emulated/0/Android/data/com.firestudios.thearmy/files/il2cpp/Resources/System.Data.dll-resources.dat

    Filesize

    91KB

    MD5

    4860ddd4350579f8fcacb1881582335a

    SHA1

    493c03e9cfef6f72a00f92023cdb88527dfdf72c

    SHA256

    98a7950ec6de3242c2e190dfa630188dfa32511a125542b94baa952d1c757d49

    SHA512

    51421a1e79914cb6d828305103c5f7cdb020d98107586abd7e04614f65bae8004101e5567a873f52fe2daa3a7984bf4f7a4930e628cc5f86e709e3a37f812a95

  • /storage/emulated/0/Android/data/com.firestudios.thearmy/files/il2cpp/Resources/mscorlib.dll-resources.dat

    Filesize

    329KB

    MD5

    21d06dbc8af6432b2b49536ed30609af

    SHA1

    11a1c0e2ab2f8c06fe4507535ed47e0dd279a60d

    SHA256

    c5baa176a5b72cd545266340e42102d393a5e43d38c95796bc828918bb95277f

    SHA512

    2971f54eaa14c3ce6e2352e5a1aea5b044f0894bf4eac92de8cd92515b6473b5ca56ebfcad4369a9d4935cbefea2540a83f332fd4d832c37768310e8776ceb5e

  • /storage/emulated/0/Android/data/com.firestudios.thearmy/files/il2cpp/unity.ver

    Filesize

    36B

    MD5

    f0d212650c24f9f2cd497a45deeaa61b

    SHA1

    8b825d65ae69c4ccfe73466fc83d1d8e28e0e471

    SHA256

    397672f351444845bfe16b5c221873b23f7d122983fe4cd0a77912c267066585

    SHA512

    6438ac0620a2888bd4c56944ad7f4ac0a1d058f86032df23368b5ae7d597667f3aa923d5246f4d45dc47c33fe9346460ab92b4232d93f879b0c15325f3ccdcd0