Analysis
-
max time kernel
1825s -
max time network
1860s -
platform
android_x86 -
resource
android-x86-arm-20240603-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system -
submitted
08-06-2024 18:21
Static task
static1
Behavioral task
behavioral1
Sample
The-Army-21-MOD-ModCombo.io.apk
Resource
android-x86-arm-20240603-en
General
-
Target
The-Army-21-MOD-ModCombo.io.apk
-
Size
51.4MB
-
MD5
bab103367037f1ce789254ec6d05dc38
-
SHA1
41551f274192aadf2908ee7ada158650984e2b17
-
SHA256
8ad128256d6d0ca9298ed448a6649c349b40d82396543269471b1a44d4fa978a
-
SHA512
75d24cb8edda30c870c3eb133881eca946b665c44d213710cf862e52d9b2a9b531c4c674a879a745beccb7e76ecea5de4b5d9bce66d19ebc298f1f4b5eaefd14
-
SSDEEP
1572864:pTA05ICxHGWpnmLUegFVEvY3Nm09WgqGb+VT758Uw2cbQl:pTA4LtGWFOzgPEvY3NZ9wn958Czl
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
ioc Process /system/app/Superuser.apk com.firestudios.thearmy /system/xbin/su com.firestudios.thearmy /sbin/su com.firestudios.thearmy -
Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
description ioc Process Accessed system property key: ro.hardware com.firestudios.thearmy -
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.firestudios.thearmy/files/audience_network.dex 4326 com.firestudios.thearmy /data/user/0/com.firestudios.thearmy/files/audience_network.dex 4499 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.firestudios.thearmy/files/audience_network.dex --output-vdex-fd=104 --oat-fd=110 --oat-location=/data/user/0/com.firestudios.thearmy/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.firestudios.thearmy/files/audience_network.dex 4326 com.firestudios.thearmy -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.firestudios.thearmy -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.firestudios.thearmy -
Checks the presence of a debugger
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.firestudios.thearmy -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.firestudios.thearmy -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.firestudios.thearmy
Processes
-
com.firestudios.thearmy1⤵
- Checks if the Android device is rooted.
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4326 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.firestudios.thearmy/files/audience_network.dex --output-vdex-fd=104 --oat-fd=110 --oat-location=/data/user/0/com.firestudios.thearmy/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4499
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5859a9a57d49a040324c01fcbc085eca2
SHA118ba5d127f7b1f491363418bda6adc63cc73140b
SHA256f2ecedd0a9942224f468dc2ee51ea2ae312521762dcad4bea0eb7c0a9033f3cc
SHA512aa0bb5038093772064ff58815712499be8e72185a9e914036a72c430ba82c3dae92911d47c8be9591fd398c1bd3d92b72728d69f2a2289f308c0fefd8f79bae9
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD572c5238f438268ace897538047b91336
SHA18a4a66525cdc052c5f6e82b0847db7028dc1d37c
SHA256e53b11c2dd742d6871e3e598bb5c5c714e89906465f8a36dcec50ed7198c456b
SHA51238bb8490f400ea8bb0cf81e6b5ea4e5377d5210d75494a2f0819436ffbb25136e38c6d244f3318d5c2b03f2f9ddf54db56e56f214c46683d6d162e8c724064bd
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
68KB
MD5f0fddf5ccd011ae97ad56960b25d3622
SHA1e57bd0e4166cf42031c8b04727aeee7d35ca365c
SHA256fff8fe3cb53e40a8aa1b8ea66bb8424634b6f778c5a151c47ab58fa85615bdf0
SHA512383fae6c99b38a25940f69c2807f8820dd51329f57089656654b1ba90e32aed9146ed92d5175c1b63e8a2b88852eba8bd604b9e3194b3d66bf6a406b96f71a7a
-
Filesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
Filesize
16KB
MD50a5b37e6e65a4fc3dba47dfb113e0656
SHA16b4b1ea77e52a75e434da893d77568b75f1ee9f7
SHA256a4fab24b8925f44fd83a3b82bbadaf4976681fc735bacaf4060f48496c186c5f
SHA512c39a88c22c290087864c92843160e2600f1f75cf230ba1d539273d711cabdd5056250e2f844429b27a854037421a61aa74d07f760df679de15264467794f6c78
-
Filesize
16KB
MD5f7329991474c0b432ed2fcf9672e47fe
SHA1ed3583f626d10b82eafba8584bc839668447948d
SHA25654a05aff70d6d017994e532a62646ebdb69864882eac172e0d214e9e4d65306c
SHA5122abf93d15e8f674167b7aadcf712cabf487e91cb382f70ed03cbb145af55514a8dc0625aae20fabbf7f06d0e743ac77fda688d713e0ba8c2defc2e8f9289faa9
-
Filesize
16KB
MD5ef451a18e2a5e3e86961babb09438289
SHA1a535a19c17c43ee86b8d3e1229b9652283e0ed01
SHA256760e37585f3a5d58c01aca42cbb1e6358ceb71af994a12db8811301963079085
SHA5123e094295807eda3cd9ecad69aa46ec6d4dccdb419cfee3328af23804c3aad2ffca9b6bd4e7d73945b0ebc125e643a51ba952045ba514654af35811d6cc6c8a6e
-
Filesize
16KB
MD5d8083262a790ccf8cfa4f0cb0ffb631c
SHA15855781175062b01b3abbd6d33c471ca1d0b0b7d
SHA256dd5f0da57ee25db96562f57bb8fad195bcb9061d48b84b5b4a44102b7c188337
SHA5120e7dabe3bbd571c1af22fe29dd61074c0b4ba0e7227e26fa072bb8967bb130e6e7c03b087f7e1ed84649ead3a7ee27e18d6f97c90ed00ceefa5d060dd24d0727
-
Filesize
16KB
MD55fbdd243431a734f0f062841d8267ba9
SHA14f4432cae25802003652801f68ac9c9ca75272e2
SHA2563360361e195c3c53f42ed2a1b3e4bf2c3b419b3828557db1ec204d2a0e45b345
SHA5128085291190709473c004b4ecaec7f512298bfea291bf194470d6412ba590d38eebabf8b6b34d955c3a301dfa048d9729f7123d07899a442f8a70b88ce0ec3a65
-
Filesize
512B
MD57bc7b3accf336e16edf4638d101ab25f
SHA19293af9afe66897d92040bbf5e463acdf28cc61c
SHA256d6d1d1da66c7e4a1509a00a997302e79ce893c2d0c2df27d4536ec7b1a4e9cac
SHA5124cb2d7b873d43f2579c87f60f2a1c4f65ff11aa9afb28b7a45a62924d59295f2012558c734a4d7654d70d9e9f5fe28989c6aeccd98f43cf2820eb055ef836bfc
-
Filesize
36KB
MD54c373e2ccc2eb709b872cd73fe23c854
SHA10ee0932df634cf43877d060462ac72bf4d4a69ec
SHA25677425930632615558a8099bb05abe9d36c604812e9c4ee6773d2023bf04ddff0
SHA512e4bb068605ab4b7b4463f7e1bb0155e8a802a9e6cb53c17c8c3eaf5b9b749a0325631ef83ba0cf9a0c93a34428bad92c424ad4c7705ec5a50e0e0e8493cd21d9
-
Filesize
4KB
MD5a7b4e6f5798d78d80ed305b16a4ab04a
SHA16dd3a14d6948967ae09c00aa3972f53ec8cf5973
SHA256586d278be440868648923f35880d2729421c41bc76df21e14986935d8cdd9b78
SHA512003944a5f221668ce6fde5ad6551c88e5c8ec90b61f50282418f9c4d6ca0e179fbfa68f7c99ff032daafb58730d4554a080d5e666ca12f0b3a0b5f98528484b6
-
Filesize
4KB
MD5df93849811a3d908b2d223d430acc35a
SHA1deb8d38b946ba6b8043dc11d6aa07a7809a7751f
SHA2566dfc5e558b796874d88c45e3264dae2dca4c71bf0a64f05d4a61f3c695763a6f
SHA512801af6fc7e07435d750549c32c7ebbb4c1e1764d153443d4f86f1d9efead0850614ff5a12c14432966f5bf7cc5a9ad1be3d047b9540c1b5b0d831378869e3869
-
Filesize
4KB
MD535bef32c4168b10cb4b6e72576cc4381
SHA135792c2e9eba1317bdfea2f86dffff86152693a6
SHA2566488c6c9581a7ec0b8cd5e7f4487c0a2b4e1bbe1bd771486788d5963008f4a0c
SHA51290a0036d4efa1a325e79c36eb97aa48b3e20dbfbba4352d744e028341a2938177da0751241e84e8a84cc3b900653fae010d5e2c46c2c31f3758d56d5e00114ed
-
Filesize
4KB
MD5c497e5843ad97ff3151790f37f6eeb07
SHA15dd6c73d1985305ebf8c9cad7690637363d4a0d7
SHA2560579a7d7b360d65ac394e0b54abd18a2860b2ac887f9744c7736ca97dabcaa77
SHA512756dd893e0886afbaedd96748e05f5a34dbe414cbd08a5d6ac798dc456b5a67335ca1a204ca7374c055bf00ccbd8ecdb2c91a64a839d4db6644b18ed4f22f95d
-
Filesize
4KB
MD5b1f3dcc48f6484004e617242da3b31f8
SHA1ccc62bb9819314e348adc1a83ccf5b70299f6c76
SHA25642112aefd31b99dcf7d4df4c3a30d3f24f6e2b2f64c5a0df03fdf9a18e90737c
SHA512b2282889be017622a152e777c1f8f43de3591ed22ecc8dfa7723480cdfd6d8db24784155a1bd99ccb7365735ed4177e4140fe15832c5b514f02a1ce40b587b5d
-
/data/data/com.firestudios.thearmy/files/.com.google.firebase.crashlytics.files.v2:com.firestudios.thearmy/open-sessions/6664A1D6012A000110E6E83BB872304B/report
Filesize815B
MD5b06dddc28becd10557a14bc8b3d7664b
SHA10b291e76b093f3549f4d95e52d76b1f8458bfaac
SHA256a59d003067e57d17e168358fbc7ea9c2b8bd9cb8c82022cd72ab3da162441add
SHA5122ebb165d52111376285bebf60c9ab0a07835c3ea9a710ea8ebad98b3c0f5098baa57c15d3f6ee76d9cb3f3de5843072eeb95bf5a9ddd34c014ee5c904acafe23
-
/data/data/com.firestudios.thearmy/files/.com.google.firebase.crashlytics.files.v2:com.firestudios.thearmy/open-sessions/6664A1D6012A000110E6E83BB872304B/userlog
Filesize198B
MD531934e392f37fd22df43637eb7a80298
SHA15a7f49faf708ccbd4c7c5b0ee3106248806b2f8f
SHA2560192494f11ad41e82197ccb344b77c6243a5d0971ec07c40a4e89b2809c3e4d0
SHA512813bca1e53f6ee3eba156e284fcfff28a52cfd4ad86c4f0ea2acf7184da00b0901d1bc4483fd95bf3f5f9d540e78e4702084998647ac8de7b37a990a51d6d278
-
/data/data/com.firestudios.thearmy/files/.com.google.firebase.crashlytics.files.v2:com.firestudios.thearmy/open-sessions/6664A1D6012A000110E6E83BB872304B/userlog.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
Filesize
90B
MD5f79f7e0f6bbbe93634f3aac712a7f2b3
SHA135855df6633c49754c41d20a383011d498d2ee69
SHA2568f0a1530d397ce1a06385a031ba1fbaa8f1e7efe758bd3315caefef59081eeaf
SHA5124c22d9098113099ef2c982dbf83c1f8f52558f216cb8f1229e2cea2f3d850ebd97974dc666f8a69e44dec85a8aa83d129f9e30dda3cfa3c6e197c047e71b4e55
-
Filesize
569B
MD5c5360dd09aa20c243bcc6d89d90c7226
SHA17a7dae54eb044627fd439fa0d407db02c39b91d2
SHA256daf27c2ec84e8736c5c9f07a0ef866c2ed0c747b0cdc49feab9c71dabe3158fa
SHA512b81d6ec1cd24568374f239f8ef16565b011a813f634476fb7479e120bf69b8932098fa2674f521dc259f1c6ea25d4a0e1084385aa7e23c7caf0edbd869a6fdbd
-
Filesize
3.1MB
MD55bec99a09f298f6488a91eea062b9aad
SHA1959a17093354fc207f67efb5d210669d68b94c4b
SHA25677fc2eae1b80b190e43d031600ba6c1e8b80ac1457e960cd3bdccfae98dc24b7
SHA512aacb7d917dd0c2d2204f993f1bfee9583bd794cf6d2fe5344ad44995078b64e9ab4287378df87e58f427bead7671091840bf0ffda2f51f427fbd01901a4ae3be
-
Filesize
357B
MD51652089699b383fccff4bc8511a4b42e
SHA13f691971f9ba26640abdcab2889d7e90f4db6140
SHA2568086955b57381131d133f40253daba7e6f8b6ecd59c969a6662f51b27a0a49e6
SHA512aa0918e85e184da4aab4ddaf7e814d0b64ecb2f9ac586f7f70cd9dd375196146428db8769fceee1f9080f23312b03852a5f8a6a0197d81353785067f65122560
-
Filesize
512B
MD54bfd4fbb91bffe628f3bbba1ca2fffc1
SHA16b6cd6b6c799e02fc3182454950e410803c796c6
SHA2569a90b3fbd2debe896118f0b02e9c33e6fa5559ffd928800cbda7e3d46a9b13e7
SHA512a7acdc510c57aef0c6309f6ebaebf39868a281ab55f8c1ac6d975a36d35586c927d731f7b820732c1de4d2c5524ee29e3f2471a938397e598454ca25b0bb93b3
-
Filesize
16KB
MD51e79f2912f3c7e2f362ef2dbbe23b613
SHA1bae0d50978d35e5a5b2b888218282aad61c227f4
SHA256d3ed3732d0f8ffdc588b5e662cadb51992487dd4fc846a590385746e454b20f0
SHA5121805460c2ce45e4702642ba7828e5d78ab4c3e6d044efef1c9e3e5d34875fa4707679ec66d2475fd24b879356404a913230c79470b1c9823fa6b5dfb19148079
-
Filesize
108KB
MD5364ece7e4b5ad9942664423ad2708acb
SHA103d976f4578294b503fdd3a0d1781bce9fada4de
SHA25643231946e4256ca24492f8d660fd8e35bb7031f40bb0742261f69b7096914303
SHA5124e1c2edc7e7dd618e1d3e000c78d5c73e0d1534ef094e34cafd157f9d65002c07e102d9046dd14bbedfc130ea0b83bc33091129f7892be346b127b5168b890ef
-
Filesize
3.1MB
MD5e86b225ec04030f0ff90e062d718d2d7
SHA15909aafa0c9e396639a6259bd66cec272e82a12e
SHA256d723ff4dc81b5be2c3171d4751130bf51d994cd1f71fabe5fdbc0ab2f13e26e3
SHA512811b1bcf533aaf0c11431ca2e7a3d6c76cea68df60b22bd0cddad972de6698cf1c6dc530639b8905a41c5da6e419e20e2e377beb64fc393f3c69f12539e40cf3
-
Filesize
40KB
MD5d26b44b5ed86fac9e1d70f71ebf16d3a
SHA1e4d7e1ca87ee59fce870937286a877a3720c2f00
SHA2562632cf27fe7bdf389d017581b00f77ef6ae386d6480d0e04f4874321bca95fb3
SHA5128e0e13934a0f01bc0bde142be293f6e8f2fff4edd68536fdb592f1aef8072489022c123f1ccc672c4eb5d8426e4e3010d892bfb454def32e06a0f9067467aa2e
-
Filesize
512B
MD57ed6a30f1f685b77e653f991a11c6adb
SHA1fa0a168e98cf3a91ce3f75459e876c8b8ad3532b
SHA256ef9918136e210284a9682b9066709b239f5434affa4a690b98436844699e90ee
SHA5125287b21308ae124a90952bf4c890c8db6bc37163c887a6766315e2b883e72f2c0ba7a14b7478fa07f14fde0946f733c67684d869b4b3ba088f641139df4ef6cf
-
Filesize
402KB
MD5f513a74c6077a390536d04c523b89115
SHA1ece692c1c27d5eded43691d1ff3e9f6fc7185f1e
SHA25688651badb1ebe73568f064dc61a1dd9ed101c7d6cbc7d375acb9ade7a7ec6429
SHA512c725dd26e35ed588123dd0ff67b9f49a2534b0058bdbad7d2a7d586927947d9f98a0414abe1dda7b0fa4b69623a9a0b2873089d20b95833c88990e01893683e0
-
/storage/emulated/0/Android/data/com.firestudios.thearmy/files/Unity/16f1dee1-40af-45a8-96fe-65eef8d3a249/Analytics/config
Filesize293B
MD58673a8ac0b06a9d056d08d62f857ba4b
SHA1a351bea1932270bafbe468584058fef20dcfc31e
SHA25683b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96
SHA512edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f
-
Filesize
8.4MB
MD5749b88ce84814c6a2a4d4dfb79e4583a
SHA1cb8bc99b22f00a25a73c94a1417b6070df4f85a0
SHA2564334afc43c817dc1992f707bad4c5261a8c924a6d4bcdd3dcbef0c7a14136082
SHA512bac9aa14b72661e1def8a172b8af8a6e6f082c57edaf43472f683044a8e8c90e8ffb505fb2ccbd6d92026389353306ee623a061e6cd4c70f22ce6c2034d59adc
-
/storage/emulated/0/Android/data/com.firestudios.thearmy/files/il2cpp/Resources/System.Data.dll-resources.dat
Filesize91KB
MD54860ddd4350579f8fcacb1881582335a
SHA1493c03e9cfef6f72a00f92023cdb88527dfdf72c
SHA25698a7950ec6de3242c2e190dfa630188dfa32511a125542b94baa952d1c757d49
SHA51251421a1e79914cb6d828305103c5f7cdb020d98107586abd7e04614f65bae8004101e5567a873f52fe2daa3a7984bf4f7a4930e628cc5f86e709e3a37f812a95
-
/storage/emulated/0/Android/data/com.firestudios.thearmy/files/il2cpp/Resources/mscorlib.dll-resources.dat
Filesize329KB
MD521d06dbc8af6432b2b49536ed30609af
SHA111a1c0e2ab2f8c06fe4507535ed47e0dd279a60d
SHA256c5baa176a5b72cd545266340e42102d393a5e43d38c95796bc828918bb95277f
SHA5122971f54eaa14c3ce6e2352e5a1aea5b044f0894bf4eac92de8cd92515b6473b5ca56ebfcad4369a9d4935cbefea2540a83f332fd4d832c37768310e8776ceb5e
-
Filesize
36B
MD5f0d212650c24f9f2cd497a45deeaa61b
SHA18b825d65ae69c4ccfe73466fc83d1d8e28e0e471
SHA256397672f351444845bfe16b5c221873b23f7d122983fe4cd0a77912c267066585
SHA5126438ac0620a2888bd4c56944ad7f4ac0a1d058f86032df23368b5ae7d597667f3aa923d5246f4d45dc47c33fe9346460ab92b4232d93f879b0c15325f3ccdcd0