Analysis

  • max time kernel
    22s
  • max time network
    131s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240611.1-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
  • submitted
    13-06-2024 10:52

General

  • Target

    snake_v_1.0.4.apk

  • Size

    5.8MB

  • MD5

    f91699023879d7edc638f731681d49c8

  • SHA1

    49df9f86c07f57e6c551cae2dbb2acee847d649d

  • SHA256

    3bb22dda32dadbb8267566a538c5d7161bbe28c7a8a17ae4c883d1dc856be184

  • SHA512

    cffe25a91b6528a22e17d161abb075b5c1e09af6b09c861c9646230ee52adc417b10c34f8bc6bdaa52631fab015c34292ee459bb4540c2612a7579495ac3f215

  • SSDEEP

    98304:uOB0ww2qciAvahxeNo+CQKrGWZDczlGnTl53wgISvHTYhMvovRt4qJ8w782GKd/u:u00yihMzCV/ZmEl5AgIugvT49w78Rw/u

Score
7/10

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs

Processes

  • com.iron.pen
    1⤵
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Queries information about active data network
    PID:4463

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.iron.pen/databases/com.google.android.datatransport.events
    Filesize

    56KB

    MD5

    3e969e93446ce925055b936e0def784d

    SHA1

    7f32f3198d3262a59af76f3c6cab342646689846

    SHA256

    ad39e0b65d129326204732cd03abd2de53cbadfb59011b440d583de4cc262e48

    SHA512

    a35bf2a0360c9d26ff9b68ce8e1a58736c2e615e057ff4346c3b7591889c5348d9283684160ecd3a53fbfa9a44429fe0feb46289f24c1718f553f1b0d81303bc

  • /data/data/com.iron.pen/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    ec874502b2c7e8deaa8212f83548c165

    SHA1

    16880698e1adfa20d6898ec3ef8754e6a6bb1712

    SHA256

    8996cf511ec265a7264098ce151d824207f80c99b797338809b8d40f0698c543

    SHA512

    2b7c84d28dd20e625d7ad580da57634a4421fb89ac336c74ccb8c3c55eea7598a346030bd165989fd09024b426742fa7e21ece6821b60501646a55d2c4486397

  • /data/data/com.iron.pen/databases/com.google.android.datatransport.events-journal
    Filesize

    512B

    MD5

    f5a8b43a5b3e432523fd74e142460ae4

    SHA1

    360cbf8aff5af6cc108c4bf4e1e3393a55a44a89

    SHA256

    712bc31e77a3b55ec002f54a7c9db181e421a0ce07315a90ad865f147075273a

    SHA512

    fda325da70bd4398a9c87c498d429e5b08796527b40c2e59a11e983802fc1c78bb2a3d5eb8823bdb2c5f27f3e0cf555844fbbd51b8059023997fe183ec4ad193

  • /data/data/com.iron.pen/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    8a3f193de689ce17a2581da000ed8a71

    SHA1

    573e0f2cb577aca6ea67d1c4977a74383ad91f08

    SHA256

    ba1842bda85ddd287466a690a3278372dba22e6cc195fd57c882da7f4f6df738

    SHA512

    d787489df85139f588883338f509d157d4625126bfef0552c1dea2dcc7507b4279ddd36f2ca3ea6a4d9b52fd165b9ef778da256cbe113522556914a7b4918b7c

  • /data/data/com.iron.pen/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    d9cf75fdd1c2292d986f6c3d5d60f2c8

    SHA1

    07ecb1d3a26d952ae5fecf54f36699ab498510b1

    SHA256

    2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

    SHA512

    442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

  • /data/data/com.iron.pen/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    d847988b90a104a263ded867eb1bb3e4

    SHA1

    457b24361cde6dd38fc386865d169f8a0c808a1f

    SHA256

    c972e89bfe788a25a42583e9de1b34a4d2985192504dc763b93a0f3d1af10ad8

    SHA512

    e66b0cc509a361d2a4ab1c153bf54a8fee77e2d80c6cb0aadbdd54f070f48f24ab0414440b04576416f477f0febccc69c0f817b0440863f76bd02696d8dceb49

  • /data/data/com.iron.pen/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    128eca0a5cd7012d8a8ba29d4db9b7fe

    SHA1

    ff8e94c5e381d0814aa0ff3f4200a45e59bfdc3c

    SHA256

    2d6f7ca0384b7bb1946ae28ea4b81cdfe8cd93746909b0678c37745354153a6e

    SHA512

    0ee7f802e511a18591a2af99de2e7a9570047d7bb20e7ac10e6be0fda25eb3dc6d8c8917d183e877a6944bc59c580a648f1afe4fe766e4363b184b19ab2a68ce

  • /data/data/com.iron.pen/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    02ec303130702bbb9d86f6e8017d77a8

    SHA1

    0b67d89e0cdd314c52bb43a238ec4a766a9de3e1

    SHA256

    d995229e092f9d404e1a63fda0e52fbbb0b15744f168199a1b50e82e18dec73e

    SHA512

    bde124babd2d58d7555d217199e4d74d205926d2a2f0d2933a7d4bfb8923eccdd6e87c41fd19d2d7240c218d113948f8ec59d07a555302100644125d6514df23

  • /data/data/com.iron.pen/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    1871819dd6adfaf2e1fdfc33ceeb5fc7

    SHA1

    b9d321708684120a082d2fcee5b733fde61aac78

    SHA256

    f29a8203101932ebe5a849fb9a4923e2a53b2c63eb7539262030114516c1165d

    SHA512

    4e7a232ae0191bced31143b47cf7248365badceaa4ef56c471d53df59854e5a79aa37e95c135baa53417a4d60f1a6b8572df38d747559cc6ed63b3dd5995858f

  • /data/data/com.iron.pen/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    16f533629bffc4a45081e276f224adc7

    SHA1

    d6192439f7c6ece5a63b1917af5f8f459c21e689

    SHA256

    3538a246b74d61f4638b378ac3706c0695e234f830659c3afe42ef57785c9f41

    SHA512

    059c45505d3772925e2b72770c5f9f1d72b331a66a5fd3d9e7e3f43e312097ba11f795040c851fce72f0ca7e63948e7c1a869566906fdf7666a62362466a1dac

  • /data/data/com.iron.pen/databases/google_app_measurement_local.db-journal
    Filesize

    512B

    MD5

    008c096b2671070698988062e4dc0d37

    SHA1

    f8b0ab93b03d4cbd10c076d54c5bcc72e6ae6bd8

    SHA256

    70f2be87f453a9edfbde58cb99077965ad4f7247f5b75ea32267e3419ee3b80e

    SHA512

    7ee406e1b4e311fef79dcb443377f0d5d6ff279945e39184a263685569d56f6ede712868f35a2166107174d2c50f5b2e79cc859e66535f14077d64e36367938d

  • /data/data/com.iron.pen/databases/google_app_measurement_local.db-journal
    Filesize

    8KB

    MD5

    7c87bce8bcd7d0f9268e1d20304f6b01

    SHA1

    7112aaa17af953641d05dd2fa2ed29aa55dc0726

    SHA256

    043a5a8ed6eb1b2be4a69f82773b92b760e824ebf495ab63699ef41d69ef9477

    SHA512

    6bc7beb4b4539c98fc0d974bf99b79a7eb9ac7ecd2b6bdfbdf8984b8dc4cb15f8babf6da1682f42ef1770b9cd6a9ba7d938cba6bd737dfe79c69fcf3a83c4ac5

  • /data/data/com.iron.pen/databases/google_app_measurement_local.db-journal
    Filesize

    4KB

    MD5

    6f66771cecbd3ae51aedbdfcd7742db1

    SHA1

    1c936f6205c86fc6ea264a3fd8326c70323b4bdc

    SHA256

    fe36ba433e7fdfffea0c1f330aa766091aac22466166166d02a574f811b7334a

    SHA512

    62eb9dfdcd28185096a35bdc77fd74edb8f32bb99cbb0fd73f027971905596ad8a8ced20da131138c6c064f29dda529c14b6e1b27f873745b0765188a76a2536

  • /data/data/com.iron.pen/databases/google_app_measurement_local.db-journal
    Filesize

    8KB

    MD5

    eee59ab35a2688546c6e51a88d32f076

    SHA1

    ad36954faf314d947a1927cd67fa120b72410f52

    SHA256

    56bdf61ab7cabf2e928fe3655eb8823b46343c9ef50c5c83622bff1af5fa2b0a

    SHA512

    0b950e620c6275b1feed53383b0f4d64fe059d6160cccac1b142c4935b0fb8240e17fe0193b915deda1517c5f58d2a4211d76645e9b0541f2f645169add650cd

  • /data/data/com.iron.pen/databases/google_app_measurement_local.db-journal
    Filesize

    8KB

    MD5

    ae988b8eb3bcbddb2e8ba94db815b185

    SHA1

    59f283cefa9c5dedb65d8802b4aed2bfaf9be5f9

    SHA256

    6530f28c876f7ba6ede29df729fca427f0073c50dc699e85a1adc65013d18231

    SHA512

    0e207682b85139f518c2eeebad333135edfe1a8c7f365cf60d758d1bc46976284760fbe945e158632fd9b234d09e930cb414b5b6820cb474c9c9de23c1be3653

  • /data/data/com.iron.pen/databases/google_app_measurement_local.db-journal
    Filesize

    8KB

    MD5

    18386253ef0b6d719cd5833d9068b861

    SHA1

    7882c8ba5f503d1bbaf23e9a39280c56baacbd01

    SHA256

    f5ed295712bba485b596559e185330ebddcbd711a86b1a1039b235f1cf0f579b

    SHA512

    c91cceccc79d4bf3364b3aae5dee321f93976d592ec117819ace013d9c368189da618f5b6760e78bd8fe3efd8c6a47b9030cbc07af6fd2ec10b5f19ad0ba2e8a

  • /data/data/com.iron.pen/files/.plugin/version-1/base.apk
    Filesize

    1.9MB

    MD5

    a98c28dc0272b24c29fc639821fad349

    SHA1

    f84b4df9fd21e1ca5e3e8193ddb3d2da044755d9

    SHA256

    f46ad8da663b59f8ef7e885aae2c792cdd2a31bf761863cb552ceb2ddeb67752

    SHA512

    d7faedda36d44e1e59ff1cc08d2652759eb698803cdecc0b9fab1abb1608c704c7e3c38979f10aeb96e695525d3b7b8fc9ebe1ab15b472fdce116a6687d4dc49

  • /data/data/com.iron.pen/files/.plugin/version-1/lib/arm64-v8a/libmultiapp.so
    Filesize

    2.3MB

    MD5

    b778e63cf74eb658bd7e3bbfed2578a4

    SHA1

    fd30b92c3e1c15b67e20e7428aff3865079b1acf

    SHA256

    384a503a35fe38c9759e770834cee620db4acebcf63caff6d680271510009dc8

    SHA512

    7433c08d4cf748b3cc59e1cf0c990cebbb507a79abebba56241036f6d686c1fca200cc7477f3a0b9b18fbf4d32b400ffe09e522d1a6ed169ec60ce0095e1a0f3

  • /data/data/com.iron.pen/files/.plugin/version-1/lib/armeabi-v7a/libmultiapp.so
    Filesize

    2.1MB

    MD5

    4dd11f21d6fab32bc40dcc941311eefb

    SHA1

    6dd088e75130dcffa988e5e77424e513a631d8b1

    SHA256

    8270640e722e069c88b7db84981a8a35aeb8801bb6002970dfaeaee3f7ef24f0

    SHA512

    2a6202359654d503ec93aeb03405176a1dca4e9bf22295e2e924f7921e8be7e0f8e90b485f819e0797fa62ef3c2f0522237f52d968106aa9d68e5fc48b8d6ede

  • /data/data/com.iron.pen/files/.plugin/version.json
    Filesize

    91B

    MD5

    901cbc4a87aa42cc0d0f78860152edf1

    SHA1

    04a8a2a2d7cd59346f9f782e02d65fe2a881303e

    SHA256

    94b71f6eea0faeec43b06faadfccf0d7e6cd302cf92fc986f9b58601c5a127d8

    SHA512

    e29d51cc0044e816d3148d53c57e9784af77c58cc780c2c147b4fe373d1120e19704247c6ab022d27e54954069e6547df7ce7ddec878513949531a8949fc49a9

  • /data/data/com.iron.pen/files/PersistedInstallation2556028367769923661tmp
    Filesize

    569B

    MD5

    7d8d5047a78f433e2cbd934930771700

    SHA1

    5dbca156cf6db54011ccce806db93bc955c477fc

    SHA256

    4789f2f506c45fafd91a72d86710868c0a7de6f33ee08bd3f77598eab28eb9fd

    SHA512

    7a445964d6c5cfc4aa1475b01e0f87b17c95c34d0bcab46ff416b78c6323a5802a6bf4b13228a4e70edf802e0fade8553c85d89c840701b2d41a8312d1e96a11

  • /data/data/com.iron.pen/files/PersistedInstallation6066816235796814978tmp
    Filesize

    90B

    MD5

    1a1ebe207c6c354049fe71e0a4d0e49e

    SHA1

    768befc646f65796d25566e07cdd43bfb2092b25

    SHA256

    7f3c98921655380a303014b3351a2efbb688f3337e339fb749cd323c01abeabf

    SHA512

    1d3db841cbf36bb96fba233be58db9b38a4c8c98171e4f4f4eb12dba7f6b816c1b752f9e32b9f246a7ae50fc89bbd6cb68a999f4a66d15dd52e4c93fb4a4605d

  • /data/user/0/com.iron.pen/files/.plugin/version-1/base.apk
    Filesize

    451KB

    MD5

    7837ddb24249f4ea00e698cc428f43be

    SHA1

    a64cd3bc41f95fe2dc6ec4dd179f7070ed9d17f6

    SHA256

    ffab4110e1d89a25eb791f37d364faabc39b1d5a2a194ae1b22013ded287177a

    SHA512

    c4bd14e74ed1473cc8bbad17b9777458b73b768a9428590de82475678246dfa729a1ac65abfc27bd48fb459edcf0d19fd9c2933aae43220534ed5ed4e8e23644