Analysis
-
max time kernel
22s -
max time network
131s -
platform
android_x64 -
resource
android-x64-arm64-20240611.1-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system -
submitted
13-06-2024 10:52
Static task
static1
Behavioral task
behavioral1
Sample
snake_v_1.0.4.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral2
Sample
lib.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
snake_v_1.0.4.apk
-
Size
5.8MB
-
MD5
f91699023879d7edc638f731681d49c8
-
SHA1
49df9f86c07f57e6c551cae2dbb2acee847d649d
-
SHA256
3bb22dda32dadbb8267566a538c5d7161bbe28c7a8a17ae4c883d1dc856be184
-
SHA512
cffe25a91b6528a22e17d161abb075b5c1e09af6b09c861c9646230ee52adc417b10c34f8bc6bdaa52631fab015c34292ee459bb4540c2612a7579495ac3f215
-
SSDEEP
98304:uOB0ww2qciAvahxeNo+CQKrGWZDczlGnTl53wgISvHTYhMvovRt4qJ8w782GKd/u:u00yihMzCV/ZmEl5AgIugvT49w78Rw/u
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.iron.penioc pid process /data/user/0/com.iron.pen/files/.plugin/version-1/base.apk 4463 com.iron.pen -
Acquires the wake lock 1 IoCs
Processes:
com.iron.pendescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.iron.pen -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.iron.pendescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.iron.pen
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.iron.pen/databases/com.google.android.datatransport.eventsFilesize
56KB
MD53e969e93446ce925055b936e0def784d
SHA17f32f3198d3262a59af76f3c6cab342646689846
SHA256ad39e0b65d129326204732cd03abd2de53cbadfb59011b440d583de4cc262e48
SHA512a35bf2a0360c9d26ff9b68ce8e1a58736c2e615e057ff4346c3b7591889c5348d9283684160ecd3a53fbfa9a44429fe0feb46289f24c1718f553f1b0d81303bc
-
/data/data/com.iron.pen/databases/com.google.android.datatransport.events-journalFilesize
8KB
MD5ec874502b2c7e8deaa8212f83548c165
SHA116880698e1adfa20d6898ec3ef8754e6a6bb1712
SHA2568996cf511ec265a7264098ce151d824207f80c99b797338809b8d40f0698c543
SHA5122b7c84d28dd20e625d7ad580da57634a4421fb89ac336c74ccb8c3c55eea7598a346030bd165989fd09024b426742fa7e21ece6821b60501646a55d2c4486397
-
/data/data/com.iron.pen/databases/com.google.android.datatransport.events-journalFilesize
512B
MD5f5a8b43a5b3e432523fd74e142460ae4
SHA1360cbf8aff5af6cc108c4bf4e1e3393a55a44a89
SHA256712bc31e77a3b55ec002f54a7c9db181e421a0ce07315a90ad865f147075273a
SHA512fda325da70bd4398a9c87c498d429e5b08796527b40c2e59a11e983802fc1c78bb2a3d5eb8823bdb2c5f27f3e0cf555844fbbd51b8059023997fe183ec4ad193
-
/data/data/com.iron.pen/databases/com.google.android.datatransport.events-journalFilesize
8KB
MD58a3f193de689ce17a2581da000ed8a71
SHA1573e0f2cb577aca6ea67d1c4977a74383ad91f08
SHA256ba1842bda85ddd287466a690a3278372dba22e6cc195fd57c882da7f4f6df738
SHA512d787489df85139f588883338f509d157d4625126bfef0552c1dea2dcc7507b4279ddd36f2ca3ea6a4d9b52fd165b9ef778da256cbe113522556914a7b4918b7c
-
/data/data/com.iron.pen/databases/google_app_measurement_local.dbFilesize
16KB
MD5d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA107ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA2562d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb
-
/data/data/com.iron.pen/databases/google_app_measurement_local.dbFilesize
16KB
MD5d847988b90a104a263ded867eb1bb3e4
SHA1457b24361cde6dd38fc386865d169f8a0c808a1f
SHA256c972e89bfe788a25a42583e9de1b34a4d2985192504dc763b93a0f3d1af10ad8
SHA512e66b0cc509a361d2a4ab1c153bf54a8fee77e2d80c6cb0aadbdd54f070f48f24ab0414440b04576416f477f0febccc69c0f817b0440863f76bd02696d8dceb49
-
/data/data/com.iron.pen/databases/google_app_measurement_local.dbFilesize
16KB
MD5128eca0a5cd7012d8a8ba29d4db9b7fe
SHA1ff8e94c5e381d0814aa0ff3f4200a45e59bfdc3c
SHA2562d6f7ca0384b7bb1946ae28ea4b81cdfe8cd93746909b0678c37745354153a6e
SHA5120ee7f802e511a18591a2af99de2e7a9570047d7bb20e7ac10e6be0fda25eb3dc6d8c8917d183e877a6944bc59c580a648f1afe4fe766e4363b184b19ab2a68ce
-
/data/data/com.iron.pen/databases/google_app_measurement_local.dbFilesize
16KB
MD502ec303130702bbb9d86f6e8017d77a8
SHA10b67d89e0cdd314c52bb43a238ec4a766a9de3e1
SHA256d995229e092f9d404e1a63fda0e52fbbb0b15744f168199a1b50e82e18dec73e
SHA512bde124babd2d58d7555d217199e4d74d205926d2a2f0d2933a7d4bfb8923eccdd6e87c41fd19d2d7240c218d113948f8ec59d07a555302100644125d6514df23
-
/data/data/com.iron.pen/databases/google_app_measurement_local.dbFilesize
16KB
MD51871819dd6adfaf2e1fdfc33ceeb5fc7
SHA1b9d321708684120a082d2fcee5b733fde61aac78
SHA256f29a8203101932ebe5a849fb9a4923e2a53b2c63eb7539262030114516c1165d
SHA5124e7a232ae0191bced31143b47cf7248365badceaa4ef56c471d53df59854e5a79aa37e95c135baa53417a4d60f1a6b8572df38d747559cc6ed63b3dd5995858f
-
/data/data/com.iron.pen/databases/google_app_measurement_local.dbFilesize
16KB
MD516f533629bffc4a45081e276f224adc7
SHA1d6192439f7c6ece5a63b1917af5f8f459c21e689
SHA2563538a246b74d61f4638b378ac3706c0695e234f830659c3afe42ef57785c9f41
SHA512059c45505d3772925e2b72770c5f9f1d72b331a66a5fd3d9e7e3f43e312097ba11f795040c851fce72f0ca7e63948e7c1a869566906fdf7666a62362466a1dac
-
/data/data/com.iron.pen/databases/google_app_measurement_local.db-journalFilesize
512B
MD5008c096b2671070698988062e4dc0d37
SHA1f8b0ab93b03d4cbd10c076d54c5bcc72e6ae6bd8
SHA25670f2be87f453a9edfbde58cb99077965ad4f7247f5b75ea32267e3419ee3b80e
SHA5127ee406e1b4e311fef79dcb443377f0d5d6ff279945e39184a263685569d56f6ede712868f35a2166107174d2c50f5b2e79cc859e66535f14077d64e36367938d
-
/data/data/com.iron.pen/databases/google_app_measurement_local.db-journalFilesize
8KB
MD57c87bce8bcd7d0f9268e1d20304f6b01
SHA17112aaa17af953641d05dd2fa2ed29aa55dc0726
SHA256043a5a8ed6eb1b2be4a69f82773b92b760e824ebf495ab63699ef41d69ef9477
SHA5126bc7beb4b4539c98fc0d974bf99b79a7eb9ac7ecd2b6bdfbdf8984b8dc4cb15f8babf6da1682f42ef1770b9cd6a9ba7d938cba6bd737dfe79c69fcf3a83c4ac5
-
/data/data/com.iron.pen/databases/google_app_measurement_local.db-journalFilesize
4KB
MD56f66771cecbd3ae51aedbdfcd7742db1
SHA11c936f6205c86fc6ea264a3fd8326c70323b4bdc
SHA256fe36ba433e7fdfffea0c1f330aa766091aac22466166166d02a574f811b7334a
SHA51262eb9dfdcd28185096a35bdc77fd74edb8f32bb99cbb0fd73f027971905596ad8a8ced20da131138c6c064f29dda529c14b6e1b27f873745b0765188a76a2536
-
/data/data/com.iron.pen/databases/google_app_measurement_local.db-journalFilesize
8KB
MD5eee59ab35a2688546c6e51a88d32f076
SHA1ad36954faf314d947a1927cd67fa120b72410f52
SHA25656bdf61ab7cabf2e928fe3655eb8823b46343c9ef50c5c83622bff1af5fa2b0a
SHA5120b950e620c6275b1feed53383b0f4d64fe059d6160cccac1b142c4935b0fb8240e17fe0193b915deda1517c5f58d2a4211d76645e9b0541f2f645169add650cd
-
/data/data/com.iron.pen/databases/google_app_measurement_local.db-journalFilesize
8KB
MD5ae988b8eb3bcbddb2e8ba94db815b185
SHA159f283cefa9c5dedb65d8802b4aed2bfaf9be5f9
SHA2566530f28c876f7ba6ede29df729fca427f0073c50dc699e85a1adc65013d18231
SHA5120e207682b85139f518c2eeebad333135edfe1a8c7f365cf60d758d1bc46976284760fbe945e158632fd9b234d09e930cb414b5b6820cb474c9c9de23c1be3653
-
/data/data/com.iron.pen/databases/google_app_measurement_local.db-journalFilesize
8KB
MD518386253ef0b6d719cd5833d9068b861
SHA17882c8ba5f503d1bbaf23e9a39280c56baacbd01
SHA256f5ed295712bba485b596559e185330ebddcbd711a86b1a1039b235f1cf0f579b
SHA512c91cceccc79d4bf3364b3aae5dee321f93976d592ec117819ace013d9c368189da618f5b6760e78bd8fe3efd8c6a47b9030cbc07af6fd2ec10b5f19ad0ba2e8a
-
/data/data/com.iron.pen/files/.plugin/version-1/base.apkFilesize
1.9MB
MD5a98c28dc0272b24c29fc639821fad349
SHA1f84b4df9fd21e1ca5e3e8193ddb3d2da044755d9
SHA256f46ad8da663b59f8ef7e885aae2c792cdd2a31bf761863cb552ceb2ddeb67752
SHA512d7faedda36d44e1e59ff1cc08d2652759eb698803cdecc0b9fab1abb1608c704c7e3c38979f10aeb96e695525d3b7b8fc9ebe1ab15b472fdce116a6687d4dc49
-
/data/data/com.iron.pen/files/.plugin/version-1/lib/arm64-v8a/libmultiapp.soFilesize
2.3MB
MD5b778e63cf74eb658bd7e3bbfed2578a4
SHA1fd30b92c3e1c15b67e20e7428aff3865079b1acf
SHA256384a503a35fe38c9759e770834cee620db4acebcf63caff6d680271510009dc8
SHA5127433c08d4cf748b3cc59e1cf0c990cebbb507a79abebba56241036f6d686c1fca200cc7477f3a0b9b18fbf4d32b400ffe09e522d1a6ed169ec60ce0095e1a0f3
-
/data/data/com.iron.pen/files/.plugin/version-1/lib/armeabi-v7a/libmultiapp.soFilesize
2.1MB
MD54dd11f21d6fab32bc40dcc941311eefb
SHA16dd088e75130dcffa988e5e77424e513a631d8b1
SHA2568270640e722e069c88b7db84981a8a35aeb8801bb6002970dfaeaee3f7ef24f0
SHA5122a6202359654d503ec93aeb03405176a1dca4e9bf22295e2e924f7921e8be7e0f8e90b485f819e0797fa62ef3c2f0522237f52d968106aa9d68e5fc48b8d6ede
-
/data/data/com.iron.pen/files/.plugin/version.jsonFilesize
91B
MD5901cbc4a87aa42cc0d0f78860152edf1
SHA104a8a2a2d7cd59346f9f782e02d65fe2a881303e
SHA25694b71f6eea0faeec43b06faadfccf0d7e6cd302cf92fc986f9b58601c5a127d8
SHA512e29d51cc0044e816d3148d53c57e9784af77c58cc780c2c147b4fe373d1120e19704247c6ab022d27e54954069e6547df7ce7ddec878513949531a8949fc49a9
-
/data/data/com.iron.pen/files/PersistedInstallation2556028367769923661tmpFilesize
569B
MD57d8d5047a78f433e2cbd934930771700
SHA15dbca156cf6db54011ccce806db93bc955c477fc
SHA2564789f2f506c45fafd91a72d86710868c0a7de6f33ee08bd3f77598eab28eb9fd
SHA5127a445964d6c5cfc4aa1475b01e0f87b17c95c34d0bcab46ff416b78c6323a5802a6bf4b13228a4e70edf802e0fade8553c85d89c840701b2d41a8312d1e96a11
-
/data/data/com.iron.pen/files/PersistedInstallation6066816235796814978tmpFilesize
90B
MD51a1ebe207c6c354049fe71e0a4d0e49e
SHA1768befc646f65796d25566e07cdd43bfb2092b25
SHA2567f3c98921655380a303014b3351a2efbb688f3337e339fb749cd323c01abeabf
SHA5121d3db841cbf36bb96fba233be58db9b38a4c8c98171e4f4f4eb12dba7f6b816c1b752f9e32b9f246a7ae50fc89bbd6cb68a999f4a66d15dd52e4c93fb4a4605d
-
/data/user/0/com.iron.pen/files/.plugin/version-1/base.apkFilesize
451KB
MD57837ddb24249f4ea00e698cc428f43be
SHA1a64cd3bc41f95fe2dc6ec4dd179f7070ed9d17f6
SHA256ffab4110e1d89a25eb791f37d364faabc39b1d5a2a194ae1b22013ded287177a
SHA512c4bd14e74ed1473cc8bbad17b9777458b73b768a9428590de82475678246dfa729a1ac65abfc27bd48fb459edcf0d19fd9c2933aae43220534ed5ed4e8e23644