Malware Analysis Report

2024-09-09 17:34

Sample ID 240613-pkby7asepr
Target com.supercell.brawlstars_v34.141-150_Android-4.3.apk
SHA256 320a1371971d6dcb5bb47f5837fa6c437886dfc546cfc89c59bc087a5267f73f
Tags
evasion persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

320a1371971d6dcb5bb47f5837fa6c437886dfc546cfc89c59bc087a5267f73f

Threat Level: Likely malicious

The file com.supercell.brawlstars_v34.141-150_Android-4.3.apk was found to be: Likely malicious.

Malicious Activity Summary

evasion persistence

Checks if the Android device is rooted.

Checks known Qemu pipes.

Requests dangerous framework permissions

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 12:23

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 12:22

Reported

2024-06-13 12:25

Platform

android-x86-arm-20240611.1-en

Max time kernel

7s

Max time network

47s

Command Line

com.supercell.brawlstars

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.supercell.brawlstars

sh -c /system/bin/which su

/system/bin/which su

sh -c /system/xbin/which su

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
GB 142.250.178.10:443 digitalassetlinks.googleapis.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.179.234:443 digitalassetlinks.googleapis.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.202:443 semanticlocation-pa.googleapis.com tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/com.supercell.brawlstars/files/INSTALLATION

MD5 6b14f7d2ec97b4ba9eadc55dd8f1ab88
SHA1 b51c76f366a5bdbb0c33b3e125f4f7438400b058
SHA256 6e23969c7fc0bfb4c33eedf00974276b754f9a53084ca08f5b0f12d7fd60f181
SHA512 f511efa267e3d0411f43c07cf69e85176e693ec6a20ac8728a711385ff041825dcf2214caf1093b36922cf5e62813f2a2f89dce91563942b98a59a83f491bbc6

/data/data/com.supercell.brawlstars/cache/sentry/.sentry-native/last_crash

MD5 785f7f434d43dc1041ed27ea86b98231
SHA1 ef77077008480d18d533272918019385ffcb7ef6
SHA256 2097bac948f7dbb0a00dfd93226d5f77cd63aa8a28cfb339a98fcb49ee167d8d
SHA512 f3e28de900236525349e596608a8b2b1fd3dca0618bcf36555a15b13902b287ac8dda346e67755a2428e6faa04406185e28009ab3a8c4dedd3523b7a2727657c

/data/data/com.supercell.brawlstars/cache/sentry/.sentry-native/29052130-6078-4efe-4e93-24fd4b59e406.run/73c983ac-c17e-4a83-8369-b61859d9e1ae.envelope

MD5 2f748e2f7a177e2f61cbe0663d5f4a66
SHA1 8afdca6ff0a928e6625edf2eef5e1870716303f4
SHA256 9f3b7ea070ea9fd26e3f5cf3075f7c6d649f13c50105e38835b5ee5ac4cb18f2
SHA512 6f87be43fa94cfa06d059ea198b852cfbb69cab92f9449f9ad1c8a6a00d0fbdd745f2074ae4bfa779c6c12143dd4e851875af767679333ab6d97a076ff514564