Analysis Overview

score

6^/10

SHA256

643103cfd58ec0e1423d63aa84f40f2380eda1b541fe87391e9946a215423c70

Threat Level: Shows suspicious behavior

The file HappyMod-New-3-1-1.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

Requests dangerous framework permissions

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 14:47

Signatures

Requests dangerous framework permissions

Description	Indicator	Process	Target
Required to be able to access the camera device.	android.permission.CAMERA	N/A	N/A
Allows applications to use exact alarm APIs.	android.permission.SCHEDULE_EXACT_ALARM	N/A	N/A
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE	N/A	N/A
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE	N/A	N/A
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES	N/A	N/A
Allows an application a broad access to external storage in scoped storage.	android.permission.MANAGE_EXTERNAL_STORAGE	N/A	N/A
Allows an application to record audio.	android.permission.RECORD_AUDIO	N/A	N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 14:47

Reported

2024-06-13 14:53

Platform

android-33-x64-arm64-20240611.1-en

Max time kernel

Max time network

116s

Command Line

com.happymod.apk

Signatures

N/A

Processes

com.happymod.apk

Network

Country	Destination	Domain	Proto
GB	172.217.169.36:443		udp
GB	172.217.169.36:443		tcp
GB	172.217.16.228:443		tcp
N/A	224.0.0.251:5353		udp
GB	216.58.212.234:443		udp
GB	172.217.169.36:443		udp
US	162.159.61.3:443		tcp
US	162.159.61.3:443		tcp
GB	142.250.180.3:443		tcp
US	162.159.61.3:443		udp
US	34.104.35.123:80		tcp
GB	142.250.180.3:443		udp
GB	216.58.212.195:443		tcp
US	162.159.61.3:443		tcp
US	162.159.61.3:443		tcp
US	162.159.61.3:443		udp
BE	64.233.166.84:443		tcp
GB	142.250.180.4:443		tcp
GB	142.250.180.4:443		tcp
GB	142.250.180.4:443		udp
US	1.1.1.1:53	update.googleapis.com	udp
GB	142.250.178.3:443	update.googleapis.com	tcp
US	1.1.1.1:53	voilatile-pa.googleapis.com	udp
GB	216.58.204.74:443	voilatile-pa.googleapis.com	tcp
US	162.159.61.3:443		udp
GB	142.250.187.206:443		tcp
GB	142.250.187.206:443		tcp
GB	142.250.187.206:443		tcp
GB	142.250.187.206:443		tcp
GB	142.250.187.206:443		tcp
GB	142.250.187.206:443		tcp
GB	142.250.187.206:443		udp
GB	142.250.187.225:443		tcp
GB	142.250.178.1:443		udp
GB	142.250.179.228:443		tcp

Files

/data/data/com.happymod.apk/files/prodexdir/0OO00l111l1l

MD5	7eac2301ab5fd429653795b84bee2d56
SHA1	72818dbbdb67f354a3fdc5db118752622e0d1d67
SHA256	deb1a076ef92b17becb068b2cafbae49ed784a10c6261cea568ae1d0ba145ff2
SHA512	1486c6d2bdfffdaf9f56662f16eba4b4d6884c90e4a1b4a5ee52434e3a0d7e67e5e318cd06d9815165df40fe52fde238c464e2d581f6e1dfd5264e180268836d

/data/data/com.happymod.apk/files/prodexdir/o0oooOO0ooOo.dat

MD5	ed653d471d5de590ea1fe1b82fe1bfb6
SHA1	1b94021c3b4024e0bcd17ca632fa5f008ad44d7b
SHA256	5f430f06ae686e566b26788d082053b5063ff4866440246b59ce0c1b20cee182
SHA512	298cc31c59b9b60a73cf7baf834325148c1c9f3d994dc6e7a082c8f7a6c392864e027cba2bf1a836e4ddb269cdc523b4f53dbfaa7e04c449fa5bf38b60b0b803

/data/data/com.happymod.apk/files/prodexdir/tosversion

MD5	dfa772d6a95a3dc8fb4b3d26eb2bfb19
SHA1	e3d7ee22d79f803f27fb1af5aa89583441eb6982
SHA256	6512a70f696a6c1b00dc517df79b437b658ae995ac951e855e7a6132a7145b19
SHA512	2c32da75f818cf210d564b6dd901cd7bc6976f974d0ba6dafdb3d30546483f7ba65e12f2730b394aef821d3d78da90dcf666f6554cad199355a4e315f07af984

/data/data/com.happymod.apk/files/prodexdir/libshellx-super.com.happymod.apk.so

MD5	921eca06c233533dfafe827be9124c0a
SHA1	136e73d2a6013941a2d83720f8ff4fbe0a851938
SHA256	c4a75262e77fc5c2eb58db925202486e20c608f8db67ff7473836001637d53aa
SHA512	bc093e6bf3f065048451226315a10c73d87728bcbd94a035d1c50be95ea8dbc70b0acc82e634032685f8408569d7379911f79d2d56d172d1b06c0cc4a6031fbd

Malware Analysis Report

2024-07-28 14:34

Table of Contents