Malware Analysis Report

2024-09-09 17:36

Sample ID 240613-r6blnatblg
Target HappyMod-New-3-1-1.apk
SHA256 643103cfd58ec0e1423d63aa84f40f2380eda1b541fe87391e9946a215423c70
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

643103cfd58ec0e1423d63aa84f40f2380eda1b541fe87391e9946a215423c70

Threat Level: Shows suspicious behavior

The file HappyMod-New-3-1-1.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary


Requests dangerous framework permissions

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 14:47

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application a broad access to external storage in scoped storage. android.permission.MANAGE_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 14:47

Reported

2024-06-13 14:53

Platform

android-33-x64-arm64-20240611.1-en

Max time kernel

3s

Max time network

116s

Command Line

com.happymod.apk

Signatures

N/A

Processes

com.happymod.apk

Network

Country Destination Domain Proto
GB 172.217.169.36:443 udp
GB 172.217.169.36:443 tcp
GB 172.217.16.228:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.234:443 udp
GB 172.217.169.36:443 udp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
GB 142.250.180.3:443 tcp
US 162.159.61.3:443 udp
US 34.104.35.123:80 tcp
GB 142.250.180.3:443 udp
GB 216.58.212.195:443 tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 udp
BE 64.233.166.84:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 udp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.178.3:443 update.googleapis.com tcp
US 1.1.1.1:53 voilatile-pa.googleapis.com udp
GB 216.58.204.74:443 voilatile-pa.googleapis.com tcp
US 162.159.61.3:443 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 udp
GB 142.250.187.225:443 tcp
GB 142.250.178.1:443 udp
GB 142.250.179.228:443 tcp

Files

/data/data/com.happymod.apk/files/prodexdir/0OO00l111l1l

MD5 7eac2301ab5fd429653795b84bee2d56
SHA1 72818dbbdb67f354a3fdc5db118752622e0d1d67
SHA256 deb1a076ef92b17becb068b2cafbae49ed784a10c6261cea568ae1d0ba145ff2
SHA512 1486c6d2bdfffdaf9f56662f16eba4b4d6884c90e4a1b4a5ee52434e3a0d7e67e5e318cd06d9815165df40fe52fde238c464e2d581f6e1dfd5264e180268836d

/data/data/com.happymod.apk/files/prodexdir/o0oooOO0ooOo.dat

MD5 ed653d471d5de590ea1fe1b82fe1bfb6
SHA1 1b94021c3b4024e0bcd17ca632fa5f008ad44d7b
SHA256 5f430f06ae686e566b26788d082053b5063ff4866440246b59ce0c1b20cee182
SHA512 298cc31c59b9b60a73cf7baf834325148c1c9f3d994dc6e7a082c8f7a6c392864e027cba2bf1a836e4ddb269cdc523b4f53dbfaa7e04c449fa5bf38b60b0b803

/data/data/com.happymod.apk/files/prodexdir/tosversion

MD5 dfa772d6a95a3dc8fb4b3d26eb2bfb19
SHA1 e3d7ee22d79f803f27fb1af5aa89583441eb6982
SHA256 6512a70f696a6c1b00dc517df79b437b658ae995ac951e855e7a6132a7145b19
SHA512 2c32da75f818cf210d564b6dd901cd7bc6976f974d0ba6dafdb3d30546483f7ba65e12f2730b394aef821d3d78da90dcf666f6554cad199355a4e315f07af984

/data/data/com.happymod.apk/files/prodexdir/libshellx-super.com.happymod.apk.so

MD5 921eca06c233533dfafe827be9124c0a
SHA1 136e73d2a6013941a2d83720f8ff4fbe0a851938
SHA256 c4a75262e77fc5c2eb58db925202486e20c608f8db67ff7473836001637d53aa
SHA512 bc093e6bf3f065048451226315a10c73d87728bcbd94a035d1c50be95ea8dbc70b0acc82e634032685f8408569d7379911f79d2d56d172d1b06c0cc4a6031fbd