Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
179s -
max time network
149s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
16/06/2024, 04:30
Static task
static1
Behavioral task
behavioral1
Sample
Downloader.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
Downloader.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
Downloader.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
Downloader.apk
-
Size
3.2MB
-
MD5
b5187d166fc645959dbbfbf23c86cd20
-
SHA1
292da90e6d1f1795bb71774cf88fb8b7283b06b9
-
SHA256
da05ee4a4b58e491a1754c87bb1c5fbd9293d8eb767bcffa54c4ba08f560143f
-
SHA512
b50970c31d9e5a864590a38f4ec6a06f0038c0200edf0bd7a534ebe3448f19fa45c8cd635d17dc825f73bc5b02afacf397d77ce0a1b7a465b53bb19667d63c56
-
SSDEEP
49152:MATA3dFRt9dRo0dfaO/KnALHdvQvwk9TpP5Z16o7JKksTjpO6X82v28SEjoQiEtU:ZAfhdGV5ALBQZ/37Jmnga27EjV8sET
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.herocraft.game.treasuresofthedeep/files/2ce38a8f.dex 5142 com.herocraft.game.treasuresofthedeep -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.herocraft.game.treasuresofthedeep -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.herocraft.game.treasuresofthedeep -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.herocraft.game.treasuresofthedeep -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.herocraft.game.treasuresofthedeep -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.herocraft.game.treasuresofthedeep -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.herocraft.game.treasuresofthedeep -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.herocraft.game.treasuresofthedeep
Processes
-
com.herocraft.game.treasuresofthedeep1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:5142
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.3MB
MD5927592bde2f5eb4826b5530b42ce1514
SHA1b81b4045976b04cd3bb0407433160cb7a866a6fa
SHA25677013e4cf3f4d1139bd9de60ae815104448ea16e753a7dfc84d0f6f92b04a0de
SHA512a721e494c1f0f3bdec8461f38ac00b7f791ca39b87ad4f5a053f22d30dc650a58f4160057f030d77b78e19193e78fe0c32407955474aacb96a30c8d63a5e83bd
-
Filesize
231B
MD5c2608fc26c03a0fa826405f4ad7a95f4
SHA1017acbbcb3ef0a763c9bb23092dceb91672e7014
SHA25641e4a1524905ad1b55d74cc379f50d93db8766fb96c0f991022550e18359139a
SHA51226018cd13fe3e6e5b8e9ee5cb024f0ef0db6f8cea642b357cbc725ba111f293205cf6177eb105b94485e527265769ed494a48f669ee0c2f7608d0130a6c5b881
-
Filesize
231B
MD5e6acbfa7b1d7830c54e2ef27c6d1e944
SHA1f2fd90eb113c0fd9d9299ef90e105a81f6995559
SHA256c44a43f30f2be9e46b20850427f79143ff4f196be0f2b990991c085944f4bbc8
SHA512866ba8543d23ad90215fd52f9d3cc959ef039a29dcc6bc86803f45dcc770a4e59da6f44044183a4964c5a105b2b1649b8b24ba840cc0d5e33f2b946681d72e80
-
Filesize
567B
MD582d87ab09e4404b59ddfba0cbe4256c3
SHA101c72bcaae6dab68448b47bed17fac3734e455ce
SHA256901bafa617ea693e9ec842fec762e8cfd843857534930c15e9f71640fd874772
SHA512e8a4d929cf698738038f37de6e8019d00f239f7212f20d55c7cb706b9c81bd60a7301d13788835f771ddede8e86b779b545844a15289f72997d6132380c205b8
-
Filesize
735B
MD576dc77bd481ed6cb8a83c0d070a14818
SHA1d07f8879d9d8431154d1c5cf7ffdca2a9cc53c77
SHA25683ca45f7c91dca51e3c925b2726b33c6629d639af3270af96cdcee4631dcbae3
SHA5122a68b91d4ab1d23dd7f449aaa47b8a8b0616937a5bc46aeb5beada2e134f656c14092b157b7e2a585c518ef0104651dfa48b9fd8f6bb362b016d8c57de749486
-
Filesize
6.4MB
MD5a4e8d55e3c43288be8fc03ab0e705008
SHA1272baf3219a19a93d27ffcd5fbe091d5c8b324ed
SHA25688afa18aa2ca15a9bb8790e533e4e161a2ee8f1f6072f0cf94215ce6a9458864
SHA5120a4116eedd73ec81c186722416e84a0b3a6d746b6b0e2dfc5e1362975168e6c5e4561650329188853a3a590644852341cfedfc81accb2e5d428dfb8b72abd731