da05ee4a4b58e491a1754c87bb1c5fbd9293d8eb767bcffa54c4ba08f560143f

Analysis

max time kernel
177s
max time network
168s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
16/06/2024, 04:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Downloader.apk
Size

3.2MB
MD5

b5187d166fc645959dbbfbf23c86cd20
SHA1

292da90e6d1f1795bb71774cf88fb8b7283b06b9
SHA256

da05ee4a4b58e491a1754c87bb1c5fbd9293d8eb767bcffa54c4ba08f560143f
SHA512

b50970c31d9e5a864590a38f4ec6a06f0038c0200edf0bd7a534ebe3448f19fa45c8cd635d17dc825f73bc5b02afacf397d77ce0a1b7a465b53bb19667d63c56
SSDEEP

49152:MATA3dFRt9dRo0dfaO/KnALHdvQvwk9TpP5Z16o7JKksTjpO6X82v28SEjoQiEtU:ZAfhdGV5ALBQZ/37Jmnga27EjV8sET

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.herocraft.game.treasuresofthedeep/files/2ce38a8f.dex	4767	com.herocraft.game.treasuresofthedeep

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.herocraft.game.treasuresofthedeep

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.herocraft.game.treasuresofthedeep

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.herocraft.game.treasuresofthedeep

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.herocraft.game.treasuresofthedeep

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.herocraft.game.treasuresofthedeep

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.herocraft.game.treasuresofthedeep

com.herocraft.game.treasuresofthedeep
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Checks memory information
PID:4767

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.herocraft.game.treasuresofthedeep/files/2ce38a8f.dex

Filesize
2.3MB

MD5
927592bde2f5eb4826b5530b42ce1514

SHA1
b81b4045976b04cd3bb0407433160cb7a866a6fa

SHA256
77013e4cf3f4d1139bd9de60ae815104448ea16e753a7dfc84d0f6f92b04a0de

SHA512
a721e494c1f0f3bdec8461f38ac00b7f791ca39b87ad4f5a053f22d30dc650a58f4160057f030d77b78e19193e78fe0c32407955474aacb96a30c8d63a5e83bd

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/Ba

Filesize
231B

MD5
555cf2a35d92eddb0c62c1fc64049cd0

SHA1
3d9a15388f5970943f60aae26585f24f50fa37c6

SHA256
e91ec5105e927bd4c2d3fa95fe94124a4a563ff839f0106b95b6dfdc65ef1bcd

SHA512
599e23c67a30a6187a9fc419b9f517d25529422cdec785b4a2aea31ce6908bb0ac41a4a2d66445d7ab3ee22031da167454c970c7fa286d61c080a57c52d50217

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/Ba

Filesize
231B

MD5
94160a26526f0ed2cac281bf69e01b34

SHA1
94dfe23626695295083f6d37d7fb0992cccb953b

SHA256
26f259399ae09efa64c11912d049ef63f017175caf961719bba7a8dcc8ae6114

SHA512
6ddc1bd3d3b303fcc4565cf1ab8162a34966abc7f98178750e2c4ab54e9faf333f4dbf45adfc9c7b30eae0a2338004624d6e6d34ec7e792f7bb35e007b0bc87d

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/S

Filesize
730B

MD5
d511aaef9d11b058df31dd4dcd2c89ef

SHA1
e9b72b4c047498c0dc9465c4bb2449063f4f471e

SHA256
946df6d7d651a9735370d1afbb27a803d38e264b9f9e2a2f52f5f59c944d30d0

SHA512
4b299df6e1d857e95880a2cea308a86c204194f2755f261fab6d660d567a8de140743df1fabd1422fdc7bfe43d7bb073e1f15bd56558eb1bfb8de4a6afa3a0e5

Download Submit
/data/user/0/com.herocraft.game.treasuresofthedeep/files/2ce38a8f.dex

Filesize
6.4MB

MD5
a4e8d55e3c43288be8fc03ab0e705008

SHA1
272baf3219a19a93d27ffcd5fbe091d5c8b324ed

SHA256
88afa18aa2ca15a9bb8790e533e4e161a2ee8f1f6072f0cf94215ce6a9458864

SHA512
0a4116eedd73ec81c186722416e84a0b3a6d746b6b0e2dfc5e1362975168e6c5e4561650329188853a3a590644852341cfedfc81accb2e5d428dfb8b72abd731

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads