51baf4bc48db631e887ded88c0beb05b7a2f6f26ad2d122ee7c6cca6678752f5

Resubmissions

04-08-2024 12:30

240804-ppf4psvfkq 10

Analysis

max time kernel
177s
max time network
176s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
04-08-2024 12:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Stick War_ Legacy.apk
Size

3.2MB
MD5

ae5770ecb741649cd470d645dd611843
SHA1

d6d29b4466c5139b9ea5b63d2b85150d6604abc5
SHA256

ba39a4b76ab656532003e560476b9a295df488f50195c6b9d7ac523b6d07aab4
SHA512

dda845e67dedf51508205f6aa7ffd8d19fcad0f0077178c71b8f65a96cb4096d3f326f52c081ea003f78703fdbbbff79f77b3618fd06717be67987627d0f524f
SSDEEP

98304:mO76p/xfKx1ppTyRwkrB0z+X0iXN9ALEjTRVShd:mi6FxfKxjdy66B0z+EiZnKT

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

com.herocraft.game.treasuresofthedeep

ioc pid process

/data/user/0/com.herocraft.game.treasuresofthedeep/files/ac2b308d.dex 5274 com.herocraft.game.treasuresofthedeep
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.herocraft.game.treasuresofthedeep

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.herocraft.game.treasuresofthedeep
Acquires the wake lock 1 IoCs

Processes:

com.herocraft.game.treasuresofthedeep

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.herocraft.game.treasuresofthedeep
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

T1541

Processes:

com.herocraft.game.treasuresofthedeep

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.herocraft.game.treasuresofthedeep
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.herocraft.game.treasuresofthedeep

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.herocraft.game.treasuresofthedeep

ioc	pid	process
/data/user/0/com.herocraft.game.treasuresofthedeep/files/ac2b308d.dex	5274	com.herocraft.game.treasuresofthedeep

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.herocraft.game.treasuresofthedeep

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.herocraft.game.treasuresofthedeep

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.herocraft.game.treasuresofthedeep

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.herocraft.game.treasuresofthedeep

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

T1422

Processes:

com.herocraft.game.treasuresofthedeep

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.herocraft.game.treasuresofthedeep

Reads information about phone network operator. 1 TTPs
discovery

T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.herocraft.game.treasuresofthedeep

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.herocraft.game.treasuresofthedeep
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.herocraft.game.treasuresofthedeep

description ioc process

File opened for read /proc/meminfo com.herocraft.game.treasuresofthedeep

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.herocraft.game.treasuresofthedeep

description	ioc	process
File opened for read	/proc/meminfo	com.herocraft.game.treasuresofthedeep

com.herocraft.game.treasuresofthedeep
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:5274

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.herocraft.game.treasuresofthedeep/files/Ni
Filesize
697B

MD5
a7531a4c22e7672a3c69d79eba9f18d6

SHA1
0fbdb7fca41dc28f0f03cd233d64e0d9a8f7e8a4

SHA256
c8763943e9c347de2c3cd1d764fb0dbad9105a7a36acd0e71820a0763cb7807a

SHA512
0385607f71b436dd0bb1230eb499887e7320531395fd0bb7ed8f3d99191fa4aab47f7d07e48078ef16aedceaefb049da687a58f2a97940640c5dc018de69dcf8

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/PersistedInstallation7460318339083462914tmp
Filesize
569B

MD5
0090059200965f7c9e4502487a977de0

SHA1
7e5eeb66dfe1b07d97c31148eb165100e9987f1f

SHA256
4294f3b08fd0519742cbb10e6b5aa7a3b06d7333259b3e8087e33deb6ef57644

SHA512
64f84f0f7478525cccd85ef6dd82771a67ac106dc6dfe637f018007d01e00d1c7c282dfa2898481c77456875db11851c982bcea95f8ab5043fca76b6d370f19a

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/S
Filesize
224B

MD5
d88054a5ace8edb135d29e35cb8ca256

SHA1
0205f70bc0752a0aae118bf4d92d5e284c5f42bd

SHA256
91fedc8a4a491ef24bc05a4f4e831ed0650c3c29311b867ae78f8c316ec908cf

SHA512
9be2b7ecd11924d2778b917382191c03b1fd10fe9a141222a4c9b030131fb7b662d6e049f8ff2b15e0e33757ccf826c7b208c9ea59ada65435dc762cb8207908

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/S
Filesize
224B

MD5
70500a21d802190587b1e34ef4675a1a

SHA1
bf09b29c98be6dd30b49c6b6aba673b4ee78d446

SHA256
d7f3a5d8417f670e916f651e79b3704d1eb5bf45eacd423c88ece30f3c2c44fc

SHA512
456a193226c1ac2628b1db1e11151956acef98c8600e293a8c24b93ae57f96d45427e46433179984b94cc61d0711c6780f139ec3b149e157c7ba205504948d8b

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/ac2b308d.dex
Filesize
2.3MB

MD5
48aab9b1635e8a510b4a1126c1f95bc5

SHA1
7ce5597408c9a42d93e882ed904dd0f3551ab81b

SHA256
1653275e4d68124e6af999b4311ac471f0a8adbcdffe4f64c678e1e84f367725

SHA512
e5a224994ed1332b87c33b3d0784b69be8733cde478650888e889af3d20c9d33b9c20720ac4104f15aecb8a94bc4101f5d826cc7161797f66b416be939d0bd3b

Download Submit
/data/user/0/com.herocraft.game.treasuresofthedeep/files/ac2b308d.dex
Filesize
6.4MB

MD5
121d33b2c1295d49f9fba521016f45fe

SHA1
69e49d75e0a5e37cbc1f3f29fe5dccc656db27dc

SHA256
6f86990c8865f5cacbe7c38d934947aebae0a7f891043c714f012806a8e4467c

SHA512
561d57fc6e5c20b8c94949cc461d7e0e6595d041c1f8fe07c4b6815df92f71eede53bb1d333e58e494dec0e9db9a740c3917ba5519bdb3f51da7a3e3f744ac4b

Download Submit