51baf4bc48db631e887ded88c0beb05b7a2f6f26ad2d122ee7c6cca6678752f5

Resubmissions

04-08-2024 12:30

240804-ppf4psvfkq 10

Analysis

max time kernel
175s
max time network
174s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
04-08-2024 12:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Undead_Defense_Tycoon_Script.apk
Size

3.2MB
MD5

fc35546a7395a68b6440de033afa789d
SHA1

4afc8724e58084164148b7ce518ede8b203dce3c
SHA256

c1b81966fa17c4e7d5137f13b2f4d04704c97d66a54d57dcfc1f42ad1f4029e7
SHA512

ae32d9e7d7403a6ab0429da69fe4f803001a077327a0f103ccc9bcb90b17973ef10be8dc2cbf1909549a04f1eff5e85c81c2dfc2d99ba7fa93369efa47beca6c
SSDEEP

98304:BaqBN1el9eL+FB8Y2nzDNWbVAneM/EjF+894S:oqX1nk52n05AehERS

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.herocraft.game.birdsonwire.freemium/files/b04e7800.dex	5145	com.herocraft.game.birdsonwire.freemium

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.herocraft.game.birdsonwire.freemium

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.herocraft.game.birdsonwire.freemium

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.herocraft.game.birdsonwire.freemium

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.herocraft.game.birdsonwire.freemium

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.herocraft.game.birdsonwire.freemium

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.herocraft.game.birdsonwire.freemium

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.herocraft.game.birdsonwire.freemium

com.herocraft.game.birdsonwire.freemium
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:5145

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.herocraft.game.birdsonwire.freemium/files/KWW

Filesize
727B

MD5
9521f578414bd8a3e758f4e0c243eb20

SHA1
ecf295e6075a27a1a0b5e6768b3df0e97b7e800a

SHA256
35610131bd6f5d10206b999aa351fbec6846fd4f72e37c7b3ddb48d053401b13

SHA512
6d1b1e2e9bb8fe8596dbcefad7106a025a3ec4b3c7c30cb5762df528d37dc559d3c184289d4dbbd6f9c915dc76d602e0db2329d565fa2841e7a66c6019553d65

Download Submit
/data/data/com.herocraft.game.birdsonwire.freemium/files/PersistedInstallation2167478085138301818tmp

Filesize
567B

MD5
68a62f7ab4012b2de624f90429ddb8a6

SHA1
d5bad7d171dc4ae6fa69c19671856d4e51cb5693

SHA256
6c6baabcff4825d6d3953ff8d9d60e74cfab3321f37d6bce971c11ef37854e19

SHA512
dfa8e9b0806407c7ff280eb2dc8c8106b667e9e6e259d3f279310484edc2bfaae81f8ca2014936aeb9ba167a38ae064d7f0be14f0078971b757531a78a903f36

Download Submit
/data/data/com.herocraft.game.birdsonwire.freemium/files/UMYa

Filesize
242B

MD5
f19888b1645f005f7b5b87b934f7737c

SHA1
eea6b92c985e94a03b7a25c4a86dba6144c1eda7

SHA256
8f6fc416e42ffaaa3b3774eb86da16a25b7a5bc69ca1aea3a335ed0cf4d2e60e

SHA512
bc613990b04c59ade6d8f0998cf42f976e2def114200c1e56c18d1938104216379dc57d89e16a8640359daf73ea7a3e74653939f7de3cfc61758f955ae05c06b

Download Submit
/data/data/com.herocraft.game.birdsonwire.freemium/files/UMYa

Filesize
242B

MD5
6e03b5cee1e86ac1dc6837b8b1234104

SHA1
14dcce3899f769b23cb245a56e13ada0bdc276b1

SHA256
5f78c4df76040aefec7e05fbc9c5648bb9bc11f09f40409e3fe1ff42997fc52f

SHA512
52fa5ed0c9acdd21a348801e12ab2efab960bedd6d5dc39db1537e4943cb2950f7d677a6339a81f6616fbd69545648ee821c1b207de8f26c8e6a3cd8493750d8

Download Submit
/data/data/com.herocraft.game.birdsonwire.freemium/files/b04e7800.dex

Filesize
2.3MB

MD5
a2c0379f196c91a175f47b801895518a

SHA1
549b6e1c77021378b4189f736b7eb7437a9d9497

SHA256
35cdc216518a388e7842f6b67a2c65ea06ca5302286087df3a9db29603b9aa21

SHA512
e3ebb67eb0a9c9e13db1dd29474bf93af6e0e3b9607623c0a70672bfb4f2505abc1f2c23e1592175317bc4f384fb7966954f0d37e6f331f7eb724ff5e6be4205

Download Submit
/data/user/0/com.herocraft.game.birdsonwire.freemium/files/b04e7800.dex

Filesize
6.4MB

MD5
670d8683a3c1765ced65f8b60bfacdba

SHA1
24bc8f1ec3e925316fa05918fed1962379debe15

SHA256
fc48615db02bf829b738c5efef9cfc368b27c0a40fe69d4fa165cf59b0d6cc9f

SHA512
c6e7c7104c31d2b567874fed9684c172b1dc722d084ab998b0159420554e27ce044ed8b0099194919c18d782ac9d075962c966c602eaaf021f36d9d262bbc9a8

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads