Overview

overview

10

Static

static

10

1777a2ba85...b0.apk

android-9-x86

10

5251a35642...3e.apk

android-9-x86

1

5251a35642...3e.apk

android-10-x64

1

5251a35642...3e.apk

android-11-x64

1

7c44519e51...57.apk

android-9-x86

10

FE_Invisib...pt.apk

android-9-x86

1

FE_Invisib...pt.apk

android-10-x64

7

FE_Invisib...pt.apk

android-11-x64

7

HellBoy.apk

android-9-x86

6

HellBoy.apk

android-10-x64

1

HellBoy.apk

android-11-x64

6

Roblox Key...V3.apk

android-9-x86

1

Roblox Key...V3.apk

android-10-x64

7

Roblox Key...V3.apk

android-11-x64

7

Stick War_ Legacy.apk

android-9-x86

1

Stick War_ Legacy.apk

android-10-x64

7

Stick War_ Legacy.apk

android-11-x64

7

Undead_Def...pt.apk

android-9-x86

7

Undead_Def...pt.apk

android-10-x64

7

Undead_Def...pt.apk

android-11-x64

7

antivirus.apk

android-9-x86

7

antivirus.apk

android-10-x64

7

antivirus.apk

android-11-x64

7

b3f23bdd3d...c0.apk

android-9-x86

10

e8947bc9fb...10.apk

android-9-x86

7

insta_followers.apk

android-9-x86

7

insta_followers.apk

android-10-x64

7

insta_followers.apk

android-11-x64

7

xxx.apk

android-9-x86

1

Resubmissions

04-08-2024 12:30

240804-ppf4psvfkq 10

Analysis

  • max time kernel
    175s
  • max time network
    174s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    04-08-2024 12:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Undead_Defense_Tycoon_Script.apk

  • Size

    3.2MB

  • MD5

    fc35546a7395a68b6440de033afa789d

  • SHA1

    4afc8724e58084164148b7ce518ede8b203dce3c

  • SHA256

    c1b81966fa17c4e7d5137f13b2f4d04704c97d66a54d57dcfc1f42ad1f4029e7

  • SHA512

    ae32d9e7d7403a6ab0429da69fe4f803001a077327a0f103ccc9bcb90b17973ef10be8dc2cbf1909549a04f1eff5e85c81c2dfc2d99ba7fa93369efa47beca6c

  • SSDEEP

    98304:BaqBN1el9eL+FB8Y2nzDNWbVAneM/EjF+894S:oqX1nk52n05AehERS

Score
7/10
collectioncredential_accessdiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.herocraft.game.birdsonwire.freemium
    1⤵
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks memory information
    PID:5145

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.herocraft.game.birdsonwire.freemium/files/KWW
    Filesize

    727B

    MD5

    9521f578414bd8a3e758f4e0c243eb20

    SHA1

    ecf295e6075a27a1a0b5e6768b3df0e97b7e800a

    SHA256

    35610131bd6f5d10206b999aa351fbec6846fd4f72e37c7b3ddb48d053401b13

    SHA512

    6d1b1e2e9bb8fe8596dbcefad7106a025a3ec4b3c7c30cb5762df528d37dc559d3c184289d4dbbd6f9c915dc76d602e0db2329d565fa2841e7a66c6019553d65

    Download Submit
  • /data/data/com.herocraft.game.birdsonwire.freemium/files/PersistedInstallation2167478085138301818tmp
    Filesize

    567B

    MD5

    68a62f7ab4012b2de624f90429ddb8a6

    SHA1

    d5bad7d171dc4ae6fa69c19671856d4e51cb5693

    SHA256

    6c6baabcff4825d6d3953ff8d9d60e74cfab3321f37d6bce971c11ef37854e19

    SHA512

    dfa8e9b0806407c7ff280eb2dc8c8106b667e9e6e259d3f279310484edc2bfaae81f8ca2014936aeb9ba167a38ae064d7f0be14f0078971b757531a78a903f36

    Download Submit
  • /data/data/com.herocraft.game.birdsonwire.freemium/files/UMYa
    Filesize

    242B

    MD5

    f19888b1645f005f7b5b87b934f7737c

    SHA1

    eea6b92c985e94a03b7a25c4a86dba6144c1eda7

    SHA256

    8f6fc416e42ffaaa3b3774eb86da16a25b7a5bc69ca1aea3a335ed0cf4d2e60e

    SHA512

    bc613990b04c59ade6d8f0998cf42f976e2def114200c1e56c18d1938104216379dc57d89e16a8640359daf73ea7a3e74653939f7de3cfc61758f955ae05c06b

    Download Submit
  • /data/data/com.herocraft.game.birdsonwire.freemium/files/UMYa
    Filesize

    242B

    MD5

    6e03b5cee1e86ac1dc6837b8b1234104

    SHA1

    14dcce3899f769b23cb245a56e13ada0bdc276b1

    SHA256

    5f78c4df76040aefec7e05fbc9c5648bb9bc11f09f40409e3fe1ff42997fc52f

    SHA512

    52fa5ed0c9acdd21a348801e12ab2efab960bedd6d5dc39db1537e4943cb2950f7d677a6339a81f6616fbd69545648ee821c1b207de8f26c8e6a3cd8493750d8

    Download Submit
  • /data/data/com.herocraft.game.birdsonwire.freemium/files/b04e7800.dex
    Filesize

    2.3MB

    MD5

    a2c0379f196c91a175f47b801895518a

    SHA1

    549b6e1c77021378b4189f736b7eb7437a9d9497

    SHA256

    35cdc216518a388e7842f6b67a2c65ea06ca5302286087df3a9db29603b9aa21

    SHA512

    e3ebb67eb0a9c9e13db1dd29474bf93af6e0e3b9607623c0a70672bfb4f2505abc1f2c23e1592175317bc4f384fb7966954f0d37e6f331f7eb724ff5e6be4205

    Download Submit
  • /data/user/0/com.herocraft.game.birdsonwire.freemium/files/b04e7800.dex
    Filesize

    6.4MB

    MD5

    670d8683a3c1765ced65f8b60bfacdba

    SHA1

    24bc8f1ec3e925316fa05918fed1962379debe15

    SHA256

    fc48615db02bf829b738c5efef9cfc368b27c0a40fe69d4fa165cf59b0d6cc9f

    SHA512

    c6e7c7104c31d2b567874fed9684c172b1dc722d084ab998b0159420554e27ce044ed8b0099194919c18d782ac9d075962c966c602eaaf021f36d9d262bbc9a8

    Download Submit