51baf4bc48db631e887ded88c0beb05b7a2f6f26ad2d122ee7c6cca6678752f5

Resubmissions

04-08-2024 12:30

240804-ppf4psvfkq 10

Analysis

max time kernel
177s
max time network
139s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
04-08-2024 12:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Undead_Defense_Tycoon_Script.apk
Size

3.2MB
MD5

fc35546a7395a68b6440de033afa789d
SHA1

4afc8724e58084164148b7ce518ede8b203dce3c
SHA256

c1b81966fa17c4e7d5137f13b2f4d04704c97d66a54d57dcfc1f42ad1f4029e7
SHA512

ae32d9e7d7403a6ab0429da69fe4f803001a077327a0f103ccc9bcb90b17973ef10be8dc2cbf1909549a04f1eff5e85c81c2dfc2d99ba7fa93369efa47beca6c
SSDEEP

98304:BaqBN1el9eL+FB8Y2nzDNWbVAneM/EjF+894S:oqX1nk52n05AehERS

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.herocraft.game.birdsonwire.freemium/files/b04e7800.dex	4677	com.herocraft.game.birdsonwire.freemium

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.herocraft.game.birdsonwire.freemium

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.herocraft.game.birdsonwire.freemium

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.herocraft.game.birdsonwire.freemium

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.herocraft.game.birdsonwire.freemium

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.herocraft.game.birdsonwire.freemium

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.herocraft.game.birdsonwire.freemium

com.herocraft.game.birdsonwire.freemium
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Checks memory information
PID:4677

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.herocraft.game.birdsonwire.freemium/files/KWW

Filesize
722B

MD5
42dab2cb4f548d89097d4d3294c54d6e

SHA1
3e56662ca616ac59a8f14d9b12f6b583df7d877f

SHA256
a9253dec929d2008fe679c8910ef964e32ed86e015d383616468ed603402682d

SHA512
3178dc91f08eaf7141d7e4f4c27118e07a3f6501ba385f7e6699c57b9bae662b16a79748ad57a3770ad1b34d03d2d85878ebad838442d85ad04a9cf41f4a78be

Download Submit
/data/data/com.herocraft.game.birdsonwire.freemium/files/UMYa

Filesize
242B

MD5
e208f56229cb418f834d3956b2cfa463

SHA1
7824d0483a669c303f2e72cd61924e6ce69d07f9

SHA256
3d458e2bd784dfe88cbc02f7b2bca5c050835d4a6b3e9b8e49df9ed324670ad8

SHA512
b9bf659e6e24dd4a8e15b6b33345dcc5ec02d0c0e1e16f3ddab59f6b462b9edfb2e4d529bfd2b0d38fa3fef6e6154eb397f5d1bedf203b176b9ecc1b841d8f6f

Download Submit
/data/data/com.herocraft.game.birdsonwire.freemium/files/UMYa

Filesize
242B

MD5
8093f63b24dacce98773b476cc149cd7

SHA1
246a1ad2c3a2da6d9f998ca74ea46324291c469a

SHA256
42af84fd38ff69db981539fd5684927540cd877ad5efd9ea9dd2777b38bccdf7

SHA512
1bb5f91849032785bdf358d6da4a50288342cde09f6bbad8166c0104df13b7a6f38f118bbbcb430c8609bc4e5de0beccc94cc789b7ecd631442d23e88fe5c33e

Download Submit
/data/data/com.herocraft.game.birdsonwire.freemium/files/b04e7800.dex

Filesize
2.3MB

MD5
a2c0379f196c91a175f47b801895518a

SHA1
549b6e1c77021378b4189f736b7eb7437a9d9497

SHA256
35cdc216518a388e7842f6b67a2c65ea06ca5302286087df3a9db29603b9aa21

SHA512
e3ebb67eb0a9c9e13db1dd29474bf93af6e0e3b9607623c0a70672bfb4f2505abc1f2c23e1592175317bc4f384fb7966954f0d37e6f331f7eb724ff5e6be4205

Download Submit
/data/user/0/com.herocraft.game.birdsonwire.freemium/files/b04e7800.dex

Filesize
6.4MB

MD5
670d8683a3c1765ced65f8b60bfacdba

SHA1
24bc8f1ec3e925316fa05918fed1962379debe15

SHA256
fc48615db02bf829b738c5efef9cfc368b27c0a40fe69d4fa165cf59b0d6cc9f

SHA512
c6e7c7104c31d2b567874fed9684c172b1dc722d084ab998b0159420554e27ce044ed8b0099194919c18d782ac9d075962c966c602eaaf021f36d9d262bbc9a8

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads