51baf4bc48db631e887ded88c0beb05b7a2f6f26ad2d122ee7c6cca6678752f5

Resubmissions

04-08-2024 12:30

240804-ppf4psvfkq 10

Analysis

max time kernel
178s
max time network
136s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
04-08-2024 12:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FE_Invisible_Troll_Script.apk
Size

3.2MB
MD5

3ff43582aa468b8a8d0e063dcfea73bf
SHA1

5d1d34fcec8f715ce045a5bda04741d40f29001b
SHA256

a6f56581bb7ae7b242fcaab3d97d04ec2c5ac8aa5870e4e64ffbcf0d78899993
SHA512

6af7639bc336015161f3087519e1a365ece0d1e0f5f7f20fe1af3243d1e6c3a0f65e38b50dc70f15cd13a232989b22884ca36bf0151630223d37bdba4f250149
SSDEEP

49152:hrOpp2RqaP3KdsFeHcEKYC4KiJK5ncPjPuE/UpXSkdkIDk5sSEj6QiVterxzrK:hYgv6dsFt0FQnGD/UsrLEjS81PK

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.herocraft.game.freemium.catchthecandy/files/f2f8f843.dex	4563	com.herocraft.game.freemium.catchthecandy

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.herocraft.game.freemium.catchthecandy

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.herocraft.game.freemium.catchthecandy

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.herocraft.game.freemium.catchthecandy

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.herocraft.game.freemium.catchthecandy

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.herocraft.game.freemium.catchthecandy

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.herocraft.game.freemium.catchthecandy

com.herocraft.game.freemium.catchthecandy
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Checks memory information
PID:4563

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.herocraft.game.freemium.catchthecandy/files/Iksc

Filesize
697B

MD5
2ca6bda9f648c0dbf35b37a62e7de8b4

SHA1
8604a21d698bafd351bbfa785343e992b27001cd

SHA256
7d2312c3ef64533beef6e8c06edb6afc584a7d11e7100c017967812f49316352

SHA512
0a56599157c17ce43bf9bed1f175efa4453b32b52e2e43c2fd551e5e437202e7898a74925a74e786b39c66f88b4a46e2d8864eb9009227d9bba9814857ad2d40

Download Submit
/data/data/com.herocraft.game.freemium.catchthecandy/files/f2f8f843.dex

Filesize
2.3MB

MD5
d951efa7f0ca59781f3af35949338902

SHA1
ac853df2b6835dbac7c94eb008ab4657e68eda70

SHA256
5b0a0d3671f6ff3ea0001624a0c157d057965e60891c5335391880fe9b00e183

SHA512
8fbbc1c347ec03478b01ff321d159656abfcad1d9ac3b426382348567c57bbaf1cdb3cac77c38fbcf62e0e17063f170fc9f9bf200a982b940dcad47e30b05617

Download Submit
/data/data/com.herocraft.game.freemium.catchthecandy/files/kNp

Filesize
229B

MD5
b92a32b3a9ff34ac3eaab946e85952e7

SHA1
d3165eb07cf22f1f17c98ec5320787592200d0a2

SHA256
0036042078874d8ac867716e6f3526a703c36c5f01c6ae4fbc051123f287c75f

SHA512
6fb1252cd6ab67da24c8eb586cac1d80d92684133aadee1c324e053dcda1bf4ac86b542f53a03fdc4bb02ff1802f1246b978f7d8e72edbff407c2f22a9de1c68

Download Submit
/data/data/com.herocraft.game.freemium.catchthecandy/files/kNp

Filesize
229B

MD5
a397530ec241f1719a4619ddefb44aae

SHA1
0bb67ec48540a4485cde5a2b613b27e647846452

SHA256
5348424b7b1e8b4266af5bfd6b65d2da2a5cdc562e3857e120844eec375e75a4

SHA512
23b3d81f74afe23bad5a2826ad810b6942b28becd5c8f8e924ed4d24601d68d6f65f6df4c461448139ab955cd6345946e1a6c14625dc00e1526492c60cb0bc59

Download Submit
/data/user/0/com.herocraft.game.freemium.catchthecandy/files/f2f8f843.dex

Filesize
6.4MB

MD5
767a8ce605249b314939882f824f989a

SHA1
7cb1e61d4fa739b92b25d13bcf33bbb00cff9baa

SHA256
26d8b34344e6e61c8a1380e9773109569accb467b36f954a1e5c729a4d701fa5

SHA512
baec83cf6d66fc0dbf13411043c8168acf38b0b66a9c20f9b1ec54d6f5ef21527d22b4c47dd54734dcd5bd85410dc3bb8fe786fb1702443beee9a42e869c4475

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads