51baf4bc48db631e887ded88c0beb05b7a2f6f26ad2d122ee7c6cca6678752f5

Analysis

max time kernel
178s
max time network
173s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
05-08-2024 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Stick War_ Legacy.apk
Size

3.2MB
MD5

ae5770ecb741649cd470d645dd611843
SHA1

d6d29b4466c5139b9ea5b63d2b85150d6604abc5
SHA256

ba39a4b76ab656532003e560476b9a295df488f50195c6b9d7ac523b6d07aab4
SHA512

dda845e67dedf51508205f6aa7ffd8d19fcad0f0077178c71b8f65a96cb4096d3f326f52c081ea003f78703fdbbbff79f77b3618fd06717be67987627d0f524f
SSDEEP

98304:mO76p/xfKx1ppTyRwkrB0z+X0iXN9ALEjTRVShd:mi6FxfKxjdy66B0z+EiZnKT

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

com.herocraft.game.treasuresofthedeep

ioc pid process

/data/user/0/com.herocraft.game.treasuresofthedeep/files/ac2b308d.dex 5236 com.herocraft.game.treasuresofthedeep
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.herocraft.game.treasuresofthedeep

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.herocraft.game.treasuresofthedeep
Acquires the wake lock 1 IoCs

Processes:

com.herocraft.game.treasuresofthedeep

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.herocraft.game.treasuresofthedeep
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

T1541

Processes:

com.herocraft.game.treasuresofthedeep

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.herocraft.game.treasuresofthedeep
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.herocraft.game.treasuresofthedeep

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.herocraft.game.treasuresofthedeep

ioc	pid	process
/data/user/0/com.herocraft.game.treasuresofthedeep/files/ac2b308d.dex	5236	com.herocraft.game.treasuresofthedeep

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.herocraft.game.treasuresofthedeep

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.herocraft.game.treasuresofthedeep

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.herocraft.game.treasuresofthedeep

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.herocraft.game.treasuresofthedeep

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

T1422

Processes:

com.herocraft.game.treasuresofthedeep

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.herocraft.game.treasuresofthedeep

Reads information about phone network operator. 1 TTPs
discovery

T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.herocraft.game.treasuresofthedeep

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.herocraft.game.treasuresofthedeep
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.herocraft.game.treasuresofthedeep

description ioc process

File opened for read /proc/meminfo com.herocraft.game.treasuresofthedeep

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.herocraft.game.treasuresofthedeep

description	ioc	process
File opened for read	/proc/meminfo	com.herocraft.game.treasuresofthedeep

com.herocraft.game.treasuresofthedeep
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:5236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.herocraft.game.treasuresofthedeep/files/Ni
Filesize
379B

MD5
36bda346a1b07cd0f1c4251dd648f5aa

SHA1
a9b575f1d7f505dcb4c1bfc19e1176bf70669709

SHA256
d86d4c27a9181d2d1af466ba4301c6192e742a769dfd261ab44278eea971fa73

SHA512
9527cd712f70790701c6798d7f961aa057cb0ac1ff483ba7ced1dba60cc914561a175430345fef743988b2ee881a4e94d72f3b7ab064ea009d58c2a90dc1be5d

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/Ni
Filesize
676B

MD5
2303ccf5868f14cb02d9d21f57596583

SHA1
a6d56feacf7e56f77b45673ece23f9e69a31e917

SHA256
45f6bd86ef8579600aef8d8d05a7373ec3ca78be015ccdaff875124f7887f817

SHA512
8414b24e642b0dd1f40a31d34377af3287ebb071ca822272a9124dfd09d9a644a9a8c28b4d19a0d830814e90c411bd35569100609a7a442125eeb5a3c3931577

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/PersistedInstallation3491306266844953979tmp
Filesize
569B

MD5
4907b2de4716c442dffc974c6f6f1d94

SHA1
27c41bdac0d4b74c695f85ebe590c576d1e6feae

SHA256
aed64a9d2fa62180caeff9f7999e4c193c08bc60a9b24ab9add200e69ed06382

SHA512
9a6f1a467db09702cceffcd02355f0ec3f5b53278c14e9d5f7a66ae6e7b5bb17bc306893d1ebf4596489717d45509da401384cc02b8a206bfa71548bfd497a6f

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/S
Filesize
224B

MD5
9ec38b083d951f9507e87e9234af62ea

SHA1
9e3f547513c99bf5a76457446d815975da790f93

SHA256
519e8f9587014bc4caf9a31269bce02517b74b4de0b0b9821ea093e0065ad8e8

SHA512
ed58be959ac06dbd389acda83427638f4af3bfade66dd70af45af586c48e10c190cec4be85d0b5fc9bcd50eeb431ea7a8be8931a776bc2ed6f5cde579a860cef

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/S
Filesize
224B

MD5
6efb21bb18b4f9974812f948e89629ce

SHA1
178ac1c52f5a5399479d72b61d7fd087d57d2ce5

SHA256
9b45001308bf186c3da6cd6fb8e67273599933ade74cdc5910cba8678f2712d8

SHA512
c05a6496e35eecc0b4fe993f7aa1362a4ca3a8de42fe450973b7e7136ea3ecb5db04ea08778d3dbbf9495140f7e656f72b59dc90e4a927f58e478fe361f1ede8

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/S
Filesize
224B

MD5
ad51ad88a311160024131aa32820a86c

SHA1
f8a97dbd2eb72ecc6d84a69718bb43bc5c48fb2a

SHA256
8b59bad5a6951a8fef94767159ffe269d13fe8da9520384b8424e34bb34c3f98

SHA512
3b0612affd68ca227ccafc32c9c9c77dca46b343849e777fbf405a27bea0012bbe2755c5156c4d7d1ab6c2de3f4cbe0d07cd7418417c54a324bbb561043e8e18

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/ac2b308d.dex
Filesize
2.3MB

MD5
48aab9b1635e8a510b4a1126c1f95bc5

SHA1
7ce5597408c9a42d93e882ed904dd0f3551ab81b

SHA256
1653275e4d68124e6af999b4311ac471f0a8adbcdffe4f64c678e1e84f367725

SHA512
e5a224994ed1332b87c33b3d0784b69be8733cde478650888e889af3d20c9d33b9c20720ac4104f15aecb8a94bc4101f5d826cc7161797f66b416be939d0bd3b

Download Submit
/data/user/0/com.herocraft.game.treasuresofthedeep/files/ac2b308d.dex
Filesize
6.4MB

MD5
121d33b2c1295d49f9fba521016f45fe

SHA1
69e49d75e0a5e37cbc1f3f29fe5dccc656db27dc

SHA256
6f86990c8865f5cacbe7c38d934947aebae0a7f891043c714f012806a8e4467c

SHA512
561d57fc6e5c20b8c94949cc461d7e0e6595d041c1f8fe07c4b6815df92f71eede53bb1d333e58e494dec0e9db9a740c3917ba5519bdb3f51da7a3e3f744ac4b

Download Submit