51baf4bc48db631e887ded88c0beb05b7a2f6f26ad2d122ee7c6cca6678752f5

Analysis

max time kernel
178s
max time network
173s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
05-08-2024 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Stick War_ Legacy.apk
Size

3.2MB
MD5

ae5770ecb741649cd470d645dd611843
SHA1

d6d29b4466c5139b9ea5b63d2b85150d6604abc5
SHA256

ba39a4b76ab656532003e560476b9a295df488f50195c6b9d7ac523b6d07aab4
SHA512

dda845e67dedf51508205f6aa7ffd8d19fcad0f0077178c71b8f65a96cb4096d3f326f52c081ea003f78703fdbbbff79f77b3618fd06717be67987627d0f524f
SSDEEP

98304:mO76p/xfKx1ppTyRwkrB0z+X0iXN9ALEjTRVShd:mi6FxfKxjdy66B0z+EiZnKT

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.herocraft.game.treasuresofthedeep/files/ac2b308d.dex	5236	com.herocraft.game.treasuresofthedeep

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.herocraft.game.treasuresofthedeep

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.herocraft.game.treasuresofthedeep

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.herocraft.game.treasuresofthedeep

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.herocraft.game.treasuresofthedeep

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.herocraft.game.treasuresofthedeep

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.herocraft.game.treasuresofthedeep

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.herocraft.game.treasuresofthedeep

com.herocraft.game.treasuresofthedeep
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:5236

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.herocraft.game.treasuresofthedeep/files/Ni

Filesize
379B

MD5
36bda346a1b07cd0f1c4251dd648f5aa

SHA1
a9b575f1d7f505dcb4c1bfc19e1176bf70669709

SHA256
d86d4c27a9181d2d1af466ba4301c6192e742a769dfd261ab44278eea971fa73

SHA512
9527cd712f70790701c6798d7f961aa057cb0ac1ff483ba7ced1dba60cc914561a175430345fef743988b2ee881a4e94d72f3b7ab064ea009d58c2a90dc1be5d

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/Ni

Filesize
676B

MD5
2303ccf5868f14cb02d9d21f57596583

SHA1
a6d56feacf7e56f77b45673ece23f9e69a31e917

SHA256
45f6bd86ef8579600aef8d8d05a7373ec3ca78be015ccdaff875124f7887f817

SHA512
8414b24e642b0dd1f40a31d34377af3287ebb071ca822272a9124dfd09d9a644a9a8c28b4d19a0d830814e90c411bd35569100609a7a442125eeb5a3c3931577

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/PersistedInstallation3491306266844953979tmp

Filesize
569B

MD5
4907b2de4716c442dffc974c6f6f1d94

SHA1
27c41bdac0d4b74c695f85ebe590c576d1e6feae

SHA256
aed64a9d2fa62180caeff9f7999e4c193c08bc60a9b24ab9add200e69ed06382

SHA512
9a6f1a467db09702cceffcd02355f0ec3f5b53278c14e9d5f7a66ae6e7b5bb17bc306893d1ebf4596489717d45509da401384cc02b8a206bfa71548bfd497a6f

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/S

Filesize
224B

MD5
9ec38b083d951f9507e87e9234af62ea

SHA1
9e3f547513c99bf5a76457446d815975da790f93

SHA256
519e8f9587014bc4caf9a31269bce02517b74b4de0b0b9821ea093e0065ad8e8

SHA512
ed58be959ac06dbd389acda83427638f4af3bfade66dd70af45af586c48e10c190cec4be85d0b5fc9bcd50eeb431ea7a8be8931a776bc2ed6f5cde579a860cef

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/S

Filesize
224B

MD5
6efb21bb18b4f9974812f948e89629ce

SHA1
178ac1c52f5a5399479d72b61d7fd087d57d2ce5

SHA256
9b45001308bf186c3da6cd6fb8e67273599933ade74cdc5910cba8678f2712d8

SHA512
c05a6496e35eecc0b4fe993f7aa1362a4ca3a8de42fe450973b7e7136ea3ecb5db04ea08778d3dbbf9495140f7e656f72b59dc90e4a927f58e478fe361f1ede8

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/S

Filesize
224B

MD5
ad51ad88a311160024131aa32820a86c

SHA1
f8a97dbd2eb72ecc6d84a69718bb43bc5c48fb2a

SHA256
8b59bad5a6951a8fef94767159ffe269d13fe8da9520384b8424e34bb34c3f98

SHA512
3b0612affd68ca227ccafc32c9c9c77dca46b343849e777fbf405a27bea0012bbe2755c5156c4d7d1ab6c2de3f4cbe0d07cd7418417c54a324bbb561043e8e18

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/ac2b308d.dex

Filesize
2.3MB

MD5
48aab9b1635e8a510b4a1126c1f95bc5

SHA1
7ce5597408c9a42d93e882ed904dd0f3551ab81b

SHA256
1653275e4d68124e6af999b4311ac471f0a8adbcdffe4f64c678e1e84f367725

SHA512
e5a224994ed1332b87c33b3d0784b69be8733cde478650888e889af3d20c9d33b9c20720ac4104f15aecb8a94bc4101f5d826cc7161797f66b416be939d0bd3b

Download Submit
/data/user/0/com.herocraft.game.treasuresofthedeep/files/ac2b308d.dex

Filesize
6.4MB

MD5
121d33b2c1295d49f9fba521016f45fe

SHA1
69e49d75e0a5e37cbc1f3f29fe5dccc656db27dc

SHA256
6f86990c8865f5cacbe7c38d934947aebae0a7f891043c714f012806a8e4467c

SHA512
561d57fc6e5c20b8c94949cc461d7e0e6595d041c1f8fe07c4b6815df92f71eede53bb1d333e58e494dec0e9db9a740c3917ba5519bdb3f51da7a3e3f744ac4b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads