51baf4bc48db631e887ded88c0beb05b7a2f6f26ad2d122ee7c6cca6678752f5

Analysis

max time kernel
174s
max time network
172s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
05-08-2024 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Undead_Defense_Tycoon_Script.apk
Size

3.2MB
MD5

fc35546a7395a68b6440de033afa789d
SHA1

4afc8724e58084164148b7ce518ede8b203dce3c
SHA256

c1b81966fa17c4e7d5137f13b2f4d04704c97d66a54d57dcfc1f42ad1f4029e7
SHA512

ae32d9e7d7403a6ab0429da69fe4f803001a077327a0f103ccc9bcb90b17973ef10be8dc2cbf1909549a04f1eff5e85c81c2dfc2d99ba7fa93369efa47beca6c
SSDEEP

98304:BaqBN1el9eL+FB8Y2nzDNWbVAneM/EjF+894S:oqX1nk52n05AehERS

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.herocraft.game.birdsonwire.freemium/files/b04e7800.dex	5172	com.herocraft.game.birdsonwire.freemium

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.herocraft.game.birdsonwire.freemium

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.herocraft.game.birdsonwire.freemium

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.herocraft.game.birdsonwire.freemium

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.herocraft.game.birdsonwire.freemium

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.herocraft.game.birdsonwire.freemium

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.herocraft.game.birdsonwire.freemium

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.herocraft.game.birdsonwire.freemium

com.herocraft.game.birdsonwire.freemium
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:5172

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.herocraft.game.birdsonwire.freemium/files/KWW

Filesize
706B

MD5
ebbe1740ea56359a39aec1bd3b678a04

SHA1
8afee5ba2b466712b2eab43a9b8638840fbfd5e3

SHA256
5c4a99208237e564fac93c5e983b16dacf457948f2d8ce9984173d22660c6283

SHA512
42c71c3f562e992e57b348b2c7be218ab33eac8acb25311cb9c4dff7fd0643e69133990e7d645a0e1b422147389b4f0767788e5d842d37a56be85169e21686fd

Download Submit
/data/data/com.herocraft.game.birdsonwire.freemium/files/KWW

Filesize
414B

MD5
4fa8c5ba0ee39486c3a305d8e7542df6

SHA1
c40608d35e6305d9a7fd6c2c6dabb5885a83613a

SHA256
a7b018c98bf4848a4fdecf194090476f8d0c12f9e371f556199ce44ec38c4230

SHA512
bac6ac441cd2241496d1ebae6e3cf5667813909864ce43cf97a6648041b92a778cb66376f9c916c2d36dffc3da10542c3c3eef15307db237fc52604f9e6f7560

Download Submit
/data/data/com.herocraft.game.birdsonwire.freemium/files/PersistedInstallation123543989478983912tmp

Filesize
90B

MD5
bdedd3ba3ef5e56f9fa0fc72b917b7f7

SHA1
6abadcf27ade5910d6520926c6c1c719ec96ff7e

SHA256
ab9cd264c87098d28b978bc3d4529a9466ebf208a72383a2a19466caa86e2522

SHA512
4b26bd0a1a8f0a7a3517d55aae7808d78e517586dedf8bfd68ab428bd472243403bd86ad5cc5d29b08311ad0df6d3fe0484a17dca091010c8f2fe3eeff0312b2

Download Submit
/data/data/com.herocraft.game.birdsonwire.freemium/files/PersistedInstallation8581516570902548133tmp

Filesize
569B

MD5
0accf3c4f4b3dde1db828931e4481070

SHA1
45079742665904909382b5c31525e85b7dec987f

SHA256
b782223dd0a170bae265cf1cefef8a001a53c880514b8cdfbe1d1e03760ba7df

SHA512
def579f75aaedf783f5681ea7fa3f5c24d2d7b6af24cce090f2fd36b27c3589129f0670a18459e01db1cc6135ba2b0f0c4ec3fcb2610b9c6f11dbc16a57f4637

Download Submit
/data/data/com.herocraft.game.birdsonwire.freemium/files/UMYa

Filesize
242B

MD5
10c7cd593cdbdafd10fa1388ede9357c

SHA1
61cafe3dc50e6149b7b650257e584587a1051c6e

SHA256
bb4c08367e00f66b4a4de956eb1632b03d2f3ce78795f63cef5f463fd897fd43

SHA512
205a288ec6f1fe5da77bf825793b3f0aa2d668b656c43bd19504d023df99e5b33c9ffa786e9f9180ddbdcffdc0bef301a403d7787753b66b50edf871b12847ee

Download Submit
/data/data/com.herocraft.game.birdsonwire.freemium/files/UMYa

Filesize
242B

MD5
9d9426193e333252ee36e466c9fba9b7

SHA1
78c2b3b7a997f4cf3aa6190a59c7307d7b50eedc

SHA256
304f0c741a091026cdeb975db854e41669638c8841bc040715f5b19fe129f490

SHA512
5d7dc7f3172448e7594044fcc9af5fd826f21dfcea5d9ec4f0143bdff037d5280ca1aa03bfd134265d602a249b0f4466fdea7bf017019cc1cb5078960e9bc630

Download Submit
/data/data/com.herocraft.game.birdsonwire.freemium/files/UMYa

Filesize
242B

MD5
6b21ca369489844e8182bab0f16b31d1

SHA1
4cab66287894b71852d90d35d9e6481a2d591790

SHA256
257605eb65ed3339164fd0b82907b4cc44a23dd5c4c7ad85c3b6fe7f25c0b001

SHA512
354a63d64432098c85d29c23d5dcb0593db40df652f31530e8fc2d3a753d1027012f5726692c1cb5fa30cc724f4adffd883ce7b36fd2bb206c7566a2886dab19

Download Submit
/data/data/com.herocraft.game.birdsonwire.freemium/files/b04e7800.dex

Filesize
2.3MB

MD5
a2c0379f196c91a175f47b801895518a

SHA1
549b6e1c77021378b4189f736b7eb7437a9d9497

SHA256
35cdc216518a388e7842f6b67a2c65ea06ca5302286087df3a9db29603b9aa21

SHA512
e3ebb67eb0a9c9e13db1dd29474bf93af6e0e3b9607623c0a70672bfb4f2505abc1f2c23e1592175317bc4f384fb7966954f0d37e6f331f7eb724ff5e6be4205

Download Submit
/data/user/0/com.herocraft.game.birdsonwire.freemium/files/b04e7800.dex

Filesize
6.4MB

MD5
670d8683a3c1765ced65f8b60bfacdba

SHA1
24bc8f1ec3e925316fa05918fed1962379debe15

SHA256
fc48615db02bf829b738c5efef9cfc368b27c0a40fe69d4fa165cf59b0d6cc9f

SHA512
c6e7c7104c31d2b567874fed9684c172b1dc722d084ab998b0159420554e27ce044ed8b0099194919c18d782ac9d075962c966c602eaaf021f36d9d262bbc9a8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads