Analysis
-
max time kernel
174s -
max time network
172s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
-
submitted
05-08-2024 01:22
General
-
Target
Undead_Defense_Tycoon_Script.apk
-
Size
3.2MB
-
MD5
fc35546a7395a68b6440de033afa789d
-
SHA1
4afc8724e58084164148b7ce518ede8b203dce3c
-
SHA256
c1b81966fa17c4e7d5137f13b2f4d04704c97d66a54d57dcfc1f42ad1f4029e7
-
SHA512
ae32d9e7d7403a6ab0429da69fe4f803001a077327a0f103ccc9bcb90b17973ef10be8dc2cbf1909549a04f1eff5e85c81c2dfc2d99ba7fa93369efa47beca6c
-
SSDEEP
98304:BaqBN1el9eL+FB8Y2nzDNWbVAneM/EjF+894S:oqX1nk52n05AehERS
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.herocraft.game.birdsonwire.freemium1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.herocraft.game.birdsonwire.freemium/files/KWWFilesize
706B
MD5ebbe1740ea56359a39aec1bd3b678a04
SHA18afee5ba2b466712b2eab43a9b8638840fbfd5e3
SHA2565c4a99208237e564fac93c5e983b16dacf457948f2d8ce9984173d22660c6283
SHA51242c71c3f562e992e57b348b2c7be218ab33eac8acb25311cb9c4dff7fd0643e69133990e7d645a0e1b422147389b4f0767788e5d842d37a56be85169e21686fd
-
/data/data/com.herocraft.game.birdsonwire.freemium/files/KWWFilesize
414B
MD54fa8c5ba0ee39486c3a305d8e7542df6
SHA1c40608d35e6305d9a7fd6c2c6dabb5885a83613a
SHA256a7b018c98bf4848a4fdecf194090476f8d0c12f9e371f556199ce44ec38c4230
SHA512bac6ac441cd2241496d1ebae6e3cf5667813909864ce43cf97a6648041b92a778cb66376f9c916c2d36dffc3da10542c3c3eef15307db237fc52604f9e6f7560
-
/data/data/com.herocraft.game.birdsonwire.freemium/files/PersistedInstallation123543989478983912tmpFilesize
90B
MD5bdedd3ba3ef5e56f9fa0fc72b917b7f7
SHA16abadcf27ade5910d6520926c6c1c719ec96ff7e
SHA256ab9cd264c87098d28b978bc3d4529a9466ebf208a72383a2a19466caa86e2522
SHA5124b26bd0a1a8f0a7a3517d55aae7808d78e517586dedf8bfd68ab428bd472243403bd86ad5cc5d29b08311ad0df6d3fe0484a17dca091010c8f2fe3eeff0312b2
-
/data/data/com.herocraft.game.birdsonwire.freemium/files/PersistedInstallation8581516570902548133tmpFilesize
569B
MD50accf3c4f4b3dde1db828931e4481070
SHA145079742665904909382b5c31525e85b7dec987f
SHA256b782223dd0a170bae265cf1cefef8a001a53c880514b8cdfbe1d1e03760ba7df
SHA512def579f75aaedf783f5681ea7fa3f5c24d2d7b6af24cce090f2fd36b27c3589129f0670a18459e01db1cc6135ba2b0f0c4ec3fcb2610b9c6f11dbc16a57f4637
-
/data/data/com.herocraft.game.birdsonwire.freemium/files/UMYaFilesize
242B
MD510c7cd593cdbdafd10fa1388ede9357c
SHA161cafe3dc50e6149b7b650257e584587a1051c6e
SHA256bb4c08367e00f66b4a4de956eb1632b03d2f3ce78795f63cef5f463fd897fd43
SHA512205a288ec6f1fe5da77bf825793b3f0aa2d668b656c43bd19504d023df99e5b33c9ffa786e9f9180ddbdcffdc0bef301a403d7787753b66b50edf871b12847ee
-
/data/data/com.herocraft.game.birdsonwire.freemium/files/UMYaFilesize
242B
MD59d9426193e333252ee36e466c9fba9b7
SHA178c2b3b7a997f4cf3aa6190a59c7307d7b50eedc
SHA256304f0c741a091026cdeb975db854e41669638c8841bc040715f5b19fe129f490
SHA5125d7dc7f3172448e7594044fcc9af5fd826f21dfcea5d9ec4f0143bdff037d5280ca1aa03bfd134265d602a249b0f4466fdea7bf017019cc1cb5078960e9bc630
-
/data/data/com.herocraft.game.birdsonwire.freemium/files/UMYaFilesize
242B
MD56b21ca369489844e8182bab0f16b31d1
SHA14cab66287894b71852d90d35d9e6481a2d591790
SHA256257605eb65ed3339164fd0b82907b4cc44a23dd5c4c7ad85c3b6fe7f25c0b001
SHA512354a63d64432098c85d29c23d5dcb0593db40df652f31530e8fc2d3a753d1027012f5726692c1cb5fa30cc724f4adffd883ce7b36fd2bb206c7566a2886dab19
-
/data/data/com.herocraft.game.birdsonwire.freemium/files/b04e7800.dexFilesize
2.3MB
MD5a2c0379f196c91a175f47b801895518a
SHA1549b6e1c77021378b4189f736b7eb7437a9d9497
SHA25635cdc216518a388e7842f6b67a2c65ea06ca5302286087df3a9db29603b9aa21
SHA512e3ebb67eb0a9c9e13db1dd29474bf93af6e0e3b9607623c0a70672bfb4f2505abc1f2c23e1592175317bc4f384fb7966954f0d37e6f331f7eb724ff5e6be4205
-
/data/user/0/com.herocraft.game.birdsonwire.freemium/files/b04e7800.dexFilesize
6.4MB
MD5670d8683a3c1765ced65f8b60bfacdba
SHA124bc8f1ec3e925316fa05918fed1962379debe15
SHA256fc48615db02bf829b738c5efef9cfc368b27c0a40fe69d4fa165cf59b0d6cc9f
SHA512c6e7c7104c31d2b567874fed9684c172b1dc722d084ab998b0159420554e27ce044ed8b0099194919c18d782ac9d075962c966c602eaaf021f36d9d262bbc9a8