51baf4bc48db631e887ded88c0beb05b7a2f6f26ad2d122ee7c6cca6678752f5

Analysis

max time kernel
177s
max time network
132s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
05-08-2024 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e8947bc9fb2bd597daba3064d5fab275d8df2beac92f301063f22fe276dcbc10.apk
Size

3.5MB
MD5

990bf5a2e9a7c90c75c9c07bf4a5e634
SHA1

ade24475ee8a9a2a0eec43772bbc02aeacb5926c
SHA256

e8947bc9fb2bd597daba3064d5fab275d8df2beac92f301063f22fe276dcbc10
SHA512

40419371a8dd596e8930e298e0d5470efd168a6d1a8425b8aa6eeb4e495cbc49580f234ac4278117600e2ff516ebdd867e6d395d67c80ce56660d1c8ca9ec92f
SSDEEP

98304:8mRW7NIyWHAt/2qcPf7K+KjXZKBEjzZST:8R7Wgt/GPjKPFK2XC

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
Anonymous-DexFile@0xd0f66000-0xd122850c	4370	com.herocraft.game.birdsonwire.freemium

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.herocraft.game.birdsonwire.freemium

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.herocraft.game.birdsonwire.freemium

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.herocraft.game.birdsonwire.freemium

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.herocraft.game.birdsonwire.freemium

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.herocraft.game.birdsonwire.freemium

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.herocraft.game.birdsonwire.freemium

com.herocraft.game.birdsonwire.freemium
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4370

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.herocraft.game.birdsonwire.freemium/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.herocraft.game.birdsonwire.freemium/files/PersistedInstallation4267493684137047724tmp

Filesize
569B

MD5
d6cc09b45e09cdb47ed1721033fe34f1

SHA1
70530e509629d07b8d60999b55a6fa8fbe5c3368

SHA256
ef925a59690cc65597ed93e12f43e0c3e7775460004cce1c4ed9c04afda0c2e2

SHA512
67d76e8982e640e39a412ea04e90f2d9300939d206375c17a15a251f615cc24fc7fcb6367bf4e02eeb3f11aa2821e115a7b77f53f40262b699748ad85752b320

Download Submit
/data/data/com.herocraft.game.birdsonwire.freemium/files/pxx

Filesize
229B

MD5
83c96008f0d540154bd38ba725bb2e65

SHA1
d6166d8cea8ed0188f3740ab6757aa3f2a5b7bd7

SHA256
9f3360a098100fabc028ec2b873dc39caefa37dcd0accef31b8b1eba1b2bcd3f

SHA512
7be4e058720a7c3b14aca7f2a5f14ae744342910cec98f2f40bf25af626eae18b8b8d4a74bc2c5c91ef992bf1f0a908e72c7428c4d8b817d4a7c156594f03667

Download Submit
/data/data/com.herocraft.game.birdsonwire.freemium/files/pxx

Filesize
229B

MD5
711572aedad9e7ac8bc1d29b90b3048a

SHA1
9cc0346eb5098e55e077af034aa0c6e886736792

SHA256
1a3540f840aaaeba8dee8b3b9eb170c6164af44adff8763f56b05e60cd433ffa

SHA512
eaa469490b3819a9cbf00a19abe5af7e258b8018666d0281cb0dec87a5f5faa5cd5f4c0b7c61193aafd1afdbf57d6a606d37c4f2ca7d06303b6d63f49538a25c

Download Submit
/data/data/com.herocraft.game.birdsonwire.freemium/files/qu

Filesize
731B

MD5
94117f538fb09d18309b16fcd5328262

SHA1
29943f611a22a41ac864609d9049ba6266d435f5

SHA256
b09abe2f92ad963571c606b68e4183aa689247ca2dccd40e039722c447db3599

SHA512
0b0868704bca5718ea86deccc82fd08024c1d7b52ffb76d17c016f7c7cd17b8c7715ff8108f0ffb13d65d2232ff5883b048eb9491e99229d907b50cdb7fbe16d

Download Submit
Anonymous-DexFile@0xd0f66000-0xd122850c

Filesize
2.8MB

MD5
862273f2c6de4c25816b5cb1ae006df9

SHA1
7c4c0026bc157cfc104ad91980d3c40b2d5e78ce

SHA256
c77d7de1df41842245f63cf10e13aed92fca563b8aa81a3888b4f142a5314f90

SHA512
688ffa31ce578992ad659df808bce82f88e4b86c000c08ce4b6873f6dd743cca5e65583fb0f98b408ebd45cfebe2634290f12607429f26a5a37a716771eecd06

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads