Analysis
-
max time kernel
177s -
max time network
132s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
05-08-2024 01:22
General
-
Target
e8947bc9fb2bd597daba3064d5fab275d8df2beac92f301063f22fe276dcbc10.apk
-
Size
3.5MB
-
MD5
990bf5a2e9a7c90c75c9c07bf4a5e634
-
SHA1
ade24475ee8a9a2a0eec43772bbc02aeacb5926c
-
SHA256
e8947bc9fb2bd597daba3064d5fab275d8df2beac92f301063f22fe276dcbc10
-
SHA512
40419371a8dd596e8930e298e0d5470efd168a6d1a8425b8aa6eeb4e495cbc49580f234ac4278117600e2ff516ebdd867e6d395d67c80ce56660d1c8ca9ec92f
-
SSDEEP
98304:8mRW7NIyWHAt/2qcPf7K+KjXZKBEjzZST:8R7Wgt/GPjKPFK2XC
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.herocraft.game.birdsonwire.freemium1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.herocraft.game.birdsonwire.freemium/databases/com.google.android.datatransport.events-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.herocraft.game.birdsonwire.freemium/files/PersistedInstallation4267493684137047724tmpFilesize
569B
MD5d6cc09b45e09cdb47ed1721033fe34f1
SHA170530e509629d07b8d60999b55a6fa8fbe5c3368
SHA256ef925a59690cc65597ed93e12f43e0c3e7775460004cce1c4ed9c04afda0c2e2
SHA51267d76e8982e640e39a412ea04e90f2d9300939d206375c17a15a251f615cc24fc7fcb6367bf4e02eeb3f11aa2821e115a7b77f53f40262b699748ad85752b320
-
/data/data/com.herocraft.game.birdsonwire.freemium/files/pxxFilesize
229B
MD583c96008f0d540154bd38ba725bb2e65
SHA1d6166d8cea8ed0188f3740ab6757aa3f2a5b7bd7
SHA2569f3360a098100fabc028ec2b873dc39caefa37dcd0accef31b8b1eba1b2bcd3f
SHA5127be4e058720a7c3b14aca7f2a5f14ae744342910cec98f2f40bf25af626eae18b8b8d4a74bc2c5c91ef992bf1f0a908e72c7428c4d8b817d4a7c156594f03667
-
/data/data/com.herocraft.game.birdsonwire.freemium/files/pxxFilesize
229B
MD5711572aedad9e7ac8bc1d29b90b3048a
SHA19cc0346eb5098e55e077af034aa0c6e886736792
SHA2561a3540f840aaaeba8dee8b3b9eb170c6164af44adff8763f56b05e60cd433ffa
SHA512eaa469490b3819a9cbf00a19abe5af7e258b8018666d0281cb0dec87a5f5faa5cd5f4c0b7c61193aafd1afdbf57d6a606d37c4f2ca7d06303b6d63f49538a25c
-
/data/data/com.herocraft.game.birdsonwire.freemium/files/quFilesize
731B
MD594117f538fb09d18309b16fcd5328262
SHA129943f611a22a41ac864609d9049ba6266d435f5
SHA256b09abe2f92ad963571c606b68e4183aa689247ca2dccd40e039722c447db3599
SHA5120b0868704bca5718ea86deccc82fd08024c1d7b52ffb76d17c016f7c7cd17b8c7715ff8108f0ffb13d65d2232ff5883b048eb9491e99229d907b50cdb7fbe16d
-
Anonymous-DexFile@0xd0f66000-0xd122850cFilesize
2.8MB
MD5862273f2c6de4c25816b5cb1ae006df9
SHA17c4c0026bc157cfc104ad91980d3c40b2d5e78ce
SHA256c77d7de1df41842245f63cf10e13aed92fca563b8aa81a3888b4f142a5314f90
SHA512688ffa31ce578992ad659df808bce82f88e4b86c000c08ce4b6873f6dd743cca5e65583fb0f98b408ebd45cfebe2634290f12607429f26a5a37a716771eecd06