ecc7660eec402eb9ef76c9272963abd218de6b26b45147e5a751b69357fc66a3

Analysis

max time kernel
179s
max time network
202s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
18/09/2024, 19:09 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PvZ2HD0.670.apk
Size

80.1MB
MD5

011cdeb6fe8e52fea93d375b809ca38f
SHA1

86145d141e5d1ad6fcb9b266bdfd46cd38b3fe86
SHA256

ecc7660eec402eb9ef76c9272963abd218de6b26b45147e5a751b69357fc66a3
SHA512

fe1cd40f91686bb36075db13e058371f36ef5f6cb2529ac3d286025bd88fd7ffeaad0e39e0f1f567137aa61e09b552df2be9a85dcdcfea66e854eb32215fc885
SSDEEP

1572864:vpn0+UFrvTC96tg3NYEPj/AFf3XMSWJKPGMnU4VahyLUHUSYNYADUD6bv:F0rFr+gNy2f3XMS6nUgVHkNhv

Score

4^/10

persistence

Malware Config

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.popcap.pvz

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.popcap.pvz

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.popcap.pvz

com.popcap.pvz
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4253

Network

DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.187.206

142.250.200.46:443

tls, https

858 B
40 B
1
1
142.250.187.206:443

android.apis.google.com

tls

5.6kB
9.6kB
16
26

224.0.0.251:5353

3.7kB
11
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

142.250.187.206

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.popcap.pvz/files/data/1280x800/BrianneTod16.dat

Filesize
53KB

MD5
54157bcd692c1452b4029547be802d2b

SHA1
b3b5e71be13a6e8ec798e5d2df1267959dbc329f

SHA256
30015f79408eb194ecf842ac6ae32ff3131a9efb1ae964ca680922d3529df032

SHA512
c55a69bee8736e057a8f6b55facba67f04cb5e560e9b6f679ffb2fbdd12485a7562802569be93797ae3b1fe991512e69258bf1fbf0594cd83d9e6051ef5b638a

Download Submit
/data/data/com.popcap.pvz/files/data/1280x800/DwarvenTodcraft18.dat

Filesize
53KB

MD5
93cc7658076c61a8608997998d0d4ff8

SHA1
9705fed0a0873306aae655cd07c0deb3acaba0ce

SHA256
43eceacea69157376385ac91bf95449b9b908275975b8909859fe95369de9f0f

SHA512
32aa346d4bac4647d2413091ff538742af0d1046805d9a75997a2ea705a90042f071ae71180e72b1d1a1b24cff9a967de10bb1900b9a3caa8711d2008fb11465

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Response

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.