1df24ea56b84d90a8f4957e12fe764dcc32df13b603b633e236d721588b3c101

Analysis

max time kernel
51s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
29/09/2024, 00:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1.21.30.03_arm32_arm64_patched.apk
Size

294.2MB
MD5

7a19ebb18513e113b9fac8d7bf7cfb36
SHA1

1f4e03723e31f7d1de1143851fe6dcacb8a19e01
SHA256

1df24ea56b84d90a8f4957e12fe764dcc32df13b603b633e236d721588b3c101
SHA512

7d7015625f899e6f42542eb280f46a1826b0c683fa8c8714b256a7b7e7c4801241b92b100e18f11906463e249f0a8b083e78b433b366ec952ff8a51539964773
SSDEEP

6291456:NaaFZK8M9hfchbWyEy3fW8D9A9uXdPhFSlcLex0DCW1a1uxOz3t2mncLm079:saFGP0AydfZ9AIfGsYACW1a1uxORxnc3

Score

8^/10

collection discovery evasion execution persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.mojang.minecraftpe.patch
/system/bin/su	com.mojang.minecraftpe.patch

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.mojang.minecraftpe.patch

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.mojang.minecraftpe.patch

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mojang.minecraftpe.patch

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.mojang.minecraftpe.patch

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.mojang.minecraftpe.patch

com.mojang.minecraftpe.patch
1⤵
- Checks if the Android device is rooted.
- Queries account information for other applications stored on the device
- Acquires the wake lock
- Queries information about active data network
- Schedules tasks to execute at a specified time
- Checks CPU information
PID:4480

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mojang.minecraftpe.patch/cache/appboy.imageloader.lru.cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.mojang.minecraftpe.patch/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
cd01b74286267f24a3b72faf56cebf33

SHA1
7dad872c99556e33bf67f3f5dbc3640f6e91c760

SHA256
64a87fd0b6e0a2b706376ebe68686735d1852732850a57259996982ee4cc987c

SHA512
8481068492d942211d8b674c128ca449ca4a90dc62a4c3b60cb440fe1ccfaa772ed0d3ce1668096ad80f52b5beb1375ed3b1cd10e992a393345053e4412cef9c

Download Submit
/data/data/com.mojang.minecraftpe.patch/databases/com.google.android.datatransport.events-journal

Filesize
24KB

MD5
570722c81d616544e2eee4a60716c6ee

SHA1
c9a9fc13c9a00abe4cb49a534fea248e509d0a0c

SHA256
5e44817245575d5eea02ea989deda8539dfa579cd52ffeca88525cddfd672577

SHA512
18ba893a747f606a67f53c5dac69e6043f3e50217480482e8061c2e8ad2af21251cc1ec74937a90d3fb313e05978b253fa172be1f9f2eac8646011d5d4ab4685

Download Submit
/data/data/com.mojang.minecraftpe.patch/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
7324dbcc684987df758d54dd6a3ea6eb

SHA1
d9127c3e5a2ca5df25b947cf075f392536c54b4f

SHA256
b9726561a40bd5c647df4117b2f472d30dfca5d2d422c489c5bf1a7bbec3c915

SHA512
08de4e90917caa55ec285fecbbf23e4c1dece21cad3d5143ce61b74fd339d7a6da6ca292ab9e3c537bd0bcc67ac20cb55739ef3fdfe19c9f06acc6a34d443753

Download Submit
/data/data/com.mojang.minecraftpe.patch/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
bbb9b35ec86de2e5bba3d6c4aafabfcb

SHA1
35f487f6bea379643dee8239b87ea10773217394

SHA256
20cbdbe38ced66762a16f2e8e378293e59b0b41e6baeb639c40e094362ce6b9b

SHA512
90a512f8d7487b36af2aca1e0c728b71127b3331897ba033a5f1d5d588e1a438c54609fe31c8d7eb7e01ee1221630bce964476bfd8db2724af8b23306d02cdc1

Download Submit
/data/data/com.mojang.minecraftpe.patch/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
c8987b3fe8ed4489ef24e524829c6c61

SHA1
4888d79c42c2fdb73a6a56b572770eac72ec1406

SHA256
bd1fcca8524b14023d2d77ffe51938fc12150662047e0541d85e579156a10d34

SHA512
4c3fe3d641f47acb7893f7b6600114306085e836f05f83a9f4155fde4d5e3168346972931ef108bbe4e9c749330fa9f3c45b577fb7199d47339106da14c6bf4b

Download Submit
/data/data/com.mojang.minecraftpe.patch/files/PersistedInstallation6745591050416942692tmp

Filesize
90B

MD5
64075b96ef20be0a0562ea1196b75d5c

SHA1
85cee9911fb8beb860755b6487a073f6aa2c001f

SHA256
b342829a17e82eb041ae7718978fc8cb49199e081ad3a4852ba2c896328be7ae

SHA512
d7192ed793bc26ad2308650f90916e688aa0e6c9d28578db523539851722fd0dc1e34051d39bce892c71e41b4bb9ccf6eec0c1f79a9aec9143c94904fe949925

Download Submit
/data/data/com.mojang.minecraftpe.patch/files/PersistedInstallation7209982241404708529tmp

Filesize
568B

MD5
1e0f1efb5e30ba8ab51a84525bbb689e

SHA1
29fdfaeae203de52d12005160226c537feb5efeb

SHA256
733a4b446c52c76963daa90291683ae2fc60ac486af3cda9e9d43f8a6c386439

SHA512
631d427787bee670a8e5a16f550cf3ce770ee9f840988502acdf0fdb5515945216a731e68c44aa98c13c3c6a2f4e6e668637fd8b4016fde44185021dbcfdab6c

Download Submit
/data/data/com.mojang.minecraftpe.patch/shared_prefs/com.mojang.minecraftpe.patch_preferences.xml

Filesize
140B

MD5
9ac9a71247cf40f40b972cde84e46068

SHA1
f2f5960adcbcad32dd00898269917d7befc302d2

SHA256
51c3aefd0686b5e8cc028664421906cc1ab91aff1de51d1184323b0847c0e0ec

SHA512
5aeb478658099d699eab2d24ecf5c7fbcda6fa55ae77d72bd57a79b8158ce229e3220754627bfb98994a2635cc5de1c3c2a70bc63a2a80f00959f941e28164ee

Download Submit
anon_inode:[eventfd]

Filesize
8B

MD5
33cdeccccebe80329f1fdbee7f5874cb

SHA1
3da89ee273be13437e7ecf760f3fbd4dc0e8d1fe

SHA256
7c9fa136d4413fa6173637e883b6998d32e1d675f88cddff9dcbcf331820f4b8

SHA512
991294f43425a5b80f8a5907ca7cdbb611401282585a58bb415077005428e3b4c0f661fc07ba5c45f627bd8bdcb172389ce2fda461c029b837abc70f0abbea20

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads