Malware Analysis Report

2024-11-13 17:37

Sample ID 241110-bp49msvrdx
Target devices-tycoon-androeed.store-0-1727048296.apk
SHA256 c55f58a0a9262f7a009e30934e5f8ba8a967eee96cf6e835785371e0dd4240cd
Tags
collection credential_access discovery evasion execution impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

c55f58a0a9262f7a009e30934e5f8ba8a967eee96cf6e835785371e0dd4240cd

Threat Level: Shows suspicious behavior

The file devices-tycoon-androeed.store-0-1727048296.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection credential_access discovery evasion execution impact persistence

Obtains sensitive information copied to the device clipboard

Queries information about active data network

Checks the presence of a debugger

Schedules tasks to execute at a specified time

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 01:20

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 01:20

Reported

2024-11-10 01:23

Platform

android-33-x64-arm64-20240624-en

Max time kernel

147s

Max time network

134s

Command Line

com.roasterygames.devicestycoon

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Checks the presence of a debugger

evasion

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.roasterygames.devicestycoon

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 googlesavedata.ru udp
US 104.21.54.13:443 googlesavedata.ru tcp
US 104.21.54.13:443 googlesavedata.ru tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 216.58.212.234:443 remoteprovisioning.googleapis.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
GB 172.217.169.2:443 googleads.g.doubleclick.net udp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 udp
GB 172.217.16.227:443 tcp
GB 172.217.16.227:443 udp
GB 142.250.187.228:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.187.228:443 udp
GB 216.58.204.67:443 tcp
US 1.1.1.1:53 firebaselogging.googleapis.com udp
GB 216.58.204.74:443 firebaselogging.googleapis.com tcp

Files

/data/data/com.roasterygames.devicestycoon/no_backup/androidx.work.workdb-journal

MD5 eef940c4baf92d946cac5885fb71cc5f
SHA1 c929220872c1c6358732b3b51b19aadf058e2d9e
SHA256 273e7e693b47998de68cefbdff11df5ddeffd257b075d4e0891b534eaa64cd42
SHA512 bb5569ef241ff5304fcc2109bbba1025e7fb88ad69a5ee8ebe5549d508804684d8ffa8a0c64bcbe1ac37252f01dbb741d1504d97389c813c040b1de7e0792173

/data/data/com.roasterygames.devicestycoon/no_backup/androidx.work.workdb

MD5 0eb157e1a86d4d00aa601dd2f6ff3ee3
SHA1 fee434f784e73cc7916322e949f727caf8363102
SHA256 b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4
SHA512 b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

/data/data/com.roasterygames.devicestycoon/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.roasterygames.devicestycoon/no_backup/androidx.work.workdb-wal

MD5 dc799c59cf05cda46a0f3ab11d396862
SHA1 cc13b68293f1f5341cf25d0aea35bff534ba9e5d
SHA256 e06a45b89fcc21b8ce1244d7c341fd862f3e2c39ab87c5f8472159f45a4e1619
SHA512 acd321f1952b61201ad1df647bafdbadc1105935534c2fad5ea1ad1a2de0183d6ab56e8c195b11ce18df4843013a501814947711691c020b45b37aa42534a61d

/data/data/com.roasterygames.devicestycoon/no_backup/androidx.work.workdb-wal

MD5 a1eccfe2c39f3872f0df79fb9cd7aae7
SHA1 7aff8c0f4fbedee624a6cc97fe6d31a5d7037b15
SHA256 d5cabd45d140d060ae12a8d75efa3ec65d4244f9b9ac082bff3702e7f5e1fe19
SHA512 064c7682f092e3eeeef8ab95819cbf32491e8729ff733a76e143138c8b39b3883bd159ce9847c7fb5406d79f620359101c27a966fc58374456b20fb1bdbe2160

/data/data/com.roasterygames.devicestycoon/databases/google_app_measurement_local.db-journal

MD5 d9727829cece439a7faed9b86750c9e5
SHA1 18ef70834acb36aac37ac2ff90669635bb650346
SHA256 49e0c2db75c05434aad2b06fe85fb9373b57619f8fc8f526e55e8894c0dec199
SHA512 4347749baff9d6356953461eb7ad60f01f812f2016960b9b6c00944e0211ae8657a4fc0fbedaa657959128182d22c454ebd3b7bf6ef3ffbc079f49e67882da8d

/data/data/com.roasterygames.devicestycoon/databases/google_app_measurement_local.db

MD5 da4c81d9a032121236a4ed034c0cc9d9
SHA1 6ea1d3d14a34c4dbe056fc4380747d3970cb3498
SHA256 30b7dde5771b5ef3cb6cd033fa2b1618a0674f41f47c1441855f3da24887a0ff
SHA512 e61d8e6af3d48cc6e95e34568209bc24308db9d751dd1451538907df0e7caa67e329c4615911b0c6614275f3e5cfb2a8a38288f5818487c5d292c18dd857849f

/data/data/com.roasterygames.devicestycoon/databases/google_app_measurement_local.db-journal

MD5 0ad447d0adb0368c5bb74fc4328a464a
SHA1 3b44935f74f26cbfe14ad09e27e41d3fdd5b9333
SHA256 8ddcf0f4392809a600bece80428501aa620da41bf2f35235c6eff1f99bfe0ce3
SHA512 99e8064171ef1a18e57c9714b654dcaa7934b0add2069671cb9268d5cfc2cd1c639aab457cf1123da941cf70c275a7b3079f77151933ff4e16ca0f29f0c45e58

/data/data/com.roasterygames.devicestycoon/databases/google_app_measurement_local.db-journal

MD5 8b9c03195303b8ba76655ef2a2a9b1f7
SHA1 cf3c4102dbb8c270dc107a3f2c27326c834a2e7b
SHA256 fdb538c1663b9863ff8e2aa4b8cdad24a89e924543329795254b8affcc3eddb5
SHA512 2f71d8db011512e5a5163de59133a53236d709aed9433df09a043f54b93d47af1d8503657834a2113c325b5855124f3376e463bb4ce4e0f999e6068bc0be32fb

/data/data/com.roasterygames.devicestycoon/databases/google_app_measurement_local.db-journal

MD5 95644d51fec1223b6680835951f8806f
SHA1 f595374d304f030d1a136813b547c2d57ba610e6
SHA256 848dc5f78a98797599eadf3b75934bae069070d92eb3fc9c3725be93472955ac
SHA512 0ea9272f605fbf2a5dc51189cc4aec5a610cd69f620126d24ab81bdad593305a1cc6b942a443a7316974593b05857ec9b7d0d8d7f784aa57e5457efe524619e1

/data/data/com.roasterygames.devicestycoon/databases/google_app_measurement_local.db-journal

MD5 61116c9ed202004fda25bf9e02b64ab7
SHA1 c800ed28eeb121822716c42719ecc8b04eb26f21
SHA256 1c9c72cbb4050822aa6fd1555fd8692d815c0398877856fd406a3a76efc46db7
SHA512 54bc7d86231f34a86632435e2f992bfd4b999293a12db14de96f8993d336bc49d4061748be96834ed1362fd38c12d962ed89bd1ac499d58f562b48344dc391c9

/data/data/com.roasterygames.devicestycoon/databases/com.google.android.datatransport.events-journal

MD5 76b59339f172717dbe13a28854aaadca
SHA1 2e46e524e33868c2a9605b3826dd4fe009d977f1
SHA256 baf798bde8a5b78a6d06239e6dbe7de9012afd8568ab41698e27ab369d324bfd
SHA512 6723b9e0c0d8ed61cb6d989e2beb1ce724328d77f02083099247bb8784c8fab96b31c04d9c4fa62a5ea1229c740d2277409a6b81e1bbc977dfa2f7d144e30af0

/data/data/com.roasterygames.devicestycoon/databases/com.google.android.datatransport.events

MD5 ab6a76be1818771a57c3dbbd13705f49
SHA1 1e28e17ed495a295612877c8bc5264066e7a3d2c
SHA256 2f8c642796dbe43e069910fc784ec3077682cb49b6bc84ced2f51b3834448367
SHA512 5d6a601ed2aeace4a38ef776ec9003e27d11b24e7f4f80667cf4c2a5f1b72f23b87d0c1e11692ed51cc578fe34c94aa9d52c9e3291bdab54c09f6a4f6bc084e6

/data/data/com.roasterygames.devicestycoon/databases/com.google.android.datatransport.events-journal

MD5 b5e5014f201b331e1ef63d0ab0ebc63f
SHA1 d9d757ad76b10ffbb547227b7748032b89516cf2
SHA256 745ae2e9ef2173a5015fb419da424b71201fc1e44420b3a417900e6da885b80f
SHA512 d7cfae11b5393191770da84a8ab2cc89b3f9d94c409789b99a3dbc5a0bdd8f4009e20baca3681f498e5ed2e3cca3be930e784ed7e25d2ea076892d12345331d4

/data/data/com.roasterygames.devicestycoon/databases/com.google.android.datatransport.events-journal

MD5 29f54cf20b3e048c2105a4679799092d
SHA1 051f60cd5f796f67818de52339918c2a4a2b9bb6
SHA256 e95d6bf19eae351e4e7dda28912cb0819255e85c76091c6a413cc7dd1390b4fa
SHA512 96550f6d68bda9b5e81063d079a3632e6f2e3e7f61eb752ef65561eef5b25450e61538fec487fc15c51aab74d80a69b4d20978b125b49d394f03cae6676abf26

/data/data/com.roasterygames.devicestycoon/databases/com.google.android.datatransport.events-journal

MD5 85412a54ba648f34a91b96f3f0c5f112
SHA1 8ae9ca5cd89b0476e725d2e7a0f34440225c8db2
SHA256 a3e9b3b0a1abea8a2df76a7a391f93f11a76b2acd40f89d55d8b379f41423a26
SHA512 e6b8c866eb01db61b22104ce5350da27e4d86524e14776955d02c3266bcc1e0497bd39d77dc2bf5cdfef23bd45ab54e82bf30247c543d7b671948b44fc8b4e26

/data/data/com.roasterygames.devicestycoon/databases/com.google.android.datatransport.events-journal

MD5 9d0fded1b221f1bc25adb3c5f8f0bd86
SHA1 d65763cd1685a35dff3beb587993c1da81abf5cb
SHA256 29733fbe361c0b967261ce178e77bdbecd62319f0dcc7653c4bbddd930c101cc
SHA512 d24c3312a3d9d7db73c53c6305627a2c8c1259d3e4bcb507366700dfeabba4a8e596f85ddb098459a7271933dc45effe9cc908010147dad0e95f56922a4b99b1

/data/data/com.roasterygames.devicestycoon/databases/com.google.android.datatransport.events-journal

MD5 e9e6329d085dea4bf3ec8e0a0b945bfd
SHA1 5ecac4100534c29a7e38b32eb200addcaf2d8f72
SHA256 55d2022003ec8ff0c6a6edeba5f834193a9b38b56750c4925706e4e4bd69400e
SHA512 23e87c4436e04051f284143438896651563d0bebfa42e13b1a835a0f57db45e5af132050ce2352f449c97185cf4ab23f6505314e6bb6a3c667d7f72b9643b3ee