Analysis
-
max time kernel
31s -
max time network
50s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
11-11-2024 15:49
Static task
static1
Behavioral task
behavioral1
Sample
The_Demons_Stele_&_The_Dog_Princess_v1.07_mod.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral2
Sample
The_Demons_Stele_&_The_Dog_Princess_v1.07_mod.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
The_Demons_Stele_&_The_Dog_Princess_v1.07_mod.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
The_Demons_Stele_&_The_Dog_Princess_v1.07_mod.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral5
Sample
cloudinject.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral6
Sample
cloudinject.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral7
Sample
cloudinject.apk
Resource
android-x64-arm64-20240910-en
Behavioral task
behavioral8
Sample
cloudinject.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
The_Demons_Stele_&_The_Dog_Princess_v1.07_mod.apk
-
Size
254.3MB
-
MD5
fa73ec2e96077743226cf1a034af4309
-
SHA1
89e627e8a72f143fa575ac91b33460c52bbd15cc
-
SHA256
a9fc79c88dc514f37f158a0e758a41ad62257ae07b0bc5d0de8861ebc272ee24
-
SHA512
646f26f916ab66e554ff53821b66d9b357b1ea5608d28b0ddcda3395488e041343d00dada2c73b84ed6e2ce9473d4832f9d46f04472d229c4af231ee2f7ea779
-
SSDEEP
6291456:8SZNhBBl51AU2Y9vbOqD02K46tPeeyKJhva3QecgWNLG:rLBJsc6qoq6t2Bg1gaLG
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
Processes:
air.The.Dog.Princess.Modioc pid Process /data/user/0/air.The.Dog.Princess.Mod/cache/.apk 4618 air.The.Dog.Princess.Mod /data/user/0/air.The.Dog.Princess.Mod/cache/google_analytics.jar.dex 4618 air.The.Dog.Princess.Mod /data/user/0/air.The.Dog.Princess.Mod/cache/google_analytics.jar.dex 4618 air.The.Dog.Princess.Mod -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
air.The.Dog.Princess.Moddescription ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener air.The.Dog.Princess.Mod -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
air.The.Dog.Princess.Moddescription ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses air.The.Dog.Princess.Mod -
Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs
Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
Processes:
air.The.Dog.Princess.Moddescription ioc Process Framework service call android.content.pm.IPackageManager.canRequestPackageInstalls air.The.Dog.Princess.Mod -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
air.The.Dog.Princess.Moddescription ioc Process Framework API call javax.crypto.Cipher.doFinal air.The.Dog.Princess.Mod -
Checks CPU information 2 TTPs 1 IoCs
Processes:
air.The.Dog.Princess.Moddescription ioc Process File opened for read /proc/cpuinfo air.The.Dog.Princess.Mod -
Checks memory information 2 TTPs 1 IoCs
Processes:
air.The.Dog.Princess.Moddescription ioc Process File opened for read /proc/meminfo air.The.Dog.Princess.Mod
Processes
-
air.The.Dog.Princess.Mod1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks the application is allowed to request package installs through the package installer
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4618
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Subvert Trust Controls
1Code Signing Policy Modification
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD55d8fa7e4a992bac6396ce786f741a91d
SHA128a732c147cc9de8b656bff9fe74d9941836c8b1
SHA256424c07640fcb154a3f2fa3bb09414e08de34d65a34089b24f6a37429dac7d3ec
SHA5126d443b4f020569143f5ed932c83a98a05e111f64ede7bbb40c40b791f1695ae23a8c1c9ce24050fb77495d33b2421628859f2c90f62bf3d3cbaf5b6ca60a7718
-
Filesize
8KB
MD523ec781540ae809fa2547440a3915942
SHA181873dc388e68f5a1ddee63e1bef9e0e8dfd55ae
SHA256b402f750086381d544422050e52b6e4423ef3c74354c34796c8f3de3b76cf224
SHA5127e3be7d1627165fca673bb5d833f263651a79a32aa4b260734ae3dd9fcd19f022c2cbc1b0c29afb70083022cfa7fd3072e2901b0b208d4f3a62fcc22f7deed55
-
/data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/Hime_omake_1.05.swf
Filesize202KB
MD5c03119bcb4ece67a34a8eff3c3be7026
SHA11dbe157cd07518adf15cd2a7710cf0e7fb494dbc
SHA2566efe316450d1572e553174f1e1bbc0bb97997f9d31daa798e71bfa9dd204a72a
SHA5126420eef404f9ef5884c9ddb682e9c716216970339c4234fb1b7ac742cbd0887c720a838f33fe11348a4c44a8091bcf8563fabe7bd81167a7734c688e7aa1c6de
-
/data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/META-INF/AIR/application.xml
Filesize1KB
MD5622b3f5f9b6a33b58829431d537ec343
SHA10ac55b191d495123b04b2cf4c272a62a122b79a5
SHA25669aa3e51ecc7c75cd0c60be3620dbaecbb35b52bd17847b392e35c2ab9aa0803
SHA512915f5fd8dcc697f10becda546cdd231fd3cea3dbe9f7fc012e8adc33f753b97fff39f0b5686ab4f7346dc5e7fcc0fde170b2eac1574197a7aec4ded338f20a79
-
/data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/lib/doc/lang.xml
Filesize2.2MB
MD5a7bdddbf99ed3f0186c15242668d0052
SHA11bb46666ee3c1416cd58a594ff3e2733bc8986c4
SHA256fc5a34e59b278cd219aa3c19265191c534b3a1c6de94a4e320f4f975d12a7274
SHA512ad383b6b819d95ae97fb585d8c4f19e33fdcd8310a78df9f2ca6012dbe19a1aac8a196347171f3e6187786d057c4f608ae85553b19b1e72654fcf2779ae9785f
-
/data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/lib/logo.swf
Filesize3KB
MD5e6ba524ccc98b61a5163d8caa1653d0a
SHA1d3175dda9ba8fe6506fb5a6305747d46396d10fc
SHA256156597b3055e57a28bad1af46b09f34ec0fdff0f4e1fd32f56d00d87cdd5ce41
SHA512e795d7cd67ab52456fb85e2294aa6a9d089ed180b56080afdd7d3ddbde2bcb2508623771bb74566c863891f0a100deae831553d34a36b89446d042884384cdab
-
/data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/lib/sound.swf
Filesize40.0MB
MD59b3ed5c1723b1054305a442aa278d8ca
SHA1f422246c76773d8f6f48c81619225e0f1011ce38
SHA256990dc9718059d54863aa6d80d6281d30b9ff2602ba26bf58eb8755deebcb3366
SHA512bf185345bc0ab9c43a26114b6c9ba39cedc9be15333fe08df25407352d7ad64b77ff385414de6dd3fdeb9fb060d84ed88bbe8bd2dd9a64cd05d2a2c1d400c7e2
-
/data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/lib/ui.swf
Filesize44.7MB
MD5076a25a126abdf922b82488b643f31da
SHA1752e0ad051f8f4d7399a727f2757030ae6cef175
SHA2568d373dcced6d184c7b5dc1793462e979b42a3f5fedd82dee19e16a30510a1ec9
SHA512b98fe41edfc0ce13eeffe2ccb34771f0c8b05ee9ec1a16024b365d8b54e09209536f3b6cb31ed57e326a31d5adb95d44a6b26ce3a61a9a5ef8c6656c5297d105
-
/data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/mp3/bgm/dark1.mp3
Filesize6.9MB
MD53753c72d44334fb596c76a52d207790c
SHA142e373a3c3e8906e913a51185d0980f69d2392b5
SHA256f140b6eba9742b4124cdcbbaf0d7d14f6142274e75338e90aa40742c0a40f993
SHA5125b98a9a7d5357afee47918169d63db3d6efb8604236c127337d0d9f5c7afb56b40f7c794d57f1484cc51b5c9a8486025d22468ae12b81ac5d72c3ff484dd818b
-
/data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/mp3/bgm/dark2.mp3
Filesize6.5MB
MD54a0c011d4fe053585fbeba0c58e5ecca
SHA16c291ab19fa9fdde13474f749de21646d8abdc6f
SHA2566ecac52ec0ef0e8e46ab53a5a34a5d0a9e7106f86807b103da2b3857fa770376
SHA512d672071900f3b6051f37377d2f08eb8fb0d14890b3ea1cd04271fd1c8f90378845e861109b259b527ea7f3a425a29ce79b17e80e3b10e00065ea53bed4fe3599
-
/data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/mp3/bgm/dark3.mp3
Filesize5.9MB
MD5b6181908e83cfee67ff47e1db33ce7bd
SHA174c627c71ccd6bb622fcb783496c849a6d2b5733
SHA25636d61d9ca2d4c410d6b0b7271c01394121c47dbe9031312a116400b17477b306
SHA5127201d56e27e4bbba25b013ef0d637496ca403d09d7db5a01892f3d6b14bc45dbd90486364ce4a7bb465d87e3cf1dbf1f0a1113845ee226b195fe5440f0e43f88
-
/data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/mp3/bgm/dark4.mp3
Filesize3.8MB
MD51282749891170f4a2c8905c7209754ec
SHA19cff8cf0e3a55a78137320356f1472358c1ba6a5
SHA256af5fcfcecbf892ea00a1197ea8980f9d27c857e7d2c0e63911f2e87ad9193064
SHA51262212f806b0a0990f81df2a81614754dbd81addb4c914673b51d296cb12cd81637a2a035637a0cb3a3f12cab8127b7174ae5c747bfec319951aa93dbb2d47db5
-
/data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/mp3/bgm/roman1.mp3
Filesize2.1MB
MD513cba6c7032b0aa163e080885ebf7d01
SHA1f4bbd3eccc931f611671ac2d92f34a2f61d8e9c5
SHA256531feba525795e1f95f18006939dd2d244624de447a749db3dabb4cdcf89126c
SHA512310c00167f743123fa482ee407546972c5f3ef41238aee8596bb8934f679c35120057653f49577a4975faf9a6bf41a3df9801c9e165bb17d6a771afb1edf7341
-
/data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/mp3/bgm/roman2.mp3
Filesize2.4MB
MD57ae292a0a962e0dc0f499c13fd8e6beb
SHA1f35ecffdd46dd2301c56be2cca1b12b0a808b39b
SHA2561eab37fea783c97b9f19f74295fedbb2331b49048cbbc276e6328e17c6c8944c
SHA512287094e4fb55e92bf0cba10f12892d95f5bba2a5602ebb4118a112b99beeafdaf7808ca4ba045d96d9c2f206178035f8ac23d5f6b0ba6e2da17980ff015d3bbe
-
/data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/mp3/bgm/roman3.mp3
Filesize1.2MB
MD5fc7a3ac07cd2cb9257f66916157e37e8
SHA1a8177100c2094b6a6bd97ab3e6399f26886bc950
SHA25648334e5b0a04bf8e56923bcd99058f32b8d6dfc36b9288a66e1b5302baa893c3
SHA512505a732c548363ab44c5cd1f1e8952ca5dc6f9ce2223d878a34db3c6b3b8dd6b48355945846ae682df34d67f584bd7a56534fc361414fcf48e9416cde47d3d9c
-
/data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/mp3/bgm/roman4.mp3
Filesize1.2MB
MD50cb6bc609cbeeedeb5aa5ec266429db0
SHA12a2b22c26dd12a00a98eaaa0081bc11adb848b41
SHA2562e4768c8f8b4cea9eeff84d79e320be84d95203d2fa8741270df423a865942d4
SHA5124ee71eceffd69dc93b014554c2cefb9c00c57214391d20207759af0b67d54f3517ad354a92edec5842e91595cac9a5c71336e9bac41e789475f7d05725f0a306
-
/data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/mp3/bgm/sex1.mp3
Filesize4.4MB
MD53fd87e7b8d1e3a4274b5524f04b2747b
SHA12056bc5c5f916f80e3104c60482636e5c6ef63f8
SHA256340a7143a4b8f0788db28a05fa363010275d68cd8bb866f72ae50772fe0d0bde
SHA51266cf3e24ae375fef94ded723c5ba3c1d3294d599e7ec34641fab32b66093448c817ec1311535af6670892f65929f3130c0ce0bf515b8652ba65f8ae482f302b0
-
/data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/mp3/bgm/sex2.mp3
Filesize4.1MB
MD5a94c21aac62891bdf6397df8927ffd86
SHA10f5666227b1ba609b93e489ab29ba250d75da926
SHA256e5d887afbdb8546759f508e63748054ba315ef58096b154be9aeeb97c8225093
SHA512c5d2bfebbd1c3e9e9a518151ee775bbe3da9f0d1efec706612ab6d8f358efbdeec3b84dc8cd222138b94467583f703d71d723b660c3c79e0645448c1584f3891
-
/data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/mp3/bgm/sex3.mp3
Filesize5.6MB
MD5939fc2da55b620c7d08d6ba0247eb451
SHA1dcd74141ca6173afed357ffcbff297b0d736a9d5
SHA256c8d4a10525fdf8dcbed655c90ae5a8f0e2ee8cd32f6cc757948e0205d2ad676b
SHA512bc61fa1fb46ec89524b53ed1dc7b6c254b346d5f3c9c296e7cd051c0c4100daa5147ec8652bd91a9f5ef96cbf8d5cf620706e051eb20e6697b3546a543e1ba48
-
/data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/mp3/bgm/sex4.mp3
Filesize3.5MB
MD50c67f39cbfbbdec5473c55ec4d522eef
SHA107319b5c99aa9d4ec97e3c7f1e239dacff941655
SHA2562eca5ab73335f161d0a9834139819dd142845a29c43f6b04255c537c5ee6ccaf
SHA512bdfa8bb70629d85c78ad7927ef3bcb4f10ef5e5f2ba2efa5185e5161dd9dfa48bfe5c2d8cfe4696fc06e41414102cf885f7e62875445993037bbe80eafcfa337
-
Filesize
678KB
MD5b14b941c6537cf14660030614456dd3a
SHA1a1893c5c67afe6be4e6f4b1d8e3818a7ce447ec4
SHA25684d62b5b4ef414e3fe0cca5b4e5d668ae6aeca69c6f8f8aefbc88138b4cbb6cf
SHA5127e3147a526a170e389de1e759a87aaa5256d9abc9bd6f51c9de8cc2a0f9a21c5fcb68a1f93232dcd9c1c423ae1ad408cb860911c865fa7dc5caa5b033f7f638f
-
Filesize
608KB
MD5fb8c14a4c26df3d83994d7e5f56e3ca1
SHA1105633017461962af5bafa946f788121d001fc9a
SHA2564d8da31029c6849274720aba921ce7b67afd45e70b46167690879697ba7c22e8
SHA512b27040df13346c8198595952bb5f9cdcf8c3e341abb98f8daf281e99ba95bbdb3f3b97d934a875f9357892050a8de708abe1106f6ab4128402cd44ab4b1726ff
-
Filesize
117KB
MD571665c5a560d46f5693c67d2ab608675
SHA1a0fb8f13abc94ea621d2e033c9bd8f9ce5bf5d2d
SHA256ebc3420c17f3ac1a8dc23bd4e57284e8f6532583441b1e68a07346ef8a356f98
SHA512fc8956b36f0fd41970dd84597b74c6fbd0c2a92b1e5d72d548395a4ce370eedd878eed05725f7187d4712d1130f239b1ccb0a9f976c8122b9a0051ad841d0094
-
Filesize
36KB
MD5a0934d3aabd5c6651e72f5f1b6644239
SHA1b05931d5e836ecd82b0d68e89eff97e5d78bb7da
SHA256e51f6a62952f570e6d4f18a10d68482c6bd9fa29cab88ee05ff75a736d5245fc
SHA512c0d18034537951f777323edb37ba45127ad3a5e7ed7401e4d57d502b5390950db9a102ff4f25e2bc2b8cfcb5f98bfbb29ce487d090d5f84e032f4ae66a3a77a5
-
Filesize
32KB
MD5d48ca2919d8a50867420044f7f5a3c48
SHA1616d5f0a8c4b16164c9082bf8b0a3a6154c26542
SHA256c2989e7a4caafd984a6eb67a409071e03ec647d0cf8ffc9118e27650df647597
SHA512135691be6eadce8ff3e2d2a666039c2cd91d8536af99416f221284fb438986529264cd5cbf323ab9a1fe9509e46bea0217a4a9f785ebcf7287ac69f7aa313c58
-
Filesize
36KB
MD567e47dc1b9bd54d657eab280e4cb4b8e
SHA192f55139296c81ee3b879391a9ddca2aff3184e2
SHA256eddfcd589d2e22ff278736ece831af7016bdb5a9f5db4a4e000e541b867cf5e6
SHA512faa28b2f0cd9b5b029521fe625b239ebee27c1a90cd6a843a719e571857320c40945a08de26a9079a68350ca9d614b12953a8af36ec96fd641ab3929e8f299b4
-
Filesize
31KB
MD5f95dd1250ddbb57240cc28817eac4ded
SHA1fded46ec701106cbec812f054f7997947de0a88e
SHA2568258f1de4df5f9871e2fe95fa94e60eb19df473d7783624d7b7075917d185ea5
SHA512e32b85656a42c45d3aa1d4c308922025278a80029fb77ba71da6a447f464505109623b49b22e8de7920a67aeeb7d59bdaf7be5aea086a47e04bed61dae1350b7
-
Filesize
38KB
MD53639fd9ee028d82969e565118d572713
SHA10e67673ece8f4fd7060a53c1c8e8971c705b3fbb
SHA256d2e4b49e0f5d15010caf17cac0050747fffada1cb37df14d2874c4063e23056a
SHA51214ce0d0d7e6c76f7036650fde244b6a6aab0b5a140fa34de694b33c26adfa9cd66381fe4a15e77e42a59c951d19ca8d33d3a6df58e7cceba53da8f1d20725c4e
-
Filesize
175KB
MD5e57d96abb05f289dcb6252a08841833c
SHA16d52436b34defafd96f05fb8f5aa61530ad98c70
SHA2562a818227baee789b113c278e95aaa6bb778cb0bb4e07205c79bb7ce6edbf13df
SHA51295c6982203e8a1bc2e390afe440c3f82db92b6bd163c6cddb2bf47f2a1a100421bc90920354460940a6dc8c22a08a335480754cdb2a7f88693b71ac937783aae
-
Filesize
2KB
MD57fbeca0e68e489ca24f4e4864d4e53fa
SHA1a23bd56fb8082ffa9a474430e7e45ec5543dda10
SHA256ca59db9cf9f78c36bb44fdbf9ebf6196f7ae0994a2589393f1d719b84361c31c
SHA512ec2544cf57dc97fd8d3e2f8747bdbbed4379eda50737b89e6b3ea93a3e6ed89b7213bf5a3af92556081dde6fcebfb1444fc4a756dfa8e0f92e2bd625a98b7b46
-
Filesize
7KB
MD5876c7c0010ea038c569a2e2b4e43d18c
SHA1e7143ce6d45004fdebcca700a61e2b6032ada505
SHA256a507b2c82d3e00401f24e8b322efd2077be51e0fc266eaadf8f61b8ecfe731b1
SHA5121cc73bf3071bb70957414f8f731ccc75218291d70f56ab609ff74e187ff5be2d36d4aa72c89a4140f9f04f5c7eadeb83b5907235d16968c9fd9b0a0fa5ba5f36
-
Filesize
7KB
MD51fccfe9c2777822088465e4b7c7c02ea
SHA1bdab3434c7d4293a92ea822ea7bdd0e1dc59d64c
SHA25667c239ab266dbbfd0655054554bb3ddb9d0904094e5ea810c46e0f0ea637cb8a
SHA512239b8d98c04d535950eccc06c58ec5bb91cbb639e8d433c65343ed4460fe7b330dee46cb672b055a7ac3da7e30b34f2b3cca816632e5ee5d3e85c8d7c78bc7c5