Analysis

  • max time kernel
    31s
  • max time network
    50s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    11-11-2024 15:49

General

  • Target

    The_Demons_Stele_&_The_Dog_Princess_v1.07_mod.apk

  • Size

    254.3MB

  • MD5

    fa73ec2e96077743226cf1a034af4309

  • SHA1

    89e627e8a72f143fa575ac91b33460c52bbd15cc

  • SHA256

    a9fc79c88dc514f37f158a0e758a41ad62257ae07b0bc5d0de8861ebc272ee24

  • SHA512

    646f26f916ab66e554ff53821b66d9b357b1ea5608d28b0ddcda3395488e041343d00dada2c73b84ed6e2ce9473d4832f9d46f04472d229c4af231ee2f7ea779

  • SSDEEP

    6291456:8SZNhBBl51AU2Y9vbOqD02K46tPeeyKJhva3QecgWNLG:rLBJsc6qoq6t2Bg1gaLG

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

    Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • air.The.Dog.Princess.Mod
    1⤵
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Checks the application is allowed to request package installs through the package installer
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4618

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/air.The.Dog.Princess.Mod/cache/.apk

    Filesize

    16KB

    MD5

    5d8fa7e4a992bac6396ce786f741a91d

    SHA1

    28a732c147cc9de8b656bff9fe74d9941836c8b1

    SHA256

    424c07640fcb154a3f2fa3bb09414e08de34d65a34089b24f6a37429dac7d3ec

    SHA512

    6d443b4f020569143f5ed932c83a98a05e111f64ede7bbb40c40b791f1695ae23a8c1c9ce24050fb77495d33b2421628859f2c90f62bf3d3cbaf5b6ca60a7718

  • /data/user/0/air.The.Dog.Princess.Mod/cache/.apk

    Filesize

    8KB

    MD5

    23ec781540ae809fa2547440a3915942

    SHA1

    81873dc388e68f5a1ddee63e1bef9e0e8dfd55ae

    SHA256

    b402f750086381d544422050e52b6e4423ef3c74354c34796c8f3de3b76cf224

    SHA512

    7e3be7d1627165fca673bb5d833f263651a79a32aa4b260734ae3dd9fcd19f022c2cbc1b0c29afb70083022cfa7fd3072e2901b0b208d4f3a62fcc22f7deed55

  • /data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/Hime_omake_1.05.swf

    Filesize

    202KB

    MD5

    c03119bcb4ece67a34a8eff3c3be7026

    SHA1

    1dbe157cd07518adf15cd2a7710cf0e7fb494dbc

    SHA256

    6efe316450d1572e553174f1e1bbc0bb97997f9d31daa798e71bfa9dd204a72a

    SHA512

    6420eef404f9ef5884c9ddb682e9c716216970339c4234fb1b7ac742cbd0887c720a838f33fe11348a4c44a8091bcf8563fabe7bd81167a7734c688e7aa1c6de

  • /data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/META-INF/AIR/application.xml

    Filesize

    1KB

    MD5

    622b3f5f9b6a33b58829431d537ec343

    SHA1

    0ac55b191d495123b04b2cf4c272a62a122b79a5

    SHA256

    69aa3e51ecc7c75cd0c60be3620dbaecbb35b52bd17847b392e35c2ab9aa0803

    SHA512

    915f5fd8dcc697f10becda546cdd231fd3cea3dbe9f7fc012e8adc33f753b97fff39f0b5686ab4f7346dc5e7fcc0fde170b2eac1574197a7aec4ded338f20a79

  • /data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/lib/doc/lang.xml

    Filesize

    2.2MB

    MD5

    a7bdddbf99ed3f0186c15242668d0052

    SHA1

    1bb46666ee3c1416cd58a594ff3e2733bc8986c4

    SHA256

    fc5a34e59b278cd219aa3c19265191c534b3a1c6de94a4e320f4f975d12a7274

    SHA512

    ad383b6b819d95ae97fb585d8c4f19e33fdcd8310a78df9f2ca6012dbe19a1aac8a196347171f3e6187786d057c4f608ae85553b19b1e72654fcf2779ae9785f

  • /data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/lib/logo.swf

    Filesize

    3KB

    MD5

    e6ba524ccc98b61a5163d8caa1653d0a

    SHA1

    d3175dda9ba8fe6506fb5a6305747d46396d10fc

    SHA256

    156597b3055e57a28bad1af46b09f34ec0fdff0f4e1fd32f56d00d87cdd5ce41

    SHA512

    e795d7cd67ab52456fb85e2294aa6a9d089ed180b56080afdd7d3ddbde2bcb2508623771bb74566c863891f0a100deae831553d34a36b89446d042884384cdab

  • /data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/lib/sound.swf

    Filesize

    40.0MB

    MD5

    9b3ed5c1723b1054305a442aa278d8ca

    SHA1

    f422246c76773d8f6f48c81619225e0f1011ce38

    SHA256

    990dc9718059d54863aa6d80d6281d30b9ff2602ba26bf58eb8755deebcb3366

    SHA512

    bf185345bc0ab9c43a26114b6c9ba39cedc9be15333fe08df25407352d7ad64b77ff385414de6dd3fdeb9fb060d84ed88bbe8bd2dd9a64cd05d2a2c1d400c7e2

  • /data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/lib/ui.swf

    Filesize

    44.7MB

    MD5

    076a25a126abdf922b82488b643f31da

    SHA1

    752e0ad051f8f4d7399a727f2757030ae6cef175

    SHA256

    8d373dcced6d184c7b5dc1793462e979b42a3f5fedd82dee19e16a30510a1ec9

    SHA512

    b98fe41edfc0ce13eeffe2ccb34771f0c8b05ee9ec1a16024b365d8b54e09209536f3b6cb31ed57e326a31d5adb95d44a6b26ce3a61a9a5ef8c6656c5297d105

  • /data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/mp3/bgm/dark1.mp3

    Filesize

    6.9MB

    MD5

    3753c72d44334fb596c76a52d207790c

    SHA1

    42e373a3c3e8906e913a51185d0980f69d2392b5

    SHA256

    f140b6eba9742b4124cdcbbaf0d7d14f6142274e75338e90aa40742c0a40f993

    SHA512

    5b98a9a7d5357afee47918169d63db3d6efb8604236c127337d0d9f5c7afb56b40f7c794d57f1484cc51b5c9a8486025d22468ae12b81ac5d72c3ff484dd818b

  • /data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/mp3/bgm/dark2.mp3

    Filesize

    6.5MB

    MD5

    4a0c011d4fe053585fbeba0c58e5ecca

    SHA1

    6c291ab19fa9fdde13474f749de21646d8abdc6f

    SHA256

    6ecac52ec0ef0e8e46ab53a5a34a5d0a9e7106f86807b103da2b3857fa770376

    SHA512

    d672071900f3b6051f37377d2f08eb8fb0d14890b3ea1cd04271fd1c8f90378845e861109b259b527ea7f3a425a29ce79b17e80e3b10e00065ea53bed4fe3599

  • /data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/mp3/bgm/dark3.mp3

    Filesize

    5.9MB

    MD5

    b6181908e83cfee67ff47e1db33ce7bd

    SHA1

    74c627c71ccd6bb622fcb783496c849a6d2b5733

    SHA256

    36d61d9ca2d4c410d6b0b7271c01394121c47dbe9031312a116400b17477b306

    SHA512

    7201d56e27e4bbba25b013ef0d637496ca403d09d7db5a01892f3d6b14bc45dbd90486364ce4a7bb465d87e3cf1dbf1f0a1113845ee226b195fe5440f0e43f88

  • /data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/mp3/bgm/dark4.mp3

    Filesize

    3.8MB

    MD5

    1282749891170f4a2c8905c7209754ec

    SHA1

    9cff8cf0e3a55a78137320356f1472358c1ba6a5

    SHA256

    af5fcfcecbf892ea00a1197ea8980f9d27c857e7d2c0e63911f2e87ad9193064

    SHA512

    62212f806b0a0990f81df2a81614754dbd81addb4c914673b51d296cb12cd81637a2a035637a0cb3a3f12cab8127b7174ae5c747bfec319951aa93dbb2d47db5

  • /data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/mp3/bgm/roman1.mp3

    Filesize

    2.1MB

    MD5

    13cba6c7032b0aa163e080885ebf7d01

    SHA1

    f4bbd3eccc931f611671ac2d92f34a2f61d8e9c5

    SHA256

    531feba525795e1f95f18006939dd2d244624de447a749db3dabb4cdcf89126c

    SHA512

    310c00167f743123fa482ee407546972c5f3ef41238aee8596bb8934f679c35120057653f49577a4975faf9a6bf41a3df9801c9e165bb17d6a771afb1edf7341

  • /data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/mp3/bgm/roman2.mp3

    Filesize

    2.4MB

    MD5

    7ae292a0a962e0dc0f499c13fd8e6beb

    SHA1

    f35ecffdd46dd2301c56be2cca1b12b0a808b39b

    SHA256

    1eab37fea783c97b9f19f74295fedbb2331b49048cbbc276e6328e17c6c8944c

    SHA512

    287094e4fb55e92bf0cba10f12892d95f5bba2a5602ebb4118a112b99beeafdaf7808ca4ba045d96d9c2f206178035f8ac23d5f6b0ba6e2da17980ff015d3bbe

  • /data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/mp3/bgm/roman3.mp3

    Filesize

    1.2MB

    MD5

    fc7a3ac07cd2cb9257f66916157e37e8

    SHA1

    a8177100c2094b6a6bd97ab3e6399f26886bc950

    SHA256

    48334e5b0a04bf8e56923bcd99058f32b8d6dfc36b9288a66e1b5302baa893c3

    SHA512

    505a732c548363ab44c5cd1f1e8952ca5dc6f9ce2223d878a34db3c6b3b8dd6b48355945846ae682df34d67f584bd7a56534fc361414fcf48e9416cde47d3d9c

  • /data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/mp3/bgm/roman4.mp3

    Filesize

    1.2MB

    MD5

    0cb6bc609cbeeedeb5aa5ec266429db0

    SHA1

    2a2b22c26dd12a00a98eaaa0081bc11adb848b41

    SHA256

    2e4768c8f8b4cea9eeff84d79e320be84d95203d2fa8741270df423a865942d4

    SHA512

    4ee71eceffd69dc93b014554c2cefb9c00c57214391d20207759af0b67d54f3517ad354a92edec5842e91595cac9a5c71336e9bac41e789475f7d05725f0a306

  • /data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/mp3/bgm/sex1.mp3

    Filesize

    4.4MB

    MD5

    3fd87e7b8d1e3a4274b5524f04b2747b

    SHA1

    2056bc5c5f916f80e3104c60482636e5c6ef63f8

    SHA256

    340a7143a4b8f0788db28a05fa363010275d68cd8bb866f72ae50772fe0d0bde

    SHA512

    66cf3e24ae375fef94ded723c5ba3c1d3294d599e7ec34641fab32b66093448c817ec1311535af6670892f65929f3130c0ce0bf515b8652ba65f8ae482f302b0

  • /data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/mp3/bgm/sex2.mp3

    Filesize

    4.1MB

    MD5

    a94c21aac62891bdf6397df8927ffd86

    SHA1

    0f5666227b1ba609b93e489ab29ba250d75da926

    SHA256

    e5d887afbdb8546759f508e63748054ba315ef58096b154be9aeeb97c8225093

    SHA512

    c5d2bfebbd1c3e9e9a518151ee775bbe3da9f0d1efec706612ab6d8f358efbdeec3b84dc8cd222138b94467583f703d71d723b660c3c79e0645448c1584f3891

  • /data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/mp3/bgm/sex3.mp3

    Filesize

    5.6MB

    MD5

    939fc2da55b620c7d08d6ba0247eb451

    SHA1

    dcd74141ca6173afed357ffcbff297b0d736a9d5

    SHA256

    c8d4a10525fdf8dcbed655c90ae5a8f0e2ee8cd32f6cc757948e0205d2ad676b

    SHA512

    bc61fa1fb46ec89524b53ed1dc7b6c254b346d5f3c9c296e7cd051c0c4100daa5147ec8652bd91a9f5ef96cbf8d5cf620706e051eb20e6697b3546a543e1ba48

  • /data/user/0/air.The.Dog.Princess.Mod/cache/app/320cdef3-5ac5-49c8-9122-9bface4c7911/assets/mp3/bgm/sex4.mp3

    Filesize

    3.5MB

    MD5

    0c67f39cbfbbdec5473c55ec4d522eef

    SHA1

    07319b5c99aa9d4ec97e3c7f1e239dacff941655

    SHA256

    2eca5ab73335f161d0a9834139819dd142845a29c43f6b04255c537c5ee6ccaf

    SHA512

    bdfa8bb70629d85c78ad7927ef3bcb4f10ef5e5f2ba2efa5185e5161dd9dfa48bfe5c2d8cfe4696fc06e41414102cf885f7e62875445993037bbe80eafcfa337

  • /data/user/0/air.The.Dog.Princess.Mod/cache/google_analytics.jar

    Filesize

    678KB

    MD5

    b14b941c6537cf14660030614456dd3a

    SHA1

    a1893c5c67afe6be4e6f4b1d8e3818a7ce447ec4

    SHA256

    84d62b5b4ef414e3fe0cca5b4e5d668ae6aeca69c6f8f8aefbc88138b4cbb6cf

    SHA512

    7e3147a526a170e389de1e759a87aaa5256d9abc9bd6f51c9de8cc2a0f9a21c5fcb68a1f93232dcd9c1c423ae1ad408cb860911c865fa7dc5caa5b033f7f638f

  • /data/user/0/air.The.Dog.Princess.Mod/cache/google_analytics.jar.dex

    Filesize

    608KB

    MD5

    fb8c14a4c26df3d83994d7e5f56e3ca1

    SHA1

    105633017461962af5bafa946f788121d001fc9a

    SHA256

    4d8da31029c6849274720aba921ce7b67afd45e70b46167690879697ba7c22e8

    SHA512

    b27040df13346c8198595952bb5f9cdcf8c3e341abb98f8daf281e99ba95bbdb3f3b97d934a875f9357892050a8de708abe1106f6ab4128402cd44ab4b1726ff

  • /data/user/0/air.The.Dog.Princess.Mod/files/jx/images.zip

    Filesize

    117KB

    MD5

    71665c5a560d46f5693c67d2ab608675

    SHA1

    a0fb8f13abc94ea621d2e033c9bd8f9ce5bf5d2d

    SHA256

    ebc3420c17f3ac1a8dc23bd4e57284e8f6532583441b1e68a07346ef8a356f98

    SHA512

    fc8956b36f0fd41970dd84597b74c6fbd0c2a92b1e5d72d548395a4ce370eedd878eed05725f7187d4712d1130f239b1ccb0a9f976c8122b9a0051ad841d0094

  • /data/user/0/air.The.Dog.Princess.Mod/files/jx/images/2.jpg

    Filesize

    36KB

    MD5

    a0934d3aabd5c6651e72f5f1b6644239

    SHA1

    b05931d5e836ecd82b0d68e89eff97e5d78bb7da

    SHA256

    e51f6a62952f570e6d4f18a10d68482c6bd9fa29cab88ee05ff75a736d5245fc

    SHA512

    c0d18034537951f777323edb37ba45127ad3a5e7ed7401e4d57d502b5390950db9a102ff4f25e2bc2b8cfcb5f98bfbb29ce487d090d5f84e032f4ae66a3a77a5

  • /data/user/0/air.The.Dog.Princess.Mod/files/jx/images/3.jpg

    Filesize

    32KB

    MD5

    d48ca2919d8a50867420044f7f5a3c48

    SHA1

    616d5f0a8c4b16164c9082bf8b0a3a6154c26542

    SHA256

    c2989e7a4caafd984a6eb67a409071e03ec647d0cf8ffc9118e27650df647597

    SHA512

    135691be6eadce8ff3e2d2a666039c2cd91d8536af99416f221284fb438986529264cd5cbf323ab9a1fe9509e46bea0217a4a9f785ebcf7287ac69f7aa313c58

  • /data/user/0/air.The.Dog.Princess.Mod/files/jx/images/4.jpg

    Filesize

    36KB

    MD5

    67e47dc1b9bd54d657eab280e4cb4b8e

    SHA1

    92f55139296c81ee3b879391a9ddca2aff3184e2

    SHA256

    eddfcd589d2e22ff278736ece831af7016bdb5a9f5db4a4e000e541b867cf5e6

    SHA512

    faa28b2f0cd9b5b029521fe625b239ebee27c1a90cd6a843a719e571857320c40945a08de26a9079a68350ca9d614b12953a8af36ec96fd641ab3929e8f299b4

  • /data/user/0/air.The.Dog.Princess.Mod/files/jx/images/img4-02.jpg

    Filesize

    31KB

    MD5

    f95dd1250ddbb57240cc28817eac4ded

    SHA1

    fded46ec701106cbec812f054f7997947de0a88e

    SHA256

    8258f1de4df5f9871e2fe95fa94e60eb19df473d7783624d7b7075917d185ea5

    SHA512

    e32b85656a42c45d3aa1d4c308922025278a80029fb77ba71da6a447f464505109623b49b22e8de7920a67aeeb7d59bdaf7be5aea086a47e04bed61dae1350b7

  • /data/user/0/air.The.Dog.Princess.Mod/files/jx/jquery.zip

    Filesize

    38KB

    MD5

    3639fd9ee028d82969e565118d572713

    SHA1

    0e67673ece8f4fd7060a53c1c8e8971c705b3fbb

    SHA256

    d2e4b49e0f5d15010caf17cac0050747fffada1cb37df14d2874c4063e23056a

    SHA512

    14ce0d0d7e6c76f7036650fde244b6a6aab0b5a140fa34de694b33c26adfa9cd66381fe4a15e77e42a59c951d19ca8d33d3a6df58e7cceba53da8f1d20725c4e

  • /data/user/0/air.The.Dog.Princess.Mod/files/jx/jquery/jquery-3.5.1.min.js

    Filesize

    175KB

    MD5

    e57d96abb05f289dcb6252a08841833c

    SHA1

    6d52436b34defafd96f05fb8f5aa61530ad98c70

    SHA256

    2a818227baee789b113c278e95aaa6bb778cb0bb4e07205c79bb7ce6edbf13df

    SHA512

    95c6982203e8a1bc2e390afe440c3f82db92b6bd163c6cddb2bf47f2a1a100421bc90920354460940a6dc8c22a08a335480754cdb2a7f88693b71ac937783aae

  • /data/user/0/air.The.Dog.Princess.Mod/files/jx/miaosdk.zip

    Filesize

    2KB

    MD5

    7fbeca0e68e489ca24f4e4864d4e53fa

    SHA1

    a23bd56fb8082ffa9a474430e7e45ec5543dda10

    SHA256

    ca59db9cf9f78c36bb44fdbf9ebf6196f7ae0994a2589393f1d719b84361c31c

    SHA512

    ec2544cf57dc97fd8d3e2f8747bdbbed4379eda50737b89e6b3ea93a3e6ed89b7213bf5a3af92556081dde6fcebfb1444fc4a756dfa8e0f92e2bd625a98b7b46

  • /data/user/0/air.The.Dog.Princess.Mod/files/jx/miaosdk/miaosdk.js

    Filesize

    7KB

    MD5

    876c7c0010ea038c569a2e2b4e43d18c

    SHA1

    e7143ce6d45004fdebcca700a61e2b6032ada505

    SHA256

    a507b2c82d3e00401f24e8b322efd2077be51e0fc266eaadf8f61b8ecfe731b1

    SHA512

    1cc73bf3071bb70957414f8f731ccc75218291d70f56ab609ff74e187ff5be2d36d4aa72c89a4140f9f04f5c7eadeb83b5907235d16968c9fd9b0a0fa5ba5f36

  • /storage/emulated/0/Android/data/air.The.Dog.Princess.Mod/cache/crash.txt (deleted)

    Filesize

    7KB

    MD5

    1fccfe9c2777822088465e4b7c7c02ea

    SHA1

    bdab3434c7d4293a92ea822ea7bdd0e1dc59d64c

    SHA256

    67c239ab266dbbfd0655054554bb3ddb9d0904094e5ea810c46e0f0ea637cb8a

    SHA512

    239b8d98c04d535950eccc06c58ec5bb91cbb639e8d433c65343ed4460fe7b330dee46cb672b055a7ac3da7e30b34f2b3cca816632e5ee5d3e85c8d7c78bc7c5