93332fb5491bc6628089316a272a0e9884462d0b47117ddad7904b5527536477

Resubmissions

23-11-2024 07:27

241123-jahfbsxmdp 8

23-11-2024 07:25

241123-h8391s1lct 6

Analysis

max time kernel
8s
max time network
32s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
23-11-2024 07:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Clash-of-Clans-v7.200.apk
Size

46.1MB
MD5

40cda63cc246fe2a0619c1de1abfa2a8
SHA1

55dd676779d02ead16913248b223ec1a6b3acea5
SHA256

93332fb5491bc6628089316a272a0e9884462d0b47117ddad7904b5527536477
SHA512

04ed498a2ec6c51540494f0d72e51a0becde1b4261d00b91dc97fa4456b45df4708a9ec3daeb7d8a5047f8c00769037c7210fe23bb8ad324c091f38e5d846f3e
SSDEEP

786432:jh721SztsbkCkm4Dz28f2VMYh0SjfNErGA5dD/z5sduyjjsBkc:jhSS6b6OxLNElTwjjjsBkc

Score

8^/10

evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

System Information Discovery
T1426

Processes:

com.supercell.clashofclans

ioc process

/system/app/Superuser.apk com.supercell.clashofclans
Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
evasion

System Checks
T1633.001

Processes:

com.supercell.clashofclans

description ioc process

Accessed system property key: ro.product.model com.supercell.clashofclans
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.supercell.clashofclans

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.supercell.clashofclans
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.supercell.clashofclans

description ioc process

File opened for read /proc/meminfo com.supercell.clashofclans

ioc	process
/system/app/Superuser.apk	com.supercell.clashofclans

description	ioc	process
Accessed system property	key: ro.product.model	com.supercell.clashofclans

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.supercell.clashofclans

description	ioc	process
File opened for read	/proc/meminfo	com.supercell.clashofclans

com.supercell.clashofclans
1⤵
- Checks if the Android device is rooted.
- Checks Android system properties for emulator presence.
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4622

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads