Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
27/02/2025, 17:35
250227-v6hlravmy7 1014/01/2025, 05:44
250114-gfjt8szrbn 1014/01/2025, 05:43
250114-ge4g9aykgt 1014/01/2025, 05:39
250114-gctj9szqep 1014/01/2025, 05:35
250114-f993vazqak 1014/01/2025, 05:34
250114-f9l11szpgq 1014/01/2025, 05:31
250114-f76yeayjcw 1014/01/2025, 05:30
250114-f68evayjas 1014/01/2025, 05:29
250114-f6m4xazpcq 10Analysis
-
max time kernel
21s -
max time network
30s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system -
submitted
14/01/2025, 05:27
Behavioral task
behavioral1
Sample
Stick War_ Legacy.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
Stick War_ Legacy.apk
-
Size
3.2MB
-
MD5
ae5770ecb741649cd470d645dd611843
-
SHA1
d6d29b4466c5139b9ea5b63d2b85150d6604abc5
-
SHA256
ba39a4b76ab656532003e560476b9a295df488f50195c6b9d7ac523b6d07aab4
-
SHA512
dda845e67dedf51508205f6aa7ffd8d19fcad0f0077178c71b8f65a96cb4096d3f326f52c081ea003f78703fdbbbff79f77b3618fd06717be67987627d0f524f
-
SSDEEP
98304:mO76p/xfKx1ppTyRwkrB0z+X0iXN9ALEjTRVShd:mi6FxfKxjdy66B0z+EiZnKT
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.herocraft.game.treasuresofthedeep/files/ac2b308d.dex 4484 com.herocraft.game.treasuresofthedeep -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.herocraft.game.treasuresofthedeep -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.herocraft.game.treasuresofthedeep -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.herocraft.game.treasuresofthedeep -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.herocraft.game.treasuresofthedeep -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.herocraft.game.treasuresofthedeep -
Reads information about phone network operator. 1 TTPs
-
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.herocraft.game.treasuresofthedeep
Processes
-
com.herocraft.game.treasuresofthedeep1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Checks memory information
PID:4484
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
464B
MD5ae2188cf72378c791978846a730ef3ce
SHA19bc89f404abccfbf446583ce44ca9d764f5d3461
SHA256e3d4a4db1000cbaf9aba4196ead8f66455a955cb0a85dbfa5c72a1a9a8c18d57
SHA51206b537ba61e068abb836d0b1c625423590414980b4f761916b3185ff095562d6b0fcbfe0d10fed2944e3470b033b751bbbd6d5bfa0e38f5d3b9b4c380fdc3c04
-
Filesize
224B
MD51bccb9d6c93059067fae9a23f5e82725
SHA175c25071efede8b6194624b4e643d1c67041c60b
SHA2567178f2566a57ec67e74fcd7ff439e17bb79c52c119000c97f6d9fda26baf8f1c
SHA512a48f4ef4c30660a4815f32a88ddbfe45fa3d868a1366aabaf9f05a2be11239deb04980a3dd1e2322b792a62bbb8f602ea357eb1a3aea210e29feb565b280083e
-
Filesize
224B
MD583a712614fdaf31bbf8a59a9782abf5f
SHA143d7927036c6f4631d5a962098e67697c1efa626
SHA256281c79cad8777afde25d4433e2462bf141688e3e848c0cc696350e29f4d26f41
SHA512afcde8d3284bb6da9bafb0ad53d80180238839694459b04b1691428936827af2e5694fc8e58db3d661c7afb3a246ba563d18db04ac25bf0f90922726626cb2db
-
Filesize
2.3MB
MD548aab9b1635e8a510b4a1126c1f95bc5
SHA17ce5597408c9a42d93e882ed904dd0f3551ab81b
SHA2561653275e4d68124e6af999b4311ac471f0a8adbcdffe4f64c678e1e84f367725
SHA512e5a224994ed1332b87c33b3d0784b69be8733cde478650888e889af3d20c9d33b9c20720ac4104f15aecb8a94bc4101f5d826cc7161797f66b416be939d0bd3b
-
Filesize
6.4MB
MD5121d33b2c1295d49f9fba521016f45fe
SHA169e49d75e0a5e37cbc1f3f29fe5dccc656db27dc
SHA2566f86990c8865f5cacbe7c38d934947aebae0a7f891043c714f012806a8e4467c
SHA512561d57fc6e5c20b8c94949cc461d7e0e6595d041c1f8fe07c4b6815df92f71eede53bb1d333e58e494dec0e9db9a740c3917ba5519bdb3f51da7a3e3f744ac4b