51baf4bc48db631e887ded88c0beb05b7a2f6f26ad2d122ee7c6cca6678752f5

max time kernel
27s
max time network
36s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
14/01/2025, 05:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e8947bc9fb2bd597daba3064d5fab275d8df2beac92f301063f22fe276dcbc10.apk
Size

3.5MB
MD5

990bf5a2e9a7c90c75c9c07bf4a5e634
SHA1

ade24475ee8a9a2a0eec43772bbc02aeacb5926c
SHA256

e8947bc9fb2bd597daba3064d5fab275d8df2beac92f301063f22fe276dcbc10
SHA512

40419371a8dd596e8930e298e0d5470efd168a6d1a8425b8aa6eeb4e495cbc49580f234ac4278117600e2ff516ebdd867e6d395d67c80ce56660d1c8ca9ec92f
SSDEEP

98304:8mRW7NIyWHAt/2qcPf7K+KjXZKBEjzZST:8R7Wgt/GPjKPFK2XC

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.herocraft.game.birdsonwire.freemium/[email protected]	4479	com.herocraft.game.birdsonwire.freemium

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.herocraft.game.birdsonwire.freemium

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.herocraft.game.birdsonwire.freemium

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.herocraft.game.birdsonwire.freemium

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.herocraft.game.birdsonwire.freemium

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.herocraft.game.birdsonwire.freemium

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.herocraft.game.birdsonwire.freemium

com.herocraft.game.birdsonwire.freemium
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Checks memory information
PID:4479

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.herocraft.game.birdsonwire.freemium/files/pxx

Filesize
229B

MD5
3215d741b4ff2f58df8e5a8ff78e7a89

SHA1
29394fa640db98b4a31ee1e272cd3533c45f5b71

SHA256
7f2ff38388931a5ee75431b7e3128c0baa5833341ba43aacf23ba6fc654ccc81

SHA512
c9d8d03598d58fb424ab145b7a0366e7929f99a655165264e5dcfd35072723c0df250b4417640cb9ff8d7868bb3ea2c34ebdb8298a41119e0361b746a78ee3c9

Download Submit
/data/data/com.herocraft.game.birdsonwire.freemium/files/pxx

Filesize
229B

MD5
37ddb762c64a9fae6e7347865f4accfd

SHA1
755e3321e370579d1d63038b6876fecaf6fc8658

SHA256
f9c386b1b04768d4b82c4dc3a9ee356e5f7c18fa2daafca64b0824f70dcbe35c

SHA512
5334c498fda4ff9e9c7fe271761726de889339bca4c54aea8700e52ad4eda81a5110d2bc246c7d70de2a260fb849b0aeb04a9b2e6e3468121067245e50f18987

Download Submit
/data/data/com.herocraft.game.birdsonwire.freemium/files/qu

Filesize
513B

MD5
6dd89f79a4aeed9d53a35552a8c9c643

SHA1
0684d5363d293980c9f6bd526dfdae8d771eb73f

SHA256
5bc8d869768620b59755b9c1b84aa91bbc216dfb80ca64ee7b1aac4d1623e6b2

SHA512
f1a9f14bf0cc63e61cca2b89294065f7cb18b2d098661deef8ea2a0a9b090ca7c49860efdb2585b5b3d007d9dc5a1282a01d5fb966825552f349f761ec992d37

Download Submit
/data/user/0/com.herocraft.game.birdsonwire.freemium/[email protected]

Filesize
2.8MB

MD5
862273f2c6de4c25816b5cb1ae006df9

SHA1
7c4c0026bc157cfc104ad91980d3c40b2d5e78ce

SHA256
c77d7de1df41842245f63cf10e13aed92fca563b8aa81a3888b4f142a5314f90

SHA512
688ffa31ce578992ad659df808bce82f88e4b86c000c08ce4b6873f6dd743cca5e65583fb0f98b408ebd45cfebe2634290f12607429f26a5a37a716771eecd06

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads