51baf4bc48db631e887ded88c0beb05b7a2f6f26ad2d122ee7c6cca6678752f5

Analysis

max time kernel
6s
max time network
162s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
14-01-2025 05:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Roblox Keyless Bloxfruits Script HoHo Hub V3.apk
Size

3.2MB
MD5

35b6944128c7cb11594bfc93e4ad0d7c
SHA1

1dd7c14f0d05c7560764a5bd2e9693cddc049a21
SHA256

1879320e3bc42bcec7ee18e7e36e8cd579b8711f313d561ab502bcf1d1a559ae
SHA512

5a53b65492cc7756c5a014c812cc620458462b7fcde15251068f964adebd98d61756fd340fc51a68392f8ef58d2debbb8b53fb34ccea3b68cf65cfd34dff42ba
SSDEEP

98304:fU5DjBYQQ/2Kp7d5QDJCqVuc6TjEj/K8h+5:iDjel/jp7d5+kqN6TY+L5

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.herocraft.game.treasuresofthedeep/files/7f8f78df.dex	4427	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.herocraft.game.treasuresofthedeep/files/7f8f78df.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.herocraft.game.treasuresofthedeep/files/oat/x86/7f8f78df.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.herocraft.game.treasuresofthedeep/files/7f8f78df.dex	4401	com.herocraft.game.treasuresofthedeep

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.herocraft.game.treasuresofthedeep

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.herocraft.game.treasuresofthedeep

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.herocraft.game.treasuresofthedeep

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.herocraft.game.treasuresofthedeep

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.herocraft.game.treasuresofthedeep

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.herocraft.game.treasuresofthedeep

com.herocraft.game.treasuresofthedeep
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4401
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.herocraft.game.treasuresofthedeep/files/7f8f78df.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.herocraft.game.treasuresofthedeep/files/oat/x86/7f8f78df.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4427

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.herocraft.game.treasuresofthedeep/files/7f8f78df.dex

Filesize
2.3MB

MD5
767ef40815362c541a89c4c50650c022

SHA1
46079e6da37683dce34f1d965f68b56deeeccff0

SHA256
045e58a267b61428e9b68a2b7f84eccb9335617ed119227acd35c9be5b2f48e1

SHA512
d1406c8299796a0c0d10ab6fe36c85c543bf91333e6bd6a8675e79b740e7325d45c66222b74737de320eedfce4ff1ba0f79517076e2ccb176aeae5c244be406f

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/GZCo

Filesize
227B

MD5
e4c0285b4f246de4186d829d84e856fa

SHA1
f581bb06b4aa8a1b8750e02f2ab518154827cb88

SHA256
f8247ef17c91917e9fa5cb4128bd1c385b6396c57ef71569311e345286d3f6a7

SHA512
fcccb9b9240b53b780ce8fe25cac0288cf9a0de9ca44b6d60872a0fe2278ed9b3b088bdcc63c4c405cfa0205848ae6ac634e1bca8384080fb50bbc7da4a1b94b

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/PersistedInstallation1648642116950351802tmp

Filesize
567B

MD5
26c5514ae4317c8d9ff72c22849bc761

SHA1
8ec34fe642969d3cc611a9801ec1ae08865e228e

SHA256
5c5b4a4aa76e907c76a23bedbf7de5184b32a7b8c1eb60e03fa75fb1467127fb

SHA512
b83b61b553602fddb84650a2d6ee9ca06708ed551b57246b2fd350578d29b556c167e45b2badcd753e41583953c022dde0c7f5fe132ca1de8518c9802a8f7773

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/PersistedInstallation2410246896273185004tmp

Filesize
90B

MD5
56d93db3f1ba1ea5b843b5018fea2860

SHA1
2871a86c619f9f00e22203971af1de09aeaaaa4f

SHA256
ecadec976f7d5510ecae01f5f1cb63bcf9ebcd401e30bf3f91c0e54268abbd20

SHA512
79b09181f8f9f27e5fa6f19a29027e62c4009c6811397f9df51d633e7eea8fc2ec2cd698029039997a423cb9ace63b340a7ead096ddcd3e82c6976fbc868be3c

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/WmJ

Filesize
381B

MD5
3cbc6777039d9bf5f011f37ed318b902

SHA1
c207cc86ccb95e056d71d851c44c41e0a36dd08a

SHA256
e6b5a6f639b98d23ab9b6da3339bea6cc6204739a9b99fcb282d69e02e9802da

SHA512
c38ada868224cbe7ea9b63deb0d15999672431946333c6bc524c7baff8e7b3a6346aedafbdb9890d3f947198c9fb5b85fdf383ded9fd1a4a579e890ba7b7a0a7

Download Submit
/data/user/0/com.herocraft.game.treasuresofthedeep/files/7f8f78df.dex

Filesize
6.4MB

MD5
38c2fd6b3426f301739dd658c91c462b

SHA1
98464a62414b23440ebecacdcf3097c8e9f1eff4

SHA256
51e662b019aea637e0be77e0bfd8d06eab2ebc3b4d2b07a3b81595ee63f8eefe

SHA512
ca7acf337f0069ce63a91da6aa36c4529b7968cc38cd6ffd9559ee37498075eab13331b68866f617a338279df6955ff32d8f7dea2941664da654fa855f4bfa1a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads