51baf4bc48db631e887ded88c0beb05b7a2f6f26ad2d122ee7c6cca6678752f5

Analysis

max time kernel
9s
max time network
168s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
14-01-2025 05:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Stick War_ Legacy.apk
Size

3.2MB
MD5

ae5770ecb741649cd470d645dd611843
SHA1

d6d29b4466c5139b9ea5b63d2b85150d6604abc5
SHA256

ba39a4b76ab656532003e560476b9a295df488f50195c6b9d7ac523b6d07aab4
SHA512

dda845e67dedf51508205f6aa7ffd8d19fcad0f0077178c71b8f65a96cb4096d3f326f52c081ea003f78703fdbbbff79f77b3618fd06717be67987627d0f524f
SSDEEP

98304:mO76p/xfKx1ppTyRwkrB0z+X0iXN9ALEjTRVShd:mi6FxfKxjdy66B0z+EiZnKT

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.herocraft.game.treasuresofthedeep/files/ac2b308d.dex	4291	com.herocraft.game.treasuresofthedeep

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.herocraft.game.treasuresofthedeep

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.herocraft.game.treasuresofthedeep

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.herocraft.game.treasuresofthedeep

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.herocraft.game.treasuresofthedeep

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.herocraft.game.treasuresofthedeep

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.herocraft.game.treasuresofthedeep

com.herocraft.game.treasuresofthedeep
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4291

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.herocraft.game.treasuresofthedeep/files/Ni

Filesize
453B

MD5
c91765b895b97a876b48f2556256ebc5

SHA1
0804b51d9b7e29e1c8f7de47335961736a7742d8

SHA256
b6abbd0313fb8fddf22dfc1a5ad25430ed50c6ea27ff7ab0553df45f6da7bc58

SHA512
f64008b6a5be1e9e7831ee19a0c2e22531488fa88165b04ee8e3848c5eb28adae902288dea6a06df2de3864fde874a0e7f4396a5cbf5e2d110ec0d0b611bc4d4

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/Ni

Filesize
378B

MD5
6e7e7d53e7a1cae6a8c0d5b93cae8f22

SHA1
25e68d13b752019eb15e37c45ad8ee3749515bb0

SHA256
9e5e59e20fe8f785e603f4d49d294f9dd44418633ee37453d65bdb4522f390a5

SHA512
38c5cd8944c967498d36ec0da238ccc498d13b5c4e1584086ccaa6d1f96d9749df62ce5329ddfb520fe2f033465387bdf413720bee9069e0dc2506465fc2f461

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/PersistedInstallation3350216366881916389tmp

Filesize
570B

MD5
a8628b2c0da682c5a5b077aa4574a0b6

SHA1
5ebaf51a202fff36b46d70459450e455b74d7a4e

SHA256
0f421b907bdc3b0b851c8ffb9223004cd083f10c7c7fd7a5b66f32f78ae836c8

SHA512
687d9dcdc4fdd806a7d313e3c116d9d04407d841424b29f44c62e5d5e19aeca91a5ded8fc1b562a92827bc09896ad6aab93969613b6883e50ebfc6d78f99dcfd

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/PersistedInstallation3846123127838368648tmp

Filesize
90B

MD5
a69ea57bb4aa03f20307defe4797e3d6

SHA1
8c3b780091b406eaf719ddf5b09a87b98bd6d3d3

SHA256
3a4c839dcd6e96a40428140044fc9bec04f1a1ced51c365609da46ef15e5a85d

SHA512
8ed9fc7c5fe0a67daf7daffa9bba07c89f09c680ef6fb58d86ce95c15d9a0a10125700e5aaca6b278166a3186388b4697bf7a972a8055ed9726e08b152c9b5f6

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/S

Filesize
224B

MD5
15473c0583939a9956337b92ddb5d1a3

SHA1
4a2dbbc81434aae47e271b0ca56ee197fcbb2a21

SHA256
04d0db0a74f0ea5e4e1c6f6374acbf3567e89866a4c9e2e6bd92e59364341bb9

SHA512
b80ea76891078836d8cff2582d63a24f08db1984d194ec775419dddede8c858cab6b55d5d2602500e06f7440a99666b62d60ef86b715800de2a7eea786a1adda

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/S

Filesize
224B

MD5
709b00878d3193eb9f6a3ea5be6a92fb

SHA1
b26b14f0496aafc020d4cf3325618ce46cecd0b6

SHA256
e96328cd0a57591d6ab479ec79ed431a86a3809cc442c8dead425515c5d54a73

SHA512
77a3724f6d85a7d05cc2fc87a327a16ff937a60dbd49ada5981db8cbfd71b6d1c8af24ac83b961fd5a2cc0d6ab159803dd92564a979d3e07cf8d2ad5b30d7620

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/S

Filesize
224B

MD5
1078e115f10c00092cd98c7b170540c1

SHA1
a1ab934898ba2e0c16122310ebecf1a9eb5e7ed1

SHA256
892b95ecec3f18b7a183a7426bc3fc0d57739e0d47774e553d355f5095eb1dd3

SHA512
631fef4f6930a2c48f7da58e533d736782335c9e9b107b278e1c9e4c5e6b2f01d0b22b509073a15a4633db31c0f062e2bd532f48a51eedca7c50e526d30ac7ac

Download Submit
/data/data/com.herocraft.game.treasuresofthedeep/files/ac2b308d.dex

Filesize
2.3MB

MD5
48aab9b1635e8a510b4a1126c1f95bc5

SHA1
7ce5597408c9a42d93e882ed904dd0f3551ab81b

SHA256
1653275e4d68124e6af999b4311ac471f0a8adbcdffe4f64c678e1e84f367725

SHA512
e5a224994ed1332b87c33b3d0784b69be8733cde478650888e889af3d20c9d33b9c20720ac4104f15aecb8a94bc4101f5d826cc7161797f66b416be939d0bd3b

Download Submit
/data/user/0/com.herocraft.game.treasuresofthedeep/files/ac2b308d.dex

Filesize
6.4MB

MD5
121d33b2c1295d49f9fba521016f45fe

SHA1
69e49d75e0a5e37cbc1f3f29fe5dccc656db27dc

SHA256
6f86990c8865f5cacbe7c38d934947aebae0a7f891043c714f012806a8e4467c

SHA512
561d57fc6e5c20b8c94949cc461d7e0e6595d041c1f8fe07c4b6815df92f71eede53bb1d333e58e494dec0e9db9a740c3917ba5519bdb3f51da7a3e3f744ac4b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads