51baf4bc48db631e887ded88c0beb05b7a2f6f26ad2d122ee7c6cca6678752f5

Analysis

max time kernel
149s
max time network
163s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
14-01-2025 05:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Undead_Defense_Tycoon_Script.apk
Size

3.2MB
MD5

fc35546a7395a68b6440de033afa789d
SHA1

4afc8724e58084164148b7ce518ede8b203dce3c
SHA256

c1b81966fa17c4e7d5137f13b2f4d04704c97d66a54d57dcfc1f42ad1f4029e7
SHA512

ae32d9e7d7403a6ab0429da69fe4f803001a077327a0f103ccc9bcb90b17973ef10be8dc2cbf1909549a04f1eff5e85c81c2dfc2d99ba7fa93369efa47beca6c
SSDEEP

98304:BaqBN1el9eL+FB8Y2nzDNWbVAneM/EjF+894S:oqX1nk52n05AehERS

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.herocraft.game.birdsonwire.freemium/files/b04e7800.dex	4839	com.herocraft.game.birdsonwire.freemium

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.herocraft.game.birdsonwire.freemium

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.herocraft.game.birdsonwire.freemium

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.herocraft.game.birdsonwire.freemium

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.herocraft.game.birdsonwire.freemium

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.herocraft.game.birdsonwire.freemium

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.herocraft.game.birdsonwire.freemium

com.herocraft.game.birdsonwire.freemium
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Checks memory information
PID:4839

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.herocraft.game.birdsonwire.freemium/files/KWW

Filesize
505B

MD5
3f99eb2e616019874100ac4ac32a75b5

SHA1
228c7614af0fddc9867d29c494b43cfc2df3db02

SHA256
29b3d79244b519d6dccdf0416035cf7c14966109011dca9027e9c8a7ee8fb594

SHA512
4e8bef90ede7c8c4108dd565fc641a245c06df42373eef9b5fe4c74c64845bc8479cf6141e79002750b303318d13532e0f63cf7eb5529d64f8414277bd433535

Download Submit
/data/data/com.herocraft.game.birdsonwire.freemium/files/UMYa

Filesize
242B

MD5
c0bff18c9430d29d31a72e89e6ecfeb0

SHA1
960a38900a0d0ec958e4633fcf180f542d4b91ee

SHA256
e81559b30a3a1c4beab3baebd83b60f4958355821848549dab571f4a3c885c62

SHA512
b77993ae6f7a96a7e4735c646d6aa5c5447817adee8fb86cd37696842b0bbeb187bf99aaf013f77038789270fe0cc34bc24afc1dd7fca6c42b9844430ffd926c

Download Submit
/data/data/com.herocraft.game.birdsonwire.freemium/files/UMYa

Filesize
242B

MD5
d019218c5a4b9119b03bf82bee57c96b

SHA1
ecaeb0be276ebe733f816f793a6afdd685b1c1bb

SHA256
8df2b9a47c59b16eb19c4db2543e9ed0655627dcbea624503c7a515de6ed930a

SHA512
bc23edbb8612566f275e8afd35fd06a16128ca0b94032656844abdc104195661dbcb5bdfe36142a4ff7be57fc9d12a552afc0a215ea199f6900f3969567194ef

Download Submit
/data/data/com.herocraft.game.birdsonwire.freemium/files/b04e7800.dex

Filesize
2.3MB

MD5
a2c0379f196c91a175f47b801895518a

SHA1
549b6e1c77021378b4189f736b7eb7437a9d9497

SHA256
35cdc216518a388e7842f6b67a2c65ea06ca5302286087df3a9db29603b9aa21

SHA512
e3ebb67eb0a9c9e13db1dd29474bf93af6e0e3b9607623c0a70672bfb4f2505abc1f2c23e1592175317bc4f384fb7966954f0d37e6f331f7eb724ff5e6be4205

Download Submit
/data/user/0/com.herocraft.game.birdsonwire.freemium/files/b04e7800.dex

Filesize
6.4MB

MD5
670d8683a3c1765ced65f8b60bfacdba

SHA1
24bc8f1ec3e925316fa05918fed1962379debe15

SHA256
fc48615db02bf829b738c5efef9cfc368b27c0a40fe69d4fa165cf59b0d6cc9f

SHA512
c6e7c7104c31d2b567874fed9684c172b1dc722d084ab998b0159420554e27ce044ed8b0099194919c18d782ac9d075962c966c602eaaf021f36d9d262bbc9a8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads