Analysis
-
max time kernel
9s -
max time network
169s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
-
submitted
14-01-2025 05:17
General
-
Target
e8947bc9fb2bd597daba3064d5fab275d8df2beac92f301063f22fe276dcbc10.apk
-
Size
3.5MB
-
MD5
990bf5a2e9a7c90c75c9c07bf4a5e634
-
SHA1
ade24475ee8a9a2a0eec43772bbc02aeacb5926c
-
SHA256
e8947bc9fb2bd597daba3064d5fab275d8df2beac92f301063f22fe276dcbc10
-
SHA512
40419371a8dd596e8930e298e0d5470efd168a6d1a8425b8aa6eeb4e495cbc49580f234ac4278117600e2ff516ebdd867e6d395d67c80ce56660d1c8ca9ec92f
-
SSDEEP
98304:8mRW7NIyWHAt/2qcPf7K+KjXZKBEjzZST:8R7Wgt/GPjKPFK2XC
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.herocraft.game.birdsonwire.freemium1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD59322f9e77492cabf9609950583296d8a
SHA10dc7cbd6041775cafdf270f64da813b7537a9a26
SHA2563b1e32dff8dc7405f0e9e48d2e57cd649398b4dbd6bce729db9764d3fb08fd67
SHA512fa54a9e68c04d566dcdd2de66965bd033cf8a054738d8811c815228f884255f964828dc7109dca0b700400154944f35a88237b323e31877691fc78cdf79c7fb5
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
68KB
MD54d129d84988ce8f3cbf04f19f4e5fa48
SHA1cc2b3eff960272c5764fec4c16210f78dd35d402
SHA2560c2cad5292db90c08a2b9d1d005854f97319e371b8bb40c4fdd37a324eb49957
SHA512a70b21ccd68368ee9a9b825e0d803802bf3d187d46d8cd75fea49ae4de1cd3206da5ed20be9bf7ae6c533be860141d9a80db0715a0119656fdf4a38e08828641
-
Filesize
90B
MD5120c9f88af0f0d934f2c93b5bfb9f97f
SHA138e2522ddb71e5d1a820fbf8b72d3292f9b955ff
SHA2565ddc4243afd0974322252d84805381a33900c1206e6e3a6f49e7cd106b7d881b
SHA5127889850d06b3c7c96f9e6bc3bf70772112caaa3f17893a3c35d5a465eeff9a0870a3d069570ebb93eccb062c389ea3494d1d947c1e60a31974d00d0408eba224
-
Filesize
569B
MD56ab4b8539d3bc5fa15c2bcc77c011d19
SHA193ef086b927bfdecb6dfc2116e8b27d9b4166054
SHA25638677af633e519871f192a8d024167b1b4fa88a839e0489f5136732cff52b20f
SHA512dab25a44bbbb09af05f56a4e1970b6258745d7b31fbafbe541f8de23e7a459cf0da99c2b6caf30670d50efe69f10e1a769d92208f0d7d7f03dd1c0116e1ca218
-
Filesize
229B
MD521aa7b50a013c72f41de5d62c1e3bb44
SHA1cc63688a45a58b15cbc3350b0d08d33441138637
SHA25627267ac32711d76186be3ebbd376b9969202e0cefe128a098eb8053535d5d37c
SHA512cb9dfacab51c12b363b76956f01c5bf975d6704e1da4e677c818866f2e393aaafc243f4e70c685c6db607f934ad525ca09461346c5707a2bdded0f9130b6b76c
-
Filesize
229B
MD59b3735654873e9392b116349c1a02a02
SHA1dd137bfd53085993c16d9d858795d33c27c2b6c6
SHA256e2644ccd97f37886ecb1673afd43f87c03c7f93ef9e635da6e9a159e17c83cd4
SHA5129beeef4b623fa404f104daa75312dcd7c4d5fc48e25891128dae5ab5deda4e059b7ac30cb851be3968f34c79c9f11327983f54fbb71938a5722d9cff158c3df4
-
Filesize
229B
MD587e18a54b3428404dc5dee96d4d1a04a
SHA176a8881619943bb329f3e69b675aaea9230908cf
SHA2565c9be37dfc13ae67cea23c78726d069ffd2336002880d5bd0c197f080b077361
SHA512bd7c8854fc0f84d18562da719cd860ce047968c02fe5fd5aee543ae41f4a7075c91842f6893cd399481438cd500cf5a4e198bcb9e5bdd4e96fada7fe581e68c7
-
Filesize
502B
MD5738271d93be4ae8b875388381a752766
SHA1436307c05cc4f06f3a2334475aecc2e66ff36f9f
SHA2561325fce6ef36208de811f2a6a35b0d1a6c7b00bd7698855fa9facef8c023bb4e
SHA51217bfafbe21fff8ffbccc79852215505a33e86155b3b49d67459a60caf9721c6f9ac044d6ef144941e39d0a2aadcb4228ab9afc1e0091ad3fd5b6fc19074d0a4b
-
Filesize
427B
MD5405a2c5c1881cc98cd024f626637574c
SHA144f4bbadcc7c5fbc31033313fd1efef69f29fac7
SHA2565d004969bfbf16142627fa39764a18b0340cccf2d5305cb73a123a508af94d7d
SHA512ba87b3f2ac8ffda8ed1a07f70c09b99fb092c1e75838e8d58e955dff53d37fe6771202ed9ecef13bd024099e2e1f382e190596e9186fe4edd2f061bfd1406a23
-
Filesize
2.8MB
MD5862273f2c6de4c25816b5cb1ae006df9
SHA17c4c0026bc157cfc104ad91980d3c40b2d5e78ce
SHA256c77d7de1df41842245f63cf10e13aed92fca563b8aa81a3888b4f142a5314f90
SHA512688ffa31ce578992ad659df808bce82f88e4b86c000c08ce4b6873f6dd743cca5e65583fb0f98b408ebd45cfebe2634290f12607429f26a5a37a716771eecd06