Analysis
-
max time kernel
149s -
max time network
164s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
-
submitted
14-01-2025 05:17
General
-
Target
FE_Invisible_Troll_Script.apk
-
Size
3.2MB
-
MD5
3ff43582aa468b8a8d0e063dcfea73bf
-
SHA1
5d1d34fcec8f715ce045a5bda04741d40f29001b
-
SHA256
a6f56581bb7ae7b242fcaab3d97d04ec2c5ac8aa5870e4e64ffbcf0d78899993
-
SHA512
6af7639bc336015161f3087519e1a365ece0d1e0f5f7f20fe1af3243d1e6c3a0f65e38b50dc70f15cd13a232989b22884ca36bf0151630223d37bdba4f250149
-
SSDEEP
49152:hrOpp2RqaP3KdsFeHcEKYC4KiJK5ncPjPuE/UpXSkdkIDk5sSEj6QiVterxzrK:hYgv6dsFt0FQnGD/UsrLEjS81PK
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.herocraft.game.freemium.catchthecandy1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
475B
MD5df1e98301f16b7b248dab871b824e027
SHA193cd46613afd3d636f5c149754956b5e7d29711f
SHA256b53e299ab66e498fd8e013397bb30cca4c0afa51d553cbe0506fc83fa88a9b5f
SHA512d78187a9c33ba1c320dd26c6e06c212d76ca5a2c6dd39348fd90bb4e364b58d809a9090c7920d86918912af591edd36f66225c68d40713504bb9b44d7c53f730
-
Filesize
2.3MB
MD5d951efa7f0ca59781f3af35949338902
SHA1ac853df2b6835dbac7c94eb008ab4657e68eda70
SHA2565b0a0d3671f6ff3ea0001624a0c157d057965e60891c5335391880fe9b00e183
SHA5128fbbc1c347ec03478b01ff321d159656abfcad1d9ac3b426382348567c57bbaf1cdb3cac77c38fbcf62e0e17063f170fc9f9bf200a982b940dcad47e30b05617
-
Filesize
229B
MD5639b16ec0906b235a55378c0106737ad
SHA102d45a548071c20480c96416c63995e589098c28
SHA256be0e76bd9011bb9f6775c9ada8655fbc42f062705732f50e405d5fb540038be2
SHA512030fd92902a745d5b88bfb10a7cd095fdcaf0927810ce59c87b8f1fede7fe661f94886021e09a1a096a00d9bb43df9cef5106c71fc1867d70d992550cc171c44
-
Filesize
229B
MD5e61420690bbf7eb077823be85cefbab6
SHA13fcbc680c5b1aa976746c9ec215acd60513b9188
SHA25603286f51531559f0b34221ffd8b50bc056143f415de541674efaf05675c5559a
SHA5122327f58eaef368387921678c63adefeba3877f5b3e8c3ad426a0109b504a0842e49cc16730d3c0a8201049f04623acf94bb14905a9dd814bd0d56e33e251b51f
-
Filesize
6.4MB
MD5767a8ce605249b314939882f824f989a
SHA17cb1e61d4fa739b92b25d13bcf33bbb00cff9baa
SHA25626d8b34344e6e61c8a1380e9773109569accb467b36f954a1e5c729a4d701fa5
SHA512baec83cf6d66fc0dbf13411043c8168acf38b0b66a9c20f9b1ec54d6f5ef21527d22b4c47dd54734dcd5bd85410dc3bb8fe786fb1702443beee9a42e869c4475