1ee08109c69e8f9fa8d065b67db662899411429c38cd38b4a4c022f27b0214dc

Analysis

max time kernel
133s
max time network
157s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
27/03/2025, 23:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1.19.20.02_arm64-v8a_Patched.apk
Size

170.0MB
MD5

ff1efe3a76d4be828aa9e3067ad59969
SHA1

e53fa49987c8a93d5f4a9195cef65d56ec76e6e0
SHA256

1ee08109c69e8f9fa8d065b67db662899411429c38cd38b4a4c022f27b0214dc
SHA512

e7ec7851477576cf13f280b895ce5b701b3a05f3b291cb2fa578863aa38efed1d1882a952f388b5e2f0d554ea24e11aff49d22f0abb457a0b9399e4cc3a8b1ba
SSDEEP

3145728:mHv8hEk6bZ2RGiMsBuB1RwacCxh+foP6LecIknrSLcQfWY+3xWBH9KpVgZR04yfo:mKBucRGivM9wKj+foP6icJrecQfWt3xG

Score

8^/10

collection defense_evasion discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.mojang.minecraftpe
/system/bin/su	com.mojang.minecraftpe

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.mojang.minecraftpe/[email protected]	4506	com.mojang.minecraftpe
/data/user/0/com.mojang.minecraftpe/[email protected]	4506	com.mojang.minecraftpe

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.mojang.minecraftpe

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.mojang.minecraftpe

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mojang.minecraftpe

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.mojang.minecraftpe

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.mojang.minecraftpe

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.mojang.minecraftpe

com.mojang.minecraftpe
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Acquires the wake lock
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4506

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mojang.minecraftpe/cache/appboy.imageloader.lru.cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.mojang.minecraftpe/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
fd59a971e37db3a7b9c23a5ca41f554e

SHA1
ec60d12f9c7e2424272c865c8879f71221c7d0e1

SHA256
a62851fe591d2e28b69c260f1ac0a23a33de2349431b3ec05ee67db592947a53

SHA512
9151f90b052e32fdc8591ab15d5d4bab17854319077bcd6215c280957bf92d8ca842de20820ade7f39cb0782c92980ffcb2c6a4d5898d8f4fc681177b946f30b

Download Submit
/data/data/com.mojang.minecraftpe/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
0579836a045abd1e6238a6048ef290cb

SHA1
13feedd5a9c4d94e8d4227e221037cf6d92828f3

SHA256
34515e91341b87715df2c3b7cf3732d9b4a7a8186abb6e2e11a39289347a04dd

SHA512
6d0fb0043977d84b1706af30e27c6cf122869f86286db837b1b85bd94ab39efda35e232280ae3ac53f0bfc6bdc28072cf1d237027e4da70778af58a02e8135da

Download Submit
/data/data/com.mojang.minecraftpe/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
878f7a41428985d3164011739742ed83

SHA1
738149e88be0de209bc326d6e0995159647bcca3

SHA256
f3d783d6db865b5bc57ea797815c796dd8929fe20a19e75e78a4460646282f9f

SHA512
141284681e7e222f99f474d65ada60896c43ef8b0004c7656fecb8efce77655002e20d63d6c3df23373726c69ee28b1f4432cb314afb7be09896206fae4ee7ec

Download Submit
/data/data/com.mojang.minecraftpe/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
715e1b69b9b740c6b3d40b4b699816f4

SHA1
e5442fa43a0042cdc7285c68ef0b65e6fdf61d62

SHA256
c29974280410abde974e35d0b33ee3988a7bca45aed79f039da90565d517a88b

SHA512
12cf7d8a04f59723eeae416796ab0e589abc6835ad331410a9738d63db35890b867fa57b6a5f94b6f755ce06b526d153424b77495371e3eacc1bf3884a9b822d

Download Submit
/data/data/com.mojang.minecraftpe/files/PersistedInstallation561471206245173986tmp

Filesize
90B

MD5
202986ac3633618849600caa93b9050f

SHA1
0c29c9d7cc08cf1f8dfe79a963945430aa935d32

SHA256
4d73ac93ce6795185840e3d120d1b40cde22ff6e374297b2d0f6fd7379651f07

SHA512
dd162226fd287b4db4c09f3c8884a3949cf0171366ba4a7dbc161ad84e3e44a92d9c11a5f417525713f27edcb2bddffe29a1ff140059ccaa7c2a36b824d27556

Download Submit
/data/data/com.mojang.minecraftpe/files/PersistedInstallation8362814405165378491tmp

Filesize
569B

MD5
276026dd7d73d92bafbca0d46e2d194d

SHA1
83e8fbe17ae14340d9abad7529d0cf6e75368fe7

SHA256
341bd0688f7b805d557ad3a6b5a02535f109994d2c43bc7b6812bd9b9d27b059

SHA512
9e8f80c239f5dac0a4d36cabca803a9b0c23bd13a4b3c200f3eed743c7d75c03c7676175e4f1e72b9c332695f9b8ee04bb8da7a25f97496e6a86b7eaff2d901a

Download Submit
/data/data/com.mojang.minecraftpe/oat/x86_64/[email protected]

Filesize
288B

MD5
f4c6f04ded4884817507733f3598706f

SHA1
b9910995cf8f2835cd1839b9fb872ea4d0297137

SHA256
fdb188a31d914354f8c38d357a8bae275345a3f405a36bea36a2a1de59f6f5ee

SHA512
d53e041fc3ee7b1785eebc2f695cfea9b6fd6ca3f25c59c6b3dc838fd34544ae21666712f67880165ed37daf83789ff538ec1bc6a3562cc4ce9b2579b7796ecd

Download Submit
/data/data/com.mojang.minecraftpe/oat/x86_64/[email protected]

Filesize
156B

MD5
b8339afc7c98a3be1828caaf12cce660

SHA1
5f9ae7a3859719d87cff4f8b92a42f4364b5140a

SHA256
c7b7e641fe89914e2afa905303357b64cf34dcdacef1fea42e2a2977937b08d2

SHA512
31b197fdc63b1d8adc43b402908cdf3eb9187787e3a3c57cf8193ca2b66df059ef789d65a4557a27d6ef4068c060e2ecd7d3aad5fe2cdd1341923495ba2288d0

Download Submit
/data/data/com.mojang.minecraftpe/shared_prefs/com.mojang.minecraftpe_preferences.xml

Filesize
140B

MD5
21cf7dc491d34574a4d7b139f273d1f5

SHA1
5039aef2fd1ffbe6e6002429327c8fb9488af94c

SHA256
2838ca5cf760df13f35b5bf4824c9b1b30191c0a90da1de022490bc8bfb98c0d

SHA512
e6ca2aecfed71f3739d1e979b7be622cf6be5cb81a167796715d0dcac86379d9ab7db00a02ec877e04622bd61a6ec5dbf2b6cb9627d7493a45c0857ca98c060e

Download Submit
/data/user/0/com.mojang.minecraftpe/[email protected]

Filesize
19KB

MD5
f06ec8e4653f6bd849de632f27df03f3

SHA1
b570a30f97d2447791a682e0ee97a12f3b9cdfd6

SHA256
ae48a4cb9d6c1a8c61dff0dadf5422908c9bac126e3b34e07463523517d88aa2

SHA512
ecb52a71cc3dd368a13bb89d3d167104795690effaaff40468e00489e54ebc324dc35997f800b919707499ae061cae0d683e3ac0887517e8de25343bba03c37f

Download Submit
/data/user/0/com.mojang.minecraftpe/[email protected]

Filesize
11KB

MD5
0f49e7875a9a11ee62fbe45a1baee270

SHA1
b2f0311ac162e1d19b6d753ee389ca67f17d60f9

SHA256
afd3d2a69492d71fbb5717b93d30d4f91df1a161eab0a736a0c97f32899a1960

SHA512
05de376ee467e7ba41732befbc4f3efb2691d509e4a54b7ede0df83a12e89d4ff2829358f44def3c89d703ce5807e171181035c45cbdd5095ee35b5135e1b4fb

Download Submit
socket:[58141]

Filesize
57B

MD5
5757951e151bbcf8d33f4e0d4651f74c

SHA1
2d98bf7b61999cf18418d3243bb271e2f3664dfe

SHA256
7f8f22df173f1cbc286cadef7ca9040c1c9a7cab4603ad2d6662ba7acd913eff

SHA512
b7942087f47e1ad9a231c712931e316d9511c1c60550eb20da1fe852446b4b8e782e2c9b8e6835cb32732f1b1fc63c99c1231915d328174be80b7b34b57d686b

Download Submit
socket:[60007]

Filesize
60B

MD5
8ef2233ba231c0c14149b56bc092ea16

SHA1
1430846e5cc6867f68ced912fe91b14c7a18d1f4

SHA256
162dc493cadd1228c6dfbfb3e5e119307d81381ea6292f074fe3e94e1307cb79

SHA512
c241ec1193ef76e4cc2427c2344179f3fb02b559f620e0a6d86c10eb961285680d8978c08e4f275edcf02e649ffccff9d1097d86a7597f792b0f135b0c138ce9

Download Submit
socket:[61380]

Filesize
80B

MD5
637f9483256695b6ba955ad6d7ed9e14

SHA1
6e009063aeeaa860796eb87f3c1b1ad827c47548

SHA256
64c1478bdec4f28b2824306c5dc126f5c08c7a9f2b4dfcf2bb2bbbfbe2c08611

SHA512
40bd1d88cd7dc99243bb0ac7838c64be678522785f21eadca8dd27df3247ab82b50c6c1d70f4ddd4e1a3c0bcabde6ed961b0f2ab44908c945a9c408d92297f48

Download Submit
socket:[61389]

Filesize
58B

MD5
29dfc0765ef058eaf7a74d8d6f0e582c

SHA1
06914108f8d9422456be827545c759840b75d005

SHA256
0ff387417287049468eeb514960d1495fe1cdd1692d7de6c3ee6c957285506f2

SHA512
6fd749f7ead485c762a505ab23a47763f04892ed982de235a94f770f1e7499c4e7b3e567c30af7a224b0f83f2d5ece7a9c313190382c7b6f47cc9d78ff0f2d43

Download Submit
socket:[61394]

Filesize
58B

MD5
9100ff5389bbd376ce21e1e51bffbcf3

SHA1
d6d54eb96ce1392729ff21190db7e5825f157aa2

SHA256
66e5e8c2b00848339f65a45ba4c6b57516a6e083899dd56b3b34f2004bb913b8

SHA512
6389c3e07f2a6549130b9a7c8e337f7ff59e39cf37e726c1db8d802c5c2837d0ff901caa4fa7fa531017e8403322b80bb903f328f7dc17d50c4c60c221107fa8

Download Submit
socket:[61406]

Filesize
50B

MD5
6aff0f7c139ce4711faae4c14bddc5a4

SHA1
85e99dc5db15ec5fdf0cff26cf55c772d06029e7

SHA256
8a692aaea92dd727efeea43dfdb0f68f7d1daf9bfe1e6010b39e12b74b4ca608

SHA512
3c39f8ed201a6888e74bdd72aa24ec0eb71148c17f1dddd3cdaae487145ebd4fd8dc906c9f332e14515a5b3728366969b3c5a0ee7c93674c239f53eeb1c862d6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads