1a43930b938939c6e646fc9e690e150338192987e0d71387174f6662f3324143

Resubmissions

28/03/2025, 02:08

250328-ck1aka1sd1 8

28/03/2025, 02:05

250328-ch39faspz9 8

Analysis

max time kernel
28s
max time network
48s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
28/03/2025, 02:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Minecraft_v1.21.70.03.apk
Size

730.4MB
MD5

7bac768c12f3a4d471ea2222677d4081
SHA1

e80c25de7e863da2a675362dca8bcdca8b52841b
SHA256

1a43930b938939c6e646fc9e690e150338192987e0d71387174f6662f3324143
SHA512

9b7ca169fbbbdf8892a56a0a3405feaa31f9740a0369a770dc12fa48344af6362a425b96b9844b3279a395dd88214dee387fa13a4bd0ea040b681cba6d86c30d
SSDEEP

12582912:ExkXOmC0aWz8i/rIBiCWaKDvEq7lrnIkDyF9xaLtHPA6aY2bWL:kkXOm9aWz8i/r+iCWLDsqukeF9xap2bU

Score

8^/10

collection defense_evasion discovery execution persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.mojang.minecraftpe
/system/bin/su	com.mojang.minecraftpe

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.mojang.minecraftpe

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.mojang.minecraftpe

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mojang.minecraftpe

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.mojang.minecraftpe

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.mojang.minecraftpe

com.mojang.minecraftpe
1⤵
- Checks if the Android device is rooted.
- Queries account information for other applications stored on the device
- Acquires the wake lock
- Queries information about active data network
- Schedules tasks to execute at a specified time
- Checks CPU information
PID:4515

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mojang.minecraftpe/cache/appboy.imageloader.lru.cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.mojang.minecraftpe/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
5a7d29f24f1c4b2136a7761ad401f962

SHA1
595e7c5153fa1392ee33c6ec0101112e5af25a47

SHA256
c4c458d18a5d23deceb68482fd2f8d3d89c99e3a32e827c7c3f4257af3ee2349

SHA512
c67401858ea3d05639f4ba9bd7788db8c1c9de49bb71565db62c64bce62fd24d2abbb73c6fb72dc9508609fa6f49a46c365591fdc8209b23b527256e43f4f0f7

Download Submit
/data/data/com.mojang.minecraftpe/databases/com.google.android.datatransport.events-journal

Filesize
24KB

MD5
a06a428f79a01674529c116aad7eec95

SHA1
b0708411becf30bcfea06b10f7c90ca86b9fce40

SHA256
3f1560c6973fdfb4fbaa67492e52e16c18da96aac741b14fa4df24122dc599ba

SHA512
e9d791b12b636ef9b8e4a05b366a5e2016fc0a41d65b56ce00fdaa27e291bb6b10f999f8b48fd3d4c9425a88c7f8986e110cf4794bd95a2c8dd10716c52fae6e

Download Submit
/data/data/com.mojang.minecraftpe/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
3917cdaa2433e469816695737bd93cb9

SHA1
37fa88d10cf691707a44fa9b73f814aac77c8724

SHA256
88c5dfc12329f33f6625a687284e96547b869a175b29397a6f7dd79e90d6eea3

SHA512
c7c96682bc08d84a0051da6db71b52f74cc9f4a47ccc949f1dd10a2b259d2bfd7dc64f4096acd49bda94dd349b383a722a713e0c6bced7ff52a9fa764828a128

Download Submit
/data/data/com.mojang.minecraftpe/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
c7ad18683bb75aa53c9515acb56c5f45

SHA1
f660ddfb42c5b27edfeae55f4d1eb5c4bf2da9b5

SHA256
ff1e4776b9a445e73871d8b2fbd3da62ca681ea21220dc30d0aa7daaf23c6e51

SHA512
2c1f563237812aa2d85bc52503af1207ba03dc4ef1a8f7adadc2f6d8264d0b0ff4e824144a190b9d2bbce3ae24e7f3fac0ee69d3184651fb1d3a100ff6e0d190

Download Submit
/data/data/com.mojang.minecraftpe/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
b57544cf9874fabd18e0527707be722d

SHA1
fbd2e0d411997441483679fcc5300e278ccc8e84

SHA256
e0dac61ef4ce518666bb49e2c72e6fc83b0a6facd511bad7b0a6a8f1d46fb03b

SHA512
5116ff8b20050e0a3f5bd0ceb540af1c5cf12c46b752ef7b6028fee3c327ffa61f671cd6f9b5b2c9a41fc5c9bd7c033b1b2c68fb0403b742d228f3ba3790dd87

Download Submit
/data/data/com.mojang.minecraftpe/files/PersistedInstallation1800560116313492686tmp

Filesize
566B

MD5
89bc52d6dd5295ce8595fd5cb5ab3bc7

SHA1
8233943a699dc4a873dba6dac169e33a39639ea2

SHA256
4f47325083545ba1ac62bd9287575e8ebdd04380f7aff61b2d75209a6e23324c

SHA512
e71cace958d8a394143127e433463d7401d59ba8520f524cba0e1d6d97dbe7ee48489f389da4667e02ad39c6e570b6457697eaad3d08ac83bc9db0b98c1b255e

Download Submit
/data/data/com.mojang.minecraftpe/files/PersistedInstallation6877465203285101978tmp

Filesize
90B

MD5
a952b1d41685788f18bca5919a0e7cb7

SHA1
09d0fa85daf42f9dbb10d24f4f03468b6429f92e

SHA256
cac6471387038cb1ad065fa48fdadcb191bfcb921961778ae97343a9d23bbb43

SHA512
5fffcecab288703066acbc3bf383c6fbd9421d9f89285172d1bd280f948a2f092a5013e8f14c0a242cbb43d587f75f6a265a77f44cdc42f4505a5483342ec7ad

Download Submit
/data/data/com.mojang.minecraftpe/shared_prefs/com.mojang.minecraftpe_preferences.xml

Filesize
140B

MD5
b4bbb604782d43a4db88cd00f4786180

SHA1
e59dc4832ca89603fcdca25c2b537cb3adda6545

SHA256
e4788fecbfa2f8fec1ff2eb9bc89355d7b14821f0708441dc378de04a4f44c4c

SHA512
87ad64c2c0360a89b9dcd9dcb368270894ad7c07f96e885a271b1294de4536417eb20c716fc5e3cc17068b44422e73d2be264bf09f70c411dc282f88b0cc3fa0

Download Submit
/storage/emulated/0/Android/data/com.mojang.minecraftpe/files/games/com.mojang/resource_packs/VietnameseLanguage/manifest.json (deleted)

Filesize
680B

MD5
6a75b9f5370443e09039e46d742331b0

SHA1
6f35b4b3b2eba094a5217171ee37bedd2153521e

SHA256
ddbb4438f5269d3c8f5ed7244a69df72528ff6d838faa10b65a046ea7aec0e55

SHA512
d2fd5f2cc39f2681f2788298f6ff665f031e28e0f491d37d5bd58cf5b253493377d5690221306a534d7f0f55337ae4639a0aa8879f2cd4ba3b779497977e3831

Download Submit
/storage/emulated/0/Android/data/com.mojang.minecraftpe/files/games/com.mojang/resource_packs/VietnameseLanguage/pack_icon.png (deleted)

Filesize
2KB

MD5
d56f51c4204b944d2e3c52d24a5a31ce

SHA1
800260cc8f013dffd47549516076c198922793e3

SHA256
90463377f2d3d4e309bd8b7e8d09f1088491c4ba6c396cce48dc2181c6e07a57

SHA512
1f5fc1560463afa1f88b0f0f9cfa21fecb6037eac31da9d24f48972ae157ce16d856f64800ee5b52a1c6213b4d797a21ce5323a6e151b6f5027d97080a720209

Download Submit
/storage/emulated/0/Android/data/com.mojang.minecraftpe/files/games/com.mojang/resource_packs/VietnameseLanguage/texts/language_names.json (deleted)

Filesize
58B

MD5
fba6d05dc80a16852e5601eeb2b8bff0

SHA1
e14ac0b7fd06ca9e7a76c5b4f93c81310e0f22ab

SHA256
6bfc38547ce3374c6e2d6c43ae6aadfac596373201ccb61511f322cd915e15a7

SHA512
72e0808668dc8f88b5a96b1bac48738e49f150ffc7607d381e8711c5511d94e4065bbd06b9422875dbeccd70618084d1aa228d84ff2d9e00dd72ca4cd7318c30

Download Submit
/storage/emulated/0/Android/data/com.mojang.minecraftpe/files/games/com.mojang/resource_packs/VietnameseLanguage/texts/languages.json (deleted)

Filesize
13B

MD5
77f6a5602eb7db7e01a17cf49c3f7012

SHA1
f92f69a87002af54db54adc3ec5fa098704c5352

SHA256
861111c3dc893aba71f7ac0a3585464ab78755f3e5c59f12cb08713cfbbac134

SHA512
40de043526f4f180322682efc87d4e68259c284c4a45c3616001489666bdd4a2c3c75f267159dcbf23ffa4b2f88606f571a0882dc01a957859afa1c96c2c6731

Download Submit
/storage/emulated/0/Android/data/com.mojang.minecraftpe/files/games/com.mojang/resource_packs/VietnameseLanguage/texts/vi_VN.lang (deleted)

Filesize
314KB

MD5
796c722801febe436299506647069ac2

SHA1
77a38822a6d5e7a622bb4b6132411c2452e8f041

SHA256
a37650ac99046a65bdc578706d8833712dfe85402dcb00107934d033191950db

SHA512
f7c87bc7a0b34fb824f9f2a948b7f25a2f014c4662eeb6371eea589fe351a7c29a7983c68798cff074bdf12700bf2775a5685b038a8c24de14215de51aa06004

Download Submit
anon_inode:[eventfd]

Filesize
8B

MD5
33cdeccccebe80329f1fdbee7f5874cb

SHA1
3da89ee273be13437e7ecf760f3fbd4dc0e8d1fe

SHA256
7c9fa136d4413fa6173637e883b6998d32e1d675f88cddff9dcbcf331820f4b8

SHA512
991294f43425a5b80f8a5907ca7cdbb611401282585a58bb415077005428e3b4c0f661fc07ba5c45f627bd8bdcb172389ce2fda461c029b837abc70f0abbea20

Download Submit
socket:[58914]

Filesize
58B

MD5
3f28808b17cc41f00d71e856db879dfb

SHA1
6face5204e6cb91763853915698f4fb6d76ac535

SHA256
f0ed5a4c71aa13f0c2c5e19721719c93155c84eed4f5583d978b3a5ce94e647f

SHA512
d9d7a48d34c016e980987eb9375d3229b7eae8662a29d642996f24d9a171c4c4932f028ecb745211cd811cddfca5eb90ad3b2dea35f3d95bc4c5e6811577d756

Download Submit
socket:[59158]

Filesize
66B

MD5
7e9e2b4f2eec614eb412d7062e001c4e

SHA1
d5d329a576164fcaa9624ccc608c5bf9d4db62d2

SHA256
a7fb12cc1e7bdabe3028b8ce3151b6aa1348a9b01c77d675d1bb98f6ac6d624b

SHA512
298f71e4f2739c68fab14419b6356efc7dbc41e933c64095043cbab91d94e6088602dbee7cb3364c50a35f0c9a7c619b1ee49bd17661c1fa52675b80d790a366

Download Submit
socket:[61180]

Filesize
50B

MD5
84ef3396aacf384b755d3ef582974fd4

SHA1
f2a362fdf29d83ac7b7c58f67bdbdf7671979729

SHA256
3dbc1649049db4d3a34a6b61125f976994b9ec65a25f2a3a2625d03f196c326a

SHA512
1f84ceb51c08e350639d409d614d08aacd04856d52fa148f5b23696ae76fb3fd130ff0fba603892e01a81422c92774c5b686383a8a4ce91c4276bfbaf8bd3f6e

Download Submit
socket:[61403]

Filesize
46B

MD5
950fb1cf4ba37fd8eeea2200f0f8a76c

SHA1
d97f8fc5b00b6a917d9198ed71a3b65a5488df1d

SHA256
5d1172c748ff642ad9c6b198d55ad0cd5db84a7171fb834fd2fb711e855f8c7b

SHA512
fbe693e7d4b20942a64eb35241e2703dded712f70fc1d8123bb4524f4fca70f37ec8dac8bc86e49a6ce76ec6c928972c4fdb715ecd16785cbb857e676f90a57b

Download Submit
socket:[61900]

Filesize
34B

MD5
1e636686eaabc12741c484bff7b87ddf

SHA1
acd440e521d23bc2a9efa7449deedeeec1f579e5

SHA256
62997d84140b4eabe3031980ea1b3bc74b7c387520ee5f87b2db0797ccfa0346

SHA512
3feb416518da0e729d2ae61efa118472621a3b3be5200b861420bb3a1c59d38f06e775e92d96ea854d4abbab75e7953105f3ba25716fbf48750def43363bb357

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads