Resubmissions

24/05/2025, 02:12

250524-cm5casej7t 10

14/03/2025, 13:33

250314-qt2rms1wgw 10

General

  • Target

    theotown-mod_1.11.83a-an1.com.apk

  • Size

    93.7MB

  • Sample

    250524-cm5casej7t

  • MD5

    19d8a9e92cc151d89e166e3e483cff1e

  • SHA1

    1d041cb13dc829545e6d52308bd321ba254224cd

  • SHA256

    fd80947189156d5b4fd50991ff8279bd43378354d8fd4a0dac29d8b389fac6a8

  • SHA512

    6b2e369d3da7f373bf455776382243c99ae928e8062728345ea5cce69cdaec39ca4d5e57a023b9a3669330f9f9d21c2d078e10aed181f2710000c0cb895db619

  • SSDEEP

    1572864:TthmmiuOLHdbzlyQExrcj0tEdJmDMzcdQQ1NeWybFQtPDFE2URNRlITA:ZIoqHdXlmxrdEdJRYdLqWybFQBWxkA

Malware Config

Targets

    • Target

      theotown-mod_1.11.83a-an1.com.apk

    • Size

      93.7MB

    • MD5

      19d8a9e92cc151d89e166e3e483cff1e

    • SHA1

      1d041cb13dc829545e6d52308bd321ba254224cd

    • SHA256

      fd80947189156d5b4fd50991ff8279bd43378354d8fd4a0dac29d8b389fac6a8

    • SHA512

      6b2e369d3da7f373bf455776382243c99ae928e8062728345ea5cce69cdaec39ca4d5e57a023b9a3669330f9f9d21c2d078e10aed181f2710000c0cb895db619

    • SSDEEP

      1572864:TthmmiuOLHdbzlyQExrcj0tEdJmDMzcdQQ1NeWybFQtPDFE2URNRlITA:ZIoqHdXlmxrdEdJRYdLqWybFQBWxkA

    • Checks if the Android device is rooted.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

    • Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v16

Tasks