f8055897862d1acb5f223e2590480d3611d27211f42a14095e3b61a262adf468

Analysis

max time kernel
123s
max time network
135s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
26-03-2024 00:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eblagh.apk
Size

2.4MB
MD5

8384ef6b5dab233bc8e6b6bc66e2fef2
SHA1

397d93ed0bbc48dd45b0f4380f45d742fb0fa1c4
SHA256

f8055897862d1acb5f223e2590480d3611d27211f42a14095e3b61a262adf468
SHA512

e7305471f7e48dd07c0deb58a7d80eb09e74b6fee2f8d978a6c1044643b161d00c5aa6eccd9129731a32da588492a36e7b5a747bd10c3cfa9e439895d6ce2fb0
SSDEEP

49152:4oT4YaxL0WP0MRORIZuFJKCCPOFkLpvcKHmlGD+SKNl:pkYYQS00ORIUFaPOFRKGlA+SEl

Score

6^/10

discovery evasion

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

remote.toprat

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	remote.toprat

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

remote.toprat
1⤵
- Acquires the wake lock
PID:4196

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/remote.toprat/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8dd06563c5f638f386ebe8512b073d80

SHA1
77018490d001b80aa5edcb347c029cacf92ea2d4

SHA256
c5ba4e611a7dd68a992eba0912802cfafd3ce42fa1a8408c9df7031882c46ee4

SHA512
4e33a9f6db5879a4163cf2b357ea38b9d3ca31b2647bc0d8ee41693874f87d03353c835dd9725876c3f888ab2228c1477f221fda702c2983345f031409c16bb9

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ad43c1e9e94ecf3b281aade262a54b46

SHA1
21412a9ff409782c60d723ef7f790b3a53a27cea

SHA256
04ae98a68b2b2a0e30113eebb9a01ed6b321e3b8dd636bc08e2cbce4e219a05e

SHA512
f79914b7e65b38086050312c623bb9fe4a2c9532924b9fd14154c416bfb48dd4f5e97bb97d09da9abc4b686c21462ae0a3dbf6499e63d3b3f4cf6cd704d19e47

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c767e92f2f045b65241d05c4334348e5

SHA1
58d09b93007c39b91166a62df254470429b9fbe1

SHA256
1dbb8694baab1b736b5e9e01442eee8cdd740cd5da6a9b163674ef00952c21d7

SHA512
3bf5d69130927bfb1ede87e7fc15c04bc47d0e346a3cc8fde46cadfbb7eedc515e5f295983e4764610a713d0c4a145789f74b426a26176bec7de2dddf6a95a10

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b4f8b036433b96840bb1f9c940446a15

SHA1
98ad5bd22422ff6e17aa6ca261b93575cd8bd4b9

SHA256
37cf670b0bc66fa4bd58e6c44fa83c4b73945c15df4fdfa6ada2631cd6140efd

SHA512
a1902a2aa5a260083559a4317c8bd63c3975d61f57fa4e6cbb3be531e9a0485243ef4ac337f3b9493195ded9bbf7700c43114f905506761291956f70e4d4c3d0

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
c24eaa5715b396d1e1d083fc12d0611e

SHA1
b4baa2edb2062e5fada47a170d01da45f07bcca5

SHA256
281509322c15598b1382691d43f1514003af124ce3be75f7bb4d6c083e6d6eec

SHA512
137496d568ed1c70f7fec9fd84f20638d68dae4de2a62222f6064cff6b8c93473f869f369df6219813ac1e24dd64831c799e10f262086e7bc05891d0eda71bc0

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
1587765929b68d09890fc2d614ccc393

SHA1
011356a057a2a466819f7d06ba2f7e30107300fa

SHA256
3737257b10c4a7833680a1b29c142ce5a5c6d3db042c1c31df49c1f03e97b927

SHA512
eb771c780b31e1fc32745c685421625f235ec208805b4f9e240104ea9cf7ca613e2d5a824138f598359ee28b6d5f187f342a219cd2667f1b689da5fa301cd933

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
cf1e970ff3cead54d7f775bbe954819b

SHA1
167a1721248048770fd741493c05755a5a5fcd33

SHA256
2a775d2ee6667e2ac46243070c33d6dd09396ce0b534394abf6d919a221a651d

SHA512
a5bffc53a383d53b24470cee3cb40d24bf31e3be534d5081ebb2517f90a7c05768c4500a4a86632625dfc864eb9f8e9cf30c8a8c2ed6b2649e971d58faa5d4a1

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
cc183df58474d755d242a9ff2e1861ab

SHA1
8385f03256192a4ad65bfa929672f06cbf486c56

SHA256
b88126582f5a41653271927311ceca4d93154373ac5d2a9b4f46d54bcaab7fd7

SHA512
230059cae4c4ff4ced4dc118a711eb44dc1f234ae0066f53a6d063375dc3126341417a5a1427e0df082f2dd548089f8fef3190d2380115d92e0a7dc1a11832dd

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
76102f9125d9aac8700a2672104a4eab

SHA1
8bde0f624a3c6fd193455de605a83fa0d3787bca

SHA256
968f2e37cb5f0d5068f385d025b57f2a64b0242d198f8d282f625b5ad583ca5b

SHA512
b654b8ab3aab046fa364897ff5dc4a710c3529dd9874f89e1ff90bb73089a749d580d443b8a331bb1e71a47bf2c55e86652104a235b118eb983a49c742331925

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
a790c959bceeafd913050aa9524171f6

SHA1
67200c2cbb167ee385545705497793a0713976cd

SHA256
e1e28fcb9a30555203fa62d7e59bbc11e09d61234bdf98abc3a88d72c6fa9e5a

SHA512
cc72e360511daa95c9d043a027e5fafced130889d473df74a2a422ac24229cb90bcb359eb02ee65f72641eda4a1648361eed54a2f2a51116d6465b9aa33faaab

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66021BE8014C-0001-1064-E3218DB759C6BeginSession.cls_temp

Filesize
77B

MD5
60c2eacfbb967c055f6fec2ceed141ea

SHA1
01e2299b24f88053824455be885f1846dd8c988b

SHA256
b3d262491f6bf6f8668e3873f2cdcde536f8ae9a91e3aa082997b915fb72e9e5

SHA512
f546f545f7a89407969252405f4388a3d93196d5e1912b61b49d111e829b198de7417d0e76a2cb1964b7586de0b1b680b47c533139fdc84365a488d8266dc322

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66021BE8014C-0001-1064-E3218DB759C6BeginSession.json

Filesize
132B

MD5
364ebad5ee1b058fb54e24d6e2643691

SHA1
3212b12a49eef9bdd821ef3f5515e45308f2c1ed

SHA256
10b8141c205dad68740f404600a19a3f011d57bf1c882188e8191faf7d8089fc

SHA512
4b9e500f8742a82de7e04213649a73e4f9ecc562cf6d3c2fb9f03289a5fdee4863801d4b5b25e0684d3b8b0adf496f1818948ef0ba9dbda96146075d4af3d1ef

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66021BE8014C-0001-1064-E3218DB759C6SessionApp.cls_temp

Filesize
105B

MD5
7aed71750776fa9f683fcf1a39697f0c

SHA1
f2f71fea2faf1f6abd862610c91a640b00022052

SHA256
28bea0e34e7f0f517fc78c84dd6e6ca340d47c2d139493c888e5333d7d6a7c8b

SHA512
378ec8f1cfd4fc0b8f0276f2474c2225363964530e0cca3e2a68b934e0848800273034a1e575a0857bc846af5b5ba2c219857538f594272a2bf84e478e7b0ca0

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66021BE8014C-0001-1064-E3218DB759C6SessionApp.json

Filesize
219B

MD5
4f542ef90aea58fa942d35d07d0b83e9

SHA1
245fd6275dcff7b05e5c01bb7b04decfd2031232

SHA256
d3d107277909293fe5100338ead4dd6d627e9182559dba6f48d77a6978851240

SHA512
234df237ecc8ec4ceda51cebc43d9d7aad5b0d103a6220a5c5028a854048b8103671c3af7bed9b7b66b2b40122a89dddd1fdeaf9e1fc997dee11b6abd4e748b8

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66021BE8014C-0001-1064-E3218DB759C6SessionDevice.cls_temp

Filesize
48B

MD5
630aaf4621d940e95530e8a8b0d39283

SHA1
d06c5d18de58b6abb5890a83b6fb3c3aa4a2139e

SHA256
2f752007f6c33aaba282800edfe3d52da2ea954e3eceddf08efb0bfdc989cb93

SHA512
98c301f0188ced6036a863ba790e03ba22f88ec55a884fdf808711147228e97ee0571abad094ad68d758b2482db6ee3f2950d43d56c875bfeda7f0a58cd1a86a

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66021BE8014C-0001-1064-E3218DB759C6SessionDevice.json

Filesize
202B

MD5
8c1412ceb8c8543650bed0f85dcf4c99

SHA1
e2ea16a5e4f49d8f4fc661f127bc8ce6f5d2e485

SHA256
b33eddddb3bd84b5d5975b074dd2fccb335c715b8506862cfaf451ec1f8398bc

SHA512
8d067a69ce521a0e004215bf6b746279e4c32e0bb8ba90de9e3e7e519e421997aafe1a3b8d636cdd4da578ee3c538cb1b84fa60c368c0dac9307d4064fd33687

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66021BE8014C-0001-1064-E3218DB759C6SessionOS.cls_temp

Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66021BE8014C-0001-1064-E3218DB759C6SessionOS.json

Filesize
54B

MD5
93023624eb8dff5c20050da136aaae0a

SHA1
acfd1ffed752c28fb135ba83c0c6345ddf2f6995

SHA256
968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c

SHA512
bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
394B

MD5
efb7f84b7bee5b21e32a43f49b753ae2

SHA1
f2a2453b0ae95d591082730d3adae5d0dfbe460c

SHA256
99ec6ac77e9a090801b83d24d3d5c04a7df19f217a7c22db7b09b4ce1949d514

SHA512
ebf59ef7387ad8c3891a6698793b7f7d759e9ffe3a9b72bd2447a986af0e0c7aa9e99ff4e1e86d366ea11964535c3ff47487eb40f64e40ca5c0cabb1002e7033

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
773B

MD5
75dd657934e221df215c029877e55543

SHA1
656372e858354677f4008e88d138d80ddccd8cd2

SHA256
2a8f9e540ab08151e6c31a5ff2e091b83088f5492c610c8c5c5687b1ff276fe4

SHA512
a8c385e025cf4b24e3422907db6661148193d6676361d3f9faaa58820084b34c2742c63b01561c702313c84feda0b99ba787ad78209c9fcdd95f663c4019055b

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_f688a559-0060-4027-9b1c-dd18b89b89fe_1711414251007.tap

Filesize
325B

MD5
cb8c55ecdde1a4fe8c65a86989838464

SHA1
a9eed0c6d53d68fb0d82ec723b7e1c632278d933

SHA256
ae020593ad40ae9b2885b3f4b3a61bf5b2abc86390ddd1b95719e4c146065b03

SHA512
d529aa103e2c1af43730b3bc140525ad8e4b277552d65426feaab932161db32f1fcbd88a0ad91fd8a2ed6cd23ad2c20e0ec8d197b08c24a0372df0853f8d8a64

Download Submit
/data/data/remote.toprat/files/PersistedInstallation6067384934675117880tmp

Filesize
569B

MD5
5fc92af37e78b7b53dec7e8d9aa90231

SHA1
05b30a325ca68b907cc297c3d306f8cd169e5c06

SHA256
3f306fd4da3b82bd7d29647a1a4b0d267e94ade2d36265d974098eb382764fba

SHA512
a28375b3289a5f3eb87432dd28c8bc3ec2291484745f144c16542206ca44abb42809b8b4656069d6ffef363a9f8f9e99ddc869ff4fd34525dfbc580790429890

Download Submit
/data/data/remote.toprat/files/PersistedInstallation8263620954551224170tmp

Filesize
90B

MD5
e1e2fd80cab06e93e3a06be74198632a

SHA1
fcd29c48bbbbeb045767c5e63aa6f71c4152f09c

SHA256
5eecf0e85a559481ee4e2e5a65dfba5aba06b8f504ca9b67a57168167f28493a

SHA512
dfb6cb1fc00eac0e627142f9948a8d66861feff17f3c3ca17ca3f8da8e9c9945c331af7fd14e3fe3d57d3a08efd633188ac526d2d95166c21a290789a1685cb2

Download Submit
/data/data/remote.toprat/files/devicetoken.txt

Filesize
163B

MD5
34b8c73488b82c0e58b3da85e79b7ffd

SHA1
26d3cb1c507f62c25764f2bca6475243578c1f0f

SHA256
2b8e8681ca92599d73ef136113534491c45dd691bc74b6e713982403954875aa

SHA512
2412f42321d89d105e7c2d40a1fa900e4f4b2a081ab079c6f7b1cf7463b49da04d8e17219dfdb38cb9350486b5a9067c294037f216b476213e2322cd1c237fbe

Download Submit
/data/data/remote.toprat/files/starter.txt

Filesize
4B

MD5
b326b5062b2f0e69046810717534cb09

SHA1
5ffe533b830f08a0326348a9160afafc8ada44db

SHA256
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

SHA512
9120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de

Download Submit