f8055897862d1acb5f223e2590480d3611d27211f42a14095e3b61a262adf468

Analysis

max time kernel
123s
max time network
154s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
26-03-2024 00:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eblagh.apk
Size

2.4MB
MD5

8384ef6b5dab233bc8e6b6bc66e2fef2
SHA1

397d93ed0bbc48dd45b0f4380f45d742fb0fa1c4
SHA256

f8055897862d1acb5f223e2590480d3611d27211f42a14095e3b61a262adf468
SHA512

e7305471f7e48dd07c0deb58a7d80eb09e74b6fee2f8d978a6c1044643b161d00c5aa6eccd9129731a32da588492a36e7b5a747bd10c3cfa9e439895d6ce2fb0
SSDEEP

49152:4oT4YaxL0WP0MRORIZuFJKCCPOFkLpvcKHmlGD+SKNl:pkYYQS00ORIUFaPOFRKGlA+SEl

Score

6^/10

discovery evasion

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

remote.toprat

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	remote.toprat

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

remote.toprat
1⤵
- Acquires the wake lock
PID:5054

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/remote.toprat/databases/google_app_measurement_local.db

Filesize
16KB

MD5
bfc37fa200f8f6ae9ff2535da0f7edb5

SHA1
290502601fab7279db9f5e8f96ce98e4fa619469

SHA256
1bba3f3d128438d07ae1c032bb29b0713eab7e97cbe0c2414dea3e0d7b1d4fdd

SHA512
1f44c8de73f0011a7e37fe45dd53e10a9037fb90b7bbf5e4853cf41f460bb55f3dab76fa5a1a393c57723b474cb68f7cd53b28d473ad62526187db38fc9a26c3

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ac164017c37245068cbb123566dc7c39

SHA1
d1d2542f804dcaeb1a87635d6b681730b34dfb83

SHA256
3e9660e45098f28102f22680353165138374f12f868cad670af6f42c7984a110

SHA512
06509c575c1a629adb2a6f3879dfe26c145eb0c4de637060e8d19bd4c5d911fb3a8c4edf8103ef3dc8c44eea14bbe24db76bd12e4e35b9ba4482fe79b2a23145

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db

Filesize
16KB

MD5
348ffacdbfb70b7d2612598da808f3f9

SHA1
360614844d32774a43746bf2ee9367bae3857186

SHA256
0ab596b8fdb0e1a363de45d77796f4a3cd8b6bb842af93a05922179e067796d2

SHA512
dc69b057454044e0f4d17a3e7aeedb2c30a93cec86fe65db473920547b9b5c5b94f4c8b5475709011d6dc159b6b3c9ffcdc95cb03136ee7dfa0a584158dfd8cc

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db

Filesize
16KB

MD5
40f98ff34cd341fb62f7c4c9abf9b65f

SHA1
5a8f35fd58bf43eada9372ec6aef98a13bb1fdbf

SHA256
8e33eb50ff4ff5a60bfa09c616d1c4bebd520dd223398213660445afd6ad4eef

SHA512
630403ecd5d74230b7b07ceec6bbcefa6928467f96c9afaf35ba1f40166ba63caee4b1f810cfb18abeef519723de96c7a396f963f4978f1c9e76a30bcbfcc7be

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5bc4e4c85dad81e82758c65f4d304e31

SHA1
45522c06a68cb701254ceb85be90e026d204958a

SHA256
5080b4c3fc1330fca73c941a6ca26c37636ebf3ccecb1fc1f7d9e6b8b1f186ff

SHA512
60ca40714b8edce585ecc7b9d70cbfa293d5d5f178e5f0ffd343a944335dd30a3ae27800b6ffaaa00a07624687f2778d94b59358ca95862a1e16213c2f96b3f3

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
53fe2011dab9bedae5ffdbd9a8b44851

SHA1
44c836c8ce113f43352064fb577f740f33e365f1

SHA256
775999fe833fe2073aefe23799bdc01b944cae387a1ab6b8dcf6708cca8b9cae

SHA512
cf2f205e3d7fa78837b3fa15aeef08ea6c45f25d700e810b871db64ee1ffd6096250cd6c2e8f2bb7d8e1a70693e85b193470b3067436116fbaea9f819033e4f3

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b284b3c7ff682b5a017cd843641beb58

SHA1
13c38b58842f2c4c2404d95ffaa94faf6e762582

SHA256
e87a06085c84faca7e486099718d522515e8fda5e6652b36ddd91145780ce209

SHA512
1131dd7efdb8ade621ecf4ff4ae3922f5a2a498146147257d555b37310e599c1cc9070ad7fde3d0d8fdd8850f683cada0176f43b6fb95b8b54b539a466f64caa

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
5773f58e72a377f882209ea61fecdee9

SHA1
ebcba1aa53cbddcdfe49b7ce0d2118c265ba6cb8

SHA256
3c1e2dc253d23a4f9966a805d47f4adb57a4da5628cd14aa17868084b09da851

SHA512
580ccf56ebd064566566e9b0c528814eff16d0b5e4459d5e4751a9a954688106bc8fd9eb3460e22d8e575b7707b2cd1aa0bfd7bf5f4c29a56863b6b61b90a60f

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f3454a143f95e04184fdd12428b20538

SHA1
8f7df80b2983e740c5c42891e9f12a8f06703efc

SHA256
cf6a19506300326a1f7eaf549018d446562f41815ba799400e2499a293f12da6

SHA512
52f643ebac898d4df0543d247c8c41760a20c04cfeb91685b634cda5b37f40703dc756727f4a3fb43d2e462a85e9bd280ca3364648593043a8b66bbebadd06fa

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
8fdebc79fb26fe1a9730d8ec8efeecbd

SHA1
e002e689fb040f3e3a57a71cb9d7b1ac0482dcef

SHA256
46c6483f82a2c68a914af00a00ff0f64f5168647909d814355f99e95457c75b6

SHA512
5fa07941b7c691690659ad8b18fa05fc15b9750014c3e186c9969b25cde13d06eed7d835f8f5ed3cd3df83ea5733c5f46b9014b8fbf9b3b5f7c2f4abb78877dc

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66021BE701EC-0001-13BE-01737B95CE86BeginSession.cls_temp

Filesize
77B

MD5
47dc7f10de2c486366221ea890db0e58

SHA1
8dc1c11eaaf08c6f423cd13478e6df5278579b5f

SHA256
606c5c3257c4fb01f4dc74b2b18a0ea6492fb312b24cebcadbb436baf7f3dbe0

SHA512
ea6789aa117d46fc5cae92dcaa476da4b74cb49e1bde2c7188042e6e3f5488cc8526b492991d870cfe950436ecaf6efab2930abd4a7b5ea2a1a62915c93d7e49

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66021BE701EC-0001-13BE-01737B95CE86BeginSession.json

Filesize
132B

MD5
fee0c476ab3613908eab44080a496f1a

SHA1
95508d02802efeec97a14faaa5903ddccc9cddce

SHA256
1a8555032c61fd5511e0154de9ccad2adb53c4676022588d235d230aa8065140

SHA512
e9de067ac3f371320a8135097798957fd7dc0172dbfd35dff79044a5267d3685e297bbbec7bca30b2794f18c281c4f188b7c781f0b074777bf07145c17880649

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66021BE701EC-0001-13BE-01737B95CE86SessionApp.cls_temp

Filesize
105B

MD5
8226c6adc366b4bebd3edfe457cf0fe1

SHA1
0541c6a10bcb92fdf1cb5a56765d02ccc09a1e65

SHA256
f7332a12d1c1fb4cd3a88b48be6bdd1f94dc4476cbc4e1601fdd38939a2421dc

SHA512
57ec3e8ca0887340adbd4e6fa4bbe98ef00ec1e97ff5437d16665a68c9cd5be597784a1b8ea302b851d614c838022fe15288d54a813e70bd86fce2464be44c48

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66021BE701EC-0001-13BE-01737B95CE86SessionApp.json

Filesize
219B

MD5
5632ca5b5b172a4362ea03b1e4c86608

SHA1
72d3aa8f97c6147f4d949b5bc59ae37f3bea67ae

SHA256
f4e77d24db2ef4f9eaa4c6ca7d5805e4fa521acf8990044bedfe95fcb39a14e7

SHA512
37126bc33128b51058f2615759da3e9dfadb190a1c8189ceabc71fdf3aee617021710e715cebbdd5a34edaa00ca418939874f9edfaf4747f51bd3b0d3d8471a9

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66021BE701EC-0001-13BE-01737B95CE86SessionDevice.cls_temp

Filesize
48B

MD5
2390c1f21db00b20c07107e3ec7275fe

SHA1
e663a646460acc071aebee942cc1776c23d77655

SHA256
d348072a01496839cfcde3a18866423aee74aefd613fa3bf1ff4a203ef46a699

SHA512
43ff60754eb60795ca1c318f44dcfe49194add26cc3d92c2eac7bef538fd65b6290f2e5953b8f1693b9425ebbcdd022ab16a18280146ee0b0c2eefe27bc0bd63

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66021BE701EC-0001-13BE-01737B95CE86SessionDevice.json

Filesize
202B

MD5
afa07370d07ed0a8ac9554ee7001bb72

SHA1
d1e9de22fda1295087525ff3a377f7d7dd410ac7

SHA256
8d4b99fc4968c9cdff4626ff6c1467cdb427f7a597b153f03b4bfb62dde6c07d

SHA512
a7a974b1c4ca3d7ca92e1449dc9718d5ea2af7f8e4c605d25c731fb4bbe891fdf340835e2a4e3a363558744e5ee30aec22542f377eb5bffc0097c70d24f241d1

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66021BE701EC-0001-13BE-01737B95CE86SessionOS.cls_temp

Filesize
15B

MD5
2566d27ce8c28d8961f082c375d7535e

SHA1
92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf

SHA256
5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a

SHA512
1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66021BE701EC-0001-13BE-01737B95CE86SessionOS.json

Filesize
55B

MD5
5caea4b68c57072f7f52a5a41720566c

SHA1
4d9712f1702c7238949da43f7d8ae6efb233a666

SHA256
3223857b618b924c2b0fbc7bfb373a1aacf300a7b5ab585e18fffcf19039f363

SHA512
fe1455d21c521aeae3292bdcc386f6d2005dc253930c03e44dbcb972f96b849670d2aba039ea59e1a5ebc0350e6315151d17bcda55c161a62987d4bb01e91f9f

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
395B

MD5
6d479a62127f0a1dcaf77340a50eccde

SHA1
3d98d5d41f080c91436a2564f150455b2698a8cb

SHA256
f3bb84ef9a598da6c422995447e4784100b3d7b7f4d50ab6cbbdba081dd91ac1

SHA512
62f420aa11881443491404c9f6fb156b57817cfe3b8e8460ee64ae96808392f5e560343a230de447ba6c59e3fd8b2258446728d3ca982c063e8f7e8f5c9e268b

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
775B

MD5
09b3eaafeeb6cb020280389bc589a150

SHA1
48751d4c5379c0c99c9c6b62afb7d9b90112008d

SHA256
8b8a2285abe8d6fb162ca6034f54b40237c8bdbff6294cf4a4f7d1eb2701b5ff

SHA512
fdff5d007d9c380cf96d33431d374b95c04ebbe247d3cb8aa8e5bbb5b8209c1cc6d44d59cd4ec45774b1339384afc3ebe1b26895ec59c53c48166cee6c87bc70

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_023e97de-83c0-46e1-a445-dcd159898e4d_1711414249556.tap

Filesize
325B

MD5
b9b98d11aeb120962cf67464436a4ced

SHA1
757bde7d54eb76a7ffaea0a98e45702f2288dccb

SHA256
ac282cfcb6fbb73ffd48cdf9a5f76be6f5ee6bb24ba659d38bcf942cb1891b03

SHA512
67d88495f3dc110fc2f5783946b822d70d6cf666a9f5ba9daebbfe42b2c0b9d6a3b592a4e175580d93c8b77b10d5c40b7cf18a018ae7291a09e8701abfac3381

Download Submit
/data/data/remote.toprat/files/PersistedInstallation1966248967107216941tmp

Filesize
90B

MD5
cb1c48747f3326df8aaa4a6e41b813c4

SHA1
5cade4c3ef65906cec7a3a0f2c5fe22aa2b28816

SHA256
08b650b74914b4039fe5245ec9be27f890a228a24a6c72007d8d9f515446994b

SHA512
b7e7444df25dc3ceae648c7b48bdd82ceb0b19897fe5a5db280bd4b2bc98f0096ffedf48777369e96aaa1bbfcf101ff33f985f1a977d74fd70a33fcc7e32bc57

Download Submit
/data/data/remote.toprat/files/PersistedInstallation6297898714132213975tmp

Filesize
569B

MD5
13678526dc8979aa3085352d116495b7

SHA1
29d3742ac42b0ec7c193dd5f6ac4ec2e03862231

SHA256
963173839680bbc72ba959bcfbd140b8af4714566a937f6d78e36f0ad0c67b7b

SHA512
4de41d06966cbc8cee8016aabd63c348a624cf55915f1bed292f2aa84a2effe357ef082dce00f38397090e7e02b9321f231c86f5add8c95ee95551eec859620c

Download Submit
/data/data/remote.toprat/files/devicetoken.txt

Filesize
163B

MD5
7323a3164c12e6670d1d24becfc9f9cb

SHA1
8e456780d1c9b919be8cfceb5ef7e27f9756c6ee

SHA256
e6a8c71486d12eacf11636b0c2f63abade908e4074e68fb84cc1a8290d9b72b2

SHA512
b6ee24a8edc304b3b380134f9cfd7fb9b63f579e767579bdf282188e3510b259e878b4991dcf7b9a4d2f9dfd8b753457e0dd2d091402a2b5c1f62ad1b05899ed

Download Submit
/data/data/remote.toprat/files/starter.txt

Filesize
4B

MD5
b326b5062b2f0e69046810717534cb09

SHA1
5ffe533b830f08a0326348a9160afafc8ada44db

SHA256
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

SHA512
9120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de

Download Submit