f8055897862d1acb5f223e2590480d3611d27211f42a14095e3b61a262adf468

Analysis

max time kernel
123s
max time network
143s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
26-03-2024 00:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eblagh.apk
Size

2.4MB
MD5

8384ef6b5dab233bc8e6b6bc66e2fef2
SHA1

397d93ed0bbc48dd45b0f4380f45d742fb0fa1c4
SHA256

f8055897862d1acb5f223e2590480d3611d27211f42a14095e3b61a262adf468
SHA512

e7305471f7e48dd07c0deb58a7d80eb09e74b6fee2f8d978a6c1044643b161d00c5aa6eccd9129731a32da588492a36e7b5a747bd10c3cfa9e439895d6ce2fb0
SSDEEP

49152:4oT4YaxL0WP0MRORIZuFJKCCPOFkLpvcKHmlGD+SKNl:pkYYQS00ORIUFaPOFRKGlA+SEl

Score

6^/10

evasion

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

remote.toprat

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	remote.toprat

Checks the presence of a debugger
evasion

remote.toprat
1⤵
- Acquires the wake lock
PID:4365

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/remote.toprat/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e897022b3642d869f2614281e00af43b

SHA1
a9df678aa31e7dfff8e2d79efc9e3f0dfeeb1252

SHA256
465cdd95ac30f5d779076e6eca7330a5fe7ac79f5e12d92ad66fe835cf47e2bc

SHA512
e5af3d2a5216a71b97c9379186bdf0c2e96ab126caff59dd17692aa5e86fd352ebf7541603cc1df7edc228bff1c6f065f3d67c87e3fb10e7e2bb39f739f9566f

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db

Filesize
16KB

MD5
49206d1e3637d4b7311708b7cc63f73a

SHA1
868dc0c0973f840907d2ce416af37a247f1e1ba2

SHA256
8860aff4122a3e65fc0d0f469cd799b0df3ff23c19cb50aa222fbdba33428007

SHA512
e90e922161b9ba1156c79293bde5b962d033511b5551868ddeae2be5d610990ca10eda534761fad81dbb7cfa4e8f44a9db139d2888ba614fba49c8522fde6e7e

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8b90fa8ac9cd7ec0f3d7e1cc4f6566e3

SHA1
5a2889443be54efbc6135fe8474164a398cbe2de

SHA256
bb95ae2206e6aa87e744a6cb781717e3e734ed33ed8f7c6d408839a7ede596f3

SHA512
16bb178dd960bfaaf74e604e457ab615f0e7fa67f861e45c164c3b51d9c9147227c84acff1ab15f4a777ca56d68a5eebb83380c7a8d737e3c926b6129f7c2c5b

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c0065adb5c3a48a29f4182e47d6255db

SHA1
56e6d5973deed919afff0d5b5c0ac8f405f89bc8

SHA256
2ce953398531c608140b4cd634a85253fe3eb6854f811a0e9c00f4c2760cb54f

SHA512
d6a477c6909f8000d5a6f891cb6435ef9836102a7edaef1c75298d565bee027806b9c3c12a34e204b6bd74f53b20289504ec1bb2abaf2cf9cf446afc9c3d3077

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db

Filesize
16KB

MD5
de82e2c94d2718988804b035a46d17b1

SHA1
705f5ff19093ad209f2a666085d6ccaed3bf58a4

SHA256
29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39

SHA512
68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
0331fe356c950c886c7158e9842dc18e

SHA1
7337bb4ed63fc7910c61ce1d0de0e436973a831e

SHA256
ae4cb682bbe4721f20c6425a017518b961c317ca68b836ab0ba7a5fabd42f1c6

SHA512
51d4433da904bd52bbc66e68f301024f3c8fe258f83e2d78e3f7031d43a6d4925070380fbdb5560eeacaa401f0ad99974dcffe49ca996bd9e433efdf7f60cf39

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a6eadde8f22d1d7b73b7bea15ef6caa5

SHA1
ccdab7238cc5f9b3bb9f4ff1106ac61f070e5795

SHA256
629baa21547086cd1097f139ecd24bd3a6f34eb943f2ca8e8586c87cf896f4ee

SHA512
d50e2246804f4241733c0e4b614b788561bc7ccc296816013dfbbc0d7633cdb2cfd0d59faa49db73a6cfe3a7554b39af1a6a9912290e1aaf00ac971e7d6300c9

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ac5d4bea01e4c8c482291b79bfa66e86

SHA1
c8dff0d72dd181b140af2e76e916573287107e7c

SHA256
4a57d5438ddae8f2bd523f731bd54e24a3511869bfc108b02f4734710e9144ea

SHA512
6d5aba785a78f19db13cc46d4ec53e7bafdc4f41b44f0affb955a2070e7ee33b1b80717355e8515472460f5668d3a78cf95cf789ec8659148b1a805179628736

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
76a8767c6eb920d0bd85819fe838ef62

SHA1
36ea78a10c9016fedd657d86318401e4b31f5997

SHA256
cd8d6dce40b74d8d2c7cf2d4c582e0412b289d01b01b1dbf2128056a252f5f2b

SHA512
e0dc8f510969c4e803511029de8165ee1d25f0b14f5ac10a41d32d31f70d52377e7793c6ff43bfcb39c865cb93f26adb6624f579dfd6f05b641fa43d417b4d1f

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5f665eac0f6cc91f671a96eeb084c398

SHA1
5e6280733b780abfd05e999e1748887efa0a5886

SHA256
258faf1cf2cce91c020fbfe755be1ce2b216709a718d3c554c1716421b6c4189

SHA512
7558bea9fce82b087a1c007d3b24b9b9b9e933538c33a69acd7e2489605a0e48e5aa567ff387422a8b4bb2744518a7a895fa5718456f36dc09b0563fecf4018d

Download Submit
/data/data/remote.toprat/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
7cc6fe2c83246a5f6a8f6e91911de449

SHA1
9a28a28248546cf1c9bf65c7eaef89a535290602

SHA256
d531d576105f527023b89935518a10111d16ad4cab4d031ea8c9f53835b6e47c

SHA512
4cd313ab14ca26f8b86376c51c5c3f24c9c4f5653d23253688a8c2d5024dcc988b154c8878324fd98dd96b3ef0d87586dec26fe481274440a7da7cfbfe4fcdd0

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66021BE90204-0001-110D-E9257D059ADABeginSession.cls_temp

Filesize
77B

MD5
aaf107df5d46e663a5e3db69c6b24df5

SHA1
d11be4968e18cf3376bdeca3ad01a31387d89d61

SHA256
d856d6e3e7c4711d345ac6dc9f28cc01807b0c3ba2fd1df546d77b70ac458002

SHA512
2ec06b28b53bef425f23f2f60db99754995a06683647817a1aa9a2eac64e1e20aa8c4a21cca4bd9f351d00d5937c1ecc680a39c4d634c72d00894efd17d91ce7

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66021BE90204-0001-110D-E9257D059ADABeginSession.json

Filesize
132B

MD5
045447df5f46f3691578152d93dbc6e8

SHA1
290a26df6039c6a27306623e11779fecc8a61aef

SHA256
67e40043a15cb627be3ff660da791ce74194a8c5078c11ad52f63e7c2e323297

SHA512
f3644fda698f4c8c8d1e035478ffaf0e14d76889226f000c509d1a3fb7e6d18f5b8b4ae2003206ed0658ae21f917e7530f83eb2f48ddb178df55dd2bf9fcd008

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66021BE90204-0001-110D-E9257D059ADASessionApp.cls_temp

Filesize
105B

MD5
1ecd7ad87faafda4ed67644a1e082664

SHA1
1c51de45d08d6ef177d30b23162ba50e4e87968d

SHA256
1f22262459000c0fdb8cd48d149b254892cce13f2b219ffd1eb7270b8257b52c

SHA512
43583f8cd25f084f2e4c74c3a46378bfd81a112f77f4a68afc1f6790d306afc4595a1341ae411afbedc3658f5d7a375681b69947a0cdd251c5ae4a45d939a973

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66021BE90204-0001-110D-E9257D059ADASessionApp.json

Filesize
219B

MD5
22d9ae245db73ac6a6bc9aeae03c2097

SHA1
1aa090b4ea80baa547813f7e1cd962b124994514

SHA256
e911271f15ded9af0d21a65023b6115f52f84d86fbe6640c1678ded5cabb45c9

SHA512
57a7d681220dba9c349412eec2742f65a31bf9f3e9a55e6dad7e2a2ef7eb19db038158258f4d0363e4a5328b23c5463cf6e2ebbc04660594225af839d66f7c88

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66021BE90204-0001-110D-E9257D059ADASessionDevice.cls_temp

Filesize
48B

MD5
fd6372364a5c5c9cf8945ac3ea7a5d94

SHA1
3c798cab71f6ae7a81e71e58712368231230588a

SHA256
7400bf714ca32b64dd89440c9d5ace4e0115ddce44d169839e465df0e1638641

SHA512
a18b18d061dfd979bce1e0b769009668c322300e7174f51d2532e86dc6018769194507a106dd30b97317f8c1a7539d13a7baeab2900c1e00da7c74e899dab276

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66021BE90204-0001-110D-E9257D059ADASessionDevice.json

Filesize
202B

MD5
eeeb942571fa704cf8ae49731fbe9789

SHA1
b5989c4cb932ffc779ee25bb3f7bfb79cf720427

SHA256
78809f7ae96de01e3922b6d3a134c3f7e9a0cbdacef313f70e8d9345bf5fbd71

SHA512
71e55c16f9f8fc936f8607448916bbfa1ba233b7120b8676fe11552916ac4dd3e3a7b0f9c31e14048933c8bb9c9d6d630ab7d28389f31749640cc965b2636565

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66021BE90204-0001-110D-E9257D059ADASessionOS.cls_temp

Filesize
15B

MD5
b3d9541cc92a9153d14e5160f8d8c008

SHA1
2e1ac80eb381dd82a03795b682f92020348c0113

SHA256
1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d

SHA512
78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66021BE90204-0001-110D-E9257D059ADASessionOS.json

Filesize
55B

MD5
fc1dcee4e422d77e7fab7c08c8a41344

SHA1
d5340127e9d5f735b9d33b9dc61c772fb0e2dc15

SHA256
b843f05ed78cd137c272ba7f0ce8ede3aa853098a856863e51d5c223b58f21c7

SHA512
3ec07617e3e1008572f6f2528de9d4b827050cc5a7cf19a1604c961f9ec370ede6f5fd83bfcc252c0ee286fe244ee6734046ef1aa638dcfc689cd4407a6a8f61

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
395B

MD5
297c60887ecfd94a8e6d9b6afe42e338

SHA1
65467d52ad44d6f724608dc233cbd75f935a1027

SHA256
f97b56d0c3c326531196e45f0dbe2dd27dd15363041e3d5c82cffc66dc0a71d6

SHA512
10ce6abb5e286760e3b3500fea981bba22dfd8218df8c7898684b20d9a42ec2686c405f7747a26b941a5a78f9e0c86fcf31880c63b7ef8964c39b36aa13d9bee

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
775B

MD5
57fc9e41450c2e31ffb00d458157873b

SHA1
38b64ecae94e8f0f98dbcb490185d7c839a84fea

SHA256
f71ded5a1acd8e0aff3afb96cd326a525b287aabebb575dc1545ab5af6bb5982

SHA512
45a4b841583227497a0f2ae13c49c3ac0a81231f84b5c1ae74f344c6340455ab745b7bded7bd2b6f67dec942f504f5c9b661c994d84c13077962dce4b0277f53

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/remote.toprat/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_3e35f3e9-f20e-47cf-8f0d-78993f455710_1711414251993.tap

Filesize
326B

MD5
25534a25de6e1371969ee9f72aeaaed8

SHA1
9ebd09246eb849f67bcc5bb97a9be66ea4750558

SHA256
d1368d45f7eadc05a9f789366bbfc9d5ec0cbb66d1bdaebe314d9465a137a610

SHA512
403a45f35c68888ee2ab3d1fcdddc7b963452ca43fd87c2e7ddfbccefd93985a668dba71890728d464d5b4e43803e31689b3b4152bd0df9e23fbb0a26e6fdbb6

Download Submit
/data/data/remote.toprat/files/PersistedInstallation2909968077378460312tmp

Filesize
567B

MD5
362ef270354bd381ce70a9c4af05f498

SHA1
15f573dc8e083e00d476bb6d79c4f45a18685e06

SHA256
488a71249293209d53ed054f96daa906d09762a2edf1c5df9fbeda5a8138e03d

SHA512
eccf11b296481360f262fb6b70c1dd59a80df4922f0fec85428edf70f4985373990f5bb36dcbc38b917e7bf5a07c8b62da3322368e38c124742d6f2c9bac239f

Download Submit
/data/data/remote.toprat/files/PersistedInstallation6300470034137020858tmp

Filesize
90B

MD5
86c528e993c6c201b2191691a11aab2d

SHA1
e98b0bb24ac53e8e3f20fb76c73ce96dcc31469c

SHA256
81c80c47ade46044ba908309a6a979f4a47ffada65e2f79b94caabcdc117d2d9

SHA512
809868539260eb0c881c71bf294a284683e8051460a0678262f020b13e94df8dbc5569ba40f8961947c24af8357421c984ee8e2cea19f6652e50013e2604453e

Download Submit
/data/data/remote.toprat/files/devicetoken.txt

Filesize
163B

MD5
c40f9fda74234465bf8da81a89550c61

SHA1
582eedf070b23ef8243e7e34ca27a170adf171d0

SHA256
682b64f2b5aa9d33ce039aa24fc01fe5a66968cae665c00104773def8871c67a

SHA512
f9c831e7ff6cafad890cfa980c4a9366914fa44a4512698cf6c1e86b3dae42e7146d12560abedcefff8e7ede8664428d309e8b2056231c04483b2255d59cadae

Download Submit
/data/data/remote.toprat/files/starter.txt

Filesize
4B

MD5
b326b5062b2f0e69046810717534cb09

SHA1
5ffe533b830f08a0326348a9160afafc8ada44db

SHA256
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

SHA512
9120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de

Download Submit