52770b424a389e606b326221af03dbe770eac840d4f291f32df3deb6a4fc47db

Analysis

max time kernel
154s
max time network
153s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
22-04-2024 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app.apk
Size

1.9MB
MD5

946f4da12572cc7370be6ed6778f3854
SHA1

7f6f21471c160eda9af5dbb796a99b410b9bbee6
SHA256

52770b424a389e606b326221af03dbe770eac840d4f291f32df3deb6a4fc47db
SHA512

df753a7f17fb40b51de7e568857e68819c717c905982a17ade6e7d21a8453942daf6fd793c908adea318ebbdbe294198eb4150274bac6427106fd60d8998c807
SSDEEP

49152:k/EZL9zHbY+B0TXud1WB79IKrPWI5RAeuTvKC03T1dy15ltJv:yOL9DbY++Y1k75PFAeavl81dCJ

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	Madsal_remote.com

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	Madsal_remote.com

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	Madsal_remote.com

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	Madsal_remote.com

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	Madsal_remote.com

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	Madsal_remote.com

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	Madsal_remote.com

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Madsal_remote.com
1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:5100

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/Madsal_remote.com/cache/1

Filesize
72B

MD5
3552ce81ee85bd2688b08ea0c8114319

SHA1
f10c395d901c1536f435d7e637cd80157e6adc05

SHA256
2c1b96a99df9fb5129405e5c735fc70bdf45d1f8d8d15c7bcc4d5bcff6802405

SHA512
7a13f17e62f82adff81011168110d7cb3092a2e45d2e3181ebdd00b9922306a3ca354f476a74a1c016ca5151716c753054e817b260035f2e31ed743d7fb43362

Download Submit
/data/data/Madsal_remote.com/cache/2

Filesize
16B

MD5
6a6663ca50638a0e14cddc3487ad0e23

SHA1
471387fc0a32aaa18bca39bac77f8dc2c97a97cb

SHA256
19bbfea39e6141139a50c6539688e28af96cafe3f7e296d07d08c4324dd16d92

SHA512
a69e6151d046d80698efb237d5df9e91f7cbd0e74df8d393f4ecb57ad365ed5d9ea633e19a28c1d6fdbe81bbfd7596848f589e630608406f922a424a2a9b49af

Download Submit
/data/data/Madsal_remote.com/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d3e5767faee7e7710e4bce596ef58443

SHA1
2770f9184cb344e73276fd0da41f625cea10b414

SHA256
a64a7afa3c10a0eaf83af5cba7b5394c143676dd57b6eb0643a206bcd5771e0f

SHA512
44b040e95f8dab7d896edc8d92cf122423a6924b5a07308f67ce15f97d6ae3cd2a3397cfa29b8f78c7a11919752a942a142f6303211dfec5a8cfefdd41cab3a2

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
cceeeb2f5816f7339066152b68c98648

SHA1
7d47f38647f8783cf18e1ce3544338f317fdc50a

SHA256
730815b2e5d99085d1f4a9a97128bba26142e580f2df2c95344b997eae909a44

SHA512
db408d8b4e62dbe1eee3a60d983753c37b524c0292f2fc8ac371367d5671293dcbcf15bbb2b5b79d1fcda24d6c2be9f9c521f35ff8990900d29f294fb785fcb2

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
115e2b660231c387598a0b85a5784e27

SHA1
0f6be445dd81322006ecd0a43d55ff8aaad8965f

SHA256
02afe96dd17f7232cd24a1634ec67ff99f7fc3678a1fedb1049bf86d4015d43b

SHA512
a0dc5da559dbc634a2c1564d12cf58bfbb0fb4cf2ec40e2e33a0cf3000f19e33dac806f05c8b0aace48cf43cec2dde16d5930636dd800393843d1f55b65c672e

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6729ed7b4650eaff0a93b83281a38d81

SHA1
cee54872dfd6712c87b8b9448e542bf76d857cb9

SHA256
f02dcc27d5a0dc83e83761220077c56fe7a1996c45925365a4cc5038b8f3b069

SHA512
14ff005c61aa2c9f20b456299041ecbc8e7978e7273ee31ce43166a0e20e83f80e85eb96805df4b1c5d0c05c1e06d85a2f70fca16a8ce206eda93f5a3c339b9d

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
72319974093fb2ebcf90373edef5c6c0

SHA1
c58f6b9bbac9095ede8b258c9f71b52d12b1062c

SHA256
59f7953ecab981a9c03a99785d162044ae7d31a872450ff3e0706ca4d38a9e39

SHA512
8b8497659bcb0da575b189ecb1960df09ba61f26a427258a77f1be6ca8781e724d780fe530a82a2cf1bc5342241b1021297049b69a826ddb6c04b237a6834992

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
e53d074c94c426a0a2adbf75dc211bec

SHA1
9a5191e4beec674ad0000f9fa1f96747455c82b5

SHA256
00a2914b591520c6e4967af723ddbb75714daba538d0b0e79510477c2f45f7b7

SHA512
6d33c1f0f7ff46912e6abe5c119000751daa73df52cd00ed06ccef6f58653e3f19a8bdaf986052f288ecd99ed09a960583952b1b174112a5c080cbcf33b4af70

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
93b73af9e9c5e2a0af70736711fea1ca

SHA1
a340c1ce17785d2c161867c0fa9be87eab59441a

SHA256
94a2d525a224205355b5e2627912b1e985b220dfcc5cf03a8211da90d1f80a51

SHA512
010cb5b47a629820d289250a34a4a51ddd91eb6a12e9379620871b2595379098534e613d5916fd61cbc0d549ef8f4c63098a07613ed495ce85f2733a821b07e8

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
57208eea9894e32a16a22fdc0b9d59db

SHA1
bc1d55d589be8db53aa1360b83330b558871e75d

SHA256
2c8afed694ba5f90cbb73b2992a9b8b3260a7d83c8aeb0eaa6a771328e3b5f45

SHA512
d17e50b7f5d10ad473bfb179366a75766f48441b42bdb397b8fd828548cb6182486fa08e6090fb51279acac13fbbfda411c9681390547f173f5c7ec17313b9ab

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
a3f5aa5a8b8936aeff906969502ee393

SHA1
bb7bc4ab39e39911ff59cb194769a2339261b4bb

SHA256
217e4ba8c5b9c02502af187bd1adb7ab7cfd81771a6069d5c6ef61ec5a1528b3

SHA512
4d78d7cbbda33f88d821ed30a1e681f876957cfb61e9a9dc6e0af65c2fd1ee687188c73f2acbf248216dbc74785a493e11fffeef8bb9ce0df85cbe433cb6024e

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
4ca9d063a505b7932dbb0996199f09fd

SHA1
17de1ead40bd2ee46345e1a7308f76f6b76f4406

SHA256
36ed0fb338c05397e2e83b5ca8aacdd7b4ca8d0bfdd3a0bfd51a4c59c21cefab

SHA512
f7105d43c2f5f312a96aa1b3635fbd90e49e38023d1a7192a476063c7958e232127e3bc732eb83767a8e389ed82f62e5a9e37738507f1017cd5f25f4e59931cc

Download Submit
/data/data/Madsal_remote.com/files/PersistedInstallation1212232442979692838tmp

Filesize
566B

MD5
6bf40eff7f4f5ac69659dab6ac1adda9

SHA1
f16b02563f5261b5623b4f901ec7cfd9c11eb3d5

SHA256
fdbc8031298fec3ec51ca1760c221e66d791c2aae90062753dd7565a9ddf9796

SHA512
b6ae9ad256ed514b958a27fbfba1aaa3207e92f36bc39e98fc832d0f10e401d54108c9cfcd3b2503a4673e9978181682c460c55bbdc1b5ebc64c5e71c8e3dd30

Download Submit
/data/data/Madsal_remote.com/files/PersistedInstallation3670716544140901852tmp

Filesize
90B

MD5
4d96de833d0de5165c497b2a5ebd1457

SHA1
37ed8291d6a2845447484bd0df134764974b3456

SHA256
8307ad2d9718e187c734499dedbb995ba766c0d9495335af30a403515ee05dd7

SHA512
3b6e0c267b50bb25f6abfaf6647ea2fce4384272ebcafa56350976608dad67963a50635dd4c64ae9da77023f0b057aa6e3bb1e3201747886e48669570f6ad90f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads