52770b424a389e606b326221af03dbe770eac840d4f291f32df3deb6a4fc47db

Analysis

max time kernel
145s
max time network
133s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
22-04-2024 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app.apk
Size

1.9MB
MD5

946f4da12572cc7370be6ed6778f3854
SHA1

7f6f21471c160eda9af5dbb796a99b410b9bbee6
SHA256

52770b424a389e606b326221af03dbe770eac840d4f291f32df3deb6a4fc47db
SHA512

df753a7f17fb40b51de7e568857e68819c717c905982a17ade6e7d21a8453942daf6fd793c908adea318ebbdbe294198eb4150274bac6427106fd60d8998c807
SSDEEP

49152:k/EZL9zHbY+B0TXud1WB79IKrPWI5RAeuTvKC03T1dy15ltJv:yOL9DbY++Y1k75PFAeavl81dCJ

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

Madsal_remote.com

description	ioc	Process
File opened for read	/proc/cpuinfo	Madsal_remote.com

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

Madsal_remote.com

description	ioc	Process
File opened for read	/proc/meminfo	Madsal_remote.com

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

Madsal_remote.com

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	Madsal_remote.com

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

Madsal_remote.com

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	Madsal_remote.com

Acquires the wake lock 1 IoCs

Processes:

Madsal_remote.com

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	Madsal_remote.com

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

Madsal_remote.com

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	Madsal_remote.com

Madsal_remote.com
1⤵
- Checks CPU information
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4277
- ping -c 2 -W 10 -v google.com
  2⤵
  PID:4325

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/Madsal_remote.com/cache/1

Filesize
72B

MD5
3552ce81ee85bd2688b08ea0c8114319

SHA1
f10c395d901c1536f435d7e637cd80157e6adc05

SHA256
2c1b96a99df9fb5129405e5c735fc70bdf45d1f8d8d15c7bcc4d5bcff6802405

SHA512
7a13f17e62f82adff81011168110d7cb3092a2e45d2e3181ebdd00b9922306a3ca354f476a74a1c016ca5151716c753054e817b260035f2e31ed743d7fb43362

Download Submit
/data/data/Madsal_remote.com/cache/2

Filesize
16B

MD5
6a6663ca50638a0e14cddc3487ad0e23

SHA1
471387fc0a32aaa18bca39bac77f8dc2c97a97cb

SHA256
19bbfea39e6141139a50c6539688e28af96cafe3f7e296d07d08c4324dd16d92

SHA512
a69e6151d046d80698efb237d5df9e91f7cbd0e74df8d393f4ecb57ad365ed5d9ea633e19a28c1d6fdbe81bbfd7596848f589e630608406f922a424a2a9b49af

Download Submit
/data/data/Madsal_remote.com/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6b9567a35f6023e8a9883825b6ad1f38

SHA1
06397b780abaeaab0c06a32e18a0e448a2842ac4

SHA256
3bdf5d2e542e20e0bee8c822cd09d79eddd44543fa79ccc0547bdc2f97114e6c

SHA512
526a9cae2efc6aa72fba24cb3ce421fa107030bc99c82761713342a7b61d19a9d1bd5b419d2e6a1f3ca87b8dc46cac88a19d03485ca9bb8096ae8c4630cce3e7

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
258ed70a54d4ee22cf0e656f1473fdb0

SHA1
e98bc87757306c2c2fd6cb58d5b86f4753029b82

SHA256
fc8b3000609b665ce17982a8225637e91faead107633eb361ba8162c717a5f51

SHA512
28c0e81f86cc7d316e0d6d8f1612e08f7e34fb48ac920b70aed43a8b11388c47168cb79aeba90f4567ae3f48398206571d3f526c6c7dbb644b6176e1e63a4afa

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b6d1636b07615b4a3936db00bc1bed32

SHA1
8266e2196705cff6687b9a78d9ba7d4ee16ea32e

SHA256
1f1820ac74308118dd29937a5e37f72813322db81f0f6eee1c0ccdd6557da681

SHA512
27eeed07d6641887ce6f24286aa37368134ea8f70a3245e5d813990ba7917bc4d6c4129e1c85d10a07a598eee3d8991b3b87a04082202fee54d330e6c0d5bb36

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c9121276abb19e1a1326dffdcdd52bd6

SHA1
60af70684bcf5b0b93455dfc9d02e6d9c456d4d6

SHA256
4c5dbd733d80634aa59cfdb23beaebc84db61084960dca93d3ca7bf313ada462

SHA512
183a879397ef3c4c6d0ce0168d86f9325d96c36ec4dc3dbd504df88adafe90422eed5a73805347afe3df8d4c6a58c5c847bcacd8516d13bb4ff648a172651ad0

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3e881d9a01ca707bed38018ac69f4518

SHA1
5820f9351d7cc8082de6e5686eb9f8fedf6fb830

SHA256
4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c

SHA512
8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
10979ac70fd2e614b8f3f8fb8e0e14a2

SHA1
e8fc638a0b615d9d1815e526460ffaa845eebeb1

SHA256
719d82476c96de89dd0eb6abde549a7bf619ee7745a60e9f0dce35f0cff05758

SHA512
1e2a4934039c81b649eacd8758e49e90130d005a6498058c79fcd0352d07b336481e394a26bdccfc1be335a9bd422cd9e25fa8b6c55014c245bb1e69ed22213a

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
177186e6cea0408763f30ba66cf0c644

SHA1
577308a39f521d8bb50dcc56e6763a2bf95b2904

SHA256
75c0bf7d682a4a7d00c9ecea1f4bb5b17738356f9300daad445280a372dd8276

SHA512
1fcaf13c4b5f11dbcaa3c65c6f86cbec790be2f63c3d7f6f31f0e18bd99f53c88a6f403fca0a01b6ca3fb1e13783f2e88d4fafb3ad4a6ed9ff777b9883cd6af9

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
559647df7aa7c60bc62a6a58ca2b9198

SHA1
f85b3d0c79198fcfdfb2aa5428a1d654a43de4de

SHA256
0697d52ac812a93e303bd6ee158cc7f17131811a91dbe542b9a82093f2e06a87

SHA512
a95485dbd6428c9ea1eda3fad4bf4ea0e04e7baad409003e153abfd5d394b2e0b79bfa45d3f12eb8fee094fe96099c99abfebb099a02c29412de4008e6271d2f

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
9acad2e5fe98716e0887bc2e124ae2d7

SHA1
52752175def222faf18fc11b661486de0f5b64a5

SHA256
9a7dc3bc5d8820b35e058d69d17b336a887cae8af1bcac3de2ed761e13338650

SHA512
f2e78b092c11483f503d9c3005bd5642f78882dc10ce71508a0588628caf400f5a49df5a2802e4253a2e4241c8ff50ec353749982b432b1b4c8ff316c7e62611

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
3284bdb2e53320bd829aea824a96b6f3

SHA1
b562c143433b350723efb43fc91645f579afeb09

SHA256
b0a2514a2e56a37583fe02a8c951e2b720dc27a2eaed42436c34cd30058bfe24

SHA512
14081dcdfe38508360332fe3201cf563d1d30d4f2a7ae6fb8954386fa7199b44aeec5a5003048dd47565b86bc6df19711b88ea0a45ca9646f13f32321df98870

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e8ddcbe376c8c1993a22cbff6cea7d29

SHA1
302718d9104efc9c9574e277b060d3315cf6e082

SHA256
1672a575a4e00b0cb89a345f5165c1f05ec1379442e2a273494f8cd7283956d8

SHA512
f1f05914611857a7ce2d43ea876bfb53a32360a927a0e0f08ec166fef50c0bf1d1ca17185445648c2c49ee6c84a8c0fe66ec6a75e53dd5b4bfd65ae332fb99fa

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
6eddb0c7efc54b7ebf96ce869eef9e91

SHA1
c431288788069fb9648a5dc2f1ac804e9e495fe6

SHA256
c5dc1bcab3d37a8a5afac93b00f08e5ac9f526380d3822a3966d7b510f31cf7c

SHA512
d7dbddb3617e88e93249a67f882e7bc4359638f1a3edf1152f4c14399ed1f3e57764ac0f2b0a8fe52e83d713a3780385d360c655c9d6051212c1a7a5da4e412d

Download Submit
/data/data/Madsal_remote.com/files/PersistedInstallation4987363225769025607tmp

Filesize
90B

MD5
3ece3c0f669b35575ae5c188973a8b02

SHA1
22a75185f30d5063836424a9e084e50937138bf6

SHA256
06f497f0f50a5a3104467a719d29fd39d7907a91f1718ba5684061a17ec373f6

SHA512
e6c92d47683aee3d6ddb685a76209bb68db8276139b08e8053c0dbb732d87a9f66a4ff1d5c358cc95c29231c4350a5ec7e53bd824ed2537cf3f4d1a249d2b7d5

Download Submit
/data/data/Madsal_remote.com/files/PersistedInstallation969548162576704515tmp

Filesize
566B

MD5
71ddcb369faa44e98c3c1af667665521

SHA1
041b4c2971230cc797ae1de91c16cc1e3e2baf73

SHA256
5ac91b0da28b5f437353f31d4ff3bf7e03bf11eecb9dd795572fe6c4047f4f60

SHA512
7d45cc30c9f77113595fe39cf873efd0de944765a8f035b116f480340637dc2805ad6a5dab9bcb0c7af774de8daba3a4789c8550b2e0f94be775e381367b8383

Download Submit