52770b424a389e606b326221af03dbe770eac840d4f291f32df3deb6a4fc47db

Analysis

max time kernel
154s
max time network
143s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
22-04-2024 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app.apk
Size

1.9MB
MD5

946f4da12572cc7370be6ed6778f3854
SHA1

7f6f21471c160eda9af5dbb796a99b410b9bbee6
SHA256

52770b424a389e606b326221af03dbe770eac840d4f291f32df3deb6a4fc47db
SHA512

df753a7f17fb40b51de7e568857e68819c717c905982a17ade6e7d21a8453942daf6fd793c908adea318ebbdbe294198eb4150274bac6427106fd60d8998c807
SSDEEP

49152:k/EZL9zHbY+B0TXud1WB79IKrPWI5RAeuTvKC03T1dy15ltJv:yOL9DbY++Y1k75PFAeavl81dCJ

Score

7^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

Madsal_remote.com

description	ioc	Process
File opened for read	/proc/cpuinfo	Madsal_remote.com

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

Madsal_remote.com

description	ioc	Process
File opened for read	/proc/meminfo	Madsal_remote.com

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

Madsal_remote.com

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	Madsal_remote.com

Acquires the wake lock 1 IoCs

Processes:

Madsal_remote.com

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	Madsal_remote.com

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

Madsal_remote.com

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	Madsal_remote.com

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Madsal_remote.com
1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Checks if the internet connection is available
PID:4375

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/Madsal_remote.com/cache/1

Filesize
72B

MD5
3552ce81ee85bd2688b08ea0c8114319

SHA1
f10c395d901c1536f435d7e637cd80157e6adc05

SHA256
2c1b96a99df9fb5129405e5c735fc70bdf45d1f8d8d15c7bcc4d5bcff6802405

SHA512
7a13f17e62f82adff81011168110d7cb3092a2e45d2e3181ebdd00b9922306a3ca354f476a74a1c016ca5151716c753054e817b260035f2e31ed743d7fb43362

Download Submit
/data/data/Madsal_remote.com/cache/2

Filesize
16B

MD5
6a6663ca50638a0e14cddc3487ad0e23

SHA1
471387fc0a32aaa18bca39bac77f8dc2c97a97cb

SHA256
19bbfea39e6141139a50c6539688e28af96cafe3f7e296d07d08c4324dd16d92

SHA512
a69e6151d046d80698efb237d5df9e91f7cbd0e74df8d393f4ecb57ad365ed5d9ea633e19a28c1d6fdbe81bbfd7596848f589e630608406f922a424a2a9b49af

Download Submit
/data/data/Madsal_remote.com/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1599997b6f15d4d2e7fbd729efd07425

SHA1
5b7cf287e18fb24fdd97b6d552a85308fb71f219

SHA256
3eb297eee7a72437ef598a638625785fe1fce8e0d015895ebcf8b834d1f8379b

SHA512
1e3cc6cd9da5724bcc205d8f04a9e0c2460fcc0d6c7397c255fb521e21fbc51f00ef400cca0c0e6ce861902c62cae6844adad9c7c618faee5d5f289b4ef9c964

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7b94fd600e081ccfbb496a5104420159

SHA1
c287589dbc46820bce4a35a344a571e96d790d1c

SHA256
a4c9a5b2aec4510775827f0ea7c18463f760c72a063d2057900aa923e5205e1c

SHA512
c2e6c379012d57a0abbf56b6bdd1924ab8b580dd69a513b1142703ed5269995ff7712729957fce51a9b5c435bdb6d19d2536ff60c1226c48134a9c4ea6ea9fa5

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d0b82e513bd451b27bcbbf0b063e7da5

SHA1
bc7ad271c6944e6b975f67a898a5683e0f8850bc

SHA256
64739c9e3d7ce0f8a7bca38a5fbc8e91cd4b9c030791bcf71697d891107859dc

SHA512
6334cd03582b866d094db854b07e55a2fe31ffdb9b1edcd245ae65834998902a53e360ab02bb274e02ca0f9ea5394b8a080a465b5ffee927b6ec140ea584bcb6

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9f82b08221f1d29f168e921ab998add0

SHA1
a33d7bee1480596118c7d2aafe619dc36ef121dd

SHA256
0d9f2957e8a50b3adb00b7ef054152d427d0d88f0690f9d6e42664e10358008c

SHA512
d33d3873f74bfd3d2e3c1b24f53aca4f392c231fa04e82d3f764026e3806341ad3d9e515ae1e996e6203f8784cf40b391d459305399a1aa48c359874d8c0ce01

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
de82e2c94d2718988804b035a46d17b1

SHA1
705f5ff19093ad209f2a666085d6ccaed3bf58a4

SHA256
29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39

SHA512
68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
59b4cfe0b8dd4b667de6d11e63157e62

SHA1
395d19b8e9e77a1f20ee7b8a75e2447e179f3bfc

SHA256
e5bd3585356b4a544dbad936e0f0e18c3f01b5f33b1b45e1e2e50827d77e7e74

SHA512
42524cc30ff0b7178ddb52c7ae620ec6ecffa9bb7d2ce09e822f6e10db7b0c135df339d3467f2dba2b6fcd6b31a69bc66734a6918c0475138380af2f108b2208

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
fd26f23dd40bfe7b58877d5fd26ebb78

SHA1
a2eb50c97507dd056d0a5b676a96c20d5707ca41

SHA256
4abbd563895bcffed03a6837d164d6554c3f420a2cbb84466377916301d28f02

SHA512
3425b6a363169cb08cdd37957756b966a14e60f828dcc1d8f3eadd77b1ac165a773c5ee1c57d833fb1da2d0301a213933513800ce850a3bd142e293c5b54330e

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
72f49577e91204532af60a7565a3f745

SHA1
9bb12b3266d4f018294a02117e66e7dafde50917

SHA256
baa83c3336842fa05ef8fbb39a7f224cd61cad0bb3d5795d40b06b4cfe1a9d67

SHA512
6bd47da6da0530d23ec715e452d5c24a0f9d25f8c92fe7be3cffa69b2b2bb2de806810e79e11287ae5fedc8aecf5bd26b17a07dd9a0b4c9cf38892797265cebe

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
4e8d588ace260b94711b329dd2f1de73

SHA1
a5f38a5f0d7764b90f32c1bce5ab264f3d1fa801

SHA256
d5280b09fbb270bb79442fe282a7f1c012d4fc0e4fb76eb80e5bfa391ceb04a3

SHA512
868f074cff8f79ffd87c8d6b3b96b22c9419b1e98434e1986ab068941d34561a5e7c46eb0f070000fccc1698d27a758dcdefc9125e4bf76e6febe4394fde512d

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
654ef66ec2300de0d5373a18bb8cf457

SHA1
e1c765f5f56864728b4eaef7af2381d6b5087f48

SHA256
7498c6d9c2c76e239da5d2eb6a099d266199acb3f9c6c9ed69c94468ada91173

SHA512
20c4e692f84bb3aa8c8c9b79b1a0a3f56c04991c63b97570fe09e335840a0658a4664d734004f42a3daf7f0356317af7e007dc9a7446b1f7e9eaf61c1e75ebdf

Download Submit
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
8e856d8fea9cb058f10da9627b62e828

SHA1
4a44861d9d000ee16134f79f1d4690f00cd03b11

SHA256
9aed9badad28f41ff459bb7cb55d5401a301ec16c85d225671a835f32ca0326f

SHA512
449fa54769a2f1e1209e7cf9a87e25ffc614c5867ba3268c013ecc6aa87fab585ea0783f5549ae968767d20ae6dd42641bb760698079348d3a590aa2c17e7f49

Download Submit
/data/data/Madsal_remote.com/files/PersistedInstallation3318354442478648670tmp

Filesize
90B

MD5
eb93ff454836a858a1e1ed110139ae71

SHA1
55d9a06378e6248737ac352f89aff8c73df415e3

SHA256
dd0e6d52439094e8a0a8105227f115ea6b0976eb752494e8c62c5f78d07a4944

SHA512
26b7b5d4a02330eaa6e2fead1d594a4bde286ab8288906aa770012f4e13c5785434199ec9b9daace06afda12a0b40f97fa33008a39ed734b42990be9bad6e899

Download Submit
/data/data/Madsal_remote.com/files/PersistedInstallation3454723367750299374tmp

Filesize
564B

MD5
bef8ceb47479a430c8dc8d09e1369808

SHA1
5b95bf0a2b5d74659e85bfc2fb870f1dcd172dbd

SHA256
0bb29654aae179ad626f17260f3ec4be364df142143bc7e5a981a2832c6b21c1

SHA512
9a6d97f5d26c25c1b30ce0fe515075f8826f50d438fa83b84d8b50f3a48d6632ffe74a81f739161d62e4946fbb8f8c65d2afd8bdcb924d2f85ae84f03d7067d2

Download Submit