Analysis Overview
SHA256
52770b424a389e606b326221af03dbe770eac840d4f291f32df3deb6a4fc47db
Threat Level: Known bad
The file app.apk was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Queries the mobile country code (MCC)
Obtains sensitive information copied to the device clipboard
Checks CPU information
Checks memory information
Registers a broadcast receiver at runtime (usually for listening for system events)
Reads information about phone network operator.
Requests dangerous framework permissions
Acquires the wake lock
Checks if the internet connection is available
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-04-22 22:04
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-22 22:04
Reported
2024-04-22 22:07
Platform
android-x86-arm-20240221-en
Max time kernel
145s
Max time network
133s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
Madsal_remote.com
ping -c 2 -W 10 -v google.com
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | google.com | udp |
| US | 1.1.1.1:53 | 238.187.250.142.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | my-admin-sql.org | udp |
| NL | 185.11.145.145:443 | my-admin-sql.org | tcp |
| NL | 185.11.145.145:443 | my-admin-sql.org | tcp |
| US | 1.1.1.1:53 | tech-1.org | udp |
| NL | 185.11.145.254:443 | tech-1.org | tcp |
| US | 1.1.1.1:53 | maxcdn.bootstrapcdn.com | udp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| NL | 185.11.145.254:443 | tech-1.org | tcp |
| NL | 185.11.145.254:443 | tech-1.org | tcp |
| NL | 185.11.145.254:443 | tech-1.org | tcp |
| NL | 185.11.145.254:443 | tech-1.org | tcp |
| NL | 185.11.145.254:443 | tech-1.org | tcp |
Files
/data/data/Madsal_remote.com/files/PersistedInstallation4987363225769025607tmp
| MD5 | 3ece3c0f669b35575ae5c188973a8b02 |
| SHA1 | 22a75185f30d5063836424a9e084e50937138bf6 |
| SHA256 | 06f497f0f50a5a3104467a719d29fd39d7907a91f1718ba5684061a17ec373f6 |
| SHA512 | e6c92d47683aee3d6ddb685a76209bb68db8276139b08e8053c0dbb732d87a9f66a4ff1d5c358cc95c29231c4350a5ec7e53bd824ed2537cf3f4d1a249d2b7d5 |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal
| MD5 | 10979ac70fd2e614b8f3f8fb8e0e14a2 |
| SHA1 | e8fc638a0b615d9d1815e526460ffaa845eebeb1 |
| SHA256 | 719d82476c96de89dd0eb6abde549a7bf619ee7745a60e9f0dce35f0cff05758 |
| SHA512 | 1e2a4934039c81b649eacd8758e49e90130d005a6498058c79fcd0352d07b336481e394a26bdccfc1be335a9bd422cd9e25fa8b6c55014c245bb1e69ed22213a |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db
| MD5 | 7237409e0640cfab7bdbd429bf821a3b |
| SHA1 | 4c3da934842f8d4835dfe2a9c275a300e5123309 |
| SHA256 | 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa |
| SHA512 | c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-wal
| MD5 | 6eddb0c7efc54b7ebf96ce869eef9e91 |
| SHA1 | c431288788069fb9648a5dc2f1ac804e9e495fe6 |
| SHA256 | c5dc1bcab3d37a8a5afac93b00f08e5ac9f526380d3822a3966d7b510f31cf7c |
| SHA512 | d7dbddb3617e88e93249a67f882e7bc4359638f1a3edf1152f4c14399ed1f3e57764ac0f2b0a8fe52e83d713a3780385d360c655c9d6051212c1a7a5da4e412d |
/data/data/Madsal_remote.com/files/PersistedInstallation969548162576704515tmp
| MD5 | 71ddcb369faa44e98c3c1af667665521 |
| SHA1 | 041b4c2971230cc797ae1de91c16cc1e3e2baf73 |
| SHA256 | 5ac91b0da28b5f437353f31d4ff3bf7e03bf11eecb9dd795572fe6c4047f4f60 |
| SHA512 | 7d45cc30c9f77113595fe39cf873efd0de944765a8f035b116f480340637dc2805ad6a5dab9bcb0c7af774de8daba3a4789c8550b2e0f94be775e381367b8383 |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-wal
| MD5 | 177186e6cea0408763f30ba66cf0c644 |
| SHA1 | 577308a39f521d8bb50dcc56e6763a2bf95b2904 |
| SHA256 | 75c0bf7d682a4a7d00c9ecea1f4bb5b17738356f9300daad445280a372dd8276 |
| SHA512 | 1fcaf13c4b5f11dbcaa3c65c6f86cbec790be2f63c3d7f6f31f0e18bd99f53c88a6f403fca0a01b6ca3fb1e13783f2e88d4fafb3ad4a6ed9ff777b9883cd6af9 |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db
| MD5 | 6b9567a35f6023e8a9883825b6ad1f38 |
| SHA1 | 06397b780abaeaab0c06a32e18a0e448a2842ac4 |
| SHA256 | 3bdf5d2e542e20e0bee8c822cd09d79eddd44543fa79ccc0547bdc2f97114e6c |
| SHA512 | 526a9cae2efc6aa72fba24cb3ce421fa107030bc99c82761713342a7b61d19a9d1bd5b419d2e6a1f3ca87b8dc46cac88a19d03485ca9bb8096ae8c4630cce3e7 |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-wal
| MD5 | 559647df7aa7c60bc62a6a58ca2b9198 |
| SHA1 | f85b3d0c79198fcfdfb2aa5428a1d654a43de4de |
| SHA256 | 0697d52ac812a93e303bd6ee158cc7f17131811a91dbe542b9a82093f2e06a87 |
| SHA512 | a95485dbd6428c9ea1eda3fad4bf4ea0e04e7baad409003e153abfd5d394b2e0b79bfa45d3f12eb8fee094fe96099c99abfebb099a02c29412de4008e6271d2f |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db
| MD5 | 258ed70a54d4ee22cf0e656f1473fdb0 |
| SHA1 | e98bc87757306c2c2fd6cb58d5b86f4753029b82 |
| SHA256 | fc8b3000609b665ce17982a8225637e91faead107633eb361ba8162c717a5f51 |
| SHA512 | 28c0e81f86cc7d316e0d6d8f1612e08f7e34fb48ac920b70aed43a8b11388c47168cb79aeba90f4567ae3f48398206571d3f526c6c7dbb644b6176e1e63a4afa |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-wal
| MD5 | 9acad2e5fe98716e0887bc2e124ae2d7 |
| SHA1 | 52752175def222faf18fc11b661486de0f5b64a5 |
| SHA256 | 9a7dc3bc5d8820b35e058d69d17b336a887cae8af1bcac3de2ed761e13338650 |
| SHA512 | f2e78b092c11483f503d9c3005bd5642f78882dc10ce71508a0588628caf400f5a49df5a2802e4253a2e4241c8ff50ec353749982b432b1b4c8ff316c7e62611 |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db
| MD5 | b6d1636b07615b4a3936db00bc1bed32 |
| SHA1 | 8266e2196705cff6687b9a78d9ba7d4ee16ea32e |
| SHA256 | 1f1820ac74308118dd29937a5e37f72813322db81f0f6eee1c0ccdd6557da681 |
| SHA512 | 27eeed07d6641887ce6f24286aa37368134ea8f70a3245e5d813990ba7917bc4d6c4129e1c85d10a07a598eee3d8991b3b87a04082202fee54d330e6c0d5bb36 |
/data/data/Madsal_remote.com/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-wal
| MD5 | 3284bdb2e53320bd829aea824a96b6f3 |
| SHA1 | b562c143433b350723efb43fc91645f579afeb09 |
| SHA256 | b0a2514a2e56a37583fe02a8c951e2b720dc27a2eaed42436c34cd30058bfe24 |
| SHA512 | 14081dcdfe38508360332fe3201cf563d1d30d4f2a7ae6fb8954386fa7199b44aeec5a5003048dd47565b86bc6df19711b88ea0a45ca9646f13f32321df98870 |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db
| MD5 | c9121276abb19e1a1326dffdcdd52bd6 |
| SHA1 | 60af70684bcf5b0b93455dfc9d02e6d9c456d4d6 |
| SHA256 | 4c5dbd733d80634aa59cfdb23beaebc84db61084960dca93d3ca7bf313ada462 |
| SHA512 | 183a879397ef3c4c6d0ce0168d86f9325d96c36ec4dc3dbd504df88adafe90422eed5a73805347afe3df8d4c6a58c5c847bcacd8516d13bb4ff648a172651ad0 |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-wal
| MD5 | e8ddcbe376c8c1993a22cbff6cea7d29 |
| SHA1 | 302718d9104efc9c9574e277b060d3315cf6e082 |
| SHA256 | 1672a575a4e00b0cb89a345f5165c1f05ec1379442e2a273494f8cd7283956d8 |
| SHA512 | f1f05914611857a7ce2d43ea876bfb53a32360a927a0e0f08ec166fef50c0bf1d1ca17185445648c2c49ee6c84a8c0fe66ec6a75e53dd5b4bfd65ae332fb99fa |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db
| MD5 | 3e881d9a01ca707bed38018ac69f4518 |
| SHA1 | 5820f9351d7cc8082de6e5686eb9f8fedf6fb830 |
| SHA256 | 4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c |
| SHA512 | 8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8 |
/data/data/Madsal_remote.com/cache/1
| MD5 | 3552ce81ee85bd2688b08ea0c8114319 |
| SHA1 | f10c395d901c1536f435d7e637cd80157e6adc05 |
| SHA256 | 2c1b96a99df9fb5129405e5c735fc70bdf45d1f8d8d15c7bcc4d5bcff6802405 |
| SHA512 | 7a13f17e62f82adff81011168110d7cb3092a2e45d2e3181ebdd00b9922306a3ca354f476a74a1c016ca5151716c753054e817b260035f2e31ed743d7fb43362 |
/data/data/Madsal_remote.com/cache/2
| MD5 | 6a6663ca50638a0e14cddc3487ad0e23 |
| SHA1 | 471387fc0a32aaa18bca39bac77f8dc2c97a97cb |
| SHA256 | 19bbfea39e6141139a50c6539688e28af96cafe3f7e296d07d08c4324dd16d92 |
| SHA512 | a69e6151d046d80698efb237d5df9e91f7cbd0e74df8d393f4ecb57ad365ed5d9ea633e19a28c1d6fdbe81bbfd7596848f589e630608406f922a424a2a9b49af |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-22 22:04
Reported
2024-04-22 22:07
Platform
android-x64-20240221-en
Max time kernel
155s
Max time network
154s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
Madsal_remote.com
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | google.com | udp |
| US | 1.1.1.1:53 | 78.204.58.216.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | my-admin-sql.org | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| NL | 185.11.145.145:443 | my-admin-sql.org | tcp |
| NL | 185.11.145.145:443 | my-admin-sql.org | tcp |
| US | 1.1.1.1:53 | tech-1.org | udp |
| NL | 185.11.145.254:443 | tech-1.org | tcp |
| US | 1.1.1.1:53 | maxcdn.bootstrapcdn.com | udp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| NL | 185.11.145.254:443 | tech-1.org | tcp |
| NL | 185.11.145.254:443 | tech-1.org | tcp |
| NL | 185.11.145.254:443 | tech-1.org | tcp |
| NL | 185.11.145.254:443 | tech-1.org | tcp |
| NL | 185.11.145.254:443 | tech-1.org | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 216.58.204.66:443 | tcp | |
| GB | 142.250.180.14:443 | tcp |
Files
/data/data/Madsal_remote.com/files/PersistedInstallation3617454037842462022tmp
| MD5 | eacbb5c7269f22d1fdd67d4ca3b4fd10 |
| SHA1 | 705fdad3c78946a3d24a5c1cf307892442eee3cf |
| SHA256 | b0721a3532d20dae7454568b567dc3c71efc2d62bf6ce0260897729281441fdc |
| SHA512 | a455f5d6ed99491dd9b1138470a98c68bd8fc2818f0f28f8a781843ab8424f2987363a7301d63d07c828ae12a4e207aae228a30bee50514e240be3896c5193ac |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal
| MD5 | ad04ff484243094a7dd621d46330d6da |
| SHA1 | 14433ece38d81db4ee0e63770351a016bfebb1d0 |
| SHA256 | 1869cef26b37881f7b3b41b0690e0b1f64ab9e3e72c1e5385d3f5831a2a9303a |
| SHA512 | 1530f5d66e8f6b210d51b15e722fec85cdd9b669707d5ed4babfa1d458a34dba22f836ea306d5d2d01e9158d70078b25c58c121d677767cfb46433501c618fff |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db
| MD5 | eb52a90bb70b76e946b62f50b6f7fb85 |
| SHA1 | 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0 |
| SHA256 | 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4 |
| SHA512 | b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal
| MD5 | 07a0574395aea07800af622b43f1bc51 |
| SHA1 | 43aa13de94fb817070391fe9037c75f8af9d24c2 |
| SHA256 | 5312222d8b86c4c24b414b7f29e8227245b9d8cfc6b7ce3274d48b6d32e83099 |
| SHA512 | e7c4cf896f0dfb6943e549bca051adbdb1467bd8cab851f2e35447917e105655acb877a5e16e3705f5762404dad645eb6c4c651ce0b8e75cb13535bbdc9a1c71 |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal
| MD5 | bd94cd7734e8f0e59f599426aa06b3a4 |
| SHA1 | eb6a67988a7b579c867ac2b7affc2c96195db716 |
| SHA256 | 74733971d949dc9683973353370923947aaab4cafa5f6a18fa4a71cfc39aa6c4 |
| SHA512 | a1d9a4b8f9bd9973c56770a7836ef7821c55f6c2fca6f18d178cfbfe9c6763fd8ece704d087f6d688008d79a4436cfcfbc6d93a1d83b549ba4f05104f049b854 |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal
| MD5 | f1eea267820f2245228a09c18e6704db |
| SHA1 | 65af99faa7429da1824b0f8486130d935d895f4d |
| SHA256 | c176b8004cb33fc7f15fda471d4c25606c3b1397cd386692d52cacffb663807a |
| SHA512 | f2a0fe2cd7ae309b952c51b3acdb114febc00deb0aa41316a2de877f8b29b1dda3e994d9d730dae6e9466a94ede834ae70318a9e5ea91904aec9d0b1384e2849 |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal
| MD5 | 827e5e2d3f5c658d83d5171a641ce1d5 |
| SHA1 | 183d86ddb06143f4d0a0e43a4cb238accb0eb2f9 |
| SHA256 | 9511904631564ca539af73be9ea06fcf52ee449847ccd7eaa43178a513624cc7 |
| SHA512 | 78d6bbd253231674f9aa9e1e7d907b62110b0866f2928cea79e8cec305425d997f20a1961b614f1e698de03ff095e6895db4ae7d54a7a04742339bc9ba4b8e0d |
/data/data/Madsal_remote.com/files/PersistedInstallation9218671858125812045tmp
| MD5 | 559e624a5356d1c181a420492380d596 |
| SHA1 | b8a8afe98f0e883f54eac7cf77c27ad63a3f323a |
| SHA256 | d4019e61d0e0eb41b0dee3321e781052b1967f57015d03bbe39189007bb73e19 |
| SHA512 | 0596b7fdd5d004be08bfa0c4d8f0b4a1f392e9c75d7c582b019582d8a334f0e82a65c1ca1d838823557d994de9e136af238c73b0df6c213b982b76a94c774783 |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal
| MD5 | 934e7cb60559b1df485532b922eb1f1e |
| SHA1 | e3ad6199116af9344c24fd7699d80f132dd48b36 |
| SHA256 | f1696cf2876f5b128c7b156c7cc9e26d114032d2ae245da5531d09728667d51e |
| SHA512 | fd9fdad63195183e7b76c80532b27db6b062c7cb705a15437943403c04666e520069d1c93babcc6fdd7cfacd7e3f6d2c577c1431da513da0b27dc20d9bc17bdd |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db
| MD5 | 42910e4e5c4db5650496d0b19194772d |
| SHA1 | 2a9e73916ba9553968a4ba87f7004e39d96a00e4 |
| SHA256 | f5f1228bea8fc5a4330109cab02ba0ed14749f7e97f37af8da49fa72accd3ae9 |
| SHA512 | cf9feb0449af7d7842d29daeb35a22294ce47bf24cf1667f34cad93bab11d3d2ab649426c668f808b386d18d4bc50b668687790fafed389708e108e6c2b6310c |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db
| MD5 | 2a4a82ec131f53cc5bee84dfd5a015b5 |
| SHA1 | 10b7b1b2651bf24f119bd4ad63aba666d797fd53 |
| SHA256 | 2f20377942c56a9d5329b16a292f7bd5264e22ae8a37beb57976bac862f27e79 |
| SHA512 | 91b74b4f086294acf07cf30b977800b6c80e900b98e5ffa16496565ca0bd7da069a74f723384122af73baaf0ba616017527cbf6b077e34c6d2ad3dc108949e59 |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db
| MD5 | 1cc64eb75ebe19118b31193ea8d973a1 |
| SHA1 | 7671efbb211b07378aaba0f010c2a93bd7d46a40 |
| SHA256 | 27a33408ef3b36184fd094a77a4fc872d9499626b6f1570b83193a3499d6dc12 |
| SHA512 | 8d463f690cd4a6cc7059fe32561427d7aefe4dd11b2bc16f34b38db7a8789600cd9744e6ca342f34289e495636137cca69b966d8e1a0a670f6f02069b6330c1c |
/data/data/Madsal_remote.com/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db
| MD5 | 573a3a5dd544b50c01b419a8ddf41da5 |
| SHA1 | a731c192e1994200fcdf3fb883319facffa1ec58 |
| SHA256 | 7625758d5d9bbf90160c01d69c9e069dab058e8b3717660e7c5e34fce4070469 |
| SHA512 | aad94e80687a07452939844bbcfd6e381da0b628349b64bc587459a284741e37070c2c608b2e30fae33c772ca5a7f19d06beac2f83fd0540e66695401db85c72 |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db
| MD5 | adf6082723784327d7d1b34adf974e7d |
| SHA1 | b1502f70eb881a1dfe41139cb719fefb877ee37c |
| SHA256 | 252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9 |
| SHA512 | 762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b |
/data/data/Madsal_remote.com/cache/1
| MD5 | 3552ce81ee85bd2688b08ea0c8114319 |
| SHA1 | f10c395d901c1536f435d7e637cd80157e6adc05 |
| SHA256 | 2c1b96a99df9fb5129405e5c735fc70bdf45d1f8d8d15c7bcc4d5bcff6802405 |
| SHA512 | 7a13f17e62f82adff81011168110d7cb3092a2e45d2e3181ebdd00b9922306a3ca354f476a74a1c016ca5151716c753054e817b260035f2e31ed743d7fb43362 |
/data/data/Madsal_remote.com/cache/2
| MD5 | 6a6663ca50638a0e14cddc3487ad0e23 |
| SHA1 | 471387fc0a32aaa18bca39bac77f8dc2c97a97cb |
| SHA256 | 19bbfea39e6141139a50c6539688e28af96cafe3f7e296d07d08c4324dd16d92 |
| SHA512 | a69e6151d046d80698efb237d5df9e91f7cbd0e74df8d393f4ecb57ad365ed5d9ea633e19a28c1d6fdbe81bbfd7596848f589e630608406f922a424a2a9b49af |
Analysis: behavioral3
Detonation Overview
Submitted
2024-04-22 22:04
Reported
2024-04-22 22:07
Platform
android-x64-arm64-20240221-en
Max time kernel
154s
Max time network
143s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Processes
Madsal_remote.com
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.238:443 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | google.com | udp |
| US | 1.1.1.1:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | my-admin-sql.org | udp |
| NL | 185.11.145.145:443 | my-admin-sql.org | tcp |
| NL | 185.11.145.145:443 | my-admin-sql.org | tcp |
| US | 1.1.1.1:53 | tech-1.org | udp |
| NL | 185.11.145.254:443 | tech-1.org | tcp |
| US | 1.1.1.1:53 | maxcdn.bootstrapcdn.com | udp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| NL | 185.11.145.254:443 | tech-1.org | tcp |
| NL | 185.11.145.254:443 | tech-1.org | tcp |
| NL | 185.11.145.254:443 | tech-1.org | tcp |
| NL | 185.11.145.254:443 | tech-1.org | tcp |
| NL | 185.11.145.254:443 | tech-1.org | tcp |
| NL | 185.11.145.254:443 | tech-1.org | tcp |
| GB | 172.217.169.4:443 | tcp | |
| GB | 172.217.169.4:443 | tcp |
Files
/data/data/Madsal_remote.com/files/PersistedInstallation3318354442478648670tmp
| MD5 | eb93ff454836a858a1e1ed110139ae71 |
| SHA1 | 55d9a06378e6248737ac352f89aff8c73df415e3 |
| SHA256 | dd0e6d52439094e8a0a8105227f115ea6b0976eb752494e8c62c5f78d07a4944 |
| SHA512 | 26b7b5d4a02330eaa6e2fead1d594a4bde286ab8288906aa770012f4e13c5785434199ec9b9daace06afda12a0b40f97fa33008a39ed734b42990be9bad6e899 |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal
| MD5 | 72f49577e91204532af60a7565a3f745 |
| SHA1 | 9bb12b3266d4f018294a02117e66e7dafde50917 |
| SHA256 | baa83c3336842fa05ef8fbb39a7f224cd61cad0bb3d5795d40b06b4cfe1a9d67 |
| SHA512 | 6bd47da6da0530d23ec715e452d5c24a0f9d25f8c92fe7be3cffa69b2b2bb2de806810e79e11287ae5fedc8aecf5bd26b17a07dd9a0b4c9cf38892797265cebe |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db
| MD5 | d9cf75fdd1c2292d986f6c3d5d60f2c8 |
| SHA1 | 07ecb1d3a26d952ae5fecf54f36699ab498510b1 |
| SHA256 | 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a |
| SHA512 | 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal
| MD5 | 4e8d588ace260b94711b329dd2f1de73 |
| SHA1 | a5f38a5f0d7764b90f32c1bce5ab264f3d1fa801 |
| SHA256 | d5280b09fbb270bb79442fe282a7f1c012d4fc0e4fb76eb80e5bfa391ceb04a3 |
| SHA512 | 868f074cff8f79ffd87c8d6b3b96b22c9419b1e98434e1986ab068941d34561a5e7c46eb0f070000fccc1698d27a758dcdefc9125e4bf76e6febe4394fde512d |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal
| MD5 | 654ef66ec2300de0d5373a18bb8cf457 |
| SHA1 | e1c765f5f56864728b4eaef7af2381d6b5087f48 |
| SHA256 | 7498c6d9c2c76e239da5d2eb6a099d266199acb3f9c6c9ed69c94468ada91173 |
| SHA512 | 20c4e692f84bb3aa8c8c9b79b1a0a3f56c04991c63b97570fe09e335840a0658a4664d734004f42a3daf7f0356317af7e007dc9a7446b1f7e9eaf61c1e75ebdf |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal
| MD5 | 8e856d8fea9cb058f10da9627b62e828 |
| SHA1 | 4a44861d9d000ee16134f79f1d4690f00cd03b11 |
| SHA256 | 9aed9badad28f41ff459bb7cb55d5401a301ec16c85d225671a835f32ca0326f |
| SHA512 | 449fa54769a2f1e1209e7cf9a87e25ffc614c5867ba3268c013ecc6aa87fab585ea0783f5549ae968767d20ae6dd42641bb760698079348d3a590aa2c17e7f49 |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal
| MD5 | 59b4cfe0b8dd4b667de6d11e63157e62 |
| SHA1 | 395d19b8e9e77a1f20ee7b8a75e2447e179f3bfc |
| SHA256 | e5bd3585356b4a544dbad936e0f0e18c3f01b5f33b1b45e1e2e50827d77e7e74 |
| SHA512 | 42524cc30ff0b7178ddb52c7ae620ec6ecffa9bb7d2ce09e822f6e10db7b0c135df339d3467f2dba2b6fcd6b31a69bc66734a6918c0475138380af2f108b2208 |
/data/data/Madsal_remote.com/files/PersistedInstallation3454723367750299374tmp
| MD5 | bef8ceb47479a430c8dc8d09e1369808 |
| SHA1 | 5b95bf0a2b5d74659e85bfc2fb870f1dcd172dbd |
| SHA256 | 0bb29654aae179ad626f17260f3ec4be364df142143bc7e5a981a2832c6b21c1 |
| SHA512 | 9a6d97f5d26c25c1b30ce0fe515075f8826f50d438fa83b84d8b50f3a48d6632ffe74a81f739161d62e4946fbb8f8c65d2afd8bdcb924d2f85ae84f03d7067d2 |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal
| MD5 | fd26f23dd40bfe7b58877d5fd26ebb78 |
| SHA1 | a2eb50c97507dd056d0a5b676a96c20d5707ca41 |
| SHA256 | 4abbd563895bcffed03a6837d164d6554c3f420a2cbb84466377916301d28f02 |
| SHA512 | 3425b6a363169cb08cdd37957756b966a14e60f828dcc1d8f3eadd77b1ac165a773c5ee1c57d833fb1da2d0301a213933513800ce850a3bd142e293c5b54330e |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db
| MD5 | 1599997b6f15d4d2e7fbd729efd07425 |
| SHA1 | 5b7cf287e18fb24fdd97b6d552a85308fb71f219 |
| SHA256 | 3eb297eee7a72437ef598a638625785fe1fce8e0d015895ebcf8b834d1f8379b |
| SHA512 | 1e3cc6cd9da5724bcc205d8f04a9e0c2460fcc0d6c7397c255fb521e21fbc51f00ef400cca0c0e6ce861902c62cae6844adad9c7c618faee5d5f289b4ef9c964 |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db
| MD5 | 7b94fd600e081ccfbb496a5104420159 |
| SHA1 | c287589dbc46820bce4a35a344a571e96d790d1c |
| SHA256 | a4c9a5b2aec4510775827f0ea7c18463f760c72a063d2057900aa923e5205e1c |
| SHA512 | c2e6c379012d57a0abbf56b6bdd1924ab8b580dd69a513b1142703ed5269995ff7712729957fce51a9b5c435bdb6d19d2536ff60c1226c48134a9c4ea6ea9fa5 |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db
| MD5 | d0b82e513bd451b27bcbbf0b063e7da5 |
| SHA1 | bc7ad271c6944e6b975f67a898a5683e0f8850bc |
| SHA256 | 64739c9e3d7ce0f8a7bca38a5fbc8e91cd4b9c030791bcf71697d891107859dc |
| SHA512 | 6334cd03582b866d094db854b07e55a2fe31ffdb9b1edcd245ae65834998902a53e360ab02bb274e02ca0f9ea5394b8a080a465b5ffee927b6ec140ea584bcb6 |
/data/data/Madsal_remote.com/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db
| MD5 | 9f82b08221f1d29f168e921ab998add0 |
| SHA1 | a33d7bee1480596118c7d2aafe619dc36ef121dd |
| SHA256 | 0d9f2957e8a50b3adb00b7ef054152d427d0d88f0690f9d6e42664e10358008c |
| SHA512 | d33d3873f74bfd3d2e3c1b24f53aca4f392c231fa04e82d3f764026e3806341ad3d9e515ae1e996e6203f8784cf40b391d459305399a1aa48c359874d8c0ce01 |
/data/data/Madsal_remote.com/databases/google_app_measurement_local.db
| MD5 | de82e2c94d2718988804b035a46d17b1 |
| SHA1 | 705f5ff19093ad209f2a666085d6ccaed3bf58a4 |
| SHA256 | 29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39 |
| SHA512 | 68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e |
/data/data/Madsal_remote.com/cache/1
| MD5 | 3552ce81ee85bd2688b08ea0c8114319 |
| SHA1 | f10c395d901c1536f435d7e637cd80157e6adc05 |
| SHA256 | 2c1b96a99df9fb5129405e5c735fc70bdf45d1f8d8d15c7bcc4d5bcff6802405 |
| SHA512 | 7a13f17e62f82adff81011168110d7cb3092a2e45d2e3181ebdd00b9922306a3ca354f476a74a1c016ca5151716c753054e817b260035f2e31ed743d7fb43362 |
/data/data/Madsal_remote.com/cache/2
| MD5 | 6a6663ca50638a0e14cddc3487ad0e23 |
| SHA1 | 471387fc0a32aaa18bca39bac77f8dc2c97a97cb |
| SHA256 | 19bbfea39e6141139a50c6539688e28af96cafe3f7e296d07d08c4324dd16d92 |
| SHA512 | a69e6151d046d80698efb237d5df9e91f7cbd0e74df8d393f4ecb57ad365ed5d9ea633e19a28c1d6fdbe81bbfd7596848f589e630608406f922a424a2a9b49af |