Malware Analysis Report

2024-09-09 16:11

Sample ID 240422-1y6aqsha4v
Target app.apk
SHA256 52770b424a389e606b326221af03dbe770eac840d4f291f32df3deb6a4fc47db
Tags
irata discovery evasion persistence collection credential_access impact
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

52770b424a389e606b326221af03dbe770eac840d4f291f32df3deb6a4fc47db

Threat Level: Known bad

The file app.apk was found to be: Known bad.

Malicious Activity Summary

irata discovery evasion persistence collection credential_access impact

Irata family

Irata payload

Queries the mobile country code (MCC)

Obtains sensitive information copied to the device clipboard

Checks CPU information

Checks memory information

Registers a broadcast receiver at runtime (usually for listening for system events)

Reads information about phone network operator.

Requests dangerous framework permissions

Acquires the wake lock

Checks if the internet connection is available

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-22 22:04

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-22 22:04

Reported

2024-04-22 22:07

Platform

android-x86-arm-20240221-en

Max time kernel

145s

Max time network

133s

Command Line

Madsal_remote.com

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

Madsal_remote.com

ping -c 2 -W 10 -v google.com

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 238.187.250.142.in-addr.arpa udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 my-admin-sql.org udp
NL 185.11.145.145:443 my-admin-sql.org tcp
NL 185.11.145.145:443 my-admin-sql.org tcp
US 1.1.1.1:53 tech-1.org udp
NL 185.11.145.254:443 tech-1.org tcp
US 1.1.1.1:53 maxcdn.bootstrapcdn.com udp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
NL 185.11.145.254:443 tech-1.org tcp
NL 185.11.145.254:443 tech-1.org tcp
NL 185.11.145.254:443 tech-1.org tcp
NL 185.11.145.254:443 tech-1.org tcp
NL 185.11.145.254:443 tech-1.org tcp

Files

/data/data/Madsal_remote.com/files/PersistedInstallation4987363225769025607tmp

MD5 3ece3c0f669b35575ae5c188973a8b02
SHA1 22a75185f30d5063836424a9e084e50937138bf6
SHA256 06f497f0f50a5a3104467a719d29fd39d7907a91f1718ba5684061a17ec373f6
SHA512 e6c92d47683aee3d6ddb685a76209bb68db8276139b08e8053c0dbb732d87a9f66a4ff1d5c358cc95c29231c4350a5ec7e53bd824ed2537cf3f4d1a249d2b7d5

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 10979ac70fd2e614b8f3f8fb8e0e14a2
SHA1 e8fc638a0b615d9d1815e526460ffaa845eebeb1
SHA256 719d82476c96de89dd0eb6abde549a7bf619ee7745a60e9f0dce35f0cff05758
SHA512 1e2a4934039c81b649eacd8758e49e90130d005a6498058c79fcd0352d07b336481e394a26bdccfc1be335a9bd422cd9e25fa8b6c55014c245bb1e69ed22213a

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-wal

MD5 6eddb0c7efc54b7ebf96ce869eef9e91
SHA1 c431288788069fb9648a5dc2f1ac804e9e495fe6
SHA256 c5dc1bcab3d37a8a5afac93b00f08e5ac9f526380d3822a3966d7b510f31cf7c
SHA512 d7dbddb3617e88e93249a67f882e7bc4359638f1a3edf1152f4c14399ed1f3e57764ac0f2b0a8fe52e83d713a3780385d360c655c9d6051212c1a7a5da4e412d

/data/data/Madsal_remote.com/files/PersistedInstallation969548162576704515tmp

MD5 71ddcb369faa44e98c3c1af667665521
SHA1 041b4c2971230cc797ae1de91c16cc1e3e2baf73
SHA256 5ac91b0da28b5f437353f31d4ff3bf7e03bf11eecb9dd795572fe6c4047f4f60
SHA512 7d45cc30c9f77113595fe39cf873efd0de944765a8f035b116f480340637dc2805ad6a5dab9bcb0c7af774de8daba3a4789c8550b2e0f94be775e381367b8383

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-wal

MD5 177186e6cea0408763f30ba66cf0c644
SHA1 577308a39f521d8bb50dcc56e6763a2bf95b2904
SHA256 75c0bf7d682a4a7d00c9ecea1f4bb5b17738356f9300daad445280a372dd8276
SHA512 1fcaf13c4b5f11dbcaa3c65c6f86cbec790be2f63c3d7f6f31f0e18bd99f53c88a6f403fca0a01b6ca3fb1e13783f2e88d4fafb3ad4a6ed9ff777b9883cd6af9

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 6b9567a35f6023e8a9883825b6ad1f38
SHA1 06397b780abaeaab0c06a32e18a0e448a2842ac4
SHA256 3bdf5d2e542e20e0bee8c822cd09d79eddd44543fa79ccc0547bdc2f97114e6c
SHA512 526a9cae2efc6aa72fba24cb3ce421fa107030bc99c82761713342a7b61d19a9d1bd5b419d2e6a1f3ca87b8dc46cac88a19d03485ca9bb8096ae8c4630cce3e7

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-wal

MD5 559647df7aa7c60bc62a6a58ca2b9198
SHA1 f85b3d0c79198fcfdfb2aa5428a1d654a43de4de
SHA256 0697d52ac812a93e303bd6ee158cc7f17131811a91dbe542b9a82093f2e06a87
SHA512 a95485dbd6428c9ea1eda3fad4bf4ea0e04e7baad409003e153abfd5d394b2e0b79bfa45d3f12eb8fee094fe96099c99abfebb099a02c29412de4008e6271d2f

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 258ed70a54d4ee22cf0e656f1473fdb0
SHA1 e98bc87757306c2c2fd6cb58d5b86f4753029b82
SHA256 fc8b3000609b665ce17982a8225637e91faead107633eb361ba8162c717a5f51
SHA512 28c0e81f86cc7d316e0d6d8f1612e08f7e34fb48ac920b70aed43a8b11388c47168cb79aeba90f4567ae3f48398206571d3f526c6c7dbb644b6176e1e63a4afa

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-wal

MD5 9acad2e5fe98716e0887bc2e124ae2d7
SHA1 52752175def222faf18fc11b661486de0f5b64a5
SHA256 9a7dc3bc5d8820b35e058d69d17b336a887cae8af1bcac3de2ed761e13338650
SHA512 f2e78b092c11483f503d9c3005bd5642f78882dc10ce71508a0588628caf400f5a49df5a2802e4253a2e4241c8ff50ec353749982b432b1b4c8ff316c7e62611

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 b6d1636b07615b4a3936db00bc1bed32
SHA1 8266e2196705cff6687b9a78d9ba7d4ee16ea32e
SHA256 1f1820ac74308118dd29937a5e37f72813322db81f0f6eee1c0ccdd6557da681
SHA512 27eeed07d6641887ce6f24286aa37368134ea8f70a3245e5d813990ba7917bc4d6c4129e1c85d10a07a598eee3d8991b3b87a04082202fee54d330e6c0d5bb36

/data/data/Madsal_remote.com/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-wal

MD5 3284bdb2e53320bd829aea824a96b6f3
SHA1 b562c143433b350723efb43fc91645f579afeb09
SHA256 b0a2514a2e56a37583fe02a8c951e2b720dc27a2eaed42436c34cd30058bfe24
SHA512 14081dcdfe38508360332fe3201cf563d1d30d4f2a7ae6fb8954386fa7199b44aeec5a5003048dd47565b86bc6df19711b88ea0a45ca9646f13f32321df98870

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 c9121276abb19e1a1326dffdcdd52bd6
SHA1 60af70684bcf5b0b93455dfc9d02e6d9c456d4d6
SHA256 4c5dbd733d80634aa59cfdb23beaebc84db61084960dca93d3ca7bf313ada462
SHA512 183a879397ef3c4c6d0ce0168d86f9325d96c36ec4dc3dbd504df88adafe90422eed5a73805347afe3df8d4c6a58c5c847bcacd8516d13bb4ff648a172651ad0

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-wal

MD5 e8ddcbe376c8c1993a22cbff6cea7d29
SHA1 302718d9104efc9c9574e277b060d3315cf6e082
SHA256 1672a575a4e00b0cb89a345f5165c1f05ec1379442e2a273494f8cd7283956d8
SHA512 f1f05914611857a7ce2d43ea876bfb53a32360a927a0e0f08ec166fef50c0bf1d1ca17185445648c2c49ee6c84a8c0fe66ec6a75e53dd5b4bfd65ae332fb99fa

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 3e881d9a01ca707bed38018ac69f4518
SHA1 5820f9351d7cc8082de6e5686eb9f8fedf6fb830
SHA256 4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c
SHA512 8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

/data/data/Madsal_remote.com/cache/1

MD5 3552ce81ee85bd2688b08ea0c8114319
SHA1 f10c395d901c1536f435d7e637cd80157e6adc05
SHA256 2c1b96a99df9fb5129405e5c735fc70bdf45d1f8d8d15c7bcc4d5bcff6802405
SHA512 7a13f17e62f82adff81011168110d7cb3092a2e45d2e3181ebdd00b9922306a3ca354f476a74a1c016ca5151716c753054e817b260035f2e31ed743d7fb43362

/data/data/Madsal_remote.com/cache/2

MD5 6a6663ca50638a0e14cddc3487ad0e23
SHA1 471387fc0a32aaa18bca39bac77f8dc2c97a97cb
SHA256 19bbfea39e6141139a50c6539688e28af96cafe3f7e296d07d08c4324dd16d92
SHA512 a69e6151d046d80698efb237d5df9e91f7cbd0e74df8d393f4ecb57ad365ed5d9ea633e19a28c1d6fdbe81bbfd7596848f589e630608406f922a424a2a9b49af

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-22 22:04

Reported

2024-04-22 22:07

Platform

android-x64-20240221-en

Max time kernel

155s

Max time network

154s

Command Line

Madsal_remote.com

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

Madsal_remote.com

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 78.204.58.216.in-addr.arpa udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 my-admin-sql.org udp
GB 172.217.16.238:443 android.apis.google.com tcp
NL 185.11.145.145:443 my-admin-sql.org tcp
NL 185.11.145.145:443 my-admin-sql.org tcp
US 1.1.1.1:53 tech-1.org udp
NL 185.11.145.254:443 tech-1.org tcp
US 1.1.1.1:53 maxcdn.bootstrapcdn.com udp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
NL 185.11.145.254:443 tech-1.org tcp
NL 185.11.145.254:443 tech-1.org tcp
NL 185.11.145.254:443 tech-1.org tcp
NL 185.11.145.254:443 tech-1.org tcp
NL 185.11.145.254:443 tech-1.org tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
GB 216.58.204.66:443 tcp
GB 142.250.180.14:443 tcp

Files

/data/data/Madsal_remote.com/files/PersistedInstallation3617454037842462022tmp

MD5 eacbb5c7269f22d1fdd67d4ca3b4fd10
SHA1 705fdad3c78946a3d24a5c1cf307892442eee3cf
SHA256 b0721a3532d20dae7454568b567dc3c71efc2d62bf6ce0260897729281441fdc
SHA512 a455f5d6ed99491dd9b1138470a98c68bd8fc2818f0f28f8a781843ab8424f2987363a7301d63d07c828ae12a4e207aae228a30bee50514e240be3896c5193ac

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 ad04ff484243094a7dd621d46330d6da
SHA1 14433ece38d81db4ee0e63770351a016bfebb1d0
SHA256 1869cef26b37881f7b3b41b0690e0b1f64ab9e3e72c1e5385d3f5831a2a9303a
SHA512 1530f5d66e8f6b210d51b15e722fec85cdd9b669707d5ed4babfa1d458a34dba22f836ea306d5d2d01e9158d70078b25c58c121d677767cfb46433501c618fff

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 07a0574395aea07800af622b43f1bc51
SHA1 43aa13de94fb817070391fe9037c75f8af9d24c2
SHA256 5312222d8b86c4c24b414b7f29e8227245b9d8cfc6b7ce3274d48b6d32e83099
SHA512 e7c4cf896f0dfb6943e549bca051adbdb1467bd8cab851f2e35447917e105655acb877a5e16e3705f5762404dad645eb6c4c651ce0b8e75cb13535bbdc9a1c71

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 bd94cd7734e8f0e59f599426aa06b3a4
SHA1 eb6a67988a7b579c867ac2b7affc2c96195db716
SHA256 74733971d949dc9683973353370923947aaab4cafa5f6a18fa4a71cfc39aa6c4
SHA512 a1d9a4b8f9bd9973c56770a7836ef7821c55f6c2fca6f18d178cfbfe9c6763fd8ece704d087f6d688008d79a4436cfcfbc6d93a1d83b549ba4f05104f049b854

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 f1eea267820f2245228a09c18e6704db
SHA1 65af99faa7429da1824b0f8486130d935d895f4d
SHA256 c176b8004cb33fc7f15fda471d4c25606c3b1397cd386692d52cacffb663807a
SHA512 f2a0fe2cd7ae309b952c51b3acdb114febc00deb0aa41316a2de877f8b29b1dda3e994d9d730dae6e9466a94ede834ae70318a9e5ea91904aec9d0b1384e2849

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 827e5e2d3f5c658d83d5171a641ce1d5
SHA1 183d86ddb06143f4d0a0e43a4cb238accb0eb2f9
SHA256 9511904631564ca539af73be9ea06fcf52ee449847ccd7eaa43178a513624cc7
SHA512 78d6bbd253231674f9aa9e1e7d907b62110b0866f2928cea79e8cec305425d997f20a1961b614f1e698de03ff095e6895db4ae7d54a7a04742339bc9ba4b8e0d

/data/data/Madsal_remote.com/files/PersistedInstallation9218671858125812045tmp

MD5 559e624a5356d1c181a420492380d596
SHA1 b8a8afe98f0e883f54eac7cf77c27ad63a3f323a
SHA256 d4019e61d0e0eb41b0dee3321e781052b1967f57015d03bbe39189007bb73e19
SHA512 0596b7fdd5d004be08bfa0c4d8f0b4a1f392e9c75d7c582b019582d8a334f0e82a65c1ca1d838823557d994de9e136af238c73b0df6c213b982b76a94c774783

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 934e7cb60559b1df485532b922eb1f1e
SHA1 e3ad6199116af9344c24fd7699d80f132dd48b36
SHA256 f1696cf2876f5b128c7b156c7cc9e26d114032d2ae245da5531d09728667d51e
SHA512 fd9fdad63195183e7b76c80532b27db6b062c7cb705a15437943403c04666e520069d1c93babcc6fdd7cfacd7e3f6d2c577c1431da513da0b27dc20d9bc17bdd

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 42910e4e5c4db5650496d0b19194772d
SHA1 2a9e73916ba9553968a4ba87f7004e39d96a00e4
SHA256 f5f1228bea8fc5a4330109cab02ba0ed14749f7e97f37af8da49fa72accd3ae9
SHA512 cf9feb0449af7d7842d29daeb35a22294ce47bf24cf1667f34cad93bab11d3d2ab649426c668f808b386d18d4bc50b668687790fafed389708e108e6c2b6310c

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 2a4a82ec131f53cc5bee84dfd5a015b5
SHA1 10b7b1b2651bf24f119bd4ad63aba666d797fd53
SHA256 2f20377942c56a9d5329b16a292f7bd5264e22ae8a37beb57976bac862f27e79
SHA512 91b74b4f086294acf07cf30b977800b6c80e900b98e5ffa16496565ca0bd7da069a74f723384122af73baaf0ba616017527cbf6b077e34c6d2ad3dc108949e59

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 1cc64eb75ebe19118b31193ea8d973a1
SHA1 7671efbb211b07378aaba0f010c2a93bd7d46a40
SHA256 27a33408ef3b36184fd094a77a4fc872d9499626b6f1570b83193a3499d6dc12
SHA512 8d463f690cd4a6cc7059fe32561427d7aefe4dd11b2bc16f34b38db7a8789600cd9744e6ca342f34289e495636137cca69b966d8e1a0a670f6f02069b6330c1c

/data/data/Madsal_remote.com/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 573a3a5dd544b50c01b419a8ddf41da5
SHA1 a731c192e1994200fcdf3fb883319facffa1ec58
SHA256 7625758d5d9bbf90160c01d69c9e069dab058e8b3717660e7c5e34fce4070469
SHA512 aad94e80687a07452939844bbcfd6e381da0b628349b64bc587459a284741e37070c2c608b2e30fae33c772ca5a7f19d06beac2f83fd0540e66695401db85c72

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 adf6082723784327d7d1b34adf974e7d
SHA1 b1502f70eb881a1dfe41139cb719fefb877ee37c
SHA256 252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9
SHA512 762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

/data/data/Madsal_remote.com/cache/1

MD5 3552ce81ee85bd2688b08ea0c8114319
SHA1 f10c395d901c1536f435d7e637cd80157e6adc05
SHA256 2c1b96a99df9fb5129405e5c735fc70bdf45d1f8d8d15c7bcc4d5bcff6802405
SHA512 7a13f17e62f82adff81011168110d7cb3092a2e45d2e3181ebdd00b9922306a3ca354f476a74a1c016ca5151716c753054e817b260035f2e31ed743d7fb43362

/data/data/Madsal_remote.com/cache/2

MD5 6a6663ca50638a0e14cddc3487ad0e23
SHA1 471387fc0a32aaa18bca39bac77f8dc2c97a97cb
SHA256 19bbfea39e6141139a50c6539688e28af96cafe3f7e296d07d08c4324dd16d92
SHA512 a69e6151d046d80698efb237d5df9e91f7cbd0e74df8d393f4ecb57ad365ed5d9ea633e19a28c1d6fdbe81bbfd7596848f589e630608406f922a424a2a9b49af

Analysis: behavioral3

Detonation Overview

Submitted

2024-04-22 22:04

Reported

2024-04-22 22:07

Platform

android-x64-arm64-20240221-en

Max time kernel

154s

Max time network

143s

Command Line

Madsal_remote.com

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Processes

Madsal_remote.com

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 238.16.217.172.in-addr.arpa udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 my-admin-sql.org udp
NL 185.11.145.145:443 my-admin-sql.org tcp
NL 185.11.145.145:443 my-admin-sql.org tcp
US 1.1.1.1:53 tech-1.org udp
NL 185.11.145.254:443 tech-1.org tcp
US 1.1.1.1:53 maxcdn.bootstrapcdn.com udp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
NL 185.11.145.254:443 tech-1.org tcp
NL 185.11.145.254:443 tech-1.org tcp
NL 185.11.145.254:443 tech-1.org tcp
NL 185.11.145.254:443 tech-1.org tcp
NL 185.11.145.254:443 tech-1.org tcp
NL 185.11.145.254:443 tech-1.org tcp
GB 172.217.169.4:443 tcp
GB 172.217.169.4:443 tcp

Files

/data/data/Madsal_remote.com/files/PersistedInstallation3318354442478648670tmp

MD5 eb93ff454836a858a1e1ed110139ae71
SHA1 55d9a06378e6248737ac352f89aff8c73df415e3
SHA256 dd0e6d52439094e8a0a8105227f115ea6b0976eb752494e8c62c5f78d07a4944
SHA512 26b7b5d4a02330eaa6e2fead1d594a4bde286ab8288906aa770012f4e13c5785434199ec9b9daace06afda12a0b40f97fa33008a39ed734b42990be9bad6e899

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 72f49577e91204532af60a7565a3f745
SHA1 9bb12b3266d4f018294a02117e66e7dafde50917
SHA256 baa83c3336842fa05ef8fbb39a7f224cd61cad0bb3d5795d40b06b4cfe1a9d67
SHA512 6bd47da6da0530d23ec715e452d5c24a0f9d25f8c92fe7be3cffa69b2b2bb2de806810e79e11287ae5fedc8aecf5bd26b17a07dd9a0b4c9cf38892797265cebe

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 4e8d588ace260b94711b329dd2f1de73
SHA1 a5f38a5f0d7764b90f32c1bce5ab264f3d1fa801
SHA256 d5280b09fbb270bb79442fe282a7f1c012d4fc0e4fb76eb80e5bfa391ceb04a3
SHA512 868f074cff8f79ffd87c8d6b3b96b22c9419b1e98434e1986ab068941d34561a5e7c46eb0f070000fccc1698d27a758dcdefc9125e4bf76e6febe4394fde512d

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 654ef66ec2300de0d5373a18bb8cf457
SHA1 e1c765f5f56864728b4eaef7af2381d6b5087f48
SHA256 7498c6d9c2c76e239da5d2eb6a099d266199acb3f9c6c9ed69c94468ada91173
SHA512 20c4e692f84bb3aa8c8c9b79b1a0a3f56c04991c63b97570fe09e335840a0658a4664d734004f42a3daf7f0356317af7e007dc9a7446b1f7e9eaf61c1e75ebdf

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 8e856d8fea9cb058f10da9627b62e828
SHA1 4a44861d9d000ee16134f79f1d4690f00cd03b11
SHA256 9aed9badad28f41ff459bb7cb55d5401a301ec16c85d225671a835f32ca0326f
SHA512 449fa54769a2f1e1209e7cf9a87e25ffc614c5867ba3268c013ecc6aa87fab585ea0783f5549ae968767d20ae6dd42641bb760698079348d3a590aa2c17e7f49

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 59b4cfe0b8dd4b667de6d11e63157e62
SHA1 395d19b8e9e77a1f20ee7b8a75e2447e179f3bfc
SHA256 e5bd3585356b4a544dbad936e0f0e18c3f01b5f33b1b45e1e2e50827d77e7e74
SHA512 42524cc30ff0b7178ddb52c7ae620ec6ecffa9bb7d2ce09e822f6e10db7b0c135df339d3467f2dba2b6fcd6b31a69bc66734a6918c0475138380af2f108b2208

/data/data/Madsal_remote.com/files/PersistedInstallation3454723367750299374tmp

MD5 bef8ceb47479a430c8dc8d09e1369808
SHA1 5b95bf0a2b5d74659e85bfc2fb870f1dcd172dbd
SHA256 0bb29654aae179ad626f17260f3ec4be364df142143bc7e5a981a2832c6b21c1
SHA512 9a6d97f5d26c25c1b30ce0fe515075f8826f50d438fa83b84d8b50f3a48d6632ffe74a81f739161d62e4946fbb8f8c65d2afd8bdcb924d2f85ae84f03d7067d2

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 fd26f23dd40bfe7b58877d5fd26ebb78
SHA1 a2eb50c97507dd056d0a5b676a96c20d5707ca41
SHA256 4abbd563895bcffed03a6837d164d6554c3f420a2cbb84466377916301d28f02
SHA512 3425b6a363169cb08cdd37957756b966a14e60f828dcc1d8f3eadd77b1ac165a773c5ee1c57d833fb1da2d0301a213933513800ce850a3bd142e293c5b54330e

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 1599997b6f15d4d2e7fbd729efd07425
SHA1 5b7cf287e18fb24fdd97b6d552a85308fb71f219
SHA256 3eb297eee7a72437ef598a638625785fe1fce8e0d015895ebcf8b834d1f8379b
SHA512 1e3cc6cd9da5724bcc205d8f04a9e0c2460fcc0d6c7397c255fb521e21fbc51f00ef400cca0c0e6ce861902c62cae6844adad9c7c618faee5d5f289b4ef9c964

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 7b94fd600e081ccfbb496a5104420159
SHA1 c287589dbc46820bce4a35a344a571e96d790d1c
SHA256 a4c9a5b2aec4510775827f0ea7c18463f760c72a063d2057900aa923e5205e1c
SHA512 c2e6c379012d57a0abbf56b6bdd1924ab8b580dd69a513b1142703ed5269995ff7712729957fce51a9b5c435bdb6d19d2536ff60c1226c48134a9c4ea6ea9fa5

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 d0b82e513bd451b27bcbbf0b063e7da5
SHA1 bc7ad271c6944e6b975f67a898a5683e0f8850bc
SHA256 64739c9e3d7ce0f8a7bca38a5fbc8e91cd4b9c030791bcf71697d891107859dc
SHA512 6334cd03582b866d094db854b07e55a2fe31ffdb9b1edcd245ae65834998902a53e360ab02bb274e02ca0f9ea5394b8a080a465b5ffee927b6ec140ea584bcb6

/data/data/Madsal_remote.com/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 9f82b08221f1d29f168e921ab998add0
SHA1 a33d7bee1480596118c7d2aafe619dc36ef121dd
SHA256 0d9f2957e8a50b3adb00b7ef054152d427d0d88f0690f9d6e42664e10358008c
SHA512 d33d3873f74bfd3d2e3c1b24f53aca4f392c231fa04e82d3f764026e3806341ad3d9e515ae1e996e6203f8784cf40b391d459305399a1aa48c359874d8c0ce01

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 de82e2c94d2718988804b035a46d17b1
SHA1 705f5ff19093ad209f2a666085d6ccaed3bf58a4
SHA256 29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39
SHA512 68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

/data/data/Madsal_remote.com/cache/1

MD5 3552ce81ee85bd2688b08ea0c8114319
SHA1 f10c395d901c1536f435d7e637cd80157e6adc05
SHA256 2c1b96a99df9fb5129405e5c735fc70bdf45d1f8d8d15c7bcc4d5bcff6802405
SHA512 7a13f17e62f82adff81011168110d7cb3092a2e45d2e3181ebdd00b9922306a3ca354f476a74a1c016ca5151716c753054e817b260035f2e31ed743d7fb43362

/data/data/Madsal_remote.com/cache/2

MD5 6a6663ca50638a0e14cddc3487ad0e23
SHA1 471387fc0a32aaa18bca39bac77f8dc2c97a97cb
SHA256 19bbfea39e6141139a50c6539688e28af96cafe3f7e296d07d08c4324dd16d92
SHA512 a69e6151d046d80698efb237d5df9e91f7cbd0e74df8d393f4ecb57ad365ed5d9ea633e19a28c1d6fdbe81bbfd7596848f589e630608406f922a424a2a9b49af