961606a5c8a4551b28f860da2a8d322e2f0063fcfee07179697bf93d7d94f3a4

Analysis

max time kernel
53s
max time network
150s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Emtiyaz .apk
Size

1.4MB
MD5

a7aab9c22e5deb03fc6e6980fe9ae2d4
SHA1

97be1d11203ab09af5d3ea95be666d61260eb9c2
SHA256

961606a5c8a4551b28f860da2a8d322e2f0063fcfee07179697bf93d7d94f3a4
SHA512

800b4b084ef3965592a29af968cc07e7ce0b79994ad0b0e7f9d970977ff1c5327ded6f6865553ca076c20a5a035606a15b2860c06e0a54d8b36b88156594219d
SSDEEP

24576:V0m7XIv33im7SNjXgxHMSpOdxlbZwsY0vyl4HSZkGZzaRsiv4MUDa5GE:hXCd7SNjwxHMSpmYkHMZ+Rr9UDKGE

Score

8^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

app.emtiyaz

ioc process

/system/app/Superuser.apk app.emtiyaz
/system/xbin/su app.emtiyaz
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

app.emtiyaz

description ioc process

File opened for read /proc/cpuinfo app.emtiyaz
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

app.emtiyaz

description ioc process

File opened for read /proc/meminfo app.emtiyaz
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

app.emtiyaz

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener app.emtiyaz
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

app.emtiyaz

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone app.emtiyaz
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

app.emtiyaz

description ioc process

Framework service call android.app.IActivityManager.registerReceiver app.emtiyaz
Acquires the wake lock 1 IoCs

Processes:

app.emtiyaz

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock app.emtiyaz
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

app.emtiyaz

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo app.emtiyaz
Checks the presence of a debugger
evasion

ioc	process
/system/app/Superuser.apk	app.emtiyaz
/system/xbin/su	app.emtiyaz

description	ioc	process
File opened for read	/proc/cpuinfo	app.emtiyaz

description	ioc	process
File opened for read	/proc/meminfo	app.emtiyaz

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	app.emtiyaz

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	app.emtiyaz

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	app.emtiyaz

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.emtiyaz

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.emtiyaz

app.emtiyaz
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:5146

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.emtiyaz/databases/com.google.android.datatransport.events
Filesize
32KB

MD5
ad7bbdcce258ba21d0a07659a3849e3f

SHA1
887e17f38cf736cc82125092f6cadd5753184286

SHA256
a6417906596802ee2a80cd22ef848d832848a6f36f4e45d320e9b98633a5c456

SHA512
4519d5aec86a163c9c2c97d1cf9862cc9b421749c0d78c0f4ceee31c9fe07ac557e736d5b3f72942e2d5d44b578fc8a6789f2e7a3ec98ec2199fdc50dd3ac45d

Download Submit
/data/data/app.emtiyaz/databases/com.google.android.datatransport.events-journal
Filesize
512B

MD5
520db88d736efd3f36e47e47a2eb22ac

SHA1
1a065a9b694093e88c7af106c0558e269508a3b6

SHA256
9eabfa2609186935873983e5065d5bab842874ddd46fa7c4a0b16d0c21fd02a8

SHA512
8589c3b21d1b06a96b9eeb6cf15b089ee751d436f7f71b4e8f34ad5910dd6dc07da426a939f1971934a6e623468b62159bdf34fd6fe02699bfc8d60599263a85

Download Submit
/data/data/app.emtiyaz/databases/com.google.android.datatransport.events-journal
Filesize
8KB

MD5
dccbf041413b0f2653af40bb648c98aa

SHA1
d75770aa1999d44b122b649edbcff9ef13decca2

SHA256
d18a6cd13d999c08d41b3ec3e1c76d060032c515ed5a5a1829623866fb769e94

SHA512
2eeaa4d2d23f586319968fb243250471914944ff19d2b096c4e3da811e3b0a4e3bda67929965d20a07b30e32d6a031d2e02dbb04d8aa18d5fce94e2d8e431a4c

Download Submit
/data/data/app.emtiyaz/databases/com.google.android.datatransport.events-journal
Filesize
8KB

MD5
672538a40d8a376f3a55b2379e82205d

SHA1
7228932cdc0d2efe60030d9f97c3f43e993e83f6

SHA256
7b3548f1ea0dd1dacfdebcd5823608103bd82d32c336e85dd543c061237305e1

SHA512
3762e53947d12feb1e9395f55384e4f2f0b27ced025df075eed69a1acc17af82a53eacc6b9750d6e97322fe94ddba04b8234d9117f5a3a2358b60b6a2635c98e

Download Submit
/data/data/app.emtiyaz/databases/google_app_measurement_local.db
Filesize
16KB

MD5
90ebb38d8ae3d484cebb131559079f1a

SHA1
e8b16644bbac544299a1e3b9e3a1821267abefa9

SHA256
f4344fdd0ac1351893f663125f9994ec451e5f730de2e071ccb92b4fd4058910

SHA512
fce92427c0ec92378d6404a04a2867c9a3c50c87228c0f22aeb016f9b4e53d67da6ccd0fdc3975e5c5f97ad73f0a4944092ee808e8d67f49741efc5a1b7f83ac

Download Submit
/data/data/app.emtiyaz/databases/google_app_measurement_local.db
Filesize
16KB

MD5
095cf55009a99757bbde90774acf7226

SHA1
29d55b493324153e6be72b821aeaa975186decac

SHA256
48b85439c3c1fb44be4da21bf3ec027481c5cff91e3144b6eed9223b2c4769f3

SHA512
657c2efec1bdec70acc1e3eb0ed2222a1c788c2e59075655b8677bd990ac3c6140c2c89996166586f87840e4a7f3718add83aa304220883fc7552538b2984a9a

Download Submit
/data/data/app.emtiyaz/databases/google_app_measurement_local.db
Filesize
16KB

MD5
c82c23bd0400dc4ecebb03b8ea5ca09f

SHA1
38bb4105a8935ae19e971a44f4ddc4ce3214c9b6

SHA256
b6ef1954df60b691ae902eac13462896ac4aee32b75e5e5c7d6f1905f02f92fd

SHA512
b5ea3b39cd7ed527089f90163bc9bbd11c0632beffebdf492ee85297b3d1dd992e31f5c78a979919bd64cd86027eeb219d7c61be5fddb55a91a66e5ebfae245f

Download Submit
/data/data/app.emtiyaz/databases/google_app_measurement_local.db
Filesize
16KB

MD5
52816c2951cb66d054d0ccf9e3f1d107

SHA1
d99cda00cefef2a2f2a957657d9767cbf2c7a410

SHA256
e9af19ab4b53d057b3e62dc6df647d21d402c0aad923af4c3a07a48e25f159b5

SHA512
4637e9271850123130627a34a0a280a7e27fa8776b23833ee4791c7606b7c8cf650dcee0d96080200e31c78cf1b3dc62bc4d68bbf7e4fe6cbe7bcfc1c1665a0e

Download Submit
/data/data/app.emtiyaz/databases/google_app_measurement_local.db
Filesize
16KB

MD5
de50a4574b0837d2b186d808e288a2c4

SHA1
b08ec652de8687cb0d1c8d9867837149042a5529

SHA256
dddd24fe03bb4916d4c74e47aa46a1d9ce3c63c745643468682e1c841d1dd01f

SHA512
4a2a581a71f9d74033836701b05ce7838c3766a8158822dc1013e6793e2e9e8b1da9e720588edd0c23131ca5fb0c967b977cee3695fb87e644206790ee0a1fa9

Download Submit
/data/data/app.emtiyaz/databases/google_app_measurement_local.db
Filesize
16KB

MD5
a8aef1376c5438521db576a34ef8b02d

SHA1
5aa9aa59da8708a0d459053ed256515232dd6498

SHA256
807a730a3fdd317a498fc47219974a77164975674c7bb36d33049a1d02da020d

SHA512
1ac8bdf63ae848429d7a9f608f7f47aad8bbe6b49af9b03d3c6bb437f18da341518c68cdf3ecc57a80ecb73b0dc076949ae15daee12a05a515c405296a4edfaa

Download Submit
/data/data/app.emtiyaz/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
33c0ba2f20f7ba5f06df0d43d1cfcc05

SHA1
e7306ad5bd6c4c9cf07dd4155322b7c16929e475

SHA256
b7f66f9695694308006e269accc479820a8d4d8a228dfba951c03f3117c53541

SHA512
7bff5b5360163e7b2360085261a1b26d7408653d64ac962596704287351b80636bdb6eebc1c588fd29248784c6e4b4dd74caae063cc565ad6a752104a5743e07

Download Submit
/data/data/app.emtiyaz/databases/google_app_measurement_local.db-journal
Filesize
4KB

MD5
bf08030282821164e4733a4fd2896401

SHA1
470b5d441dff484797523cc79eaedefe8c642e35

SHA256
7f9e9951e117a55e177c42666abfc133435a764fe87d9a7c972bce4b319fdffa

SHA512
46163515b215591820de48f04fb46d72cc30dcaaee5aad85209106d437e8f0fa7007df0f2d776a964b8e3d0be58b9bc6c9313ab63abd5effb5c84419a66cd3ea

Download Submit
/data/data/app.emtiyaz/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
c7a818c59eb0a6da693872d8ef84f315

SHA1
9c6d60931b7f8efe537d677351cf9d49b69604a7

SHA256
3b1036e93311b11c85ff044032e65650d392837351a4e90b2118b67ed05f3bb1

SHA512
f168f5a2c6431cfabdef1661ae23001d6691ec0b10ececf8808d4198393ac30cc19a4f2a18c306779e84f2973b99338eb23a06dd16791a81c500ae9ed41be51d

Download Submit
/data/data/app.emtiyaz/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
92e5444fccb7db18a0d4ff5397339483

SHA1
fccd7514b583fa9c84e42f25f7baede6512814ff

SHA256
a9e7b43213d225ebbcd94afd699f8030e62d172129afb73028c729489f30bf3f

SHA512
8d36a7313c549af6e245a5ee1f6451ca8146a4d8b134f28082630729185ec265f7533ebe0a6cfe52b43a06c7f61b25146b388de8d8258b1540a0cb55827c8a6a

Download Submit
/data/data/app.emtiyaz/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
5951a8b25868833a050b15866d215c62

SHA1
e232a8b73f490762c92130e6eed80d1587a8fbb9

SHA256
c3e858041840f35b7e44a179529916568879d4fb7a3aa0aaae9543a0bfb42f09

SHA512
04833b12021ff1a84059ea11e75932a7d640464dc475bd1858062f6b1d40901c0658a709ff92afcc0f06cb5e83a2739cc6806fe01234a48adacef32963d1a574

Download Submit
/data/data/app.emtiyaz/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
f3a5f444442b087d570854080874b25f

SHA1
394ca36d60b31fa1d87286418d39f559ea265d7c

SHA256
cad89e6b63aaaa6e521ec209d6b9eaeb148d53c6330b8319fff50421b0bfa87f

SHA512
6b2c44b008954719a49c8581c6c6eb53929030bc1d1534222954d67268fc30ea981bb2effda36c4091978fc77b3e278866835349d246d9bb73a9ee2bf85afb16

Download Submit
/data/data/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DDE0C0102-0001-141A-27680F1B4617BeginSession.cls_temp
Filesize
77B

MD5
0afa9337b3d8c6bd68f107839636a712

SHA1
7ec813392727214856791a6a884245604fb1e876

SHA256
5ba2299b2f4a0a87d2783c1d1fae0e85b8fb7e736902077011f4325139c013d9

SHA512
dcbbd5cdae023bcfe083b8743bf29af845e57151beec36e05df4cf3b37c035db8198951378c01390876bab7f7b433e00b4263163db854dfefb040b8385311134

Download Submit
/data/data/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DDE0C0102-0001-141A-27680F1B4617BeginSession.json
Filesize
132B

MD5
653e923a3e36b3ea7e1d6bcc45dfa633

SHA1
1aea2cc0d294a91811b5dcadc2d190c6d38a2141

SHA256
1dbab69e42572bfb0b20a79e24b93cca786fd138b7b4e804692d97dd00812589

SHA512
fa0adde2e263cb93d22612a14d6bf151a12f50fb829f429150f8ec6819ce27c834d5fb1fcdca31cf3ca4595926aa96065ff0fb561b86c5227cba0940eefca155

Download Submit
/data/data/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DDE0C0102-0001-141A-27680F1B4617SessionApp.cls_temp
Filesize
105B

MD5
e925129c59fa0267c6854b2ed33a2f4b

SHA1
f18e6411e944f7d834e571ed68571e7c6ffba083

SHA256
e84364de550a16fa15e65e527500cd5b323934123ca26b0b2d764a245a929b5e

SHA512
8d559b8ef7f469f024a9c9b7f892528ba716acdd8bfc5f5262e856c0a6d5fc07bbd3531a64ae4d008e8858ab9487e19e817aa6251a43bb9a5d47c6d1d3f3985a

Download Submit
/data/data/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DDE0C0102-0001-141A-27680F1B4617SessionApp.json
Filesize
219B

MD5
7d01385e1a5066f76461c27ea2fb26f0

SHA1
b0e199f9f837c25d8c65e49a27b46d6fafb2dfb0

SHA256
bbfbd976a81af4a886c70c17de465a2f05cd7ad7e1fd8174eea947f36a50b0eb

SHA512
78ec49eb01a4a451dd8c3d5aff85cbefe47311936d02e63eb92cbf79ae7a859aa61a63c9168b45331aca5091bdf7e2c3ebe9b2f66f331e357fded5521f4635d2

Download Submit
/data/data/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DDE0C0102-0001-141A-27680F1B4617SessionDevice.cls_temp
Filesize
48B

MD5
2390c1f21db00b20c07107e3ec7275fe

SHA1
e663a646460acc071aebee942cc1776c23d77655

SHA256
d348072a01496839cfcde3a18866423aee74aefd613fa3bf1ff4a203ef46a699

SHA512
43ff60754eb60795ca1c318f44dcfe49194add26cc3d92c2eac7bef538fd65b6290f2e5953b8f1693b9425ebbcdd022ab16a18280146ee0b0c2eefe27bc0bd63

Download Submit
/data/data/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DDE0C0102-0001-141A-27680F1B4617SessionDevice.json
Filesize
202B

MD5
afa07370d07ed0a8ac9554ee7001bb72

SHA1
d1e9de22fda1295087525ff3a377f7d7dd410ac7

SHA256
8d4b99fc4968c9cdff4626ff6c1467cdb427f7a597b153f03b4bfb62dde6c07d

SHA512
a7a974b1c4ca3d7ca92e1449dc9718d5ea2af7f8e4c605d25c731fb4bbe891fdf340835e2a4e3a363558744e5ee30aec22542f377eb5bffc0097c70d24f241d1

Download Submit
/data/data/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DDE0C0102-0001-141A-27680F1B4617SessionOS.cls_temp
Filesize
15B

MD5
2566d27ce8c28d8961f082c375d7535e

SHA1
92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf

SHA256
5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a

SHA512
1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

Download Submit
/data/data/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DDE0C0102-0001-141A-27680F1B4617SessionOS.json
Filesize
55B

MD5
5caea4b68c57072f7f52a5a41720566c

SHA1
4d9712f1702c7238949da43f7d8ae6efb233a666

SHA256
3223857b618b924c2b0fbc7bfb373a1aacf300a7b5ab585e18fffcf19039f363

SHA512
fe1455d21c521aeae3292bdcc386f6d2005dc253930c03e44dbcb972f96b849670d2aba039ea59e1a5ebc0350e6315151d17bcda55c161a62987d4bb01e91f9f

Download Submit
/data/data/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
392B

MD5
1f433c12af9b6bd234b37d3dac217799

SHA1
c702fbe344d3ea8a98b06a56e3b3cdc9c14f92bf

SHA256
5009bcb53cb58284d675588fe7702e733159a61deae082ba2739bdb3addd79e4

SHA512
f2ec556fe003d61d53f406c34f7041680651ef658c41b393016b8c6b862782d20bec98aa1d187a3214b7e29a2fc409aa96250a0b018957a4bfe753022d756395

Download Submit
/data/data/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
2KB

MD5
ae3cab7ab1c1c6383914c5ea3c4aed77

SHA1
0b9cb2116b853d90f3547c0cdb8dc56c24f65481

SHA256
947ccf93efdae630dca462a900828c35dbe1e904ffcfb6b52602628d8f460d3a

SHA512
cf222e131cd2773b5e65b3849893b8cd5c23a38ee6730b51f23e405b9c5873b5705c61e3b110c9f55d9babdccfce06f18ca93eb76fa57d8d55503f7182ff72e9

Download Submit
/data/data/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_89922355-8675-4dbb-9831-919d3b249e64_1716379149722.tap
Filesize
315B

MD5
2ffe88841662969af82a7841815618eb

SHA1
5400c3bd0a4be056f3711a7ebf38ffb7bd098a79

SHA256
9d1eb79124a3f2b370c51a26d625412afd2e26f6c82260233ba683005645eb55

SHA512
d10737597e6b09a3dbcde68d0b78cb3b2d7e5b1e2f82122f7693f1ac06a27f9a4ab54f68c61cb327bd40c1c6b02f42066d5bdc567c8ea6867530b4c92413173c

Download Submit
/data/data/app.emtiyaz/no_backup/com.google.InstanceId.properties
Filesize
63B

MD5
24450695cb7b014ae69bdb774d9f605b

SHA1
339b6f45f11dea5359b8edae0a380d312892dd5a

SHA256
e58068857c82f13640812d0fa46023a9fe050928b43dd7ea6d00329e3ef14998

SHA512
f5d4261bdbe5577fd66ffc37c5df68eda5be1053961164166d10e1d790767acb8a3c4bc0a3a5363775fc49fb8a7a9fec45cbdaf04d38d28fee921d8720ac7581

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads