961606a5c8a4551b28f860da2a8d322e2f0063fcfee07179697bf93d7d94f3a4

Analysis

max time kernel
32s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Emtiyaz .apk
Size

1.4MB
MD5

a7aab9c22e5deb03fc6e6980fe9ae2d4
SHA1

97be1d11203ab09af5d3ea95be666d61260eb9c2
SHA256

961606a5c8a4551b28f860da2a8d322e2f0063fcfee07179697bf93d7d94f3a4
SHA512

800b4b084ef3965592a29af968cc07e7ce0b79994ad0b0e7f9d970977ff1c5327ded6f6865553ca076c20a5a035606a15b2860c06e0a54d8b36b88156594219d
SSDEEP

24576:V0m7XIv33im7SNjXgxHMSpOdxlbZwsY0vyl4HSZkGZzaRsiv4MUDa5GE:hXCd7SNjwxHMSpmYkHMZ+Rr9UDKGE

Score

8^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

app.emtiyaz

ioc process

/system/app/Superuser.apk app.emtiyaz
/system/xbin/su app.emtiyaz
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

app.emtiyaz

description ioc process

File opened for read /proc/cpuinfo app.emtiyaz
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

app.emtiyaz

description ioc process

File opened for read /proc/meminfo app.emtiyaz
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

app.emtiyaz

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener app.emtiyaz
Acquires the wake lock 1 IoCs

Processes:

app.emtiyaz

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock app.emtiyaz
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

app.emtiyaz

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo app.emtiyaz
Checks the presence of a debugger
evasion

ioc	process
/system/app/Superuser.apk	app.emtiyaz
/system/xbin/su	app.emtiyaz

description	ioc	process
File opened for read	/proc/cpuinfo	app.emtiyaz

description	ioc	process
File opened for read	/proc/meminfo	app.emtiyaz

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	app.emtiyaz

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.emtiyaz

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.emtiyaz

app.emtiyaz
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Checks if the internet connection is available
PID:4494

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/app.emtiyaz/databases/com.google.android.datatransport.events
Filesize
32KB

MD5
7daa8bf70cba1177c0aaa35143f5ff54

SHA1
4ddb8e3e373296808fd5a3832a454ea9c0c60b0a

SHA256
f02ded6053bd0f124da16cdf40849fb201797ddfac5536ab36e1feceb21564a3

SHA512
7178eae8e99b2f8b571bd333a3c6916bd088c96dc2c6d5b074ac388e58a345de6a82daceb39994019cbdc5c2d4065912eb0c52787ec50d9e1f746ba92bcee22f

Download Submit
/data/user/0/app.emtiyaz/databases/com.google.android.datatransport.events-journal
Filesize
512B

MD5
498772ce3751ba8f615ce6202af355d8

SHA1
2efb522f7862ecd97b70841819c2e1903c880c56

SHA256
a164a2a9702f92cf17b41b4e426f81e47da67f36cfdadb98eca89ba9117d435b

SHA512
6200966c21cb082aab5103c6662361b982495a87faf5d5118f60953136955d2a4911bf24a91bb43c67f09e8c601ae54b2c302c2c2748931d3976aed29f10ecd5

Download Submit
/data/user/0/app.emtiyaz/databases/com.google.android.datatransport.events-journal
Filesize
8KB

MD5
a3d1ace896af9d2ca5708006531e765d

SHA1
e32b3b39cbf017fa280a3e9ecd6212f0a9a8a866

SHA256
cfac8b548ead9ad494810711a763de052add113d6cec51fb3436e619048ca472

SHA512
b6e71623cc9781485bc478c012d442e684550023bfd1e6fb06f7f564f8db72bcd8c86f52f6537b502de2a7f0d956fb5abd4109fd529cbbe2fc790954762c229c

Download Submit
/data/user/0/app.emtiyaz/databases/com.google.android.datatransport.events-journal
Filesize
8KB

MD5
944e999afdf1f57a36e4461f2581f886

SHA1
8c60c311f263430aabb1525a47da829ed852a72d

SHA256
16995a351fc2f2b54b76002b031cce8374fee9a09c925a95eb40153c55853833

SHA512
6e9f49dc8cd54ca12f80007175eb9f8fd3a0e52947a7ae3d1830d445e8a65cdd45584e93e98612b2c7c9a6e62d0848dc91f2421c941c16d5101e9a77889e559c

Download Submit
/data/user/0/app.emtiyaz/databases/google_app_measurement_local.db
Filesize
16KB

MD5
b0177f386e1f5c4304a636b7d33cdbd5

SHA1
4ac9d806b15efb7bd4667bc531fd346b59ce3a89

SHA256
d66e739723e4437e4c2cf19a3e33723d63c1eca9977ec096d027a23661d0aecc

SHA512
7b189a74c3cce3022128e8accf227d6e4b10616d0899eba64fa4ce46c9b8c9e660959d5a0984a47224721a49854d5b43b00298d0382ccd66062339351139c163

Download Submit
/data/user/0/app.emtiyaz/databases/google_app_measurement_local.db
Filesize
16KB

MD5
841a60481f32d7d69cc724992b4ef35a

SHA1
33683ed8cffab01ba48fa40404265f4b6bd06611

SHA256
ea774c5576e5cdb46ec20ad38963b80a4e4a543bcffe7e1a049851deaf5b31c8

SHA512
400883130e244b4c4c3a8491dbea4172753d79a8fb983181cb105549c482f66807f3064dbf69a7507b12915bd5f2bf7192e342bd74f90f8949289b2eaa07474e

Download Submit
/data/user/0/app.emtiyaz/databases/google_app_measurement_local.db
Filesize
16KB

MD5
9fab918a4a3ec9525eb0a25555cde4e6

SHA1
9a68fa779ae8003bc90dc9d2a92eeeb6fd4db5d1

SHA256
0d087401e0a789802d762b6b0976cbe75062ae9c34ef67348e47894b1a4fd57f

SHA512
c72fec36592451258bbff3880b113ed7ec23a77c175cbc8091298a47676dac3aeb4ede4cff519fbd30a38aff40447b060cea8cb52d6ab426182d5ac5a56da3da

Download Submit
/data/user/0/app.emtiyaz/databases/google_app_measurement_local.db
Filesize
16KB

MD5
e432d48830f2cd1c320a31a82bc2099e

SHA1
396e35767ebed1028d49a51136884e8484d148d0

SHA256
d2280481d402ae8684563c2791f3dc5d5ef8e1a93bcd654b872bc8a0c599bdba

SHA512
65d3b3c973cffcc37ecbddf9c675eae3a83c5f94dfbbdaedb1fe666ba5f8d72121ccba96cb3c58b2a5945d804460a0da9032f376fec100f18941d60393bc8bed

Download Submit
/data/user/0/app.emtiyaz/databases/google_app_measurement_local.db
Filesize
16KB

MD5
ad22b18b5d504a6fc24de7a474c0404e

SHA1
010745c4139e627f0db21acc16e33be769980dd9

SHA256
896bbf2ec783b1ebf023641cc22cfa2c059873ce9c5f9f40b9b3f4e734c2c815

SHA512
77aba4a74ddb7d5c2b2c340b7aec79f004f97af49916dad8f430e6f675df613c0e6098cf8fc8519032e47993281c9677b226e2379d895ed4a4c7cf0c59a40023

Download Submit
/data/user/0/app.emtiyaz/databases/google_app_measurement_local.db
Filesize
16KB

MD5
a575630919b8ec6b7540ed777ed31aab

SHA1
0cf9d83e7134a771dd255a1ee1309908a84a5a3c

SHA256
f823a43f718675a2eb822244b192a38e10923863258ecc543d9dd800ef688748

SHA512
5544efbfe3a63eca77b5763a134c268a25bb405f844a0033d87aedd05c4aa0a90bde89ebca568baacda5eaae22a18cae18c5fd912bbca6284eb592e095138858

Download Submit
/data/user/0/app.emtiyaz/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
1469c5c6aadad35f05a499364aa723a3

SHA1
6907f6621a6929eceb63081b36913f0e1e54d50b

SHA256
07269503f28ea7c4ab8b47173c8e316e41db451ead9b2ef2aafbc1469dabc4e1

SHA512
c41637db4ae8d6cb610dded0eb7fa948d2571f71658b628c482a64291d3349adc00198702acbfcd020cb620cc9f4cd687f6dcaca86a8077af7297423088daaf1

Download Submit
/data/user/0/app.emtiyaz/databases/google_app_measurement_local.db-journal
Filesize
4KB

MD5
d7a3ecc6a26d04cc3947b9d33df3a78f

SHA1
f561f75eef763d4e8072855774f09defa6aa25bf

SHA256
4a3fbde3a7018e930f947fc2af88fd4afb15bd57a263e29405dfb801d0aed385

SHA512
2e478c7ba7a4fd1aba9edceff3a8e2675ad70fad299ca7dc7fb6f9a8433ab63cc81055ac1f9efa06db473349152e3ca7dde027dd7358494d841b4950e4fe1daa

Download Submit
/data/user/0/app.emtiyaz/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
bcab3a633c3c0a6de8407b6371180b1c

SHA1
9d5d7fe480e61f28fe945435aa030a5bb5a70e3b

SHA256
5107d914bb17aaa12a5912f5113ad9549d05d1c540bb5f33f8057808ea1e7a33

SHA512
7390646acd7c203edd5aa2a97cb5e7ebd8c34d4f1290e5fd9fce870156451144621f9916239531500218c664a379f273343586167a05c36bd3074affaf817688

Download Submit
/data/user/0/app.emtiyaz/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
bdea7f1c56e75a1fc900ea751eecc919

SHA1
dcfd2979f115a8b52596d98e4eb8f9d899775e39

SHA256
a154828089e678433711122f3f76fac65f9adca8f0e4aef006abf6e639cc29d9

SHA512
e1d759ff0628eeffea4188ebb2f3fbbb51708a1d1c5407e4a1991cab169cbe58199f6537c7d7c403d1610f0fab14887dbb95351f927df3fbe9d660b2db13849c

Download Submit
/data/user/0/app.emtiyaz/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
442145635d78866b96cbda07ff1ce28c

SHA1
befdc043443359c9a8e73a3ae60c664f36a819c3

SHA256
afe1582ea09113e2860283c602254d502276185f765821667ad74cd09b2ab549

SHA512
796902693d0da88e9dee9667adb6ef9414875b7116fee00ed636a1f169fd89f82b67e0990628754eb0759b996d6a46dd1cf26fbdf7ce1c52a7b1d32d6a86755e

Download Submit
/data/user/0/app.emtiyaz/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
c38818e9b353cce1d4285f1a47603ec7

SHA1
e6d597efb7bd35e600a3cb03bb17aad0781e71a0

SHA256
6a629c27ca01dd7b44099b0bd5adf7b5360ecd664e315dcb766ee9b8edd85c72

SHA512
f70ff008c9d7b9e0d380003b6af8c1097652caad843821f26e2c199a3ab6e6e0c3ae6e928c3b5f1301f9fc04470f4386133392622bb7670075086fddc6d41e5e

Download Submit
/data/user/0/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DDE1D006D-0001-118E-437B05043721BeginSession.cls_temp
Filesize
77B

MD5
acbc7d3f396e285cf364a22ac88b7e64

SHA1
69fdbba24815d52c6ecfb162f157d928a1c29303

SHA256
86aa257ed7231f35e9ea1a128a5ba297f55fbf52e3f5e317189f84c688dbab5a

SHA512
eb476e4b6574004959ec8003b5c0c04f7baf2034d4f5e44b0336817759a1cda4abd4d7fc7b4bbf210adbc39908e6e4065b3d4ed34607436f4e925544a531b6cf

Download Submit
/data/user/0/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DDE1D006D-0001-118E-437B05043721BeginSession.json
Filesize
132B

MD5
f823b4ecc8f69e21f99a74db66f55835

SHA1
0164b8d2e0e8ff8fd2d953e16e88b12c2b0aa42a

SHA256
6126ab4177a0cb5f3180e7854a22e7c350b33c1845caea52fc4b44521284ab74

SHA512
1335eb7be300e39f64f14275314a92151b67f79e1f78c114967200e1e89aff60f9b772da96ef51e36a8465621b479bee8828e6635f4ef7689f6c2868dbbd27fa

Download Submit
/data/user/0/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DDE1D006D-0001-118E-437B05043721SessionApp.cls_temp
Filesize
105B

MD5
299dbf0f9744105a3183aa6ec88d9eaa

SHA1
785de7f1a14e5c1a2fa8624305472374471d5c7f

SHA256
dd29330ca41f55b49c89480c52cbac35f694162c53f225290ce717087f51af5d

SHA512
b1a31127dbf7d4c252517becf59d58d54aa355a2cdf2906fa1dff36ab187cdfc01c268f39c07a74c33f0420a768e5e0e254259705ca9590896769249b6c0a0af

Download Submit
/data/user/0/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DDE1D006D-0001-118E-437B05043721SessionApp.json
Filesize
219B

MD5
e1e7655e667437ba96e6a18d2746241c

SHA1
79be5ed6a93a5616afe5ffc076d305be441522e4

SHA256
6d19f927e8016ccbe0e7453caa7b8d68a0d9561beb7110f2df841caed348e2ee

SHA512
2973215b522cc51153c65a87681561353e3df9793af8dcafeff92264b488fe03efb110b70100073a23fcd6fa8130174296fced7bd4428e372112bbda896939a8

Download Submit
/data/user/0/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DDE1D006D-0001-118E-437B05043721SessionDevice.cls_temp
Filesize
48B

MD5
fd6372364a5c5c9cf8945ac3ea7a5d94

SHA1
3c798cab71f6ae7a81e71e58712368231230588a

SHA256
7400bf714ca32b64dd89440c9d5ace4e0115ddce44d169839e465df0e1638641

SHA512
a18b18d061dfd979bce1e0b769009668c322300e7174f51d2532e86dc6018769194507a106dd30b97317f8c1a7539d13a7baeab2900c1e00da7c74e899dab276

Download Submit
/data/user/0/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DDE1D006D-0001-118E-437B05043721SessionDevice.json
Filesize
202B

MD5
eeeb942571fa704cf8ae49731fbe9789

SHA1
b5989c4cb932ffc779ee25bb3f7bfb79cf720427

SHA256
78809f7ae96de01e3922b6d3a134c3f7e9a0cbdacef313f70e8d9345bf5fbd71

SHA512
71e55c16f9f8fc936f8607448916bbfa1ba233b7120b8676fe11552916ac4dd3e3a7b0f9c31e14048933c8bb9c9d6d630ab7d28389f31749640cc965b2636565

Download Submit
/data/user/0/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DDE1D006D-0001-118E-437B05043721SessionOS.cls_temp
Filesize
15B

MD5
b3d9541cc92a9153d14e5160f8d8c008

SHA1
2e1ac80eb381dd82a03795b682f92020348c0113

SHA256
1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d

SHA512
78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

Download Submit
/data/user/0/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DDE1D006D-0001-118E-437B05043721SessionOS.json
Filesize
55B

MD5
fc1dcee4e422d77e7fab7c08c8a41344

SHA1
d5340127e9d5f735b9d33b9dc61c772fb0e2dc15

SHA256
b843f05ed78cd137c272ba7f0ce8ede3aa853098a856863e51d5c223b58f21c7

SHA512
3ec07617e3e1008572f6f2528de9d4b827050cc5a7cf19a1604c961f9ec370ede6f5fd83bfcc252c0ee286fe244ee6734046ef1aa638dcfc689cd4407a6a8f61

Download Submit
/data/user/0/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
392B

MD5
28c1a0927a37ff4c1d50a3dca0c80c61

SHA1
22a9effdc57f913fabc5ba5c9aeeeea95b597550

SHA256
3f2ea8b3e51a52f1f5cd6f1d3087c5987e3f8f5c0c80fa15d194cba689f603ac

SHA512
0d8e0ef5cbecbaa192964de54be0a6a36f6f7c2d661cdf146b4340dbc2d2c9a4e88a59526363f7d979d3a0a775b530cf237b19daabd204a541393f963105fdc1

Download Submit
/data/user/0/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
2KB

MD5
b300f99eedf882b2290663e43d511f58

SHA1
cbcf8b48714d376b9054b52c69c1d00f3685f1dd

SHA256
6bcba8afcfd07806a88d2e85b3ab495a018163c09b3e490f5d1b5e1c1f9dcf56

SHA512
fa492859fe20a2842e0d7a7335d4d54e51e81628f3b8dd8d43ff4d9293582bea90513bc83bd0edd506aec47fd514e7f781fad358cdda17cce17933f5995f97a3

Download Submit
/data/user/0/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/user/0/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_c85eba9f-86d8-4103-aff1-2d29e48dd0c4_1716379167606.tap
Filesize
316B

MD5
74c0fb8c7b9bf6e46a8f5ebff5d07db1

SHA1
b310f64102b4b02ef9423ded6e22b0991c611cf9

SHA256
b5929602873f2b297192b8987322e73553d335c59a3cf2a5996d77e6ef4aec7e

SHA512
85b91e9bdf90f2827b5862b5cda748294748b1ab1c2e6db34f0c5c400f2539b9dfc682fe27e4be50cb4609f89a17f399e9972aa4cfee6a1173408dd3e99a5f73

Download Submit
/data/user/0/app.emtiyaz/no_backup/com.google.InstanceId.properties
Filesize
63B

MD5
e9871f51e2b8454fc147f161c88049f6

SHA1
1d1b7f07b5994933a4036e3824b6985987eb07ac

SHA256
7811bd6c5beec5339c2f10acf10cc091b21e9e11f6553240ac46f03cdfbce5f2

SHA512
60d82193cbcd7d4a2cf85d5e44c2f0ac99105911bf3f33c8021d7233b3dc22ea5af4d26b748149288a4d39a90f3729779f62bd57533a947f6c9981a6e9943682

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads