76a8d06ffe1be684e5be20aca8b45e6bdd0399b7870ff6ed17e67284a762560c

Analysis

max time kernel
123s
max time network
151s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
14-06-2024 15:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app.apk
Size

2.8MB
MD5

3b101fa1cdecde692d532e283cde0965
SHA1

d5bddb3d1d78a1ccaf08008144b40380a76e4792
SHA256

76a8d06ffe1be684e5be20aca8b45e6bdd0399b7870ff6ed17e67284a762560c
SHA512

e37586d79e676ff6aa613b216d80ad3fdcc73c5b74780d818b1bf2f79c06c706d5277571f151809a16ad8ee032963995f31132a210b0da87736d99ac79fced3d
SSDEEP

49152:HU/q6xEtzSF8vds66oL6WCJnAokqjcOjNO5Y/3CHLQYB4P9X3R5oHYWF:HCq6CBtvG6D6WoOORB/3sLQzFXvS

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	Mad.api

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	Mad.api

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	Mad.api

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	Mad.api

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	Mad.api

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	Mad.api

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	Mad.api

Mad.api
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:5023

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/Mad.api/cache/2

Filesize
59B

MD5
eaf3840d8b72c1346b662652806988eb

SHA1
f7ce6ff876c1081932e785f8677e90874cf6b43e

SHA256
3316bae6fa63463d29e15817f134cc1104070ff261b2fdeb3d4371c68dca3e59

SHA512
f62c3de0d71cbf73bd4b5faa2c3a0e34d1746bb4515f5a8940a0b05b4ad5f1401bc1a0109fef5c558e355358fe7e0932da02e4834c7edbd570d8ee2580cd15c4

Download Submit
/data/data/Mad.api/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
08ed294732cf077fa6e1cf215eb2ab59

SHA1
48b9de16102073d86b3d59a83f75023339a31506

SHA256
39cc8102dea585993524ed57113ac784a9dd7d9815afa7191b91c5023cb1d9b2

SHA512
b5751f8715c59867ffb34b980cfe93f4e8b5257375455069113b1d7f39be04f54c6fc7260c8ab3b9a924406d86417dedfe567896fb6c85dd04d99d67508bfcb8

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c8ed1fe66087237eba33589d1c8cc992

SHA1
40aabf07422267cdce97ad7245fadf72126bd5fd

SHA256
c84e473cec1a59636cfc8784e68efd3e272e9c847698c435438323e1b8bd5e9d

SHA512
3a23c63994e3c69a9d702818e6568bb1983053103f4fc9d083e0da8f4d70e5b9e64c70286fe1fdd8e5e10738c7bd29c7508b79523fc4b966857a542718172b89

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
351e9563afc7dc8cde1d0f2490862847

SHA1
f6e8a9926325a1ce5bc6122a4ab2c4a8bba2209e

SHA256
fa51b91d0237f1da8b93d75ea0c548855ce4998a09b3400ff2874eb58f191490

SHA512
8239ee0a8c8b9fffb384ebeaa10ba4c60103a587f6bd1346ec38dd5032b72ee6c31e695e39b5c3e4ac82e97190c07b94278625318ca4ca40a03f80e08d5e41a2

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
34a58b54b8b5eb9557ac3d09fded564e

SHA1
8560c5f04bb339a44852e33465fa7ba0c260d5fe

SHA256
4351ac3af3222521ee880ca48a9b2489dee46a416d7ab90d45ad50c55a77f9f4

SHA512
a3c31f510bdf6be2d5cf47aeabd187732c67e71905977305bd30d0675cfc59704a23a8c743b09513cf2e9f1478f2aefae48e293403ab8ed03305b6c0d5679773

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
fa4128f9b7385f7b3898a2f6ee8ae719

SHA1
f72a115fcd43ca739ac52bf3d74144f9553e0ae3

SHA256
f8379487160e4b58acba2f827249c768ae972e255f0a9dabce6147998c02e5d7

SHA512
f946ef2aa359513a107e9ff6a30505d8a05d0aab4d1b4355ef8e50cdde2da7a3e27a2076eff49a1cb6cddfeabce563ae83d487fd9f585b54d7d50a1c08b3d79c

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
1a5344e2a1f334d08e84087db20a842c

SHA1
33da4653893a23148ea20220b12b32c65037d835

SHA256
de2e46d70495769f9e459a96a060c6b4e4bcefc28523c4fa490596b4cbef73c4

SHA512
b4220263c64ee15e28b697bbd527e3d9824ecee2685816466a204a9c5d56e58d2eea68c0110be18d1c308da455f771dcca7a595659b33d80f08ed4e6779a67d6

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
dd0c95e512f38466f6ed6d3d911a20c2

SHA1
2dff8052d492a063504728a96aff4f8ef097cd36

SHA256
24dc593cbb1449462e8d288c223fd9c519b4eb159b2c6863873fea06b58eb54a

SHA512
54c6b9d49a0a3e609dced73e33ccd9d1ef57cc0043ec5f67e90b68f2c18e6359e3989419ff59bc73261ff9f23a41ca50dfd3666104e8f26288f1b089f608e7d0

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
da061f269eaf78a541383fc95a5da97b

SHA1
5340f0f4dcdb821efb0279440de09e750b8bef3e

SHA256
c6e25bfe67b3e9347c78542f4583ac462cd5e34d11d424ac733edb807e65df13

SHA512
43347d048bf30aa2606647eba7147022b35ea73429f07b0e3807d5309963b685e59c34c3dfbf6a1ccc5ad2a578c19bed5020f6195e0ba502910d8a12b5315fbd

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
c35bf3fed0e187e8ef61022c74cef2af

SHA1
b73d6ba4eb5e833bcedd5d5868e66ccf017f2b1b

SHA256
5db7a7b0259e00298ace05020197125e4c3b935cec61547ba0dcb1860147a083

SHA512
819bdaa641ee5948c732e3a957c4a8e3c8f15e17b1c75635dec976ac44b21ba378a03767066541a64498e903a257a6f99f6f3f7d01d063f5aeb5a744ea6be347

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
282fe623d229f8e82ea96431ff52d275

SHA1
294a52b672ea1c4ea4aae42b522597242d57886e

SHA256
84ca90d8f3289773e75cde51658cde11a527bc6a50cd4889139702c29063287b

SHA512
e93927e937e99b991af51498218d0e48feabad3e79903b156a31b01d7a45d5bdfe6fc32964540cda232bd1e19bfe6befe8cd3732241c67f709f8dc9e069f23d6

Download Submit
/data/data/Mad.api/files/PersistedInstallation1547932986605556619tmp

Filesize
570B

MD5
3cc0d18cc1b530dceaf52f0dd11a47c0

SHA1
f86274aa33a866acd86d475b1f537cae04130c39

SHA256
18e6ef214f35afe076a9cfecf625cc8e965e342e83796a8d1c2a81420d653759

SHA512
96e695dd8b9fceb42c0e9ee7f0909100ac79575c9d0a6095e697d8b03bb3623456ed38c4bc3b9fbd938831f4b2530da523291b7dc9e7ecdf467b1fc7eab57029

Download Submit
/data/data/Mad.api/files/PersistedInstallation7854768160216320063tmp

Filesize
90B

MD5
503aeb280b10d1bc04bcf5b136c7a41a

SHA1
6d94a6c4c7f7421a5d44cd42c5289ed5a42e4196

SHA256
b17fabf2737707d1682a21d006eec4898d1060ff31f2ee460483a34a614b1e55

SHA512
fdbaaa917967a8799a2e0d0db4bebd7dfb7330f99903dcf821979d99cc2ad027649d8e25de5af25d9f27d25668a4a951653227c3e76ea89c0781285ac5a4a9c5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads