Analysis Overview
SHA256
76a8d06ffe1be684e5be20aca8b45e6bdd0399b7870ff6ed17e67284a762560c
Threat Level: Known bad
The file app.apk was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Obtains sensitive information copied to the device clipboard
Reads information about phone network operator.
Requests dangerous framework permissions
Acquires the wake lock
Queries information about active data network
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-14 15:33
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 15:33
Reported
2024-06-14 15:40
Platform
android-x86-arm-20240611.1-en
Max time kernel
126s
Max time network
138s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
Mad.api
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | parvazrim.fun | udp |
| NL | 185.11.145.145:443 | parvazrim.fun | tcp |
| NL | 185.11.145.145:443 | parvazrim.fun | tcp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | site6.top | udp |
| NL | 185.11.145.254:443 | site6.top | tcp |
| NL | 185.11.145.254:443 | site6.top | tcp |
| NL | 185.11.145.254:443 | site6.top | tcp |
| NL | 185.11.145.254:443 | site6.top | tcp |
| NL | 185.11.145.254:443 | site6.top | tcp |
| NL | 185.11.145.254:443 | site6.top | tcp |
Files
/data/data/Mad.api/files/PersistedInstallation6500425669392033501tmp
| MD5 | bed1ce6173a916d2f9157044f16cbf36 |
| SHA1 | d7edbf724f6c3df0f70ffb71f313e16779409931 |
| SHA256 | 4faacddd18675dcc761fb801844c37773cdd2c32c29cfefcc7ff2b728776e0d1 |
| SHA512 | 3f3a1eed674a4969075d53da7a93d1cf4dbf15fca8ad6d7def2bbc326458fc6a7a2617fb264e7711815ece5eaac0e0564b194fd2b1c5ec8f64f18fc5c2226788 |
/data/data/Mad.api/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | ebb486751a77e990ed5d0da526a3e68d |
| SHA1 | a1ff0fcbca70981d9e5a9028e044e43b5166b6ad |
| SHA256 | 1f90fb2a9018b996d180e43992682580e447cc76cabdd5d65542527d673be9da |
| SHA512 | 0c1b054e855db754656ddde71fafd1124d229a3c6bd6ca96682d0e5df9052aafee66af72383fc9102006182c1ec0f6687b29fc983420faf752d66f266220d2b4 |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | 7237409e0640cfab7bdbd429bf821a3b |
| SHA1 | 4c3da934842f8d4835dfe2a9c275a300e5123309 |
| SHA256 | 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa |
| SHA512 | c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f |
/data/data/Mad.api/databases/google_app_measurement_local.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/Mad.api/databases/google_app_measurement_local.db-wal
| MD5 | 23eb693572020a16097dfbf8a006495e |
| SHA1 | 4342b85f0e37e84c7be3f55342a7be4749bdf006 |
| SHA256 | 37d00faf93233d82b11efdcd26bb512f47d9bea55c0663c68a63f561560ae435 |
| SHA512 | dd2e0678bbab6b1a6d7756c7c01f0de065cae6313b358a0ef7377ba094de7f67190d5fb3df6e322f80f79958f4c471db75bdf419f9a5aa9362d3d8f9177b4237 |
/data/data/Mad.api/files/PersistedInstallation5386235889802310835tmp
| MD5 | 519bddce9624468d9aefbf14f103f971 |
| SHA1 | 1aad49684fbe0db962908ba6a611b3f83bb3498e |
| SHA256 | 6933b5bdc374bae0ef94de0a417ce3fac3c0813cfc75ce9b00001c57b981d183 |
| SHA512 | 59f6cfbd67f89eb3d38dd1749639b4594d913b546e36533950d942d466b78073646d99565217609dd305c29e52c90735701f7a7fd53178c00c3f4a1da4cc83db |
/data/data/Mad.api/databases/google_app_measurement_local.db-wal
| MD5 | 52630fe0901ac12b532f0c4080e91315 |
| SHA1 | f0799fc35797746bbc2177f6868e2d555f92855b |
| SHA256 | f70c165d56759ccfec8e30566fc6ea1191e33e063f97be87a42c9031ccbca6c7 |
| SHA512 | 5d477f3e6a6b99f129b26a06aeab1e1b3b047b42cb5fa655e8676413e32e263eae49aaec2874775c2ffe916b8e98cc57c365b87f0713a6d4047e46ce84cabf33 |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | 871106b4cbefda6719e6651cceda79ca |
| SHA1 | 39afe8a88b8d9a973a62a0dd6112ecbb2d2a6a15 |
| SHA256 | 1ef78272166a9c71b6b37890a836e44cf9e67a0478c054340a06af4122db585c |
| SHA512 | bb6f3b0d1e35e65c33559a02475fcdd1d65df5fb404456de4f49bc8a6a95e86f8934ddbb6151134a78f777935c92182fe3caf2d30b724db80a2baebecadfb334 |
/data/data/Mad.api/databases/google_app_measurement_local.db-wal
| MD5 | 5c1dfbb2629ed9317577fa5fbf43bbd3 |
| SHA1 | a7e7bb35fbf8d75ac7eb22bf3aa77b6357309f11 |
| SHA256 | 17a0c55934f673ad42459a548d6b5e2884d7b882e1d268f1474a1b5d913d43ed |
| SHA512 | 010234c2ea072670b072ab02857f66cd86e9fecebe93bc531ba4c18b87645349eccbdafb8328bff7eb0793a76d79eaf3ecb157c8aa57505c9d7ce12c10402fbb |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | c521c9eb6fe2fc28463aaaeb2d588f92 |
| SHA1 | beecb2e90c311b4b25826732c961b912518ec200 |
| SHA256 | b0c708269795ca6cee86d9918d93eebb06930a1a175242f824a358685c0e557c |
| SHA512 | c5f8d3d7c03b097fb72eb332a22f48e986c44451537c534506e00a1c080b5bc652a9e515b609a8ea445d221be5441c9db82368edc16f024958823b079d627e98 |
/data/data/Mad.api/databases/google_app_measurement_local.db-wal
| MD5 | fefd516a3ec4a2c4f736894ef88f1c89 |
| SHA1 | 17cd928f69056d9e8cd10ab32c29276f3ed8bb19 |
| SHA256 | ce909a8db29231b07ea81907df9b6c29fada14dcdd91f04544ead8055fc67856 |
| SHA512 | 0fe1a114f359d309cf11ebda4907d5a2115c0c294442c29388754009df0a91796de5ccdb4676a7520030fa127d686f817f60d6bea0877b10a239937d7d46d504 |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | 0ed40d99c2ae04814b0407cd114eb8da |
| SHA1 | 00af9c347739b0a2ff14058bbf064cddf840a02b |
| SHA256 | 4e5909ea587df6edefe61bfc1733c1ad1f185c72176ffa2e0524d8f711d12465 |
| SHA512 | 11b8f8fb9deb08e379fc76297d072adbd40704d00888f015d541dd6dbbbde429b6c0abbd2299f9955fab20e4995ed41eefe5543b3f3d15a61b15979b27067b3e |
/data/data/Mad.api/cache/2
| MD5 | eaf3840d8b72c1346b662652806988eb |
| SHA1 | f7ce6ff876c1081932e785f8677e90874cf6b43e |
| SHA256 | 3316bae6fa63463d29e15817f134cc1104070ff261b2fdeb3d4371c68dca3e59 |
| SHA512 | f62c3de0d71cbf73bd4b5faa2c3a0e34d1746bb4515f5a8940a0b05b4ad5f1401bc1a0109fef5c558e355358fe7e0932da02e4834c7edbd570d8ee2580cd15c4 |
/data/data/Mad.api/databases/google_app_measurement_local.db-wal
| MD5 | 64c0661a931eeb198497ed66008a8ca7 |
| SHA1 | 43a5f8f0cf9f88670cfab2c1e2d1435b712779a1 |
| SHA256 | a4faa7b2faf72808bc54d3a6664e570241b861ce8a1c0c03c0cad768d1bcf103 |
| SHA512 | deed8f24a0388ada1387d2a79cb2e2957215c8aca5e1b7ee4e7998561110d270bd9aac01c4fa90805e983619844903f1f37c2b53819fe17a365dbf68591bc5ab |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | 680a6f5de1028bcea56848914a265f87 |
| SHA1 | b370d9d6a4690b121d114b158be9282b93cfb33a |
| SHA256 | 38c5fe6008a56d7c4e989533baf8bedafd3d83c92141a0fa22e99e9f465ef19e |
| SHA512 | e194ace200102394f61b2f106d79959818ce410db6acdef3cf66cde75237425ccf39c1db018e21840082fbd252d0afd950a38f300c2e0bae283f93606fbc28ef |
/data/data/Mad.api/databases/google_app_measurement_local.db-wal
| MD5 | c8375191315cb7329642fe4d60864dff |
| SHA1 | 66f4ef8ea2eb93a36fe391edb31542c407a6212d |
| SHA256 | a6e00570b91b0abacff4c32c30b9f619194ccec6d3e81222546e5d72a3367010 |
| SHA512 | c7e54ee9ab8b789a190d5a701bfe81683ba1c3dcec34dda2a8a33ed736e4ee50185c392acb7916408e46d8503d3641c4cb12e031186dd01a006dea992728057d |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | 3e881d9a01ca707bed38018ac69f4518 |
| SHA1 | 5820f9351d7cc8082de6e5686eb9f8fedf6fb830 |
| SHA256 | 4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c |
| SHA512 | 8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 15:33
Reported
2024-06-14 15:40
Platform
android-x64-20240611.1-en
Max time kernel
123s
Max time network
151s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
Mad.api
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.213.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | parvazrim.fun | udp |
| NL | 185.11.145.145:443 | parvazrim.fun | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | site6.top | udp |
| NL | 185.11.145.254:443 | site6.top | tcp |
| NL | 185.11.145.254:443 | site6.top | tcp |
| NL | 185.11.145.254:443 | site6.top | tcp |
| NL | 185.11.145.254:443 | site6.top | tcp |
| NL | 185.11.145.254:443 | site6.top | tcp |
| NL | 185.11.145.254:443 | site6.top | tcp |
| NL | 185.11.145.254:443 | site6.top | tcp |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.179.226:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp |
Files
/data/data/Mad.api/files/PersistedInstallation7854768160216320063tmp
| MD5 | 503aeb280b10d1bc04bcf5b136c7a41a |
| SHA1 | 6d94a6c4c7f7421a5d44cd42c5289ed5a42e4196 |
| SHA256 | b17fabf2737707d1682a21d006eec4898d1060ff31f2ee460483a34a614b1e55 |
| SHA512 | fdbaaa917967a8799a2e0d0db4bebd7dfb7330f99903dcf821979d99cc2ad027649d8e25de5af25d9f27d25668a4a951653227c3e76ea89c0781285ac5a4a9c5 |
/data/data/Mad.api/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | c35bf3fed0e187e8ef61022c74cef2af |
| SHA1 | b73d6ba4eb5e833bcedd5d5868e66ccf017f2b1b |
| SHA256 | 5db7a7b0259e00298ace05020197125e4c3b935cec61547ba0dcb1860147a083 |
| SHA512 | 819bdaa641ee5948c732e3a957c4a8e3c8f15e17b1c75635dec976ac44b21ba378a03767066541a64498e903a257a6f99f6f3f7d01d063f5aeb5a744ea6be347 |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | eb52a90bb70b76e946b62f50b6f7fb85 |
| SHA1 | 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0 |
| SHA256 | 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4 |
| SHA512 | b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | 282fe623d229f8e82ea96431ff52d275 |
| SHA1 | 294a52b672ea1c4ea4aae42b522597242d57886e |
| SHA256 | 84ca90d8f3289773e75cde51658cde11a527bc6a50cd4889139702c29063287b |
| SHA512 | e93927e937e99b991af51498218d0e48feabad3e79903b156a31b01d7a45d5bdfe6fc32964540cda232bd1e19bfe6befe8cd3732241c67f709f8dc9e069f23d6 |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | fa4128f9b7385f7b3898a2f6ee8ae719 |
| SHA1 | f72a115fcd43ca739ac52bf3d74144f9553e0ae3 |
| SHA256 | f8379487160e4b58acba2f827249c768ae972e255f0a9dabce6147998c02e5d7 |
| SHA512 | f946ef2aa359513a107e9ff6a30505d8a05d0aab4d1b4355ef8e50cdde2da7a3e27a2076eff49a1cb6cddfeabce563ae83d487fd9f585b54d7d50a1c08b3d79c |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | 1a5344e2a1f334d08e84087db20a842c |
| SHA1 | 33da4653893a23148ea20220b12b32c65037d835 |
| SHA256 | de2e46d70495769f9e459a96a060c6b4e4bcefc28523c4fa490596b4cbef73c4 |
| SHA512 | b4220263c64ee15e28b697bbd527e3d9824ecee2685816466a204a9c5d56e58d2eea68c0110be18d1c308da455f771dcca7a595659b33d80f08ed4e6779a67d6 |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | dd0c95e512f38466f6ed6d3d911a20c2 |
| SHA1 | 2dff8052d492a063504728a96aff4f8ef097cd36 |
| SHA256 | 24dc593cbb1449462e8d288c223fd9c519b4eb159b2c6863873fea06b58eb54a |
| SHA512 | 54c6b9d49a0a3e609dced73e33ccd9d1ef57cc0043ec5f67e90b68f2c18e6359e3989419ff59bc73261ff9f23a41ca50dfd3666104e8f26288f1b089f608e7d0 |
/data/data/Mad.api/files/PersistedInstallation1547932986605556619tmp
| MD5 | 3cc0d18cc1b530dceaf52f0dd11a47c0 |
| SHA1 | f86274aa33a866acd86d475b1f537cae04130c39 |
| SHA256 | 18e6ef214f35afe076a9cfecf625cc8e965e342e83796a8d1c2a81420d653759 |
| SHA512 | 96e695dd8b9fceb42c0e9ee7f0909100ac79575c9d0a6095e697d8b03bb3623456ed38c4bc3b9fbd938831f4b2530da523291b7dc9e7ecdf467b1fc7eab57029 |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | da061f269eaf78a541383fc95a5da97b |
| SHA1 | 5340f0f4dcdb821efb0279440de09e750b8bef3e |
| SHA256 | c6e25bfe67b3e9347c78542f4583ac462cd5e34d11d424ac733edb807e65df13 |
| SHA512 | 43347d048bf30aa2606647eba7147022b35ea73429f07b0e3807d5309963b685e59c34c3dfbf6a1ccc5ad2a578c19bed5020f6195e0ba502910d8a12b5315fbd |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | 08ed294732cf077fa6e1cf215eb2ab59 |
| SHA1 | 48b9de16102073d86b3d59a83f75023339a31506 |
| SHA256 | 39cc8102dea585993524ed57113ac784a9dd7d9815afa7191b91c5023cb1d9b2 |
| SHA512 | b5751f8715c59867ffb34b980cfe93f4e8b5257375455069113b1d7f39be04f54c6fc7260c8ab3b9a924406d86417dedfe567896fb6c85dd04d99d67508bfcb8 |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | c8ed1fe66087237eba33589d1c8cc992 |
| SHA1 | 40aabf07422267cdce97ad7245fadf72126bd5fd |
| SHA256 | c84e473cec1a59636cfc8784e68efd3e272e9c847698c435438323e1b8bd5e9d |
| SHA512 | 3a23c63994e3c69a9d702818e6568bb1983053103f4fc9d083e0da8f4d70e5b9e64c70286fe1fdd8e5e10738c7bd29c7508b79523fc4b966857a542718172b89 |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | 351e9563afc7dc8cde1d0f2490862847 |
| SHA1 | f6e8a9926325a1ce5bc6122a4ab2c4a8bba2209e |
| SHA256 | fa51b91d0237f1da8b93d75ea0c548855ce4998a09b3400ff2874eb58f191490 |
| SHA512 | 8239ee0a8c8b9fffb384ebeaa10ba4c60103a587f6bd1346ec38dd5032b72ee6c31e695e39b5c3e4ac82e97190c07b94278625318ca4ca40a03f80e08d5e41a2 |
/data/data/Mad.api/cache/2
| MD5 | eaf3840d8b72c1346b662652806988eb |
| SHA1 | f7ce6ff876c1081932e785f8677e90874cf6b43e |
| SHA256 | 3316bae6fa63463d29e15817f134cc1104070ff261b2fdeb3d4371c68dca3e59 |
| SHA512 | f62c3de0d71cbf73bd4b5faa2c3a0e34d1746bb4515f5a8940a0b05b4ad5f1401bc1a0109fef5c558e355358fe7e0932da02e4834c7edbd570d8ee2580cd15c4 |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | 34a58b54b8b5eb9557ac3d09fded564e |
| SHA1 | 8560c5f04bb339a44852e33465fa7ba0c260d5fe |
| SHA256 | 4351ac3af3222521ee880ca48a9b2489dee46a416d7ab90d45ad50c55a77f9f4 |
| SHA512 | a3c31f510bdf6be2d5cf47aeabd187732c67e71905977305bd30d0675cfc59704a23a8c743b09513cf2e9f1478f2aefae48e293403ab8ed03305b6c0d5679773 |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | adf6082723784327d7d1b34adf974e7d |
| SHA1 | b1502f70eb881a1dfe41139cb719fefb877ee37c |
| SHA256 | 252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9 |
| SHA512 | 762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-14 15:33
Reported
2024-06-14 15:40
Platform
android-x64-arm64-20240611.1-en
Max time kernel
145s
Max time network
131s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
Mad.api
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | parvazrim.fun | udp |
| NL | 185.11.145.145:443 | parvazrim.fun | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | site6.top | udp |
| NL | 185.11.145.254:443 | site6.top | tcp |
| NL | 185.11.145.254:443 | site6.top | tcp |
| NL | 185.11.145.254:443 | site6.top | tcp |
| NL | 185.11.145.254:443 | site6.top | tcp |
| NL | 185.11.145.254:443 | site6.top | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
/data/data/Mad.api/files/PersistedInstallation5637829052325796616tmp
| MD5 | 9e89c772409eba737873b05ad27e651d |
| SHA1 | 33bfe381ea7ba89e88f73823e63dcb2ae96ce87d |
| SHA256 | d86895cf08527f1b8309849126fb623a84c4e8d13f8b8a7cc78c970074c025b0 |
| SHA512 | bdba7f05bfbbd0f0aaab73c977f3f48df2427b3159c08519dd3601a0a8fd7e694cc9384e0e9b65d25297bfba9ac3eb324ad0f1d665f7c867bfc556598efdd993 |
/data/data/Mad.api/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | 88ca7d83e5c1b59bbc667233c0d5e388 |
| SHA1 | 3da02c529cd2b5225a9acef65172beffb70d1902 |
| SHA256 | 68f711ce1f1238267f79e8805ce5c6c483f45879508d35ffcc917792bacf55f4 |
| SHA512 | b812d28ceecc007549181485ea16de3ad04344f9cce4459529b4df8376f68b0a7cb01aece691474818d0168c2cd473faeab77e70f58643142a77baab34816807 |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | d9cf75fdd1c2292d986f6c3d5d60f2c8 |
| SHA1 | 07ecb1d3a26d952ae5fecf54f36699ab498510b1 |
| SHA256 | 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a |
| SHA512 | 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | 5b9e3b629b18ae60d9ba98a6a3010ec3 |
| SHA1 | a5db45ec396d1bb5f828e4cf3a8aca89edb70105 |
| SHA256 | d011ee570ef16f67f2e7679fd5c898ef105ebf76e43ad808dd1f2f1b3ba36035 |
| SHA512 | a0725b1a4c459cdd0a172aca44011cd2ff2f415be76f2d9fb5e8b737182932969e26be7b7d1f96b167fc792b20b52b297b4b86ddf30124ed7d775ed3593b9b2e |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | f566c915ea4225f58e57825ffe31ef23 |
| SHA1 | ebb1a18b4ed9e2c038c14f331fdb5e9cd3215396 |
| SHA256 | d58a5d47ebf384af00336b1368f55b057ec46561a53e479bd0af78929eabc322 |
| SHA512 | 3e219701a81d5edd0371d98ce7ea87f0f345a1b63d9d938267f32727081d83ff0fc574f1c7f1c8c2b03eec8245f50d80e37fa8c80c6ea2cf4c7342e3cc779dcb |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | fb8d5a5ed09b5a6ebba0e462e973bfd6 |
| SHA1 | 92aab2c291ad2bc498c9dcb22a4b2e58ffd90629 |
| SHA256 | c12e94c9d9ebf113d4daee4578a363e2ec6e3caaae7c230dbe1e31ef18333b95 |
| SHA512 | e5b9d4323127af2b439c08b9557b17ec409f282b62185abbea0054e9c17853795c5b788e4c66f2dc2fa82462093a54d7829e94f54d98913611adc4506f65eec2 |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | bb4fab97defb1c6880d36cd3058fa147 |
| SHA1 | f2b00893612d69634cfe1eaef1d5c2e44ee1bec4 |
| SHA256 | bec1e0fa683dc6e3ef36eace445f9b816066f335f1e513fad5ba5d27f8aabc7a |
| SHA512 | c3c047667837d6548e8cf443bdad0c83f748e723a1826fc3d650593d4d0cbb64666907c796e304c9aaf63ed5b9734b9fb392a7f8f7fc82827fce07058aeaf57b |
/data/data/Mad.api/files/PersistedInstallation3877255175307430611tmp
| MD5 | d70d22637a92311c9b462531a786536c |
| SHA1 | ad6db1fd407e3900209c82daf56a9d875e413584 |
| SHA256 | da811faf4dddc8c019384f36c132592af272de03263080bcd77372bc019a9b89 |
| SHA512 | 820be702ff78aa5e19bb599e9c9621fec660639104ff41d9199692a46dd55a269936ca5e74452bae9bd8341faacb179c6a8aac4edb05cffe1dfdd28e9f9457cd |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | 97748c755714e02e90860056cf5277b1 |
| SHA1 | 3c359f11bb1bd3347b9d388cb62d274709deb378 |
| SHA256 | 8e99b64a06e2b5b5cb60a0356f43300d33311ffe257ffbc4b96da158b2aa5e28 |
| SHA512 | 8ad4d1f37233bd4ac6d987ddb55ad26eb9f93f08b23f03e1dd021c87ab4d6314a68c7d191472e069c88125a263bc6f46b3ac117b3c9cfefce7b8a6e89606a9be |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | b7545717399e7f857bb932d9de96359a |
| SHA1 | 87efe7af25abbe0992321efb7f7dc202beefc5ff |
| SHA256 | e0e64acd0554cb66771f598f3f42c6992f104060da0345bd134e5f4908f6635a |
| SHA512 | f2c7b9d07231cf8f6b9b95c7cc95e7418da69ba93a4df222c5264d5c803769008a62588704753f9ceb96036e634c72cad8956233c7a36bae34e75e161ad8becb |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | c3e1d8c644642fbe2a12430edc7053bb |
| SHA1 | c3f82bd26e3866a104d2431143e48175bfe0676a |
| SHA256 | 1fcc3f36be47ee0c74a4d09e18c64353f5dddcd67bdd72564b57e3a1fb5a89c7 |
| SHA512 | ce20ae956919cb0958df1fc5a80688e4cdfb4caa512ef6c62b863a24b0e87c3743916d342f3ffa4c7908d63ac1149c405c1bc9b492116fe4cf2c68030a795bb8 |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | 24fd1dfdc407c6a69e7f148943e548c7 |
| SHA1 | e7c024f8580aedd254ca071ebe89e9574c93019b |
| SHA256 | cd2d5ad6800866562fb017482e47dd97f54a5be20b5883d2323a123eec2bdc79 |
| SHA512 | f9511e45b74d43be1233bcd3179b183087c898422015b48fed78e5b16d4273ef05ffc8f9c83fa6b8548c7f47f3787e91c0146c149901ce965ad5051e1f706277 |
/data/data/Mad.api/cache/2
| MD5 | eaf3840d8b72c1346b662652806988eb |
| SHA1 | f7ce6ff876c1081932e785f8677e90874cf6b43e |
| SHA256 | 3316bae6fa63463d29e15817f134cc1104070ff261b2fdeb3d4371c68dca3e59 |
| SHA512 | f62c3de0d71cbf73bd4b5faa2c3a0e34d1746bb4515f5a8940a0b05b4ad5f1401bc1a0109fef5c558e355358fe7e0932da02e4834c7edbd570d8ee2580cd15c4 |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | 40d3d792daed3d08240016d09004ddba |
| SHA1 | 75e760c0082e20d46b2e569edc8d326e2e2cdae5 |
| SHA256 | 5ff678a346d6d4e59740380f906ed5ff06961147b37bd158a18e9462a7cd9407 |
| SHA512 | f5ee94b0df2a6197f5b3b81d31a284221e8f42919b2f420b8ae206de958fd2eaed3e5c95d24fc3ef656afc7ef57f0ea0ea553e509d7d48c6ed0deb78b7d298c7 |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | de82e2c94d2718988804b035a46d17b1 |
| SHA1 | 705f5ff19093ad209f2a666085d6ccaed3bf58a4 |
| SHA256 | 29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39 |
| SHA512 | 68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e |