cbb34018e304fe3d88abbe31bd8da90e52f62c9200024ba7df7d80e6bf2d32c4

Analysis

max time kernel
123s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
27-06-2024 00:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app.apk
Size

2.8MB
MD5

8ac01d4b53f2a6d14c054c50ad9166c8
SHA1

e5e90998b6f6416458c9f9bbed12943826daae1f
SHA256

cbb34018e304fe3d88abbe31bd8da90e52f62c9200024ba7df7d80e6bf2d32c4
SHA512

e71bdc8653037093923d72207155e6a81129f733acec256ec28d328819e51790e6f1600886251527eb4ff333226ef39281f97f83bce6119a1dc6ad47d24cf256
SSDEEP

49152:S/76xEtE8qpwRxqPjPLnJe6QhXBJw/OyH3EQnBAutAcCanljLIx/zCf6GMSs1Eex:I76C+9p8qP7LJqcLH0QnmutSanljLA/l

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

Mad.api

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	Mad.api

Acquires the wake lock 1 IoCs

Processes:

Mad.api

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	Mad.api

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

Mad.api

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	Mad.api

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

Mad.api

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	Mad.api

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

Mad.api

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	Mad.api

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

Mad.api

description	ioc	Process
File opened for read	/proc/cpuinfo	Mad.api

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

Mad.api

description	ioc	Process
File opened for read	/proc/meminfo	Mad.api

Mad.api
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4969

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/Mad.api/cache/2

Filesize
65B

MD5
27c687faad222caddb45b3f83388215d

SHA1
d0c778c99e4d16464759e5dd4f193338372bd000

SHA256
ccac02d818c9214c7a52ed051dcce3bd63e5df576ccbca90b1b58d4492d579f4

SHA512
af3227b2dcbb61bf0f4a21d46dc53f845877218ae1f8689795fb6a93240a6a163457587bd11842d2c8c9b8283a2fc211c0f78bfba020b8505d4a22fb7f66d65f

Download Submit
/data/data/Mad.api/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
28f8a3fad8d05a0f5803e5b3cc9fe1bc

SHA1
c2bd33aa072f55ad67c22ffaba9fab23eb3d9d85

SHA256
b8187408e2d7333e5c60437c3889c32cd7c477f008d1746017d766dd05ac1d49

SHA512
0ebdd97a9795a4eaeffad91d4647af653b649be9bdbbfde33051062dd2907e6cdfabcc08fb20bbbd068298f944353e2fdc1245a45a36fdf1fe09112f7f1b45a1

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9e47e390ab27ae326bd9188309cc6d2

SHA1
5a35332fdcfb26f40e9aa4c3381b888f9220cd93

SHA256
d6d2f32af00b17e7e2ba70745bda03b113d088999279ab4a18b4730426082da4

SHA512
faf4e7dcf9b2a5d348988bdf6c471659cacdd4ece425361afdf3ab6bcdddd8a579d2831b0d96038d04f94072944aa439fd149298c5edf71bab97df1dff2641fb

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
36f1ee36564d81ff3ede703fbb5c1eed

SHA1
da7c2e4708326bc5740a11dba995bc8c0a9f9231

SHA256
2e5c2ac2139c3883cc8f3ae313a9400414c0f089c201846b362b820245877e92

SHA512
bd5d4c4597c5400a698cc4e7b83db1b434cd4bad6cba031dc3b812e2f318028b997cecf5d4239b63b0f052080c17a505013a4acd1697a0b8a7dacb4308ad5ba1

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e5fa2904d5fb3a25707e0329f4ddb663

SHA1
001232cc789903ff33e41c09973626967e03939c

SHA256
0fdbf59b8ffce5524783c0b7563b5072da339e4d1c4c4a0a849be63e80346294

SHA512
4a0c85022cae1a095a00b2645fe2439f2a616f63d516c12e4cd08c57e9ade4cab6376b42e542068426aca91d0aabc56d3605d8a7eb63e215e43dea3152670663

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
88d7f653f13142266b602020aa34382d

SHA1
c2b9f117e590b34c4efb63ecd99a45d6a6bb84e1

SHA256
5f8ce1840de77a6d51eea2e4642a541256a1e35d77c69e36f627f8a63f565f26

SHA512
e7500beb14c722d29c6d6b8c5b1713e98648f413484590e89b7e8ebbe20b52ab7a7b420fa686f18411d965338066e75f1b09aa3285b426abbb5eebe08fd8742c

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c2c971a2eb9e791de864ba2a6f36dc62

SHA1
71f69db2b4d36e85af4da5992300a3dbee237305

SHA256
1fc0f4739ddd54fed6db253ddb413307fe0c46df9137ca31bad5cae8eb17fb80

SHA512
3840f65cda63e1b5c59a5cc6e0f9e34bd4f6586ad88def3c8d6a5d7ab79b186d898f823f63c3cbc37b1fa480b297f8fef872945647f5b1e38ee4bc815cc24287

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2e05c86cc1061817efb941119d79ffcc

SHA1
5068c525675ead22fbd7886a634c3ae691f68ded

SHA256
5e72492452860dc3003baefed5587e5338fb512da5e5ae5bb3b75c7808a3d09f

SHA512
d58dfe85e87519f4d35b7388a4e6fd3e2d88b200f48dadded0dd7f5c7632f8009877a0c7812c7a68a9e8c57ee1eddd65abdaec1e00402a5dddf4c14ad7a99fdf

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c0d317aaa901264e2a4e525504597d76

SHA1
09ec70026bf15b59a9d83492944b69310da56715

SHA256
dd44861b8b57a4b55eebaa5fe1cea0994d576a6a0ac56b82904748f877f4e495

SHA512
5b6fc08b2325a6b99ba0cb8ca297762ee6cbea03929fc8cbd5a2429e436b2f2139a9e5e087e64a3b7caa4aee7c71b8714498e7eadfe1246aa5df42195c0fbac1

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
8b8164080fabe5b985e1a569c7eff47f

SHA1
ae97990e102a126d850cd2b4e777f199205f619e

SHA256
ad83aa53147af96022218eab2f1c6ca58aedc464001ad1535561e61cdc43df4b

SHA512
18033cd6343b538cf800746be98c3feb31afce30d1f0c315a94a92bfa0f7192be8c80969fb21d35d302aa933be4c4a1d18f8fce5ef428f7f28c7a166e93e4ba3

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
fe78113a63e013d84c8d6c1f8d042f23

SHA1
97924f9233606b16aed561d8de089c3ce7204c02

SHA256
2ce1840fb4cc30925c72eade3c62d2e22abd575aeef96a5d24ef1885a82f669c

SHA512
6392baf969198ff1e45754bb20a8e7d84a00e2f6d0d574eb1f37c084e6725241e5a9de120cd27b5278226b1320699f132130275193488261907eb1728eb13de0

Download Submit
/data/data/Mad.api/files/PersistedInstallation127422529667373771tmp

Filesize
90B

MD5
b6e50f2eb25f71cebcca53b64bfce619

SHA1
e19d3f21669c5940386ebf04a006f61d40f49419

SHA256
e0dd2860ebde68362c9da43f61db660e23d6e90c8db22362fa75ba9b1e6ac9c1

SHA512
fe2ad8eca723442e6f8dccf21323db5ffd2a7a0d7f12c67748cb2db6b8299a3f70a87ee7316e1839e443f54a20664802931ef26b335960a70f3e111ce4884405

Download Submit
/data/data/Mad.api/files/PersistedInstallation6425925833325316850tmp

Filesize
572B

MD5
edd6184eca94d5b29523139105ae68ae

SHA1
9c03ab88431a403e5162dc33b0715ce8c2d34e5d

SHA256
7844daf8badd1f2d4eba42d337156e66d8d4b2f7db3bee7e97879dcd529fbe6d

SHA512
2a9971f0d415e835328ce671070ee358bb154f9ab2a4cf0436be4e3c46956b8bf87b3e1756a8b999adfe289f0afaa1447072572b089cce99296f02d179a38b33

Download Submit