670ddd9805ac2ee5a58c3e4a56bdf6cf665da28ee3d847b149da8c90806111fe

Analysis

max time kernel
122s
max time network
128s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
08-07-2024 00:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app.apk
Size

2.8MB
MD5

19e683f7c8ce28f3fc53db28fb85bbe9
SHA1

027902f8a3d62896ef80ad2eaf4c84c3317b100a
SHA256

670ddd9805ac2ee5a58c3e4a56bdf6cf665da28ee3d847b149da8c90806111fe
SHA512

007e280b382bb55f3cc8490e28edec240af1a4191366ab760ea541aa69f8b723af801bb032bce6daf8c5d03af24dd478225b2f30542b91a4a7ac82ea48a0c435
SSDEEP

49152:p/16xEtDTSfXzwY/48Ym7HS7giLkJxfhvKbVgtZViuPgnNNLTfUhuK:x16CxOfXz9/fYMHGkbhvKbVgtZVqZT8D

Score

6^/10

discovery persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

Mad.api

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	Mad.api

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

Mad.api

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	Mad.api

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

Mad.api

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	Mad.api

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

Mad.api

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	Mad.api

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

Mad.api

description	ioc	Process
File opened for read	/proc/cpuinfo	Mad.api

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

Mad.api

description	ioc	Process
File opened for read	/proc/meminfo	Mad.api

Mad.api
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4242

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/Mad.api/cache/2

Filesize
61B

MD5
191fd7049c777cea2729dab3956279ac

SHA1
9406befaf1b836fe871b0734d5767ece1806f157

SHA256
0cb6987d8ade0985ef5aba8651248c1b679b659751dc2e8be57171426d7b6762

SHA512
2d537ba4f79100e755a7f32df8c10cacb882093db7cded6edb5734d913c04eca41475d9f158df99b6e09f6c754bbe516b8a850111a915e1912cab144ed879e8b

Download Submit
/data/data/Mad.api/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
dc3fe8852a8f8569385da817bd5a4ac0

SHA1
171d27d970222ec534cb73972ffb371073bdb1bb

SHA256
c89c93f27780dcb7272930a1da60959184ae6b2792da32774111dfea44de0a36

SHA512
2dd627e45c7d94de8e8ff25f01f245696008f73c79d265ee0b082396e0e640d344ac96dbcadcec468aa21a946b01b51bbffba5f01792918a61340ed838f41e05

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8b3de2658ce61ac5132012b5f800ea04

SHA1
7c708999745ffe59b6437b244a167ad4385fa847

SHA256
396e59f01f9ee1739b26bce1eb6a72466875e2ed0c9f2c2c15341b3fbb310d2a

SHA512
9208f1ea2dce121e6e98e0a53e4041e6ed613e181023c16ff182f55b6d878b40a8193b5fc2e74fa1a45abd25e0011ba192d275bd25253728b7cb7f66b81baba1

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f27f0cf38b32f863384ab4b34cffcd43

SHA1
786ded3a01aa38bec5baffbf4d4135cb0b36929d

SHA256
eda3099d860d3b5b8ff80ece653c55da1d9ff1f4ae0830516b1fe45d4c4a71e7

SHA512
b279272400002feac7e5e85edf3fa0cbeffc72ee3e59bc6e339546d3ddd5df3140357f6fa098e4bfb6de746d4113e492b7144a2240906d7486beba215a57effc

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d534bb45446236d1520099bfaca241f0

SHA1
e36f00bd2b5291dead33a3c0acb7ff7307a5c902

SHA256
f2a28f78766bc6a5756502dd3cea5c3db1a30950ddcb90401907908784c2d7ed

SHA512
eb3978584b435ab3ce693130aedf1a7a8cf3b7a84cacccc0b45d5a5abaa4d074f4f4bc684f8addac4eee1ff0398624b0ecdf6246aed59b931a07301ce2a7533d

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3e881d9a01ca707bed38018ac69f4518

SHA1
5820f9351d7cc8082de6e5686eb9f8fedf6fb830

SHA256
4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c

SHA512
8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
4192b8503fe16f2b9ef66f5f7b5e8feb

SHA1
073457f29abb9c003dca1b06ab29f37e9221f4a6

SHA256
d48e18c21e75b1a84be13a2274e43a99bb799e0c67e220a4eb0fb218f936d907

SHA512
bf7cdcddfaaebee940d06fa51bb72f97fb14992bb8378ffac948a09557f43e7dedc497879be38b52308946de35933ade76e165f101ddb5aac567ae87babf328e

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
d8c39238866005e7f52e8913b70bcf65

SHA1
e0af120e11f4eecd05b393ece40f6637e285cb23

SHA256
973d1c7c969f11dc8880c57e664f76bf8988772bfb9948c5423fad1f1ec05da1

SHA512
47ff7177dc7a1fb7d2dea57a1f9cafab1ea30765c6ea19ca2ff5419f145aa504a606399797084f59b0978992c06a066919968ffb23e7a86ab33e8ddf830ac4db

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
82d4347d9c81726290f18463069a31d2

SHA1
61c41f72415dc424d55636bb52645d3358628067

SHA256
ba690ecc2f24902b3ae650ef928c2e8c32da34f428fda9dbfac4e8b1ddea5396

SHA512
63da2a0143ccd94399eac4b875451ed1bc4e92b75d8152d412d8b79e115a0eff3e12c0f0f4046266ddce819051aa85bf0d800b989c2e44798c0a555f552ee0c5

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
d1c6003f0aebc8550a1d8e35a4cddf04

SHA1
857ddf94055c758a562b373d887ff485d933864d

SHA256
c1b22f21621bd56f9101e45fcfc29ea4d4ef743e56e552f830cc0b19da1db318

SHA512
89d80ecb18e64b23aabff959b362d7f7fe21cc0b07745f2d18aba53199ceb93f64b8a445ac9848022c57a67de8519f6bbfee88fcca1802f4eaff723db217adbb

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
1ae603c8faaac0bda244bb2d492be9e1

SHA1
5c5481bc33a1eed8f4c71898cb4d08a99e68da49

SHA256
75632e09c55d30ba38c2d372114d915f1c48f1a6ad23eba4331c9032e392773b

SHA512
60c7d868a7dbae5d5910e74492b7202d07512de6a1cecf44dba2a20bf948b45be76da1d7d3a053683eef8cd6bade2489563523067f486098840c425772a0b6ae

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
2d7ca54517c4dc3d0efee5d9af2a5d95

SHA1
853bc6d18572f535a199d7ccecaa42dc3e4f9560

SHA256
c1b41df9c1c52e6dec92e768f85602f1da66768f21e65d8bea68d10128bf916e

SHA512
b6a3ec62c191ffc4a90c45f28c28d690aadc965a53b2dbb45bcfc21b6885ddcde2fe1dacf4cbc49a12eac14ae7e19a1293310432bfcd9d2fa4b27b1d01d799a9

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
ae72b08c8b46406f7cfee476eb5e9708

SHA1
0d8ce54af3d23ee72fa28d777894cd4a0c118573

SHA256
6e417dec4b0ab79f1d1e42ae9011c0cc8612d28bf320d6c31996463b75aba544

SHA512
e374f9655967415d498d14b8e66f40faaa26ea3ec15b8d66bcbc81c98a8c4a615094507792685095bbf732a00b0f5d73bbdaf1fc204c7a42733cfec54f5342e0

Download Submit
/data/data/Mad.api/files/PersistedInstallation1607280705624584711tmp

Filesize
90B

MD5
c34dde4e4f8e90e566b59594ce375a8d

SHA1
44570fd811ed03cc3fa4276e5990156e576f4a51

SHA256
332400b12dafd4e91ece9f982831897428e946471bb2215d5edb5ce53a4124cd

SHA512
ecc7f25381126a65d84a7a9e7bd919038e5a2767fa29b504c02c5af517ac2fff7ddae4feb4bd9c68f10b1b6d271e0f9f6a22039fcb7f35cc60ede80d2ec0b783

Download Submit
/data/data/Mad.api/files/PersistedInstallation6616410373403675836tmp

Filesize
569B

MD5
ca6a43d05ce06675b4b386b12e74b27f

SHA1
1ed0fe0f4ce479ea74881ffa8011586146f55e88

SHA256
ee4615920dd7e29880ff4617dbb19ffe9ffd6148cbac02abdc8529e3b5af75f6

SHA512
ff739eacb9864f9e6f271f44ddd4756f303ebb050606ade239cdfee9efdc1835bbfa8a97438cae1d5b71fa7d87dd716f48ee8db1d5749f4c57099ac717deea88

Download Submit