670ddd9805ac2ee5a58c3e4a56bdf6cf665da28ee3d847b149da8c90806111fe

Analysis

max time kernel
123s
max time network
155s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
08-07-2024 00:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app.apk
Size

2.8MB
MD5

19e683f7c8ce28f3fc53db28fb85bbe9
SHA1

027902f8a3d62896ef80ad2eaf4c84c3317b100a
SHA256

670ddd9805ac2ee5a58c3e4a56bdf6cf665da28ee3d847b149da8c90806111fe
SHA512

007e280b382bb55f3cc8490e28edec240af1a4191366ab760ea541aa69f8b723af801bb032bce6daf8c5d03af24dd478225b2f30542b91a4a7ac82ea48a0c435
SSDEEP

49152:p/16xEtDTSfXzwY/48Ym7HS7giLkJxfhvKbVgtZViuPgnNNLTfUhuK:x16CxOfXz9/fYMHGkbhvKbVgtZVqZT8D

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

Mad.api

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener Mad.api
Acquires the wake lock 1 IoCs

Processes:

Mad.api

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock Mad.api
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

Mad.api

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo Mad.api
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

Mad.api

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone Mad.api
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

Mad.api

description ioc process

Framework service call android.app.IActivityManager.registerReceiver Mad.api
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

Mad.api

description ioc process

File opened for read /proc/cpuinfo Mad.api
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

Mad.api

description ioc process

File opened for read /proc/meminfo Mad.api

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	Mad.api

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	Mad.api

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	Mad.api

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	Mad.api

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	Mad.api

description	ioc	process
File opened for read	/proc/cpuinfo	Mad.api

description	ioc	process
File opened for read	/proc/meminfo	Mad.api

Mad.api
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4985

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/Mad.api/cache/2

Filesize
61B

MD5
191fd7049c777cea2729dab3956279ac

SHA1
9406befaf1b836fe871b0734d5767ece1806f157

SHA256
0cb6987d8ade0985ef5aba8651248c1b679b659751dc2e8be57171426d7b6762

SHA512
2d537ba4f79100e755a7f32df8c10cacb882093db7cded6edb5734d913c04eca41475d9f158df99b6e09f6c754bbe516b8a850111a915e1912cab144ed879e8b

Download Submit
/data/data/Mad.api/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
df60d470ff34567381d50c7558419eb8

SHA1
c86baafcd0a05cfe9b6ab4142bd1e64d0fb48d46

SHA256
f8f7f3279ff61683f99e7ecf7ff4885395c4ec9b7a8e28968e424729c6e0369b

SHA512
20e21c904d71aaa76c26e9666f9a99a4f50fc7af7bcd0f56ae1c4d029ba26db7a96d936e0daaed0c454a093b0136d77a75db90fde4d77229349f988a288dde07

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
20baf48c7107a89076f30ab2c8e52d62

SHA1
70dfa890c21451a2fffd7c4ebe311646afcf1352

SHA256
98684e1c5d37196483333fecba0d55178b0268866375d61aaf84b4c961ff8e13

SHA512
011088d3e1955c83b7a559b483a2b818a4d1b6c027d12e870208cd833c0f50a87d565e6e68bd1331681f152c812d63eee8e1d29700a21cc5f8805ff4adcf08bb

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9cd832d4a6026a6daac6b1e5dc763889

SHA1
a34a776cbe3e37ae979e445e9bee2e9062c41fba

SHA256
aeda476d46f50d6ffb33fb2ee9b5d2fa4479ab3899633b1f92ad42dc4c8286a0

SHA512
215a7150ac3b2bc7f90ef7bf56e47a26bdd5f9a606039de1a02903e287ff9295f89ebcdbe7aac3294eb656c9d6e1d15a3fd39f1a90778dc47a638916175cf0d7

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3148713d700a3b575a758e6c55632540

SHA1
c095fa0895afaf6bb20b0acbd7a01248eeb2faaf

SHA256
c84de6a1ce41c32216746feaf7b1b5fa7da7a16a7a711b5a63b4ee5f6f7d4802

SHA512
86a9a7b6324421224961b7f8d08bb841c884ef670edbf2a1d1873735979a69de7218f2de1bfa9cf9f873fe887f65b8be5d83d6b51f62bcbc83ef1de482065f1d

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
72fbcd426947191ff7bded880bc3be14

SHA1
7c8ba7d2f17450fc39b51622a85faa5d5186bca0

SHA256
c173eb876bed5c7ee9892aba7930c52479f7e9df5551ff0b9c29c5b436b77720

SHA512
ea6e11051599e37fcab817ebbfeb018e14e972d183538007b07d768f84cc614d4872c4343374830d3be02fc1074e2192651bbca3c246664e96f6eccde087d122

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
07ff9734b656d0de424c65d520005e3f

SHA1
c32f7368802a715d4834ed4837efcdafeab3254b

SHA256
0f689d7459d6094d33fd109ccd7005087428c218db04ba7c97d56d9620935a5d

SHA512
0802a7d3d18dec8280f8f6eddcee2d2167e8d8df3d1aeb1266fcea477bae2cf10ed6849fcea83eec920affeb547cdcd46e5420f00d032a0d8bc079df5f042559

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ad2a82e2bca4c04ac9112a84e9b825e1

SHA1
9b2c73ac41aa92d441f8810b3a1cc2a6a799a444

SHA256
426a616d4f695a527bf31a55c984b1381459004dbff816dd1ac040df934cb1a4

SHA512
f6215f4fa88a39a1dbfce78824a964d84268c9f1c84f2277a76b7b02b41390957a0014254cb8d732377ab7f0efd5127fb0002934ed47e2e73de45ea1b54d6561

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
25d63af957ab54a7356f5ea7dbab745e

SHA1
69a2c801054e2a6951f54a49cd43d0eee6c3e43d

SHA256
da713157b76831af3a92cb1164a155863f62ef4b487576a04ff641239e843feb

SHA512
05cd970bb27d029cd1fd328de5d1e1a59bf22aff80b5aaea49ec57fd4f5d93ada7fc5b81789c5c3aef7f722ed8caedd96e13da396a598a6553910c6be31274c8

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
84273021de3dbebe5794eba95aadc9bc

SHA1
254e425517c41d63031a7226a0ec6cf9b0837a61

SHA256
c45af0e1a167c498d23ba33e9130944fd10600072b8cab4e1c80a31b99fef1c2

SHA512
f27ecfaf25857a4681e569500c846ffc9e49e913388b250d7bd3f3e859cde00b8e316c87603e7f44de720466485f35533de53cb6e504d99c2875614a631b47e2

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f1d9cc5cd4bf9e8e0cc266b95b631259

SHA1
59ec914d25301104fbf648ed4cc47c693b723f8f

SHA256
01a3e8e8abcada5dbe14a868c2291bce64d22a41ffa82711b419decaba5615c2

SHA512
442f0009bdb1bf69b23c7c4927947521a69e32fdbabb9d375607753be36f92c996e398277773c612cb90ccc0a8958ed9fa731d8fb68e9c615ec793a5fc10fcbe

Download Submit
/data/data/Mad.api/files/PersistedInstallation491373907277193837tmp

Filesize
90B

MD5
23b217004b4c051be7391072c1be5ae6

SHA1
0716fd9bbfcdb3af9ac10a644326458646bf3dd5

SHA256
68e966bbb4beb7abb4d5ee6794ed233a9b49ba7fb494ae50f5e1a5bb8847fa39

SHA512
a48267eb4a5262535620c492abf4d229f25632a405197632ef141057ebd59065a199e8f54d277ab23a5264ce9eb92c9f3392decbe0979226546bb3730dbaaac5

Download Submit
/data/data/Mad.api/files/PersistedInstallation5901858724983712100tmp

Filesize
572B

MD5
9d6b3ec46d08ae53c6d882ecdb8a0076

SHA1
fb9dca5fbca31d66aab9de79f351c2d78e01a59c

SHA256
3a8c7849fe33d03ba1c18c7f04f490e580dfeda70e4c210a70f8631f571a8b3e

SHA512
9ef1fbd51b1271f008b6ca5488155d4bacdb74341bd21bdebe2913c26fdaad6f974855a214564f5bda2a21ce2670ccf8f2ac1bad03ee902b4cf352d788b0591e

Download Submit