670ddd9805ac2ee5a58c3e4a56bdf6cf665da28ee3d847b149da8c90806111fe

Analysis

max time kernel
122s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
08-07-2024 00:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app.apk
Size

2.8MB
MD5

19e683f7c8ce28f3fc53db28fb85bbe9
SHA1

027902f8a3d62896ef80ad2eaf4c84c3317b100a
SHA256

670ddd9805ac2ee5a58c3e4a56bdf6cf665da28ee3d847b149da8c90806111fe
SHA512

007e280b382bb55f3cc8490e28edec240af1a4191366ab760ea541aa69f8b723af801bb032bce6daf8c5d03af24dd478225b2f30542b91a4a7ac82ea48a0c435
SSDEEP

49152:p/16xEtDTSfXzwY/48Ym7HS7giLkJxfhvKbVgtZViuPgnNNLTfUhuK:x16CxOfXz9/fYMHGkbhvKbVgtZVqZT8D

Score

7^/10

collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

Mad.api

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener Mad.api
Acquires the wake lock 1 IoCs

Processes:

Mad.api

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock Mad.api
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

Mad.api

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo Mad.api
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

Mad.api

description ioc process

File opened for read /proc/cpuinfo Mad.api
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

Mad.api

description ioc process

File opened for read /proc/meminfo Mad.api

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	Mad.api

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	Mad.api

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	Mad.api

description	ioc	process
File opened for read	/proc/cpuinfo	Mad.api

description	ioc	process
File opened for read	/proc/meminfo	Mad.api

Mad.api
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Checks CPU information
- Checks memory information
PID:4470

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/Mad.api/cache/2

Filesize
61B

MD5
191fd7049c777cea2729dab3956279ac

SHA1
9406befaf1b836fe871b0734d5767ece1806f157

SHA256
0cb6987d8ade0985ef5aba8651248c1b679b659751dc2e8be57171426d7b6762

SHA512
2d537ba4f79100e755a7f32df8c10cacb882093db7cded6edb5734d913c04eca41475d9f158df99b6e09f6c754bbe516b8a850111a915e1912cab144ed879e8b

Download Submit
/data/data/Mad.api/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
daaee06e7dc06bb5f8c85b6591e30084

SHA1
71f4f4da30fdbb4efd8418c58de7e661b8f1f993

SHA256
9426003dfde3f3329cabb404fe7f47778537eff3a9a66835ab02ef3a2678e3bf

SHA512
d27f80781ed086d0629dd07b046431aea7d865ae446b36f368873a728ce0fdb48cabe43ac77ba47fe20e4cd657ea853cafce2e278dd959e0cd0c2b0aa923b51c

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a571b5b733ade055d1e0ffc6e1544888

SHA1
8d6c4994e0f3eeb8fc06553b0b527bd8f1f68289

SHA256
c1115b87e2ae027b28ab78cad605fd463fbba95d1f2864e2e3ae1ee32ef7a349

SHA512
a60d4d682bd0c27ddf4712f57a277b3e777af59f66369c56688d867885c6ae30b92b3175741e539c25a313aa9586a5a6c78d060d7433fde66be7162f29b38514

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3181d9ff059cf6b6a4d2f3eda52671ce

SHA1
24ed849879c05fbb95781dc6fd5503a6999633af

SHA256
63b9cfe47015d65cd4c2e11fb045bb43c17b3bd6c27ae6e99d74e6a7a644cbdd

SHA512
c60e23bdd787a6bbb75f0b48089d3c8bd10803b7dd782d7be36d1581ada32edf329b2b6f29f3894853af922b7d8c3428eef4afa085aac7c1a817b16ed1b8242f

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
33b131533d03feeaaab72634e9120456

SHA1
a03d3b03dfeeac823e03a95c7b753c7780dd0292

SHA256
fcbc98933e6a52665a693d0f24c2a96735b15c611d9c90c7a9d5093a9b6b8199

SHA512
e479ca36bfafbbbc0f94ecd92664de0bca714025706fe42cf0176f2d35bac9c19ebbec87e17628c1df48907a11af42915d4babd30e99c5c6758a3d34b5045e96

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
de82e2c94d2718988804b035a46d17b1

SHA1
705f5ff19093ad209f2a666085d6ccaed3bf58a4

SHA256
29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39

SHA512
68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
4f85b3a1dfa5bf49a119a7c8b55c15c7

SHA1
2b3c49023bf8891a3f044c112c3b6f5ed0195bde

SHA256
0cc0ccf95944e7bb8ae9b7b30705febb99b1ad3071fed956372955c81d512172

SHA512
d7012bd46f23b50d44fe69a6737d7d3e84dbc44c6e30a761b35913f8c3e16d3fd487d94fce21117ed754e03e7c8b548c3c8b8d399e39404fcabffde50ca43cc5

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b35edd0b91b9976daf41a285e5fcd4d0

SHA1
04f89b8ad72f28bcb541ee7734f2cae7a946a391

SHA256
b24c94ffafe22add10458a74850587a8484914446b8529550b217b5723ef1688

SHA512
d0d92a3f4fbcfe4c89ea0ab5c54b37852ad1bf1b4389502a4e12ff8d91cc94989ee5ec9e6d5434380570d4b1b32a54c2df7d206dde7388f3baf912bcb9001bc3

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ddbdd615a1c596f9faf44c06270f1a11

SHA1
8409fcc4c87e18b62b32e4a5339c64c2cc82368b

SHA256
bf4abfa338f66a8bfe31cb878c2b3e877476068b04436f0d0a9eb76e60317277

SHA512
dc318d6766da8dece641d962f9f7e481eb07472a8ebd81a5273e4d624f283a9dddff22a0f21e977cc9134d1ffe70878117e8af3c84f8cedf71b0f44b7301f931

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c3093f3d5cc29c38e1532aa7bea5a999

SHA1
f53c2999d1a9530a3822339ba911673f51414730

SHA256
790b7dfc64c76d4c6a5a59d05bebe78855fdec3183ba199feb75848f281989e3

SHA512
bc390a734eb88402ad38d5b790f7e294d3141cf17227546b5310700f31a6a4e131e984f2c7b1a53028dcfeab23f3c4e77a82035b958b4f80342a4bd43becac4a

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
b629e57f95d86cfe506158ba4a18b96a

SHA1
a101fe81e60ec844faf6823ccc755774ba624f82

SHA256
51f661b036dddc12ed6bb1e618fbb1776bfa09e875539c5e9d94f54cfba8a134

SHA512
ca40c92680bb0fda3b78eb4d5792bd6251ff0431fd84dd88099d044cdaa143c8927edd2770aeb8f46831df54dfd3ff283d00115f1ba94a0e97961bbf556dfe27

Download Submit
/data/data/Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
027b3a235e2371e44b9dfcf02cec55ef

SHA1
a71d5bc704773a30e126b9c3be47135c72abd0ef

SHA256
cc722a343317433eec594fc6017ecb9e3c478a92bc56db29ba79e2af685a8503

SHA512
a1a4cce168bed9ffd329f36d530877ab625b818747e5abd746735b9806cab9a0fb70ec4b37ddd401cf48f4e8363d40330559012fd984dbbfb99cf71eadba53aa

Download Submit
/data/data/Mad.api/files/PersistedInstallation4309316475330076823tmp

Filesize
572B

MD5
90373a19b7c1250c32b4a1d4c5998ec1

SHA1
9fabfc4fb3a9e9d535eb263da4e5e8601bbaf085

SHA256
4718ca18bf421d621ba49456a802fb427547cf78e1ecfd890327e823e4b2cbe4

SHA512
282db3168a74f775970eca853675142ea7443685cb4fa98b555f7358b0e1e7db87b1d29b326225452cddce7bd7f0c2500121294af5876ca222012d552de4fc94

Download Submit
/data/data/Mad.api/files/PersistedInstallation540948425252554158tmp

Filesize
90B

MD5
5c4375a1fd27eb839b64bf8bd8ac2186

SHA1
9f7f3bdda15c6cd3885283762107632b9a1a54ea

SHA256
a2fd93ce1538dacad74d36c105ad08cc83b6da193110f07c203b4b93f324c971

SHA512
bd44e416eb016ffe039127cb9e48b81f2f51a6821b54fbe437848da636dc17ddb9f15e6951744d466b7a0a4c82b86a1d003400cbf6afa51697b9faaf1e777b47

Download Submit