Malware Analysis Report

2024-09-09 16:06

Sample ID 240708-aqmwbawbpa
Target app.apk
SHA256 670ddd9805ac2ee5a58c3e4a56bdf6cf665da28ee3d847b149da8c90806111fe
Tags
collection credential_access discovery impact irata persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

670ddd9805ac2ee5a58c3e4a56bdf6cf665da28ee3d847b149da8c90806111fe

Threat Level: Known bad

The file app.apk was found to be: Known bad.

Malicious Activity Summary

collection credential_access discovery impact irata persistence

Irata payload

Irata family

Obtains sensitive information copied to the device clipboard

Acquires the wake lock

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Reads information about phone network operator.

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-07-08 00:25

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-07-08 00:25

Reported

2024-07-08 00:28

Platform

android-x64-arm64-20240624-en

Max time kernel

122s

Max time network

132s

Command Line

Mad.api

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

Mad.api

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 site11.shop udp
NL 185.11.145.254:443 site11.shop tcp
US 1.1.1.1:53 site28.shop udp
NL 185.11.145.254:443 site28.shop tcp
NL 185.11.145.254:443 site28.shop tcp
NL 185.11.145.254:443 site28.shop tcp
NL 185.11.145.254:443 site28.shop tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

/data/data/Mad.api/files/PersistedInstallation540948425252554158tmp

MD5 5c4375a1fd27eb839b64bf8bd8ac2186
SHA1 9f7f3bdda15c6cd3885283762107632b9a1a54ea
SHA256 a2fd93ce1538dacad74d36c105ad08cc83b6da193110f07c203b4b93f324c971
SHA512 bd44e416eb016ffe039127cb9e48b81f2f51a6821b54fbe437848da636dc17ddb9f15e6951744d466b7a0a4c82b86a1d003400cbf6afa51697b9faaf1e777b47

/data/data/Mad.api/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/Mad.api/databases/google_app_measurement_local.db-journal

MD5 b629e57f95d86cfe506158ba4a18b96a
SHA1 a101fe81e60ec844faf6823ccc755774ba624f82
SHA256 51f661b036dddc12ed6bb1e618fbb1776bfa09e875539c5e9d94f54cfba8a134
SHA512 ca40c92680bb0fda3b78eb4d5792bd6251ff0431fd84dd88099d044cdaa143c8927edd2770aeb8f46831df54dfd3ff283d00115f1ba94a0e97961bbf556dfe27

/data/data/Mad.api/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/Mad.api/databases/google_app_measurement_local.db-journal

MD5 027b3a235e2371e44b9dfcf02cec55ef
SHA1 a71d5bc704773a30e126b9c3be47135c72abd0ef
SHA256 cc722a343317433eec594fc6017ecb9e3c478a92bc56db29ba79e2af685a8503
SHA512 a1a4cce168bed9ffd329f36d530877ab625b818747e5abd746735b9806cab9a0fb70ec4b37ddd401cf48f4e8363d40330559012fd984dbbfb99cf71eadba53aa

/data/data/Mad.api/databases/google_app_measurement_local.db-journal

MD5 4f85b3a1dfa5bf49a119a7c8b55c15c7
SHA1 2b3c49023bf8891a3f044c112c3b6f5ed0195bde
SHA256 0cc0ccf95944e7bb8ae9b7b30705febb99b1ad3071fed956372955c81d512172
SHA512 d7012bd46f23b50d44fe69a6737d7d3e84dbc44c6e30a761b35913f8c3e16d3fd487d94fce21117ed754e03e7c8b548c3c8b8d399e39404fcabffde50ca43cc5

/data/data/Mad.api/databases/google_app_measurement_local.db-journal

MD5 b35edd0b91b9976daf41a285e5fcd4d0
SHA1 04f89b8ad72f28bcb541ee7734f2cae7a946a391
SHA256 b24c94ffafe22add10458a74850587a8484914446b8529550b217b5723ef1688
SHA512 d0d92a3f4fbcfe4c89ea0ab5c54b37852ad1bf1b4389502a4e12ff8d91cc94989ee5ec9e6d5434380570d4b1b32a54c2df7d206dde7388f3baf912bcb9001bc3

/data/data/Mad.api/databases/google_app_measurement_local.db-journal

MD5 ddbdd615a1c596f9faf44c06270f1a11
SHA1 8409fcc4c87e18b62b32e4a5339c64c2cc82368b
SHA256 bf4abfa338f66a8bfe31cb878c2b3e877476068b04436f0d0a9eb76e60317277
SHA512 dc318d6766da8dece641d962f9f7e481eb07472a8ebd81a5273e4d624f283a9dddff22a0f21e977cc9134d1ffe70878117e8af3c84f8cedf71b0f44b7301f931

/data/data/Mad.api/files/PersistedInstallation4309316475330076823tmp

MD5 90373a19b7c1250c32b4a1d4c5998ec1
SHA1 9fabfc4fb3a9e9d535eb263da4e5e8601bbaf085
SHA256 4718ca18bf421d621ba49456a802fb427547cf78e1ecfd890327e823e4b2cbe4
SHA512 282db3168a74f775970eca853675142ea7443685cb4fa98b555f7358b0e1e7db87b1d29b326225452cddce7bd7f0c2500121294af5876ca222012d552de4fc94

/data/data/Mad.api/databases/google_app_measurement_local.db-journal

MD5 c3093f3d5cc29c38e1532aa7bea5a999
SHA1 f53c2999d1a9530a3822339ba911673f51414730
SHA256 790b7dfc64c76d4c6a5a59d05bebe78855fdec3183ba199feb75848f281989e3
SHA512 bc390a734eb88402ad38d5b790f7e294d3141cf17227546b5310700f31a6a4e131e984f2c7b1a53028dcfeab23f3c4e77a82035b958b4f80342a4bd43becac4a

/data/data/Mad.api/databases/google_app_measurement_local.db

MD5 daaee06e7dc06bb5f8c85b6591e30084
SHA1 71f4f4da30fdbb4efd8418c58de7e661b8f1f993
SHA256 9426003dfde3f3329cabb404fe7f47778537eff3a9a66835ab02ef3a2678e3bf
SHA512 d27f80781ed086d0629dd07b046431aea7d865ae446b36f368873a728ce0fdb48cabe43ac77ba47fe20e4cd657ea853cafce2e278dd959e0cd0c2b0aa923b51c

/data/data/Mad.api/databases/google_app_measurement_local.db

MD5 a571b5b733ade055d1e0ffc6e1544888
SHA1 8d6c4994e0f3eeb8fc06553b0b527bd8f1f68289
SHA256 c1115b87e2ae027b28ab78cad605fd463fbba95d1f2864e2e3ae1ee32ef7a349
SHA512 a60d4d682bd0c27ddf4712f57a277b3e777af59f66369c56688d867885c6ae30b92b3175741e539c25a313aa9586a5a6c78d060d7433fde66be7162f29b38514

/data/data/Mad.api/databases/google_app_measurement_local.db

MD5 3181d9ff059cf6b6a4d2f3eda52671ce
SHA1 24ed849879c05fbb95781dc6fd5503a6999633af
SHA256 63b9cfe47015d65cd4c2e11fb045bb43c17b3bd6c27ae6e99d74e6a7a644cbdd
SHA512 c60e23bdd787a6bbb75f0b48089d3c8bd10803b7dd782d7be36d1581ada32edf329b2b6f29f3894853af922b7d8c3428eef4afa085aac7c1a817b16ed1b8242f

/data/data/Mad.api/cache/2

MD5 191fd7049c777cea2729dab3956279ac
SHA1 9406befaf1b836fe871b0734d5767ece1806f157
SHA256 0cb6987d8ade0985ef5aba8651248c1b679b659751dc2e8be57171426d7b6762
SHA512 2d537ba4f79100e755a7f32df8c10cacb882093db7cded6edb5734d913c04eca41475d9f158df99b6e09f6c754bbe516b8a850111a915e1912cab144ed879e8b

/data/data/Mad.api/databases/google_app_measurement_local.db

MD5 33b131533d03feeaaab72634e9120456
SHA1 a03d3b03dfeeac823e03a95c7b753c7780dd0292
SHA256 fcbc98933e6a52665a693d0f24c2a96735b15c611d9c90c7a9d5093a9b6b8199
SHA512 e479ca36bfafbbbc0f94ecd92664de0bca714025706fe42cf0176f2d35bac9c19ebbec87e17628c1df48907a11af42915d4babd30e99c5c6758a3d34b5045e96

/data/data/Mad.api/databases/google_app_measurement_local.db

MD5 de82e2c94d2718988804b035a46d17b1
SHA1 705f5ff19093ad209f2a666085d6ccaed3bf58a4
SHA256 29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39
SHA512 68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-08 00:25

Reported

2024-07-08 00:28

Platform

android-x86-arm-20240624-en

Max time kernel

122s

Max time network

128s

Command Line

Mad.api

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

Mad.api

Network

Country Destination Domain Proto
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 site11.shop udp
NL 185.11.145.254:443 site11.shop tcp
NL 185.11.145.254:443 site11.shop tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 site28.shop udp
NL 185.11.145.254:443 site28.shop tcp
NL 185.11.145.254:443 site28.shop tcp
NL 185.11.145.254:443 site28.shop tcp
NL 185.11.145.254:443 site28.shop tcp
NL 185.11.145.254:443 site28.shop tcp
NL 185.11.145.254:443 site28.shop tcp

Files

/data/data/Mad.api/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/Mad.api/files/PersistedInstallation1607280705624584711tmp

MD5 c34dde4e4f8e90e566b59594ce375a8d
SHA1 44570fd811ed03cc3fa4276e5990156e576f4a51
SHA256 332400b12dafd4e91ece9f982831897428e946471bb2215d5edb5ce53a4124cd
SHA512 ecc7f25381126a65d84a7a9e7bd919038e5a2767fa29b504c02c5af517ac2fff7ddae4feb4bd9c68f10b1b6d271e0f9f6a22039fcb7f35cc60ede80d2ec0b783

/data/data/Mad.api/databases/google_app_measurement_local.db-journal

MD5 4192b8503fe16f2b9ef66f5f7b5e8feb
SHA1 073457f29abb9c003dca1b06ab29f37e9221f4a6
SHA256 d48e18c21e75b1a84be13a2274e43a99bb799e0c67e220a4eb0fb218f936d907
SHA512 bf7cdcddfaaebee940d06fa51bb72f97fb14992bb8378ffac948a09557f43e7dedc497879be38b52308946de35933ade76e165f101ddb5aac567ae87babf328e

/data/data/Mad.api/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/Mad.api/databases/google_app_measurement_local.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/Mad.api/databases/google_app_measurement_local.db-wal

MD5 ae72b08c8b46406f7cfee476eb5e9708
SHA1 0d8ce54af3d23ee72fa28d777894cd4a0c118573
SHA256 6e417dec4b0ab79f1d1e42ae9011c0cc8612d28bf320d6c31996463b75aba544
SHA512 e374f9655967415d498d14b8e66f40faaa26ea3ec15b8d66bcbc81c98a8c4a615094507792685095bbf732a00b0f5d73bbdaf1fc204c7a42733cfec54f5342e0

/data/data/Mad.api/files/PersistedInstallation6616410373403675836tmp

MD5 ca6a43d05ce06675b4b386b12e74b27f
SHA1 1ed0fe0f4ce479ea74881ffa8011586146f55e88
SHA256 ee4615920dd7e29880ff4617dbb19ffe9ffd6148cbac02abdc8529e3b5af75f6
SHA512 ff739eacb9864f9e6f271f44ddd4756f303ebb050606ade239cdfee9efdc1835bbfa8a97438cae1d5b71fa7d87dd716f48ee8db1d5749f4c57099ac717deea88

/data/data/Mad.api/databases/google_app_measurement_local.db-wal

MD5 d8c39238866005e7f52e8913b70bcf65
SHA1 e0af120e11f4eecd05b393ece40f6637e285cb23
SHA256 973d1c7c969f11dc8880c57e664f76bf8988772bfb9948c5423fad1f1ec05da1
SHA512 47ff7177dc7a1fb7d2dea57a1f9cafab1ea30765c6ea19ca2ff5419f145aa504a606399797084f59b0978992c06a066919968ffb23e7a86ab33e8ddf830ac4db

/data/data/Mad.api/databases/google_app_measurement_local.db

MD5 dc3fe8852a8f8569385da817bd5a4ac0
SHA1 171d27d970222ec534cb73972ffb371073bdb1bb
SHA256 c89c93f27780dcb7272930a1da60959184ae6b2792da32774111dfea44de0a36
SHA512 2dd627e45c7d94de8e8ff25f01f245696008f73c79d265ee0b082396e0e640d344ac96dbcadcec468aa21a946b01b51bbffba5f01792918a61340ed838f41e05

/data/data/Mad.api/databases/google_app_measurement_local.db-wal

MD5 82d4347d9c81726290f18463069a31d2
SHA1 61c41f72415dc424d55636bb52645d3358628067
SHA256 ba690ecc2f24902b3ae650ef928c2e8c32da34f428fda9dbfac4e8b1ddea5396
SHA512 63da2a0143ccd94399eac4b875451ed1bc4e92b75d8152d412d8b79e115a0eff3e12c0f0f4046266ddce819051aa85bf0d800b989c2e44798c0a555f552ee0c5

/data/data/Mad.api/databases/google_app_measurement_local.db

MD5 8b3de2658ce61ac5132012b5f800ea04
SHA1 7c708999745ffe59b6437b244a167ad4385fa847
SHA256 396e59f01f9ee1739b26bce1eb6a72466875e2ed0c9f2c2c15341b3fbb310d2a
SHA512 9208f1ea2dce121e6e98e0a53e4041e6ed613e181023c16ff182f55b6d878b40a8193b5fc2e74fa1a45abd25e0011ba192d275bd25253728b7cb7f66b81baba1

/data/data/Mad.api/databases/google_app_measurement_local.db-wal

MD5 d1c6003f0aebc8550a1d8e35a4cddf04
SHA1 857ddf94055c758a562b373d887ff485d933864d
SHA256 c1b22f21621bd56f9101e45fcfc29ea4d4ef743e56e552f830cc0b19da1db318
SHA512 89d80ecb18e64b23aabff959b362d7f7fe21cc0b07745f2d18aba53199ceb93f64b8a445ac9848022c57a67de8519f6bbfee88fcca1802f4eaff723db217adbb

/data/data/Mad.api/databases/google_app_measurement_local.db

MD5 f27f0cf38b32f863384ab4b34cffcd43
SHA1 786ded3a01aa38bec5baffbf4d4135cb0b36929d
SHA256 eda3099d860d3b5b8ff80ece653c55da1d9ff1f4ae0830516b1fe45d4c4a71e7
SHA512 b279272400002feac7e5e85edf3fa0cbeffc72ee3e59bc6e339546d3ddd5df3140357f6fa098e4bfb6de746d4113e492b7144a2240906d7486beba215a57effc

/data/data/Mad.api/cache/2

MD5 191fd7049c777cea2729dab3956279ac
SHA1 9406befaf1b836fe871b0734d5767ece1806f157
SHA256 0cb6987d8ade0985ef5aba8651248c1b679b659751dc2e8be57171426d7b6762
SHA512 2d537ba4f79100e755a7f32df8c10cacb882093db7cded6edb5734d913c04eca41475d9f158df99b6e09f6c754bbe516b8a850111a915e1912cab144ed879e8b

/data/data/Mad.api/databases/google_app_measurement_local.db-wal

MD5 1ae603c8faaac0bda244bb2d492be9e1
SHA1 5c5481bc33a1eed8f4c71898cb4d08a99e68da49
SHA256 75632e09c55d30ba38c2d372114d915f1c48f1a6ad23eba4331c9032e392773b
SHA512 60c7d868a7dbae5d5910e74492b7202d07512de6a1cecf44dba2a20bf948b45be76da1d7d3a053683eef8cd6bade2489563523067f486098840c425772a0b6ae

/data/data/Mad.api/databases/google_app_measurement_local.db

MD5 d534bb45446236d1520099bfaca241f0
SHA1 e36f00bd2b5291dead33a3c0acb7ff7307a5c902
SHA256 f2a28f78766bc6a5756502dd3cea5c3db1a30950ddcb90401907908784c2d7ed
SHA512 eb3978584b435ab3ce693130aedf1a7a8cf3b7a84cacccc0b45d5a5abaa4d074f4f4bc684f8addac4eee1ff0398624b0ecdf6246aed59b931a07301ce2a7533d

/data/data/Mad.api/databases/google_app_measurement_local.db-wal

MD5 2d7ca54517c4dc3d0efee5d9af2a5d95
SHA1 853bc6d18572f535a199d7ccecaa42dc3e4f9560
SHA256 c1b41df9c1c52e6dec92e768f85602f1da66768f21e65d8bea68d10128bf916e
SHA512 b6a3ec62c191ffc4a90c45f28c28d690aadc965a53b2dbb45bcfc21b6885ddcde2fe1dacf4cbc49a12eac14ae7e19a1293310432bfcd9d2fa4b27b1d01d799a9

/data/data/Mad.api/databases/google_app_measurement_local.db

MD5 3e881d9a01ca707bed38018ac69f4518
SHA1 5820f9351d7cc8082de6e5686eb9f8fedf6fb830
SHA256 4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c
SHA512 8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-08 00:25

Reported

2024-07-08 00:28

Platform

android-x64-20240624-en

Max time kernel

123s

Max time network

155s

Command Line

Mad.api

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

Mad.api

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 site11.shop udp
NL 185.11.145.254:443 site11.shop tcp
NL 185.11.145.254:443 site11.shop tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 site28.shop udp
NL 185.11.145.254:443 site28.shop tcp
NL 185.11.145.254:443 site28.shop tcp
NL 185.11.145.254:443 site28.shop tcp
NL 185.11.145.254:443 site28.shop tcp
NL 185.11.145.254:443 site28.shop tcp
NL 185.11.145.254:443 site28.shop tcp
NL 185.11.145.254:443 site28.shop tcp
NL 185.11.145.254:443 site28.shop tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
GB 216.58.213.14:443 tcp
GB 142.250.178.2:443 tcp

Files

/data/data/Mad.api/files/PersistedInstallation491373907277193837tmp

MD5 23b217004b4c051be7391072c1be5ae6
SHA1 0716fd9bbfcdb3af9ac10a644326458646bf3dd5
SHA256 68e966bbb4beb7abb4d5ee6794ed233a9b49ba7fb494ae50f5e1a5bb8847fa39
SHA512 a48267eb4a5262535620c492abf4d229f25632a405197632ef141057ebd59065a199e8f54d277ab23a5264ce9eb92c9f3392decbe0979226546bb3730dbaaac5

/data/data/Mad.api/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/Mad.api/databases/google_app_measurement_local.db-journal

MD5 84273021de3dbebe5794eba95aadc9bc
SHA1 254e425517c41d63031a7226a0ec6cf9b0837a61
SHA256 c45af0e1a167c498d23ba33e9130944fd10600072b8cab4e1c80a31b99fef1c2
SHA512 f27ecfaf25857a4681e569500c846ffc9e49e913388b250d7bd3f3e859cde00b8e316c87603e7f44de720466485f35533de53cb6e504d99c2875614a631b47e2

/data/data/Mad.api/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/Mad.api/databases/google_app_measurement_local.db-journal

MD5 f1d9cc5cd4bf9e8e0cc266b95b631259
SHA1 59ec914d25301104fbf648ed4cc47c693b723f8f
SHA256 01a3e8e8abcada5dbe14a868c2291bce64d22a41ffa82711b419decaba5615c2
SHA512 442f0009bdb1bf69b23c7c4927947521a69e32fdbabb9d375607753be36f92c996e398277773c612cb90ccc0a8958ed9fa731d8fb68e9c615ec793a5fc10fcbe

/data/data/Mad.api/databases/google_app_measurement_local.db-journal

MD5 72fbcd426947191ff7bded880bc3be14
SHA1 7c8ba7d2f17450fc39b51622a85faa5d5186bca0
SHA256 c173eb876bed5c7ee9892aba7930c52479f7e9df5551ff0b9c29c5b436b77720
SHA512 ea6e11051599e37fcab817ebbfeb018e14e972d183538007b07d768f84cc614d4872c4343374830d3be02fc1074e2192651bbca3c246664e96f6eccde087d122

/data/data/Mad.api/databases/google_app_measurement_local.db-journal

MD5 07ff9734b656d0de424c65d520005e3f
SHA1 c32f7368802a715d4834ed4837efcdafeab3254b
SHA256 0f689d7459d6094d33fd109ccd7005087428c218db04ba7c97d56d9620935a5d
SHA512 0802a7d3d18dec8280f8f6eddcee2d2167e8d8df3d1aeb1266fcea477bae2cf10ed6849fcea83eec920affeb547cdcd46e5420f00d032a0d8bc079df5f042559

/data/data/Mad.api/databases/google_app_measurement_local.db-journal

MD5 ad2a82e2bca4c04ac9112a84e9b825e1
SHA1 9b2c73ac41aa92d441f8810b3a1cc2a6a799a444
SHA256 426a616d4f695a527bf31a55c984b1381459004dbff816dd1ac040df934cb1a4
SHA512 f6215f4fa88a39a1dbfce78824a964d84268c9f1c84f2277a76b7b02b41390957a0014254cb8d732377ab7f0efd5127fb0002934ed47e2e73de45ea1b54d6561

/data/data/Mad.api/files/PersistedInstallation5901858724983712100tmp

MD5 9d6b3ec46d08ae53c6d882ecdb8a0076
SHA1 fb9dca5fbca31d66aab9de79f351c2d78e01a59c
SHA256 3a8c7849fe33d03ba1c18c7f04f490e580dfeda70e4c210a70f8631f571a8b3e
SHA512 9ef1fbd51b1271f008b6ca5488155d4bacdb74341bd21bdebe2913c26fdaad6f974855a214564f5bda2a21ce2670ccf8f2ac1bad03ee902b4cf352d788b0591e

/data/data/Mad.api/databases/google_app_measurement_local.db-journal

MD5 25d63af957ab54a7356f5ea7dbab745e
SHA1 69a2c801054e2a6951f54a49cd43d0eee6c3e43d
SHA256 da713157b76831af3a92cb1164a155863f62ef4b487576a04ff641239e843feb
SHA512 05cd970bb27d029cd1fd328de5d1e1a59bf22aff80b5aaea49ec57fd4f5d93ada7fc5b81789c5c3aef7f722ed8caedd96e13da396a598a6553910c6be31274c8

/data/data/Mad.api/databases/google_app_measurement_local.db

MD5 df60d470ff34567381d50c7558419eb8
SHA1 c86baafcd0a05cfe9b6ab4142bd1e64d0fb48d46
SHA256 f8f7f3279ff61683f99e7ecf7ff4885395c4ec9b7a8e28968e424729c6e0369b
SHA512 20e21c904d71aaa76c26e9666f9a99a4f50fc7af7bcd0f56ae1c4d029ba26db7a96d936e0daaed0c454a093b0136d77a75db90fde4d77229349f988a288dde07

/data/data/Mad.api/databases/google_app_measurement_local.db

MD5 20baf48c7107a89076f30ab2c8e52d62
SHA1 70dfa890c21451a2fffd7c4ebe311646afcf1352
SHA256 98684e1c5d37196483333fecba0d55178b0268866375d61aaf84b4c961ff8e13
SHA512 011088d3e1955c83b7a559b483a2b818a4d1b6c027d12e870208cd833c0f50a87d565e6e68bd1331681f152c812d63eee8e1d29700a21cc5f8805ff4adcf08bb

/data/data/Mad.api/databases/google_app_measurement_local.db

MD5 9cd832d4a6026a6daac6b1e5dc763889
SHA1 a34a776cbe3e37ae979e445e9bee2e9062c41fba
SHA256 aeda476d46f50d6ffb33fb2ee9b5d2fa4479ab3899633b1f92ad42dc4c8286a0
SHA512 215a7150ac3b2bc7f90ef7bf56e47a26bdd5f9a606039de1a02903e287ff9295f89ebcdbe7aac3294eb656c9d6e1d15a3fd39f1a90778dc47a638916175cf0d7

/data/data/Mad.api/cache/2

MD5 191fd7049c777cea2729dab3956279ac
SHA1 9406befaf1b836fe871b0734d5767ece1806f157
SHA256 0cb6987d8ade0985ef5aba8651248c1b679b659751dc2e8be57171426d7b6762
SHA512 2d537ba4f79100e755a7f32df8c10cacb882093db7cded6edb5734d913c04eca41475d9f158df99b6e09f6c754bbe516b8a850111a915e1912cab144ed879e8b

/data/data/Mad.api/databases/google_app_measurement_local.db

MD5 3148713d700a3b575a758e6c55632540
SHA1 c095fa0895afaf6bb20b0acbd7a01248eeb2faaf
SHA256 c84de6a1ce41c32216746feaf7b1b5fa7da7a16a7a711b5a63b4ee5f6f7d4802
SHA512 86a9a7b6324421224961b7f8d08bb841c884ef670edbf2a1d1873735979a69de7218f2de1bfa9cf9f873fe887f65b8be5d83d6b51f62bcbc83ef1de482065f1d

/data/data/Mad.api/databases/google_app_measurement_local.db

MD5 adf6082723784327d7d1b34adf974e7d
SHA1 b1502f70eb881a1dfe41139cb719fefb877ee37c
SHA256 252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9
SHA512 762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b