Analysis Overview
SHA256
670ddd9805ac2ee5a58c3e4a56bdf6cf665da28ee3d847b149da8c90806111fe
Threat Level: Known bad
The file app.apk was found to be: Known bad.
Malicious Activity Summary
Irata payload
Irata family
Obtains sensitive information copied to the device clipboard
Acquires the wake lock
Requests dangerous framework permissions
Queries the mobile country code (MCC)
Reads information about phone network operator.
Queries information about active data network
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-07-08 00:25
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-07-08 00:25
Reported
2024-07-08 00:28
Platform
android-x64-arm64-20240624-en
Max time kernel
122s
Max time network
132s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
Mad.api
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | site11.shop | udp |
| NL | 185.11.145.254:443 | site11.shop | tcp |
| US | 1.1.1.1:53 | site28.shop | udp |
| NL | 185.11.145.254:443 | site28.shop | tcp |
| NL | 185.11.145.254:443 | site28.shop | tcp |
| NL | 185.11.145.254:443 | site28.shop | tcp |
| NL | 185.11.145.254:443 | site28.shop | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp |
Files
/data/data/Mad.api/files/PersistedInstallation540948425252554158tmp
| MD5 | 5c4375a1fd27eb839b64bf8bd8ac2186 |
| SHA1 | 9f7f3bdda15c6cd3885283762107632b9a1a54ea |
| SHA256 | a2fd93ce1538dacad74d36c105ad08cc83b6da193110f07c203b4b93f324c971 |
| SHA512 | bd44e416eb016ffe039127cb9e48b81f2f51a6821b54fbe437848da636dc17ddb9f15e6951744d466b7a0a4c82b86a1d003400cbf6afa51697b9faaf1e777b47 |
/data/data/Mad.api/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | b629e57f95d86cfe506158ba4a18b96a |
| SHA1 | a101fe81e60ec844faf6823ccc755774ba624f82 |
| SHA256 | 51f661b036dddc12ed6bb1e618fbb1776bfa09e875539c5e9d94f54cfba8a134 |
| SHA512 | ca40c92680bb0fda3b78eb4d5792bd6251ff0431fd84dd88099d044cdaa143c8927edd2770aeb8f46831df54dfd3ff283d00115f1ba94a0e97961bbf556dfe27 |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | d9cf75fdd1c2292d986f6c3d5d60f2c8 |
| SHA1 | 07ecb1d3a26d952ae5fecf54f36699ab498510b1 |
| SHA256 | 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a |
| SHA512 | 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | 027b3a235e2371e44b9dfcf02cec55ef |
| SHA1 | a71d5bc704773a30e126b9c3be47135c72abd0ef |
| SHA256 | cc722a343317433eec594fc6017ecb9e3c478a92bc56db29ba79e2af685a8503 |
| SHA512 | a1a4cce168bed9ffd329f36d530877ab625b818747e5abd746735b9806cab9a0fb70ec4b37ddd401cf48f4e8363d40330559012fd984dbbfb99cf71eadba53aa |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | 4f85b3a1dfa5bf49a119a7c8b55c15c7 |
| SHA1 | 2b3c49023bf8891a3f044c112c3b6f5ed0195bde |
| SHA256 | 0cc0ccf95944e7bb8ae9b7b30705febb99b1ad3071fed956372955c81d512172 |
| SHA512 | d7012bd46f23b50d44fe69a6737d7d3e84dbc44c6e30a761b35913f8c3e16d3fd487d94fce21117ed754e03e7c8b548c3c8b8d399e39404fcabffde50ca43cc5 |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | b35edd0b91b9976daf41a285e5fcd4d0 |
| SHA1 | 04f89b8ad72f28bcb541ee7734f2cae7a946a391 |
| SHA256 | b24c94ffafe22add10458a74850587a8484914446b8529550b217b5723ef1688 |
| SHA512 | d0d92a3f4fbcfe4c89ea0ab5c54b37852ad1bf1b4389502a4e12ff8d91cc94989ee5ec9e6d5434380570d4b1b32a54c2df7d206dde7388f3baf912bcb9001bc3 |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | ddbdd615a1c596f9faf44c06270f1a11 |
| SHA1 | 8409fcc4c87e18b62b32e4a5339c64c2cc82368b |
| SHA256 | bf4abfa338f66a8bfe31cb878c2b3e877476068b04436f0d0a9eb76e60317277 |
| SHA512 | dc318d6766da8dece641d962f9f7e481eb07472a8ebd81a5273e4d624f283a9dddff22a0f21e977cc9134d1ffe70878117e8af3c84f8cedf71b0f44b7301f931 |
/data/data/Mad.api/files/PersistedInstallation4309316475330076823tmp
| MD5 | 90373a19b7c1250c32b4a1d4c5998ec1 |
| SHA1 | 9fabfc4fb3a9e9d535eb263da4e5e8601bbaf085 |
| SHA256 | 4718ca18bf421d621ba49456a802fb427547cf78e1ecfd890327e823e4b2cbe4 |
| SHA512 | 282db3168a74f775970eca853675142ea7443685cb4fa98b555f7358b0e1e7db87b1d29b326225452cddce7bd7f0c2500121294af5876ca222012d552de4fc94 |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | c3093f3d5cc29c38e1532aa7bea5a999 |
| SHA1 | f53c2999d1a9530a3822339ba911673f51414730 |
| SHA256 | 790b7dfc64c76d4c6a5a59d05bebe78855fdec3183ba199feb75848f281989e3 |
| SHA512 | bc390a734eb88402ad38d5b790f7e294d3141cf17227546b5310700f31a6a4e131e984f2c7b1a53028dcfeab23f3c4e77a82035b958b4f80342a4bd43becac4a |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | daaee06e7dc06bb5f8c85b6591e30084 |
| SHA1 | 71f4f4da30fdbb4efd8418c58de7e661b8f1f993 |
| SHA256 | 9426003dfde3f3329cabb404fe7f47778537eff3a9a66835ab02ef3a2678e3bf |
| SHA512 | d27f80781ed086d0629dd07b046431aea7d865ae446b36f368873a728ce0fdb48cabe43ac77ba47fe20e4cd657ea853cafce2e278dd959e0cd0c2b0aa923b51c |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | a571b5b733ade055d1e0ffc6e1544888 |
| SHA1 | 8d6c4994e0f3eeb8fc06553b0b527bd8f1f68289 |
| SHA256 | c1115b87e2ae027b28ab78cad605fd463fbba95d1f2864e2e3ae1ee32ef7a349 |
| SHA512 | a60d4d682bd0c27ddf4712f57a277b3e777af59f66369c56688d867885c6ae30b92b3175741e539c25a313aa9586a5a6c78d060d7433fde66be7162f29b38514 |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | 3181d9ff059cf6b6a4d2f3eda52671ce |
| SHA1 | 24ed849879c05fbb95781dc6fd5503a6999633af |
| SHA256 | 63b9cfe47015d65cd4c2e11fb045bb43c17b3bd6c27ae6e99d74e6a7a644cbdd |
| SHA512 | c60e23bdd787a6bbb75f0b48089d3c8bd10803b7dd782d7be36d1581ada32edf329b2b6f29f3894853af922b7d8c3428eef4afa085aac7c1a817b16ed1b8242f |
/data/data/Mad.api/cache/2
| MD5 | 191fd7049c777cea2729dab3956279ac |
| SHA1 | 9406befaf1b836fe871b0734d5767ece1806f157 |
| SHA256 | 0cb6987d8ade0985ef5aba8651248c1b679b659751dc2e8be57171426d7b6762 |
| SHA512 | 2d537ba4f79100e755a7f32df8c10cacb882093db7cded6edb5734d913c04eca41475d9f158df99b6e09f6c754bbe516b8a850111a915e1912cab144ed879e8b |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | 33b131533d03feeaaab72634e9120456 |
| SHA1 | a03d3b03dfeeac823e03a95c7b753c7780dd0292 |
| SHA256 | fcbc98933e6a52665a693d0f24c2a96735b15c611d9c90c7a9d5093a9b6b8199 |
| SHA512 | e479ca36bfafbbbc0f94ecd92664de0bca714025706fe42cf0176f2d35bac9c19ebbec87e17628c1df48907a11af42915d4babd30e99c5c6758a3d34b5045e96 |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | de82e2c94d2718988804b035a46d17b1 |
| SHA1 | 705f5ff19093ad209f2a666085d6ccaed3bf58a4 |
| SHA256 | 29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39 |
| SHA512 | 68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-08 00:25
Reported
2024-07-08 00:28
Platform
android-x86-arm-20240624-en
Max time kernel
122s
Max time network
128s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
Mad.api
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | site11.shop | udp |
| NL | 185.11.145.254:443 | site11.shop | tcp |
| NL | 185.11.145.254:443 | site11.shop | tcp |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | site28.shop | udp |
| NL | 185.11.145.254:443 | site28.shop | tcp |
| NL | 185.11.145.254:443 | site28.shop | tcp |
| NL | 185.11.145.254:443 | site28.shop | tcp |
| NL | 185.11.145.254:443 | site28.shop | tcp |
| NL | 185.11.145.254:443 | site28.shop | tcp |
| NL | 185.11.145.254:443 | site28.shop | tcp |
Files
/data/data/Mad.api/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/data/Mad.api/files/PersistedInstallation1607280705624584711tmp
| MD5 | c34dde4e4f8e90e566b59594ce375a8d |
| SHA1 | 44570fd811ed03cc3fa4276e5990156e576f4a51 |
| SHA256 | 332400b12dafd4e91ece9f982831897428e946471bb2215d5edb5ce53a4124cd |
| SHA512 | ecc7f25381126a65d84a7a9e7bd919038e5a2767fa29b504c02c5af517ac2fff7ddae4feb4bd9c68f10b1b6d271e0f9f6a22039fcb7f35cc60ede80d2ec0b783 |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | 4192b8503fe16f2b9ef66f5f7b5e8feb |
| SHA1 | 073457f29abb9c003dca1b06ab29f37e9221f4a6 |
| SHA256 | d48e18c21e75b1a84be13a2274e43a99bb799e0c67e220a4eb0fb218f936d907 |
| SHA512 | bf7cdcddfaaebee940d06fa51bb72f97fb14992bb8378ffac948a09557f43e7dedc497879be38b52308946de35933ade76e165f101ddb5aac567ae87babf328e |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | 7237409e0640cfab7bdbd429bf821a3b |
| SHA1 | 4c3da934842f8d4835dfe2a9c275a300e5123309 |
| SHA256 | 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa |
| SHA512 | c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f |
/data/data/Mad.api/databases/google_app_measurement_local.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/Mad.api/databases/google_app_measurement_local.db-wal
| MD5 | ae72b08c8b46406f7cfee476eb5e9708 |
| SHA1 | 0d8ce54af3d23ee72fa28d777894cd4a0c118573 |
| SHA256 | 6e417dec4b0ab79f1d1e42ae9011c0cc8612d28bf320d6c31996463b75aba544 |
| SHA512 | e374f9655967415d498d14b8e66f40faaa26ea3ec15b8d66bcbc81c98a8c4a615094507792685095bbf732a00b0f5d73bbdaf1fc204c7a42733cfec54f5342e0 |
/data/data/Mad.api/files/PersistedInstallation6616410373403675836tmp
| MD5 | ca6a43d05ce06675b4b386b12e74b27f |
| SHA1 | 1ed0fe0f4ce479ea74881ffa8011586146f55e88 |
| SHA256 | ee4615920dd7e29880ff4617dbb19ffe9ffd6148cbac02abdc8529e3b5af75f6 |
| SHA512 | ff739eacb9864f9e6f271f44ddd4756f303ebb050606ade239cdfee9efdc1835bbfa8a97438cae1d5b71fa7d87dd716f48ee8db1d5749f4c57099ac717deea88 |
/data/data/Mad.api/databases/google_app_measurement_local.db-wal
| MD5 | d8c39238866005e7f52e8913b70bcf65 |
| SHA1 | e0af120e11f4eecd05b393ece40f6637e285cb23 |
| SHA256 | 973d1c7c969f11dc8880c57e664f76bf8988772bfb9948c5423fad1f1ec05da1 |
| SHA512 | 47ff7177dc7a1fb7d2dea57a1f9cafab1ea30765c6ea19ca2ff5419f145aa504a606399797084f59b0978992c06a066919968ffb23e7a86ab33e8ddf830ac4db |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | dc3fe8852a8f8569385da817bd5a4ac0 |
| SHA1 | 171d27d970222ec534cb73972ffb371073bdb1bb |
| SHA256 | c89c93f27780dcb7272930a1da60959184ae6b2792da32774111dfea44de0a36 |
| SHA512 | 2dd627e45c7d94de8e8ff25f01f245696008f73c79d265ee0b082396e0e640d344ac96dbcadcec468aa21a946b01b51bbffba5f01792918a61340ed838f41e05 |
/data/data/Mad.api/databases/google_app_measurement_local.db-wal
| MD5 | 82d4347d9c81726290f18463069a31d2 |
| SHA1 | 61c41f72415dc424d55636bb52645d3358628067 |
| SHA256 | ba690ecc2f24902b3ae650ef928c2e8c32da34f428fda9dbfac4e8b1ddea5396 |
| SHA512 | 63da2a0143ccd94399eac4b875451ed1bc4e92b75d8152d412d8b79e115a0eff3e12c0f0f4046266ddce819051aa85bf0d800b989c2e44798c0a555f552ee0c5 |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | 8b3de2658ce61ac5132012b5f800ea04 |
| SHA1 | 7c708999745ffe59b6437b244a167ad4385fa847 |
| SHA256 | 396e59f01f9ee1739b26bce1eb6a72466875e2ed0c9f2c2c15341b3fbb310d2a |
| SHA512 | 9208f1ea2dce121e6e98e0a53e4041e6ed613e181023c16ff182f55b6d878b40a8193b5fc2e74fa1a45abd25e0011ba192d275bd25253728b7cb7f66b81baba1 |
/data/data/Mad.api/databases/google_app_measurement_local.db-wal
| MD5 | d1c6003f0aebc8550a1d8e35a4cddf04 |
| SHA1 | 857ddf94055c758a562b373d887ff485d933864d |
| SHA256 | c1b22f21621bd56f9101e45fcfc29ea4d4ef743e56e552f830cc0b19da1db318 |
| SHA512 | 89d80ecb18e64b23aabff959b362d7f7fe21cc0b07745f2d18aba53199ceb93f64b8a445ac9848022c57a67de8519f6bbfee88fcca1802f4eaff723db217adbb |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | f27f0cf38b32f863384ab4b34cffcd43 |
| SHA1 | 786ded3a01aa38bec5baffbf4d4135cb0b36929d |
| SHA256 | eda3099d860d3b5b8ff80ece653c55da1d9ff1f4ae0830516b1fe45d4c4a71e7 |
| SHA512 | b279272400002feac7e5e85edf3fa0cbeffc72ee3e59bc6e339546d3ddd5df3140357f6fa098e4bfb6de746d4113e492b7144a2240906d7486beba215a57effc |
/data/data/Mad.api/cache/2
| MD5 | 191fd7049c777cea2729dab3956279ac |
| SHA1 | 9406befaf1b836fe871b0734d5767ece1806f157 |
| SHA256 | 0cb6987d8ade0985ef5aba8651248c1b679b659751dc2e8be57171426d7b6762 |
| SHA512 | 2d537ba4f79100e755a7f32df8c10cacb882093db7cded6edb5734d913c04eca41475d9f158df99b6e09f6c754bbe516b8a850111a915e1912cab144ed879e8b |
/data/data/Mad.api/databases/google_app_measurement_local.db-wal
| MD5 | 1ae603c8faaac0bda244bb2d492be9e1 |
| SHA1 | 5c5481bc33a1eed8f4c71898cb4d08a99e68da49 |
| SHA256 | 75632e09c55d30ba38c2d372114d915f1c48f1a6ad23eba4331c9032e392773b |
| SHA512 | 60c7d868a7dbae5d5910e74492b7202d07512de6a1cecf44dba2a20bf948b45be76da1d7d3a053683eef8cd6bade2489563523067f486098840c425772a0b6ae |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | d534bb45446236d1520099bfaca241f0 |
| SHA1 | e36f00bd2b5291dead33a3c0acb7ff7307a5c902 |
| SHA256 | f2a28f78766bc6a5756502dd3cea5c3db1a30950ddcb90401907908784c2d7ed |
| SHA512 | eb3978584b435ab3ce693130aedf1a7a8cf3b7a84cacccc0b45d5a5abaa4d074f4f4bc684f8addac4eee1ff0398624b0ecdf6246aed59b931a07301ce2a7533d |
/data/data/Mad.api/databases/google_app_measurement_local.db-wal
| MD5 | 2d7ca54517c4dc3d0efee5d9af2a5d95 |
| SHA1 | 853bc6d18572f535a199d7ccecaa42dc3e4f9560 |
| SHA256 | c1b41df9c1c52e6dec92e768f85602f1da66768f21e65d8bea68d10128bf916e |
| SHA512 | b6a3ec62c191ffc4a90c45f28c28d690aadc965a53b2dbb45bcfc21b6885ddcde2fe1dacf4cbc49a12eac14ae7e19a1293310432bfcd9d2fa4b27b1d01d799a9 |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | 3e881d9a01ca707bed38018ac69f4518 |
| SHA1 | 5820f9351d7cc8082de6e5686eb9f8fedf6fb830 |
| SHA256 | 4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c |
| SHA512 | 8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-08 00:25
Reported
2024-07-08 00:28
Platform
android-x64-20240624-en
Max time kernel
123s
Max time network
155s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
Mad.api
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | site11.shop | udp |
| NL | 185.11.145.254:443 | site11.shop | tcp |
| NL | 185.11.145.254:443 | site11.shop | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | site28.shop | udp |
| NL | 185.11.145.254:443 | site28.shop | tcp |
| NL | 185.11.145.254:443 | site28.shop | tcp |
| NL | 185.11.145.254:443 | site28.shop | tcp |
| NL | 185.11.145.254:443 | site28.shop | tcp |
| NL | 185.11.145.254:443 | site28.shop | tcp |
| NL | 185.11.145.254:443 | site28.shop | tcp |
| NL | 185.11.145.254:443 | site28.shop | tcp |
| NL | 185.11.145.254:443 | site28.shop | tcp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.228:443 | tcp | |
| GB | 216.58.213.14:443 | tcp | |
| GB | 142.250.178.2:443 | tcp |
Files
/data/data/Mad.api/files/PersistedInstallation491373907277193837tmp
| MD5 | 23b217004b4c051be7391072c1be5ae6 |
| SHA1 | 0716fd9bbfcdb3af9ac10a644326458646bf3dd5 |
| SHA256 | 68e966bbb4beb7abb4d5ee6794ed233a9b49ba7fb494ae50f5e1a5bb8847fa39 |
| SHA512 | a48267eb4a5262535620c492abf4d229f25632a405197632ef141057ebd59065a199e8f54d277ab23a5264ce9eb92c9f3392decbe0979226546bb3730dbaaac5 |
/data/data/Mad.api/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | 84273021de3dbebe5794eba95aadc9bc |
| SHA1 | 254e425517c41d63031a7226a0ec6cf9b0837a61 |
| SHA256 | c45af0e1a167c498d23ba33e9130944fd10600072b8cab4e1c80a31b99fef1c2 |
| SHA512 | f27ecfaf25857a4681e569500c846ffc9e49e913388b250d7bd3f3e859cde00b8e316c87603e7f44de720466485f35533de53cb6e504d99c2875614a631b47e2 |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | eb52a90bb70b76e946b62f50b6f7fb85 |
| SHA1 | 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0 |
| SHA256 | 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4 |
| SHA512 | b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | f1d9cc5cd4bf9e8e0cc266b95b631259 |
| SHA1 | 59ec914d25301104fbf648ed4cc47c693b723f8f |
| SHA256 | 01a3e8e8abcada5dbe14a868c2291bce64d22a41ffa82711b419decaba5615c2 |
| SHA512 | 442f0009bdb1bf69b23c7c4927947521a69e32fdbabb9d375607753be36f92c996e398277773c612cb90ccc0a8958ed9fa731d8fb68e9c615ec793a5fc10fcbe |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | 72fbcd426947191ff7bded880bc3be14 |
| SHA1 | 7c8ba7d2f17450fc39b51622a85faa5d5186bca0 |
| SHA256 | c173eb876bed5c7ee9892aba7930c52479f7e9df5551ff0b9c29c5b436b77720 |
| SHA512 | ea6e11051599e37fcab817ebbfeb018e14e972d183538007b07d768f84cc614d4872c4343374830d3be02fc1074e2192651bbca3c246664e96f6eccde087d122 |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | 07ff9734b656d0de424c65d520005e3f |
| SHA1 | c32f7368802a715d4834ed4837efcdafeab3254b |
| SHA256 | 0f689d7459d6094d33fd109ccd7005087428c218db04ba7c97d56d9620935a5d |
| SHA512 | 0802a7d3d18dec8280f8f6eddcee2d2167e8d8df3d1aeb1266fcea477bae2cf10ed6849fcea83eec920affeb547cdcd46e5420f00d032a0d8bc079df5f042559 |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | ad2a82e2bca4c04ac9112a84e9b825e1 |
| SHA1 | 9b2c73ac41aa92d441f8810b3a1cc2a6a799a444 |
| SHA256 | 426a616d4f695a527bf31a55c984b1381459004dbff816dd1ac040df934cb1a4 |
| SHA512 | f6215f4fa88a39a1dbfce78824a964d84268c9f1c84f2277a76b7b02b41390957a0014254cb8d732377ab7f0efd5127fb0002934ed47e2e73de45ea1b54d6561 |
/data/data/Mad.api/files/PersistedInstallation5901858724983712100tmp
| MD5 | 9d6b3ec46d08ae53c6d882ecdb8a0076 |
| SHA1 | fb9dca5fbca31d66aab9de79f351c2d78e01a59c |
| SHA256 | 3a8c7849fe33d03ba1c18c7f04f490e580dfeda70e4c210a70f8631f571a8b3e |
| SHA512 | 9ef1fbd51b1271f008b6ca5488155d4bacdb74341bd21bdebe2913c26fdaad6f974855a214564f5bda2a21ce2670ccf8f2ac1bad03ee902b4cf352d788b0591e |
/data/data/Mad.api/databases/google_app_measurement_local.db-journal
| MD5 | 25d63af957ab54a7356f5ea7dbab745e |
| SHA1 | 69a2c801054e2a6951f54a49cd43d0eee6c3e43d |
| SHA256 | da713157b76831af3a92cb1164a155863f62ef4b487576a04ff641239e843feb |
| SHA512 | 05cd970bb27d029cd1fd328de5d1e1a59bf22aff80b5aaea49ec57fd4f5d93ada7fc5b81789c5c3aef7f722ed8caedd96e13da396a598a6553910c6be31274c8 |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | df60d470ff34567381d50c7558419eb8 |
| SHA1 | c86baafcd0a05cfe9b6ab4142bd1e64d0fb48d46 |
| SHA256 | f8f7f3279ff61683f99e7ecf7ff4885395c4ec9b7a8e28968e424729c6e0369b |
| SHA512 | 20e21c904d71aaa76c26e9666f9a99a4f50fc7af7bcd0f56ae1c4d029ba26db7a96d936e0daaed0c454a093b0136d77a75db90fde4d77229349f988a288dde07 |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | 20baf48c7107a89076f30ab2c8e52d62 |
| SHA1 | 70dfa890c21451a2fffd7c4ebe311646afcf1352 |
| SHA256 | 98684e1c5d37196483333fecba0d55178b0268866375d61aaf84b4c961ff8e13 |
| SHA512 | 011088d3e1955c83b7a559b483a2b818a4d1b6c027d12e870208cd833c0f50a87d565e6e68bd1331681f152c812d63eee8e1d29700a21cc5f8805ff4adcf08bb |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | 9cd832d4a6026a6daac6b1e5dc763889 |
| SHA1 | a34a776cbe3e37ae979e445e9bee2e9062c41fba |
| SHA256 | aeda476d46f50d6ffb33fb2ee9b5d2fa4479ab3899633b1f92ad42dc4c8286a0 |
| SHA512 | 215a7150ac3b2bc7f90ef7bf56e47a26bdd5f9a606039de1a02903e287ff9295f89ebcdbe7aac3294eb656c9d6e1d15a3fd39f1a90778dc47a638916175cf0d7 |
/data/data/Mad.api/cache/2
| MD5 | 191fd7049c777cea2729dab3956279ac |
| SHA1 | 9406befaf1b836fe871b0734d5767ece1806f157 |
| SHA256 | 0cb6987d8ade0985ef5aba8651248c1b679b659751dc2e8be57171426d7b6762 |
| SHA512 | 2d537ba4f79100e755a7f32df8c10cacb882093db7cded6edb5734d913c04eca41475d9f158df99b6e09f6c754bbe516b8a850111a915e1912cab144ed879e8b |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | 3148713d700a3b575a758e6c55632540 |
| SHA1 | c095fa0895afaf6bb20b0acbd7a01248eeb2faaf |
| SHA256 | c84de6a1ce41c32216746feaf7b1b5fa7da7a16a7a711b5a63b4ee5f6f7d4802 |
| SHA512 | 86a9a7b6324421224961b7f8d08bb841c884ef670edbf2a1d1873735979a69de7218f2de1bfa9cf9f873fe887f65b8be5d83d6b51f62bcbc83ef1de482065f1d |
/data/data/Mad.api/databases/google_app_measurement_local.db
| MD5 | adf6082723784327d7d1b34adf974e7d |
| SHA1 | b1502f70eb881a1dfe41139cb719fefb877ee37c |
| SHA256 | 252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9 |
| SHA512 | 762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b |