601884de6c11f18f11c61503ad8873636a1b9916144031ce33e313d3e3d785a5

Analysis

max time kernel
5s
max time network
151s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
10/08/2024, 10:42 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setka.apk
Size

3.4MB
MD5

d8408ba5caf6e3fba21b62d7d59a8dba
SHA1

0b09bb73f5d2fedab3f87e614834c14eaa47abd8
SHA256

601884de6c11f18f11c61503ad8873636a1b9916144031ce33e313d3e3d785a5
SHA512

a8f2a16c53cc1f817962ea14d978a8ae7ed5da9b89f0b97327987576c4d59eed66632eaed2682597d5b5cfa5ede1078fca52c94306ce6aa9feea7df25292876b
SSDEEP

98304:snqj3IRtMXG5TAMbJ8C2xPiKx2/1lnWgSzICupTH:snqj3IRt35T1dAxN2XnWhwVH

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.Mad.api

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.Mad.api

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.Mad.api

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.Mad.api

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.Mad.api

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.Mad.api

com.Mad.api
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4966

Network

DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

216.58.212.232
DNS

iranpai.com

Remote address:

1.1.1.1:53

Request

iranpai.com

IN A

Response
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

172.217.16.238

216.58.212.232:443

ssl.google-analytics.com

tls

1.4kB
5.9kB
9
9
142.250.187.206:443

tls, https

2.5kB
40 B
2
1
172.217.16.238:443

android.apis.google.com

tls

9.1kB
11.7kB
32
33
216.58.201.100:443

tls, https

454 B
40 B
2
1
216.58.201.100:443

www.google.com

tls

8.4kB
9.7kB
25
36
172.217.16.238:443

android.apis.google.com

520 B
10
216.58.212.234:443

520 B
10
216.58.201.98:443

416 B
8

224.0.0.251:5353

3.7kB
11
1.1.1.1:53

ssl.google-analytics.com

dns

70 B
86 B
1
1

DNS Request

ssl.google-analytics.com

DNS Response

216.58.212.232
1.1.1.1:53

iranpai.com

dns

57 B
130 B
1
1

DNS Request

iranpai.com
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

172.217.16.238

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.Mad.api/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7de16ef22a21e6e51da45f4f2aa2700c

SHA1
1a6a2ee4a139556e53990bafec15c67abbfd364f

SHA256
c5228d575a4eb5207469bbe463b383a458e5dc637e1a444a4225c60b56ab10a2

SHA512
5a1a37ec42f46bba9b24dc9e480cc3c0b2ef3ec599f3dd4adf6deaa5b0c6e92f97b2dcbba6de6a459167cbe64cbc383214719be42ae71a3c8effdd8f62e21340

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4356477047c7c6e95833ced0a65f4740

SHA1
5c59075a5eab086c2ac2d99ab9be20e001696569

SHA256
e6b3b7618d9c931dc30bee3353e70bfddb27c3b87ab32ac71fc0ef6e39cd5c58

SHA512
1c92caa06f4a482475a8cbe6a90890ba435832a93fbd24bf9f9a0899e27efae4fbeab98d75c43511dfa85fcfb743c44906e23004684c9f7981884d9b5776a17d

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
67904e0d7526f59ae607e31eaa2c3abd

SHA1
9a7628c4dd69dd841b885ce0729cbe47467bdc60

SHA256
ec6c4a11b2111ced5e48b44d4c062cb7b74e4c96766f28413d9a367729bd00b1

SHA512
13271e51eca6509270ceced51e02167d32eefbeadb6c8f58937a0315a190c296cb3e34c9d06c581efa2f45c3c4e80f86eae720943d17d3217944525841475257

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
b94f259280a04f61d90db95b73e4bd20

SHA1
e60bb5aba5c3a7e78cd1e6a90f08730da1f423e0

SHA256
f4204b9fa07387e11d055b2fbd91da9cfacba672dd1825fb90166392df69472c

SHA512
7cf6942630854da1b80a7ce93ac37ebb96b34e53a452821ed3919dcb9cdfabccecc0b4c44cfa0cc39c2a72d94fe1123371c1bf91757dd8021f5000f331d22009

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
968d9bd56294482c4e125900bf68f633

SHA1
baa40b01dbe97e2deb1a30eca22d9aa6419b0054

SHA256
cd331d23176d81958c9de8e6431b5209c1abea17228b187f4bab562a12f5a214

SHA512
8766d38bcf3be61f8d65c317f2a5c1fc92bd4fbb2d388017a15363c04e5c092a20d27cc335c26927276ce524c19cf42c9c52267cc01d2c0fb383e8b259af684b

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5b85aef7d4fa6bfddee1ffdf20ce3c20

SHA1
6acba4bc6acf0918159be3cab53ff05322dc2a6a

SHA256
05dceb9f42d323ed306c32977251c95a8a916e6363843808baaa8751a0cdce5e

SHA512
a4f2a5b047eac5cc80844874f2e7da509071aff898d2e1f5a00366ec9bf096762146fbeb9c0f27fbae2f9a07a658af9dcb3b7c81518fea0c1a3b72750021a489

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f217fe4e860b16e7e31bf49f6e362216

SHA1
8f5492e12f5fba9af81106186a2d4233bf6e2d6c

SHA256
797217614620939a24b562c939febf37c7f86a564fd4facc52a136609a795524

SHA512
2907c5fc08942d800b6a71caa63580ac91cdecaa159ef167b57b7a63a0a92ee0b986e77c2ebd4ce18f238c9371a760f45d1af990f3f22c7a86223d80b1f1d326

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
d9905a3389140929eaacff501947fa35

SHA1
b47e32c3b72e20f329207e491b3c4a3c0100a701

SHA256
05b90f5d06830363ec221415df4053ba9a3fcd209a2191f70e4ad462d5f68dd1

SHA512
daac3d3c05697a237c81afa4cea365e45dabcd2e3dbe35d7fa2f664b1410b60fde3b60d907e939eee612051b17e217cfc38839737d464d5e92d06ffaca4e6a6d

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7d274eec8ac5bbade50239636122c194

SHA1
56e8e797aaffdf6ccc0e6dc40d638313e3cf1ffe

SHA256
d579fbd9b0ef37c884a77ee9a1f1db86dfef769e855dc03130e9781e01a69699

SHA512
35bd18351fed1dd75b009184048c753938729c7f181df98d68f3c00fc5d0b16c707379ed1cb22c3c33f14db5b4c069db37f7580dfb792b15be4430733ee28673

Download Submit
/data/data/com.Mad.api/files/PersistedInstallation3040134379012962581tmp

Filesize
90B

MD5
2b498804ba4080590ee87f83e3935963

SHA1
680134e13eb8ebb3425d2af52c6f3a3b4bc1109c

SHA256
cd3ee376f33a9e10345e5a9d5ab8b918efd2c57363fd9928b7369e0e3041dad3

SHA512
a997bf38fa8a7f9dc9e577f63fa9772478d2d472447ecefbda70154e829b2df38268c534bbf92aa3e90fb1d3adfc283b11d16429244e82a40b479906cb7eff16

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.