5b4b1144f1026eff5bb29ca5cf87c14cb6c588c4446fb02f42858ba495fbb3d3

Analysis

max time kernel
123s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
24-08-2024 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Eblagh.apk
Size

3.2MB
MD5

274c51ac1b22e4867883ebc90cacc65f
SHA1

b09741e7d09c433a68d902a6e98ef3a968d09cda
SHA256

5b4b1144f1026eff5bb29ca5cf87c14cb6c588c4446fb02f42858ba495fbb3d3
SHA512

49bd0a9f1021335cd29cc8c110b19e9fca29c11f2e7dc5361948f9397feb880271d4b3ad5ea2bf19bf774f534cadfdad6b88c6e7500e4d3b0e539aa86724f355
SSDEEP

49152:h/iYJsl5pIC9rOMZyEZhVU7218RMvfiNU9hZsot7XEXVVmcjPNSEi5I5pRWTN+NP:p/IDxOMgEqzSHSUpsotYdrAEi52RWTgN

Score

6^/10

discovery persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

matinlurd.com

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock matinlurd.com
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

matinlurd.com

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo matinlurd.com
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

matinlurd.com

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone matinlurd.com
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

matinlurd.com

description ioc process

Framework service call android.app.IActivityManager.registerReceiver matinlurd.com
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

matinlurd.com

description ioc process

File opened for read /proc/cpuinfo matinlurd.com
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

matinlurd.com

description ioc process

File opened for read /proc/meminfo matinlurd.com

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	matinlurd.com

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	matinlurd.com

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	matinlurd.com

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	matinlurd.com

description	ioc	process
File opened for read	/proc/cpuinfo	matinlurd.com

description	ioc	process
File opened for read	/proc/meminfo	matinlurd.com

matinlurd.com
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4314

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/matinlurd.com/cache/1

Filesize
762B

MD5
f2d8bd4d5626a87e52bfe5f31a1df78b

SHA1
1bba8f10a0d5ae9dcef69d9d07b99adc30625792

SHA256
a921f9a080e175683b1f498c37bf6ccf031f0afeab6a8b5f12309fa21c53ecfd

SHA512
c677116e4845925269f8b41d594a4d168488523e11c37bb2044f7c20e81616d7900c1ed7765a81b58fb0da14bbb2b8bc212cad624364d010ef72cbc3e7fb7348

Download Submit
/data/data/matinlurd.com/cache/2

Filesize
38B

MD5
f74f42557b1c078bd8263c369baa7e6b

SHA1
a85bd20006dcc12dad756da098c214a1ec41c3e9

SHA256
20742d831ed500cebe8fcca2370de78305bc090f72f789aad0f74df7b19bbf23

SHA512
f6f2a0bba6c8b597e7c8c1f6d4a4a31d045677b454ed7ec9b8acd9878bcffb92db72134471bbfde573cba45f777ce5a5d117c0ce977d4cdaade9ac4d2adc2866

Download Submit
/data/data/matinlurd.com/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d6897855cca2f63696a910c8a46a588f

SHA1
3133ba1a22ec9c378b995c9041f6747ea8800f0f

SHA256
b42c4e21ca5ddb4fb2efb72ba80452aa714c754fe85aa79244c768c38d1e0413

SHA512
c6eb56ea349afe8e4175e82f85e3eafbc9a93eabacd40afaa05c14f51bdca6451ecb9d22fcc9c9a97db4f022da318ab27cbc725d3df03efc649f8f964de334e0

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b1fc6b7db95ac7a98bde8e8c48442610

SHA1
c8ceb7ba0c47fe64dc4654b19a40eaaf2c42098e

SHA256
7419747123b418751ea7547481c4b7be12c877c3fb2ac170b704a18c3e19f82f

SHA512
27319c9b61d8adaa2bd2dc1569468f7b965019935e729cd92f1132a7dc03b1181bd90a16066b7c30ab7f197a15d7fa28755c40fc9106c698149703ac8cee89b9

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f207d737f571b8b93c7db9d395900da5

SHA1
e58463a0adb28dc3d5ea5f390594afe72081f8b9

SHA256
ad2573bec79a4dc7e5cdc05753fa60cdfca598d93c50137101ab8ff7e7bd9706

SHA512
4b9ef7582bf36dbeaa0d83450b931da315e83c1673ad56109cc0429639cadb2030ce2d3e11c35f1c46f9ac1fa01b68508f98a4d17c79eb1e4184e3fa08ecd185

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c8e9463bba550c08519d11f2c2919f88

SHA1
1f5329594134f5bef8683a41706b8adad95f7614

SHA256
6e1bcb2de4b566a3574956e9744d2bdb484b98ffeb3235b5bcc94e8297944455

SHA512
9766073df956eaad003008da2cd7a6703d6f17ed00ff9d8dc5edd60483ab9e5c98d709be6bb9dcc4c622328fdfeaf67520544177e45701ab41a97849a2ad2155

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3e881d9a01ca707bed38018ac69f4518

SHA1
5820f9351d7cc8082de6e5686eb9f8fedf6fb830

SHA256
4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c

SHA512
8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
7a38a8a611f4887a2bbf3aeae015cf5c

SHA1
10d02b53bcc2e5b3d98ada8726845184957a8cbf

SHA256
32fafcc37c61e304dc202487996e6d5cd5f8714ffe1260d59f10c2871239fd84

SHA512
0106b0e88ab0492555988f1c5fcf30bc0c75ce0552d332bba70c0aef8978cd6bc2e4eccabbf072b7a30ce9961a57a417c24ffe846aba3838eb170b60fcf34c8c

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
5b7c8c9bd4450f06120babd5023efc34

SHA1
6ecffa995ef465291b0867887713579afdf0bbeb

SHA256
395bda48f38eb9348bf04897e089c8c653463fc6a7642076ef52034027e152d7

SHA512
e9412e1911ff5be267424c3f66245887fa92128704d529df4c666052e4b26cec4d49cd0ce3406ab9173069bec75d8aa73ffdae4289028040ed6fa7c623011b07

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
fdb837bdc9aeede1303d26361cfcd85d

SHA1
90607289d68ff0ef3ac2384764cba82afc1d2717

SHA256
e7bab2b4b65e7c69befccedd569414d919c558d8600c4783bf1c5f38de98b79a

SHA512
d5a2452cbb9282378e59d0bb6c89968f426b3e7327406534c3d37caa6dc3fc2662968df975212114ec554230f922116b8b8e299d4cd1807a15e681af87cd5c06

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
7d7830b9a1b16c517a56774b85bb9835

SHA1
c1c968e7abf4d387b8f051e6a09475f7c7d66756

SHA256
a985f96d1ed090b5c8b96b2bd0a7c58127019e90d29d22e11e222492b82faec9

SHA512
320505dc86d7f3aff02ad33d0ea8dfa62747ad444bd2226bb8d3c00e1d3b1097f4616ea96e6e63d596ae19321e5b11ddb32344ae02ec1e3ec3a069a9dd2e5ff0

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
57795d06d714b3236117cab2dedaa434

SHA1
7d373ee69af87e78d9422ecefb66f960a42c5e94

SHA256
a57cb0e2f7deaee0582aa2bc559c17f356c723cada77d4830b133e47e9493301

SHA512
9633a2bfb7cae40ec4ee346196cff9a8ec5ac4de444d73c27528a5f597006a8e24b95f47af363f9d26ee69bed86241c9e7600dc5cd9e95e9ab0b5484839e9fc9

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
a90650277fa6bf1de4da0a8bbeff59eb

SHA1
abdc876ced25b29e5512d7043e23b3bbd4287623

SHA256
9432c2a56392df4a7e2d8474a77ae708f86edb1eb7deeadb91f9ac6f7969afee

SHA512
bdda98fd3afee23886f38df83f89957b78c713af8b0d9136f516009b5ef5854e148c4dcf829a3e213af4778a2aff749e12d12aba80cb7c8be0650f7d63b07a8b

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
a6ebb1c2fcab7e4b475160d64473e0bb

SHA1
462c3878422d0cdd4628ed2f70219c3bafe0ad77

SHA256
4731b7575af0e5a4c44626679d08253a16696f80825144213cf37b9b4ab110ee

SHA512
3fe2b43aa8b7f83abfe8a0e3d52d5f234cffef3e9928d63ed723daa827a25872bb4827a8f2475cf3d15f9bd6586366a93b7e37ae16deb648484651b70e598ecc

Download Submit
/data/data/matinlurd.com/files/PersistedInstallation7261744124443523823tmp

Filesize
90B

MD5
89001fe99ea55cbeecb6c62a954abd65

SHA1
f28d67b3d47a4c75e251db801dbdd02dd264fd69

SHA256
8c4ea3a960faf3383cb94347a21668ece06ed741d324ce6afba970b06351b148

SHA512
ac862af11929467a4aa5d879ac04ffe55dcf39684ca07e62ee5aabd83f95497e8cdac3f191ae9567a94c5b4e22fb2b8d5e65f9c4ba6b2ac49708066fc54442c4

Download Submit
/data/data/matinlurd.com/files/PersistedInstallation7773045035334701675tmp

Filesize
566B

MD5
fa07682a563fc89e44a7f59fa216379e

SHA1
441b699e9eb6dca11aa86ac6fea95b97b5c21857

SHA256
ae72cf868fe6f6fe4cb4be0918d2748b2765c50ec790511e52910421a427a2dd

SHA512
5f5c0f259f7f0383ff16ba14676bfd64ffa1227b6cdfb1786e6ceacfd14a04c27f5aa780c30ab12e9e85573638b7cc62951aaf61d3a1366cf00c653510a710b8

Download Submit