5b4b1144f1026eff5bb29ca5cf87c14cb6c588c4446fb02f42858ba495fbb3d3

Analysis

max time kernel
122s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
24-08-2024 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Eblagh.apk
Size

3.2MB
MD5

274c51ac1b22e4867883ebc90cacc65f
SHA1

b09741e7d09c433a68d902a6e98ef3a968d09cda
SHA256

5b4b1144f1026eff5bb29ca5cf87c14cb6c588c4446fb02f42858ba495fbb3d3
SHA512

49bd0a9f1021335cd29cc8c110b19e9fca29c11f2e7dc5361948f9397feb880271d4b3ad5ea2bf19bf774f534cadfdad6b88c6e7500e4d3b0e539aa86724f355
SSDEEP

49152:h/iYJsl5pIC9rOMZyEZhVU7218RMvfiNU9hZsot7XEXVVmcjPNSEi5I5pRWTN+NP:p/IDxOMgEqzSHSUpsotYdrAEi52RWTgN

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

matinlurd.com

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener matinlurd.com
Acquires the wake lock 1 IoCs

Processes:

matinlurd.com

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock matinlurd.com
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

matinlurd.com

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo matinlurd.com
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

matinlurd.com

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone matinlurd.com
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

matinlurd.com

description ioc process

Framework service call android.app.IActivityManager.registerReceiver matinlurd.com
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

matinlurd.com

description ioc process

File opened for read /proc/cpuinfo matinlurd.com
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

matinlurd.com

description ioc process

File opened for read /proc/meminfo matinlurd.com

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	matinlurd.com

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	matinlurd.com

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	matinlurd.com

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	matinlurd.com

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	matinlurd.com

description	ioc	process
File opened for read	/proc/cpuinfo	matinlurd.com

description	ioc	process
File opened for read	/proc/meminfo	matinlurd.com

matinlurd.com
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4979

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/matinlurd.com/cache/1

Filesize
762B

MD5
2ab2619fd17b9e64754adaaf6bb34063

SHA1
2d8b6f5b6cdabe15ab485ca9d430526cd5296f92

SHA256
b3f7bd2cee27d5a227be1e69809ea74accc0bf6c05c78638c54bcc1f2a3a6552

SHA512
2ea23e1eb95bdc8d8a14ea3485cb1807231878cd050c4766b0391e29a3ada7f185ab8c77ced3d35475a83cc03081e9975ac287080fdce4f768387ff40720bf4a

Download Submit
/data/data/matinlurd.com/cache/2

Filesize
38B

MD5
f74f42557b1c078bd8263c369baa7e6b

SHA1
a85bd20006dcc12dad756da098c214a1ec41c3e9

SHA256
20742d831ed500cebe8fcca2370de78305bc090f72f789aad0f74df7b19bbf23

SHA512
f6f2a0bba6c8b597e7c8c1f6d4a4a31d045677b454ed7ec9b8acd9878bcffb92db72134471bbfde573cba45f777ce5a5d117c0ce977d4cdaade9ac4d2adc2866

Download Submit
/data/data/matinlurd.com/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3ee7f5fb208f37a120dc7461141b3726

SHA1
fcb3a7e6f5525af737266e6c3ebe25621780095d

SHA256
bd78fbb11870838c6eeb89f2e1d8874ff3b3ea75a2349f1940605d409ed9d388

SHA512
506ace71ed4c6040f6ccbd529bf6cb74995b6ea928492b4363214b511624f2b31651013ed6453d665cdc4026af034330683b9028e8f7bc68ca957898e7634c4f

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e3361059cbec90f847005618025c990e

SHA1
2c443b5ed85a1f8ae3e3d8bfd653c8f6ff9dcb4e

SHA256
fee2d4faf1685e6d9aa1861f6421442f0f2b17885fc216dfbce5647d1a84a483

SHA512
09bffb0373b6d7580ef41eb99be2bba4638fbda9719ed09a6f159cb9b7482f5cad49e1bbe714e383938dd8e9447ba231f6a2c743946cd3bfeb8c0491860f1aaa

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7b2358ed2fe00def4032f94d08711e09

SHA1
0f2db131d1782afb22fa0539fd51045614794ba7

SHA256
b50b83b7450cb684c1ad80e56e6fa6229c6d444a79027ea960e41e04aab255df

SHA512
c58c844dfe3109ebaba0ee5c1108daa16621ad81437eb47528962582f4b8970f32242f25a6035013c9c8817460fb969e9f9bcb0cad18a35c1f87967ca577f78a

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
764bab484b49e4cbabc30cd943ab22c0

SHA1
a16d9e545df9b58ee32fbb1d6824943705de612e

SHA256
fe3eb003df5575b5f5da0a7f9ded01cf0deea7f81887f632818a820bc2a6e3eb

SHA512
8c4b5a283daf19b2a8e182f8279bd131fb975b07fda33fffdbf3fb44f047e4ea2bf7bf043a548a50461a1b5eb7daefc6bd49e6c9280bec6e37b81b7745c70496

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
43f596a09f8cf758b149514aab547e32

SHA1
301d7c5ecf199f8ff356f75b4a45e6a8f6e4356c

SHA256
ced2096dd62facd48004780aaefa5ab9997893dfb2fe99662f834df003be698e

SHA512
5ba251fc4f1a459a8b839f1d426ee380f88e2f3e37f551a604062df01e94653b1fe39505c1683cf5f29e8de718c1d94e2dd7e8e4061155e6ee0d7027acb240df

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a2fb6d2d610b051f352f9360346d6c4a

SHA1
efa322fb1fa002f28705d894b1fc52f2ce13bd1e

SHA256
b1ea28b1ef0137a9d8c4b3a48b3173c55ec61e3a40a3673475c4fe9420f2a703

SHA512
03c564aacdee623f0cc8265a24db3540fe5c0397022049854802ed39371808b5487aa7b5609272cf519dda9639ef1ac7a4638f02b720b0e48871fbc847f34b41

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2d0a8f81b1db0d32c8203bb154a8aa99

SHA1
2fec7c42efcb29a3312180fbcb6aa719a73ff0a4

SHA256
333afd45973a929aa9a05c8dbea5192d1a41d23d1bd2c12fdfd42687451ad325

SHA512
921dd8072a60e33132dac723c8b22efe3c123424cb3a21a3cb63bc6b9f94eeb0aa8eac0a600ae5c7febe87643ff77086e42478c268ff9351eff48e9f53eac8d7

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
253e98c524df058b20adad0f6f10472a

SHA1
6c89f2254d0aff04620ef03a8f4c81ed0d643ed8

SHA256
5f9852abf7240400c581ca8dfc14c24ccf2c0920aa530859651dd234dbb5434c

SHA512
1c746a8394d6093ab588800ff15a9d77d411afd8e6aced989fd68c381d2c2228c403e9ba3eda21c942a162a3ae06040603039267b0dc359e13ad0162eb74b234

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
87cd02b119ed7b8eb2ac64bedbeabae1

SHA1
09f1cbbfeed688615e5300244d2405f84b2b4bf7

SHA256
9d36a390c3841d09a8b4efef8aaf925b1839502ebfe5e403d4bef976d6d78ecd

SHA512
d09d35f7533092e0df7e828423ba342c089fdc6ff99d84976796c0caa981b25002e8acd8c4ce74e008e3911b8962c35c5d631a3ab5aed6c544c88a2221f06a85

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ac49ba6bd262c595585a85ff29db342b

SHA1
5718709a09ff37cce33cfaa66d3eaee1ee5b42fd

SHA256
750587aed346e6dfd0d1f80b8baec22435ffac92d3ced9f245704a5e45f0bd2a

SHA512
b6ad0acfb93fe5219300cfe7b4c49b09d82e241bafd02dffda5708e23ec443d4cf07aab9e42b0b8341ec2fa219e2fb8e119f11e4229add16632dec618d07f1df

Download Submit
/data/data/matinlurd.com/files/PersistedInstallation3728105926579679909tmp

Filesize
570B

MD5
c37a2697b047a1cf1655dc91a6ee8fd7

SHA1
344a608dbe93afb1dfc4993d5705b22c306d4c43

SHA256
272b2d91895316e6d3b87d2a743bd83f246e64660c3256355b9886c00d9dc429

SHA512
6401d971f306960bb5fffc49bd70c6ba8761cba227a4d175f2a22ebb81883cc4ad8f5b75e298d233c2cc4a08737e686deb729933492db7f248890dc4b803f558

Download Submit
/data/data/matinlurd.com/files/PersistedInstallation8435007723685330252tmp

Filesize
90B

MD5
3fe9a14c2aab3206c993e9ad2ffe897a

SHA1
73f05c883a099e7305cede87f18e63a5e9962195

SHA256
fb11f8fa273888509a50cc8e902374e46865a66724fff2a890cc0876c604fdc1

SHA512
a0a93139017f5bbb20d3a7ef75960e1a81bba87cf8df11710e8acae543ae0d5132f1fef7f45e54f03bddd21d92bbdcbba2ad133da1081f1d7410dbf2591f10ad

Download Submit