5b4b1144f1026eff5bb29ca5cf87c14cb6c588c4446fb02f42858ba495fbb3d3

Analysis

max time kernel
144s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
24-08-2024 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Eblagh.apk
Size

3.2MB
MD5

274c51ac1b22e4867883ebc90cacc65f
SHA1

b09741e7d09c433a68d902a6e98ef3a968d09cda
SHA256

5b4b1144f1026eff5bb29ca5cf87c14cb6c588c4446fb02f42858ba495fbb3d3
SHA512

49bd0a9f1021335cd29cc8c110b19e9fca29c11f2e7dc5361948f9397feb880271d4b3ad5ea2bf19bf774f534cadfdad6b88c6e7500e4d3b0e539aa86724f355
SSDEEP

49152:h/iYJsl5pIC9rOMZyEZhVU7218RMvfiNU9hZsot7XEXVVmcjPNSEi5I5pRWTN+NP:p/IDxOMgEqzSHSUpsotYdrAEi52RWTgN

Score

7^/10

collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

matinlurd.com

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener matinlurd.com
Acquires the wake lock 1 IoCs

Processes:

matinlurd.com

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock matinlurd.com
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

matinlurd.com

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo matinlurd.com
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

matinlurd.com

description ioc process

File opened for read /proc/cpuinfo matinlurd.com
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

matinlurd.com

description ioc process

File opened for read /proc/meminfo matinlurd.com

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	matinlurd.com

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	matinlurd.com

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	matinlurd.com

description	ioc	process
File opened for read	/proc/cpuinfo	matinlurd.com

description	ioc	process
File opened for read	/proc/meminfo	matinlurd.com

matinlurd.com
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Checks CPU information
- Checks memory information
PID:4625

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/matinlurd.com/cache/1

Filesize
762B

MD5
59ca5dad185f8e6ac17e87b97d965362

SHA1
bcc3c17cd0470e858e6c90855b36eb058cb11433

SHA256
bb412387aa33b4e995be22c7e1628ebb33e6e929c64adeb0d889803f89daac58

SHA512
6902c63899b0ff631191fbb9958b4feddfe5daca1c209f675ebf01cbad02798a0a39b17e13b930e87555d8508075a3656064bff51521d614281ef74f7e76fa50

Download Submit
/data/data/matinlurd.com/cache/2

Filesize
38B

MD5
f74f42557b1c078bd8263c369baa7e6b

SHA1
a85bd20006dcc12dad756da098c214a1ec41c3e9

SHA256
20742d831ed500cebe8fcca2370de78305bc090f72f789aad0f74df7b19bbf23

SHA512
f6f2a0bba6c8b597e7c8c1f6d4a4a31d045677b454ed7ec9b8acd9878bcffb92db72134471bbfde573cba45f777ce5a5d117c0ce977d4cdaade9ac4d2adc2866

Download Submit
/data/data/matinlurd.com/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
59b33e1fdbce2070249ea4f7b099f4ba

SHA1
4f64c5b52820719ada262440b304d6e2bf2cc9fe

SHA256
c00d6f7de0e7b9864fb0732610527d97c72d3d9be31d271f8e5e1083cbd5f18c

SHA512
60ad66399ad6de515bb644d148d501ee81ab0480b604da780046e3a7d1cb2e343f6f8bd9040d0f2e34869944dff6aea4afdbdefec527844ba9282b98b4a0834a

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5d3380bacdca7c9e1cf0efef46304a7b

SHA1
ddd4ac43e1b99f305920611bb1b7f2d1fe0c4554

SHA256
eec667c3ffb574bdfbd3d2113dc1dac1c8378c8855fca5d89a2f7189b18a28ae

SHA512
e9cdb0aaad0a33dff98ce856751ac61c8f41bb0a5b7f8e7e49a4afc03e4ed3295cce56fa8dd16b4f0355dd6a7ce1a3eae32a438e0dc4c1d09e5a2b3f2366dbdf

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3af004583b15d9d4e2046fd700f9a20d

SHA1
9eb0902e5d7771430506b8d241a64ca91c018ab0

SHA256
96cb015b6cca78690f8c515b00092c5231e6e9070ecc21f5a9f6949afbd2a1ea

SHA512
5961d6063ee2d2aafd15aaed1fc3c2f526865690ab7733346a06c5465f22e1c975e51abbfbc7f62b8545533acacc6610af09f45c8c1d0cdb2185f3cbfe7b72c3

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
67c6f9729ebbb898a696d0e52652be4c

SHA1
5bc94206419bc21fb165754858b614d3167f31ad

SHA256
2bf11cf747feaa60d479860adec4d594a7389b80ef0c65544410b1ee3b6fe084

SHA512
a02f84f2317fda80a84c5bb2b1d6a160bb2fd16ca7c1062052f63a427b07534cf3129182d27ff5a4aa69ef72f907a308f90a257ca85e1b5d51d2f13984562d8a

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
de82e2c94d2718988804b035a46d17b1

SHA1
705f5ff19093ad209f2a666085d6ccaed3bf58a4

SHA256
29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39

SHA512
68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
32a82e25180866896d8944e218c84b42

SHA1
d6dc8226ff10db51dd3af128a90bc5c571ce84c7

SHA256
280d72a7b9887741f081edb494d59cfa9628dcbef72a93b34bf61ec5496e3266

SHA512
3f4d3543888fbae4062201c38878d7973fd9c5cf8402fbb84630311ef8daed8d3267e2b6d74db59458e33b05e27e2f987ca3ce1bf784bbaecd3b38c67f4386a8

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
eb2c0ad436b460a6862b0e40ae4bb56f

SHA1
86b54db78913fd8c90596bd04f2ec604f0aebf6b

SHA256
b93da1c4fc2f2b6fa398f4c66ba2cd9f7dffe1470f3bcb4a80c16edb193bd53a

SHA512
6174dc972566a5533c54edeebe909a219b06002b1c3d931eec77cd1f334f6278eaf444ab7d52d5603584ca4a1eaf17f558609f0e91957c699993946445381e9e

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c56c8dfb73fdf4949f06bb3af60b6e2f

SHA1
c096781ff542a22b9ef1d8c70642ce27384e3e10

SHA256
66215dcf7d5d9dad438b464d6fa2bf8e437337249f1eac34349d6a458ae5a1bc

SHA512
1b8feceefe7470feb353406faa0606cb8c2dff0a18eae996b3281fafad5c157cb26a00df6e0b4d848a8bb8a7201f36ccb76aa706886441ab02f93f0f4419d1fe

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f2704f932a6cb8b9d817c7e464d5eeff

SHA1
98a296d1af85d01fa4109ffc6d85fbbf057e0f95

SHA256
c7b68ce892114f1633c1129968dd81cf09133cfb1edc1d8ac109d985f45a6adc

SHA512
2e0531a421a1fd060b80a867929f4f12413a7054eea8f4b538258162bcd0287bd0713cb0414908ea95c91dbd18fe628968068c505d7591747536abb48af4f208

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
bc5f54fbebd556d8d2ceb66b186083ba

SHA1
654815ebe38496c146b6e83df4918b9c9ffabf2f

SHA256
40eca5ebd72d44897bb1f038a029a08b447bb43362a1c8779a2df5e4c2d60981

SHA512
ee9835660e8597f9d01345ca5a7b2e1408f3e352f40849c755e8f0887a8c97f08bbcaa6eaeefcf5af9024ab29a410210f14ed96b31496cb29743e2c4e5c1fe11

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2b49ec541ffa6af5d04b832268a78a91

SHA1
59c6542ff8924fd39ec7727e666ee94863554260

SHA256
4b32fc43f8e8046f06c3a9ae11a60fffbb968953dc1c77173b14dd1ee3327374

SHA512
0907226f68c845af7ff7ba176ce542615b68577738f743747d17d2206516b8df37f6d6107f349d380a14dac43f4cf44947b8ec6fc79c4991f44cd8c8e245a6bc

Download Submit
/data/data/matinlurd.com/files/PersistedInstallation1073823071121825845tmp

Filesize
570B

MD5
b110176f193d519e46deb294fcfd1719

SHA1
63992ad1a082569771a9dd0c5158c7eee9f13e20

SHA256
3a5f2e286ae10a48c71dc7b422d4d3dc357355e9acdcff0bf93a5ef35cdef9c1

SHA512
e3621dc3ac738b6e45376ec58c2a971264d05c44f305f6f6954945d3db23b3afe35ae18c92cce061d069fe00c313038e5bb8d6b0a575a8005f5f020f677e47d2

Download Submit
/data/data/matinlurd.com/files/PersistedInstallation2267937648895800628tmp

Filesize
90B

MD5
419e278435e0efd1f2c04b91f3f3af49

SHA1
a21b8fcd270553af17854f3635a51e2b7228fbc2

SHA256
3d57f691c3923ef4c94e1d0a35292ead40378513f46991c7c768175bcf1785bc

SHA512
f52978fbe55b6f96e6b9dba7a3915483cce43797361bc6f6db4e09eefe8e3bb05f4e01e0e8c02572d6b4db0e64345448f91eeccb3d65def30ec877725530f7f5

Download Submit