6b0bfc8147b9c360f895595a790db004fb80c93034dd8a29ff2ea78c770da440

Analysis

max time kernel
123s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
10-11-2024 21:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Eblagh.apk
Size

3.5MB
MD5

f469e4ba7fa3597f21307cb90344b86e
SHA1

7af780d693205b4b5eb1267379ad6b3288374cc2
SHA256

6b0bfc8147b9c360f895595a790db004fb80c93034dd8a29ff2ea78c770da440
SHA512

89e74b9b7e2c1e7b209daec2142a68f2f43f787ce1aa2107598c9e1b10e912cbab88a501ab08cc1e2341bff7a41cbd635a46d7852715e680bc04487677fd252c
SSDEEP

98304:UrIQFwPQ3Ma/HI4YKXq9FoVlf/H5eRI5dLZdB/Hh:UrIQd8a/HIHmiuff58I5nd

Score

6^/10

discovery persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

mad.net

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock mad.net
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

mad.net

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo mad.net
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

mad.net

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone mad.net
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

mad.net

description ioc process

Framework service call android.app.IActivityManager.registerReceiver mad.net
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

mad.net

description ioc process

File opened for read /proc/cpuinfo mad.net
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

mad.net

description ioc process

File opened for read /proc/meminfo mad.net

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	mad.net

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	mad.net

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	mad.net

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	mad.net

description	ioc	process
File opened for read	/proc/cpuinfo	mad.net

description	ioc	process
File opened for read	/proc/meminfo	mad.net

mad.net
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4319

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/mad.net/cache/1

Filesize
800B

MD5
10401395f60e5cf907a5e2ee233a914c

SHA1
d54074a7b77f0b6cdb52f14844cbcd344f4fe18d

SHA256
6f64a4b0c21b79df982aaa2e5b42dc2cd78bbe61412bc86fb732a8589cef8639

SHA512
75deae8937e47e6b194745e713861e9c664b33444d26991de1822b1a7aa0dc0d73da2170383ad654c0da2fa9a4bf558e6bccd319815cda8d5cb75855cfa79301

Download Submit
/data/data/mad.net/cache/2

Filesize
22B

MD5
8aab5918b982b16a58d4f6576d413343

SHA1
483d14a9af4b6a3effe7ea7b7c963acd2b389da3

SHA256
087c7899f5065339cfe08701150111faeb3cc7d3ba0ec6136b4c06d0a054213b

SHA512
7c1e60ec6a2fe4e07c82b7a868e046e9422b02dcf065913e8d003e3513e479d36bd599e0de03d6078388782a5030d09c013ea3bf43e56f8a28f3554e6b68bfe9

Download Submit
/data/data/mad.net/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
71be574513f69fc463a07bc373503b3f

SHA1
3742cfd42a650b9352aeb0273a4640c25329c78a

SHA256
b10ba592721aded3493d4ee014b5f09b4ddbce21abdb4dffd75178c18d2e0738

SHA512
da60e8b1825fc7a7bf95b69dc78b0ace18015bab3835041535f29d448f0d29a4a39bd4445cb171639939e2f5c18978f383500ea3aca0e07d5ca96fab436eca40

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f0e9630eb35d2cd27c00f0450a9471fb

SHA1
691801d203672685e9f0bdf08d76929a2633731f

SHA256
eae393c6fa219ca633f049e728a557089aea32e56117607f5c56ebcd15c34e8f

SHA512
c250fa82219318001b93134ef5146f2821788449b75ae7303ac315d8574ebc44ebaa6b58d184bc815538262a85663e4dff16bc2dad913492f31e6163a44cd2b9

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6c28cef11b5357c411760598e58fb1c8

SHA1
176f588c343c3f2854a831081f8253077e67f884

SHA256
3ccdc5a602fe389b277b6cb975abf9599259c5f9f55a812c12acd2738e06459c

SHA512
a8a7aac64150efb1b465eb8826b39e7fae3c2375e30fb4f3537d558f6060b9cd1ad53dd9af1b484f9079c701c9606bef0647d1f17516e3d43ee6626b872e59dd

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9fd4c4b53c69f0173c7fc626892d0e86

SHA1
26c22bca9fcebc0ad0b6efc981630b664cc6c14f

SHA256
58871ab7be49948a53b8c071bbded9c3ef9d8d9cda23236c9aa66f6426999920

SHA512
0fd09950d8bbc5a376b59707f460b9f598f2e60de00a9797a7f20c0d9b6de308704782ef62518655c2b0f249404c09865cb2e4e87b4b1e52adffe4c6b2e9224c

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3e881d9a01ca707bed38018ac69f4518

SHA1
5820f9351d7cc8082de6e5686eb9f8fedf6fb830

SHA256
4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c

SHA512
8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
c58220c85f27f52ac84b6eadd1d91c44

SHA1
7d7c3d61c340794b205eefd7402176446f922038

SHA256
4450422b64ed7600426b3aafded5f7545398addd0fa27a7f432bfdfc7d9a20bf

SHA512
31b4d5fb1af5db6915d01036fa493d61fd1737b8e42d2dda764822efa6d5233fdb3f4463d966824fe980579ce84659ca3b626b1c36a3d09e9eecb8da3b6d7484

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
29c527d88c6db0abc2ab789f599eabc8

SHA1
1fb0e287ced9a38fec8788c9fa689356ae48c147

SHA256
2f6b42e2a05fecb42e2935d8ec624e749125310bbfd13faafd589a5682176506

SHA512
f623fb051cb97f6c5065d93b79f39bc3ce6e5a4bc7f0285335f0b89dbf5c7709694dbc754e0c9e355b7f94fc0bea75f6083c530c6aa79d76857a7c7e0ef45966

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
98a7731f04ae55ca4d3cacfb665750d4

SHA1
65777ec99d0582df5d14e32b64f7c8f6711ea534

SHA256
9af2828c8cbd222749373a4bd7591ac27f7cbf5a611170b84d348e5199b19af3

SHA512
53f4d0cf103366876cb9c050d8906de2a47cc4712e01a2644fc89ddf063c688394a3ed783e4fcac339776388c64f1b40a70f73057abff89dfeeb31eb96d999eb

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
c21c70e81157c0da9526d2fa5acf8e88

SHA1
b94af91bd2e7c93fbc70d6906d654ef2ac889549

SHA256
0da9697f22da3571c6e57ddb47de6db2b3638763e6bed5fa8f842c229d0592eb

SHA512
a29cba7c530b36c2b5530899c951b015d05cf4bd9fa8f0c319e944940cfe581b31b75398afb537831e8fcf1c7b7de6f54d124a0bdf2454a0e465b6b4be888501

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
d987e26fb71db3a48cc96e971732aaf5

SHA1
fc4d2aeb5e27c46d878580bdb38215dcdc082b4b

SHA256
708cc45d8bccc42d869ca14f7e8ed09bdf3d53f334b8de204b6db0cf23e8d37c

SHA512
3cfa54596921af2b7b5e2c97a47b9103bc645f63abbe53111b69a02283d4ae72e55d282342f9f972d0a4635586d3b8e9965df1b89bffae5870feb5fda0636a56

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
ab608f99a8a56f2d25c06c1fce17e4d7

SHA1
e7002e4d03488b27b368397010889bf3d8ee48a8

SHA256
9e008d4b0cfab7bc1855f0754a94e5885644e16278991b7d96309a334dc4873f

SHA512
2a78fac23acccb028d93e84cb83099f7a9c9670fe54392803d93eca4b1e48553e8617d33dea9562be0dffcfa82c45bde84626a850f70a4e598620e6d70909172

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
b808ca7104687103237b7ab00e160b5e

SHA1
43f9bc41fce65c2c64462c85c8a9694cc4d00533

SHA256
ea644ea8684b70e6ecca1d0a26b070c91ff76dfbd922c1ed457a2f5765d36feb

SHA512
81d5e98d12d47b2b68a16d86d9f940079bd34bb50eebc2400d72391de4a907a58c18cdf07b3f670fcde8b7ce32f06b892f90c512387ed3782060597c1e858e15

Download Submit
/data/data/mad.net/files/PersistedInstallation4011730524288594949tmp

Filesize
90B

MD5
5fea9792d7602ebd5400c0a086e47a83

SHA1
387f041df3b2061dddde1d0579bc8f8cb820ca81

SHA256
4398c98b248b52bc424477ac5c5d39ae3c98d1793690926a9321787ecc79cf78

SHA512
5c05603f10e4be5dc9191f4a8a9d0eaed9c62817e8d8556d1b7a7d3da8f32c5181b83760cef622bc27440577fb30af18876e4f432c2ef29d625bb9c398936816

Download Submit
/data/data/mad.net/files/PersistedInstallation7667035502099468382tmp

Filesize
567B

MD5
69093d7dab66182f3ddaaa0b0e70126e

SHA1
f2299b4d108f883519c5fc1ee173cf1c177f7030

SHA256
83a7c6ab2c588599a03d2199949f030c95bc49e11e2129f26440df3ee9689444

SHA512
6da24fe7cf85e52401d2f0ce8011528828f4b8a94055700671de464be2844df7d7a16c7cbfe354166090d45796865223e7641dda55242f2cddccff22e818e2fb

Download Submit