6b0bfc8147b9c360f895595a790db004fb80c93034dd8a29ff2ea78c770da440

Analysis

max time kernel
123s
max time network
155s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
10-11-2024 21:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Eblagh.apk
Size

3.5MB
MD5

f469e4ba7fa3597f21307cb90344b86e
SHA1

7af780d693205b4b5eb1267379ad6b3288374cc2
SHA256

6b0bfc8147b9c360f895595a790db004fb80c93034dd8a29ff2ea78c770da440
SHA512

89e74b9b7e2c1e7b209daec2142a68f2f43f787ce1aa2107598c9e1b10e912cbab88a501ab08cc1e2341bff7a41cbd635a46d7852715e680bc04487677fd252c
SSDEEP

98304:UrIQFwPQ3Ma/HI4YKXq9FoVlf/H5eRI5dLZdB/Hh:UrIQd8a/HIHmiuff58I5nd

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

mad.net

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener mad.net
Acquires the wake lock 1 IoCs

Processes:

mad.net

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock mad.net
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

mad.net

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo mad.net
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

mad.net

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone mad.net
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

mad.net

description ioc process

Framework service call android.app.IActivityManager.registerReceiver mad.net
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

mad.net

description ioc process

File opened for read /proc/cpuinfo mad.net
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

mad.net

description ioc process

File opened for read /proc/meminfo mad.net

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	mad.net

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	mad.net

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	mad.net

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	mad.net

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	mad.net

description	ioc	process
File opened for read	/proc/cpuinfo	mad.net

description	ioc	process
File opened for read	/proc/meminfo	mad.net

mad.net
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4977

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/mad.net/cache/1

Filesize
800B

MD5
edfb8da295a38834a9eb951966e3128d

SHA1
22b24ceb0848d0460e25c2558aebaaed551fd618

SHA256
fba505df9bc8a00664bf34f860336e2d3d48be1a1554cf458ab5bd6e8cbee77e

SHA512
105b53283537d1e578ed53005870888fb8e685620868b399f32e06aa2b2ca151066082c3eb1a6f9a1a2f3d59c53f5cc44a51111fed268c60a7514654d46d33f7

Download Submit
/data/data/mad.net/cache/2

Filesize
22B

MD5
8aab5918b982b16a58d4f6576d413343

SHA1
483d14a9af4b6a3effe7ea7b7c963acd2b389da3

SHA256
087c7899f5065339cfe08701150111faeb3cc7d3ba0ec6136b4c06d0a054213b

SHA512
7c1e60ec6a2fe4e07c82b7a868e046e9422b02dcf065913e8d003e3513e479d36bd599e0de03d6078388782a5030d09c013ea3bf43e56f8a28f3554e6b68bfe9

Download Submit
/data/data/mad.net/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7aeebe02da09d5f82bacbbe3e6065fb7

SHA1
728b8ce52662c192ced2c7e0ecd96f987d8f66ae

SHA256
68453d499a6d20a7c13a99edabf2f0aaec871881fa025a10cd729bf606586177

SHA512
da94ee4c496cad737cbb4ba3d296357ce1aabbf5b9ea878ae8dd44d1a163ee2ae4e47d246306d2a76417b7de7c06183ad6f2846a21b44c8cee4bf5e0b666de86

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
764fb04e54bf5747e5c26b929682ba8a

SHA1
1e0e5c1ac49e9a1226b01f8483cb7a4197317713

SHA256
83695162319ed1386cc73098a22ff36d8da99956a94fd57280feadee4a547389

SHA512
9c3d86c46cb3360d8eda895ff1431a35de39b2b3e7564304ebb0e7cb1d520b8205b3a4d8c0af6fe3f6506ca55d07eaacb54fd87949911445afb4eedf9b572b50

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
dbe2df327f45ab93c30a669f59e98723

SHA1
a4f11ec52dffe660c941dc6f2ad51621cf29f073

SHA256
32b0268fc04ef637972bb2478be9b9c398b16ca8c3c5c927291761fe8f0ad807

SHA512
b2304f710d736f57a13200957e59f8d5aad7cbd142b10e128cbf7ac27f611e68d7c987409fd11469e9c2a9f6d36127b025e51e33cdb9146d98696d597469bb4d

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
bac9810f8a8c9616beaeecbcc8faf8ca

SHA1
1b9fe0d57557428dbb485e0868501ec2564ad4b9

SHA256
782abe861ac76c04f3e4af2326dfca78f3d400761122bb486507b66483df4365

SHA512
0b782c9364b4ddd47e0627440a8c841fe965e9314b10b68af95f93bb885e6b1bd74d42d8ee8d1e8877ce533cbee8cb5b85405e2905d08516c9b98cc733b142d8

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
720303ed0a405bda34070070c8453ec3

SHA1
e29cc7d80185afe684ab7027dd58e7a843ce8d55

SHA256
fe8dadd7a95d43cdacdfabe4f00bef32ace0beb1474d4497ec5c00fac0df8cbf

SHA512
9dd3db05e6773305ccbe3944a9136f404103db91a7f5c7726bf5aecaff390e94d8ff5059f173e7fb660351bfe70e6940d28d55464bee44a25d7775d763225801

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
927e24ffeadf891bd228c985fb704bc4

SHA1
dc2125b7348d9dc1b95710fee9458a974fd9c51d

SHA256
715d0a68003e9f2a39d2cb8d4ce55dbd8e63ba6907b76a66ee5115856e52562c

SHA512
55109b54c86510f71d78e0f0aa05b595bced1a0a390dad547bebe8f559a5dafcb34fc0bf10f7c5cba0162b45402014bd2bbc089d964b8187faae7cdcc8a5e5d1

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
e7a976bfbb8f8b643f8e88771d2e845e

SHA1
5df5df56e5a5ac8b1d3c129cc32f427b78ab9940

SHA256
489a4df6b6de2afd346ad1c2db0bb9db0935d6abcf76794b57abaee5dcc5cf18

SHA512
40f716c3a7663b85946c39b066962add0b75ac05392856045237ff5fdb68d1d14024468895240248ddcad49d39ded4b67fba620727bc340de869affda21edfdc

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
41678c81f6af3ff17ed39ff17d8f4c36

SHA1
3f12a3fe01920b7098b7b8b955ad170c32bf6173

SHA256
8497f41974c9d25d92ea1fe733b9f02612ce8e2e01f476df0847dfe36093f90e

SHA512
77a91c629df13654cf7cd1f7e1d684cf441c6b69d49e02b2365c9510b8f7232abeacec6bc42520f59150429c1c206676648d41a089159a47485794175afc5915

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
ccabba3f0fd910f5725205f70bfad0ee

SHA1
423e96cb680a3d551383e2fd1c86184d3a64641a

SHA256
c31609074cf6b4b16895e4a64631493b65762594eb28eee591d9c5bc322415ae

SHA512
29e30cdc7b84b5990d0fcd8a0e635ace33a7cebaac1f9bfb18aafafc96b524482d1eb943ef97fc6dd483c518aa828edb5e620ebafab4545c3459938cf4a86bb9

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6e63e64c1280e0ea8000f0b5ec38ea09

SHA1
64094b054d81fd240e421975db3123202e92ce13

SHA256
de65cdb02388b7ebb645b678a41eeda13293daa2ebdc0f43a50d108d8fb28754

SHA512
6419e21ee1e7284cafee46d1b30def02961e552f4e4d8dbe4e8070f2e0e6928f59673215625b0c6480d7de6b266310cff03714c377bee34b4290f4d8e13a09b9

Download Submit
/data/data/mad.net/files/PersistedInstallation4069567458347375910tmp

Filesize
90B

MD5
fb7d7e33e68163ae09fca22bc88d1bd9

SHA1
8763f63dbfe88d52bf25d8dcea2cd0ffdbac0a88

SHA256
d79f77d6d7859cad2078891c88e4cc0b0ff15b8f640f2ec13f4c57905d69f35c

SHA512
6ddbb249dc3ef1b902218723cd67961eaef3832bd5ad15e24355385c356ae8770c9d5d73c9e0386e1ac78a9234bd81f73e6718dd14e498d8ce8cf074b11c3a9a

Download Submit
/data/data/mad.net/files/PersistedInstallation6450544113694623053tmp

Filesize
567B

MD5
7d0cbd541a88efaa390ee23023fd1af0

SHA1
5da63638acf874ee927367d6e04c6f6f34d90de2

SHA256
4ee2db08a0b748a172f4585886f2974e1870697eabb9537377edf2b870fa9258

SHA512
47514a42e9e8104665ee2abd1ad6004ac096e1142252df7b9fa69e04152b436b76b82832fce9525d72c5f2e82a2e203b703529191ebf0bea9a2451099a7d7f32

Download Submit