6b0bfc8147b9c360f895595a790db004fb80c93034dd8a29ff2ea78c770da440

Analysis

max time kernel
123s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
10-11-2024 21:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Eblagh.apk
Size

3.5MB
MD5

f469e4ba7fa3597f21307cb90344b86e
SHA1

7af780d693205b4b5eb1267379ad6b3288374cc2
SHA256

6b0bfc8147b9c360f895595a790db004fb80c93034dd8a29ff2ea78c770da440
SHA512

89e74b9b7e2c1e7b209daec2142a68f2f43f787ce1aa2107598c9e1b10e912cbab88a501ab08cc1e2341bff7a41cbd635a46d7852715e680bc04487677fd252c
SSDEEP

98304:UrIQFwPQ3Ma/HI4YKXq9FoVlf/H5eRI5dLZdB/Hh:UrIQd8a/HIHmiuff58I5nd

Score

7^/10

collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

mad.net

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener mad.net
Acquires the wake lock 1 IoCs

Processes:

mad.net

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock mad.net
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

mad.net

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo mad.net
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

mad.net

description ioc process

File opened for read /proc/cpuinfo mad.net
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

mad.net

description ioc process

File opened for read /proc/meminfo mad.net

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	mad.net

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	mad.net

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	mad.net

description	ioc	process
File opened for read	/proc/cpuinfo	mad.net

description	ioc	process
File opened for read	/proc/meminfo	mad.net

mad.net
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Checks CPU information
- Checks memory information
PID:4461

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/mad.net/cache/1

Filesize
800B

MD5
1cce09956c94043e6379afbca7acdef2

SHA1
fb343548fbc2114cdc3cf31e5b60b5ba3be07c49

SHA256
9cffada29052487faee3d3dacc91204ac5784b47debb73473fce201cdf13a737

SHA512
5420768af5bd570aca9c603db7779037269f9fe594cdf0c5f275037f3ea02add03d16dfe3cea10efaa8e4281267f0f5d987409306394fac2d6b0c2c8c36f3ce6

Download Submit
/data/data/mad.net/cache/2

Filesize
22B

MD5
8aab5918b982b16a58d4f6576d413343

SHA1
483d14a9af4b6a3effe7ea7b7c963acd2b389da3

SHA256
087c7899f5065339cfe08701150111faeb3cc7d3ba0ec6136b4c06d0a054213b

SHA512
7c1e60ec6a2fe4e07c82b7a868e046e9422b02dcf065913e8d003e3513e479d36bd599e0de03d6078388782a5030d09c013ea3bf43e56f8a28f3554e6b68bfe9

Download Submit
/data/data/mad.net/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7c70000ad93b4c674ad04f7a1be59340

SHA1
398405f620464482c9c1d5ea0b6f7062ff41dd31

SHA256
4fac3fbe4cfde467665aa97de23c46caa9837aac7e568614dc86021945b93cd4

SHA512
6246c78b8f470ca7217f69f1b9b7d81e4a57157d47aa0d79c88775de696108f6bdcf8286652e0cfb13f6676108deb1eabdd661b93a133995d00fb3dcf0e3613e

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
dd20a94f448b5e663fcd2737f711af2d

SHA1
e83553d8dcf01e7f13a33552249d51204bb94b77

SHA256
39984e86d182b7c367556e2aa7143d5fef8af707ab2a7d5f2c7b25aeea1c5649

SHA512
075be2197ae8a3fbb47ce69b3f4a3f6fa926eabd5bcfb470bcc59978cd001e789993db1d2608c55cd391649b85f18f45feecd32be897f5655b4f897da8380c06

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2046e25a275dce7ee33c7c5146a0bb74

SHA1
00ecb7d83e87239139f01ed4f1bd9f46b659362f

SHA256
66479ca08342181a5ee1c9ace1856b6e33efb255b40ade14b4f495ee2c36bb25

SHA512
0d063448bdf27e6f445fa908c540d7a9bd76b34680792c1b00d02155e0b56eb0626b9e957806965b6226566d61e004cc1962a5ea48ecd9423243b3571230111a

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fd37aa438d2e9c4a15411c3e4d46d8c5

SHA1
c1d1476db981f7341122c66ce8c90464bd87f64b

SHA256
ba4a3373019cc49a6df703ca14d38ea8997a0cec21b012ab25c7b81882aa5c49

SHA512
484a68903dfbc3d878e9b5911caeb794508d327b6d90dd75725e5064df75c9a3bf3684e0223543c26f8e42c425fc67b0a26f2e6d556024459b242f20dceb9d84

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
de82e2c94d2718988804b035a46d17b1

SHA1
705f5ff19093ad209f2a666085d6ccaed3bf58a4

SHA256
29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39

SHA512
68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
70c879b6e862e87560fddbff52008a6c

SHA1
48fc3a902deb6a3833a1f3052307849e410481bc

SHA256
4f42bfd669093f3d3e054d00c355fc2030bc9fb3dafb81b81e0726e875d3b458

SHA512
a0cae5f0aa0229265de269f3e945777d6033cac6c95b97ccf3e9f575f266bd35adf9d8c29e5fdc9a6ca319b65d995d1491c23ccd59fe0fe026840565ff1d8481

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
adedc593b76a939c135328f8fe8f182f

SHA1
7626682ffc412315d39ab6e3ea7011527a8d87f6

SHA256
b3a563143f7390c7010d9aec60832db7824183a132904c9e59651852bfbf0ca0

SHA512
b7222cf1f21965c85229baa08fa3406a7e354c15600b93d80f53f93ea088a889c7652e6e6fce23eeac5fc7e4d9786236f96286101f04b36ff47b3cfe83192e08

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
8fc563cc14f90ba2dfb5a542fae45796

SHA1
d6bad76d9d40d45b533f0180ee85e4e0f2000fb3

SHA256
1662d0448d944e45782af4e6ed9b639dca017fcf51bde09c540cf9bc35faded1

SHA512
6232647f0948a47ed83737a6dc6c00c2452cb90a176a14a917dd8d7f53aed76eea917c181542826ad8001f42eb319efd0180f3dfe43964de8052311e57f752de

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6846bfe9d0be6a2920edddfc3767ea9d

SHA1
06517035c3ae74edde934e8f266f5a6bb38b9609

SHA256
269ee0385ea46e43f4611444c2e05627f6dededbec328f91bf73fa1ebd3485b7

SHA512
aa2bcac62cb77cbb6b0dc8963df16ed29d7f88402341d2e996fabe70f3b7535fe71f49653d1935d09c574b504d64ea76efe1d9a9147dc442926cf12e8e157ee8

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
17b79d3d53460a184e542cdabddaff8b

SHA1
122e2469e1d93f27e25146f75b848483195e785d

SHA256
59fa85403282b4a87bae96e2340e243dac7dd7674a49b14dce47cd900886f0af

SHA512
175b1537598c0e7180008981f545d4c060bb2152838677299c05b7876c07ac33dc90944e4b71cc62f6d39944d64bc837c8e5b7de5bc209150fbfa609d608a7f4

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
3f0cfc2ee524737cb9191ba84f3c45f6

SHA1
b1300bbe430b8747870d7afba6d1e86fa3abbb7c

SHA256
8c11b2ddc777069de7fcc9879e5e37da55195f43bf786475eb31a8093afe1bb2

SHA512
cfccfc8a10fd1a046f25a7cdd50494ecdff54df1c1b73dc236b0fb734ff7124632ecdfcb88ef48b7c6444b4dfd340db31847565338cf881c966dc99b03e943ca

Download Submit
/data/data/mad.net/files/PersistedInstallation1781233920475768244tmp

Filesize
567B

MD5
269776ed07e4b031eff87f8ff7b3c572

SHA1
c805d0fb736a85ceea201facb4d70947b5bb3c52

SHA256
bdd2cddff45bb080408440b41a04ad8769c6197864a22deeac4604b3403ba07f

SHA512
6c8b9b74f4ab42c7f95b4d83a78fec775461b89140752bb8f45cd2de7c22d8cf0320f951ae0189b9af1a64aa396880bb5da93d9ecd7799756c7a0930630f7e06

Download Submit
/data/data/mad.net/files/PersistedInstallation6014541063378053814tmp

Filesize
90B

MD5
2e059dce1be0baf0bbb56fa0e7209b92

SHA1
97a7b761d9949beb9465d786cb0ea6c3c868fbdd

SHA256
de9fb735eacda9ca869617cd2ab7beddf1e2cc78146c2e46ae9155e62ceef2d5

SHA512
bdee0e659eb2717274d845d869dc1e5071ae90c09be45372d545bbaac51fe2687e7df7e40d8806b960fad8b06dbd5afc43cd994c930d0ca99670c88558a30a1f

Download Submit