89745e413fe440e12fa3e2f73a889a7545405c7495f48a84102db5ee53d738d4

Analysis

max time kernel
6s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
17-11-2024 04:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eblagh.apk
Size

2.4MB
MD5

140cb3883adbb6af12be3f46508fd64d
SHA1

c69468d7bde973770bc2fb29d3ca01fb9937b992
SHA256

89745e413fe440e12fa3e2f73a889a7545405c7495f48a84102db5ee53d738d4
SHA512

cead257622a015f6eb8e4f50792385068d6bdd9f91e5bf711ef384ef3151301ba8f60f5cfafca5e83e52303f54f96171deee074a7cea852cca8503eaf1491f2f
SSDEEP

49152:a/iYJslyM9rLQG4PK+dduC8YuUL2fbzl9SqcT5x:w/Iyaehdu7x9x9Sr5x

Score

6^/10

discovery persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	mad.net

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	mad.net

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	mad.net

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	mad.net

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	mad.net

mad.net
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4313

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/mad.net/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
10c6af25e201592894e367a1c7e4403a

SHA1
325ea9b3a24fd0860f5237fd8b05044e0f453a91

SHA256
ec5f8f2540870b8bf6d3be61a3ddaec16b6f98ad35341850258353122297ecbd

SHA512
d490802438f6924307528746dcbcf715a5eae8d8ff5bc77835b12b2bdc993aef33a011f6d7134b5eeedcc5270101ce9dbb215269526c605c45d524b0a3a5a826

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
901ffc534621cba24090b12bd3ae58aa

SHA1
0c694e37a8ac56c3a3e9ac06c7f29e65cb3804f1

SHA256
b4683664f564e5e204808d94eed2e51154a2520f483c61cc25d0bdbe2d3db724

SHA512
7ac2ea1d9232f8e2c18852ea5e0e9a00eabe0d4701713cd7fd22c0333fab08aa312a15c6c17323dad30f653fcc896d1c69456966c36c2a363adc1dc273084c1c

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0a69fe901ad3a0b0958aa74a17868df9

SHA1
5ac2400771cbdc809ffd91a2f9d9da7c4376b480

SHA256
70448da03e4c815859b47ddc93686a876dbe4376f345e3fe69486335a772c892

SHA512
2bab78023ea87089ed9ddeace9fc0b85bef5fb5488bd09dc1c602ceec7a1b33060ce4a98810957a0e52afb41b6d2be94bbfd4cb313196a36de03c77e99c3aa51

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a14e5c8380b51290e89d3bf618284f2a

SHA1
78b6565a8cdadd6f73498ba795a185830576ba02

SHA256
ecf18ed94ca142fad30e8083429a9d97cadc45b2047c63a1175b5fc51a30c6ef

SHA512
c29552f0564d64b4d30b6f09a4b89b84f016c00a476923e262666ad7a7323d97d17622d0580416219aaf33938ce8b89f1858fd2219b9e88a2a8dfe81d2dcdce8

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3e881d9a01ca707bed38018ac69f4518

SHA1
5820f9351d7cc8082de6e5686eb9f8fedf6fb830

SHA256
4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c

SHA512
8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
808d983ecb97b0314d6b77f531974fa6

SHA1
ce0c9e624eab40faef79fa4f2232b9d223d4fb7c

SHA256
579151bffba51ca7b2bd4d0f2fe6a71127186c18b1048cdef7b172ec72c7463c

SHA512
75be13603a7c2f77813b87322ec04f0a87e876068116b958983ded424ff1534b941c132a3e860838ce186c083ae61cce546fb0ab2d1a877e881a51b15538eb6e

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
ac1429f43500fc54a65ab3f60a6528bb

SHA1
8070cd1f724fd2b10878d728a697ca80a0e01f78

SHA256
976249cd98203e950cb90ed1ad75ba56f43e5b6f90febe92dd63ee3f6a63d867

SHA512
33a3de86125de73f7109006f32e9537b3e71c3629e8459400ffa7afa5ea61059f5ca9c6d19e81593a9a77a51f1d8e4d859901f3b436fcc4a09014070f0360f04

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
a2a8775f7677264b118fba2a575204f7

SHA1
2b58b565336de196fd77c6441a9467f0c3f5e873

SHA256
b9b6c6667bcbac6f04c9bedf7792090f47c9e16117ffd6b011b3c6d7fb24336d

SHA512
3e7383fbe99f6e41b84dc2d66f2d0bd2a98535e549f663357c22f2ee1b33cc69eae44c684ebdc49bbe4025a3b90dd86e543d2e4e759a6bdb582b1d098f99c172

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
477fef6df9451dfed2e660ac8efe1c6c

SHA1
326ea6f9c382c7678abe3c9904045e771cc4f3e1

SHA256
a7b00bcf59faf9c1cd867c9c91c01b39124ec7d0462b6bae00700e5bc702acdd

SHA512
e9f2e773b2a018b3519dce0aa67644f6a2cae22e344bd8fc67cbed99864a487c66aa3250bf48c3f5046ae2974f990c719e5940a1a69c627d36e6c7e97f403ba3

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
42396c85d2ab17056be639a030ccbc2c

SHA1
e915e9763ea7a30c24254b01a517596e29ddadf6

SHA256
0b7011112c370f2a8b65fc27871984ecc646f7b0743b2b367460044fbf1d8392

SHA512
cd641540d88505be4b3de29b1c6786bad027aa8f962e0307d0a0c90158b3dc1ee5b762984969a46b788628b031ef543bfe806ebaed3acb0752275b9c30d03a43

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
be7e2ea08b261bcbd4b7e07023f91286

SHA1
8f78ed87c39f68ab03b075268a94aed20d8c0955

SHA256
7e378ca1056d6dd52fa7adacde5882af17e6381b19970168285ee72303d84c48

SHA512
0e7a08b5231a0ba343f497aebbc547a7cdba517b5c32895602a73fbc79430a0d91c261602ad4896488755119bc3abbe231f8c25598b1d32653f59b53d7a0c54b

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
2a554cd679df6375e062a86beaaadfe3

SHA1
9951b4678ac82fade0020213be10c6475d1d0317

SHA256
93c91a829634a5ab1e32a9a4ecba79bbfc83f330231bb9d64ebf699e38a6ae00

SHA512
7a048fb1e9b5eaf74b4871d3071657c06aaa0a1cb1a3f54f86501a6ae6d13202a0bc96ff60b2d2fefd49a4696a9cdb34f079445c9805bf2ec8254a9aa5d99f03

Download Submit
/data/data/mad.net/files/PersistedInstallation2189285369685813051tmp

Filesize
90B

MD5
5dc3c1bd0666f11da2cd2726919dad00

SHA1
0582de62ce2ad3ba9d6164be18479cd06917aabf

SHA256
b7fb56c55d03b74afede35d4e85fdb238353e73d81284855e8b48437abac228c

SHA512
b34208bdafb0ca8180e37c120293b548f717ac11e9b6f76bed84a8562d59e6090177d2c9a2a8e55e3f855236b227dd72edd4ae2e1d43d3ea6cd3f4acc7636ef2

Download Submit
/data/data/mad.net/files/PersistedInstallation3885052533399717128tmp

Filesize
569B

MD5
edc09be22abfdaa61da8ecbe4e192ba6

SHA1
cf856eba41d872c84856294b4deaeee2ca4527e3

SHA256
ee9d60c0fbbff8ce56b08b89b15567a2bbe85a0dca2ec66bcbf021d1d45d0c53

SHA512
01f5422eeacadbbcad95d5855e35b4db20465c4ff78576bc35955e97afe7514cdc4f5d0622e0e40c44e574ed35dc267bc17b4954cd55e67751d712aca29b7983

Download Submit