89745e413fe440e12fa3e2f73a889a7545405c7495f48a84102db5ee53d738d4

Analysis

max time kernel
5s
max time network
151s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
17-11-2024 04:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eblagh.apk
Size

2.4MB
MD5

140cb3883adbb6af12be3f46508fd64d
SHA1

c69468d7bde973770bc2fb29d3ca01fb9937b992
SHA256

89745e413fe440e12fa3e2f73a889a7545405c7495f48a84102db5ee53d738d4
SHA512

cead257622a015f6eb8e4f50792385068d6bdd9f91e5bf711ef384ef3151301ba8f60f5cfafca5e83e52303f54f96171deee074a7cea852cca8503eaf1491f2f
SSDEEP

49152:a/iYJslyM9rLQG4PK+dduC8YuUL2fbzl9SqcT5x:w/Iyaehdu7x9x9Sr5x

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	mad.net

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	mad.net

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	mad.net

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	mad.net

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	mad.net

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	mad.net

mad.net
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4971

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/mad.net/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5b2b7df9b1d5014c6644ef3e2210e3c5

SHA1
b379b1d06f1cfdb075983caee712b587753064ac

SHA256
cfe681d4723e2bfd4e951b6acc1c2a6327d2fcf69e1dcbb4971a6478be23af59

SHA512
79f1c16f9b291a808f0ee468cb76aba1fbaa3d84e9e12b6edb68bb662c42bd063888fc668fc17f1ffb0ba1f47048ab88b3c68fe2f9563cb403294fc485d8c9dc

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ac204a84842fba9785c7dcb25f1cfce4

SHA1
aaafe11d8cb8c199944e0773caed71a76969c498

SHA256
2e583f5188a6e863198351ca2dc2ba550330d72bcdbb97915617b102623269b3

SHA512
4d1f80334e861a10c89c15be8b07ee5bbaa0eebaa437f8c063f29c87e66447ecb832c0b0cb00c6df94d177f289e241e1885dcac0514e2e82a042bdea06398c95

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6c4bcff5409a26e67109286063861964

SHA1
c957834d016c27b63e223fdc7da3433869117fc1

SHA256
686631755ad646a9f67bbd73c5f3c34a8f4fe525edd59c5698302956b38a8090

SHA512
1833ed7c7b311f858d91b354aeb5e23a3ac2ff8ab35a2f1f0b1989eb31080268b238d80d27711960c6257a898020de126b4a6fbecba90281eef90172f308435d

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e87dfa074071d67fab90d26c86b47a30

SHA1
0d4e7bd2099de1ea3c453cc872b363535ee95c0b

SHA256
565d84c46eaff702075bb47c15ba7c2c2209645c11584c07112aa74cbdb0abac

SHA512
33c73440b5fdfe9be29515791e4e04c83d2fcb80c46747257e213feb6af5c614464b6d853291f14d6a52cfeab8581e8c6d829ab03b403367c9e1e898b7fe0630

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
7ec7a9eb8f286c97db435cba975bdfb0

SHA1
33d0d0ba5fb52d14471fea0ba1a53247ddafe417

SHA256
30c9df35ce673669314b4bfc4bff821010eef9477d387f39f5ce7b23a2a53b32

SHA512
c295542ea7c4b1ea33222defc1bb20f32dadc143ecc9272ca3de2e954a2bb2170f93cf94b7efedc311894509b4a4e2072459e75714686772b0e276e365957607

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a9d8a9cb0f0a2dd1ebeca7bb0c79043d

SHA1
86d6da61d10416889e9935276bbae5056839f2ca

SHA256
1e4d69c894e11db3fcfc95f56b015bd93a75be62ad3931760213c517d7d618a4

SHA512
67eef67ca363fbc4c12f0f838bca7d0b5bd7a694ccaf619fb492b35ad24bed723d64d28e21f3a47666891bb928db1fdab613dbb8ee812d1c927938dd71039a08

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
332e45e22e2b960e23941a544a31eebf

SHA1
4cf1435a302437eafa3aa48716677d7e32a4c8a2

SHA256
dc1c08eb9555cdcbe51d24fd3886f3d40b9c8eba84330231dd16f5190d7fe59c

SHA512
7cb8145fed28a9dc2cc6f6c48345c4520467eb888e9459553fbdc41e2023cdb2e2e14fb1c4098694725996ebb90ecc7b38dfcde23dc352904e729869d98159b1

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
44a9907be869d0584bc555c492e43f7e

SHA1
3a4df0cc7de48b9d6acdfe9305d8a1a63b386fb7

SHA256
f61e320261a04053391a5b834e82ec9e23fe77503f8528bd4bb68bffeee73a22

SHA512
03d2e25e605b3df77a72733e47bc57dd976314d233ff54d5e793aaac0778ed4630494b5ca660a1a8e79147bcdc9ae50015609603e03a7b78a5cbb1ab24b830d3

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
20549c4fb64d5f94215298552597ce0d

SHA1
0624a26cc694d49b434ec7bfb430eb35899140cb

SHA256
2c4197d3f8f47022d391d287e4ee32c97557da4e043cfba9820e3c495047d1d1

SHA512
52dea2343c27a70644497e5b20b252401e1ecda1d5f1ed670cfc0a31d99c9287f283663cd3a70e2d02c8805c000059bd2ca1bcb668b1b889e36060a183a74ac8

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
3bc8cc53e61c588b1ff01010e09c8170

SHA1
eef0d248c360d52e40c0688bfdc2b3d94a2276ed

SHA256
c8c0f1fb2d261bfad250152155bde3b4c9d2143cea6085735b51f995ccd47643

SHA512
41a9ed715e865d61c6ca46263e5cf3636e17adde44a92750a42c47898756e98fa2aa2291c4e9e2887315bd32e70823a7cd08b3b14ec0b49b0c9548ccc7351333

Download Submit
/data/data/mad.net/files/PersistedInstallation2101703724841815897tmp

Filesize
90B

MD5
056fa4ad7cab597fd58f8c46239511e2

SHA1
87f513bf88d7d37b45bdb548de125512118e61f9

SHA256
1fa4838393bd4e4bf4af5d8c8974736d2131159bd1ac2e7dd36210195cb61515

SHA512
9cdc111bb0a53e1df16e2ccf57f9cb4aec06bf2c9d4fb56e85d1850f8552cf656d99571a90258cf8bc7dd7813528e02ec0c425c8a1b753c316aa6f7b65e77e23

Download Submit
/data/data/mad.net/files/PersistedInstallation3624086499941013721tmp

Filesize
570B

MD5
d9adba073628f638a35018307383570b

SHA1
90b069c4c7faafe09fc9ed6b5649bbd7e4a6a6eb

SHA256
b5dca22d494468fa1e654c39eafdd39dc6301e2c0e7842c1f3272e54e553f0d4

SHA512
8be3f17f5b4780e7e35fbba837d131220393628bf3c45664e4a9c97d0653d39f0d1a9fdf7dfc6df7215d33866c8109bffb1b5a3d4917092390291656b74091fb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads