052fe0ddc8faff67d8a27366c0e643cae2fff21e65794d2d7265407f50f2150f

Analysis

max time kernel
5s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
18/11/2024, 05:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

base.apk
Size

3.2MB
MD5

1eb27cd5e5b35f30634bf3708d41829c
SHA1

a66699f9e3933017483edfd538aaa09f57819c22
SHA256

052fe0ddc8faff67d8a27366c0e643cae2fff21e65794d2d7265407f50f2150f
SHA512

3275845143ee9cd45fe7b6b27261cfda9b770d0ffbb3e1908b6c9a169900ccf0e06400ef4007397300490e770d734a182773ed1a79039c0652b91db5bbe22857
SSDEEP

98304:x/+9H56XSZIUaAJanXmyD7JWynPOj9zniN:x/iH5ekJa1nXmyNPOjto

Score

6^/10

discovery persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.Mad.api

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.Mad.api

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.Mad.api

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.Mad.api

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.Mad.api

com.Mad.api
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4257

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.Mad.api/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
071756248539f9bdcdd1b29e6ceefb35

SHA1
e8c5cf4b442ffbfa4de3fcd12c5cd4c020438b38

SHA256
c736965fe38f3afdcdf9a23200f1b8d82baf979b54b808a15ad431283f5a9de9

SHA512
74119025f2b2e3f42ced2911b7e04f2747bffe4a8eaa1f3b289403e057ba73ffae6c43a292859211d303f31749f2ee2b7d2e5c66ee2492239661aa505d653146

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9c9efa7d9f8e0a8b6875fd45bca446bf

SHA1
3f7d217ce17a7ed400d3efc9837046cfdc449533

SHA256
1f7fe31a363ec23170bcaf8db7c7b3542cc708c89e80b6cc515b5448fe48231f

SHA512
89ee623e2f0b3e8b93343cc490bb36c16329847eac9bb676570bb11456ae4489cec0c51584a7792bddf187c7c17ba0fddb98d0513c3ede2f051244f923212d4b

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
107e37fa7046e15abbc66c24adfc84e8

SHA1
f7c8b24ddb63555539d57dac13a0d298bbab0c07

SHA256
fe12aab10b9376fe6d9c03c18e9aca027de43f7caa1fb9d9d415f91e20bd3308

SHA512
f990dc437132d604b7980b0a4291eb3239988b22866c3bcd3aedd71be90d7b59cbb25731479121d24b7b41899fb933a60e8f706c36f1f622fc9847d468ab9d90

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
d97dbc194cae044ef369f3a89cfc93e6

SHA1
d10d7b0495551bc3461250fb3247ed449c8325f0

SHA256
aab61e87f386406c26c0c75467945d0093538ed724234a92bc497efc60d6c7b1

SHA512
d28095720d0c3df12ce0985d188fe71e3196b311188be60e2440c81fd4a1faa28111f4951f6a54e82364972dd379915a802ba4b2f7b99cc7dbe319f87b5980c5

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
84faa3fad281c13559a730a506ec612b

SHA1
3af54d73f39c610ef6619f3d4a1bf89fc728069d

SHA256
a0fa9838d7e1d7b86e7983c20e92e2ce9c92abd3d1d5b0b9fb335ea6c98d57a0

SHA512
9e6e0135e5415be441d133cbe8956143d7e14db04d173ed922d5f9ea8c395accb3bf5198df5f7d0bc2d24ec10c8086ac87f3709de3062412b265cebbf7b7f6c6

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
c797bd612cc2fb38b3c4ce5e7e3fc016

SHA1
374a20d7b4e6fd992fee133cef8840acca6555f8

SHA256
1d63d01a1ae54c3f1073f4d81417723d17281d08d9cb329b9876c9e4352c1577

SHA512
0c239b2e5164aba83d76482b846b68af14b1849d900c1239db54ba65c9ceadf95241bdb64fc6551d6087b067d12d2279c080e7c35e58efa6f101d2a08770e812

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
f42e7b6ddb5e18b12b782ca2b86d969f

SHA1
47dbce939ee9605a94105315dadbabd9d61646ed

SHA256
85a7cb9926e7e2911d9658338ac88521b2bc31761e30dad9ffd306dbad6ff3f7

SHA512
eff2477ff09301b66530f736c8bfb12aaf7648cddc068a5e2a7f186d63ed58bc49722e6863de720cc1a2092e5867ad8a51be1008ea877e12f33fd46c2d30d728

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
576287c87ae329c0fbb63152c7422c79

SHA1
56109246833dc86d1e6626642caaa1ddc4f10b89

SHA256
72d4fdcf30d602307b10370f70ead72e58900bfe71779e500275bbeb21ae7fd1

SHA512
7cb6020d15d7ff41c7a1437e922eede0c8edea5f2ea82370ea9022a83c9a453d152bd92efae6ca8f0e5d7f59bda5a9dd0075b0f85f4acc5571d7f1bb686e2ea7

Download Submit
/data/data/com.Mad.api/files/PersistedInstallation3599898520439654502tmp

Filesize
569B

MD5
6b806386fe73b2e8ce5dec5a8a48ad7a

SHA1
c31cd081aa879d037ddf6d6244878aa60b44855d

SHA256
a9d7a5f11ce6e15aaf89a20f3378691e860076804b090eb0b384fb36f72925d9

SHA512
c2fa46df0ca84d79f965709910ac4b9f0e7688450e07a7ee157831d65f44434adcb5dce38b5f569ed18c7d4ff862cd8f80e4bdabf45fc8b208cb67e8977ce509

Download Submit
/data/data/com.Mad.api/files/PersistedInstallation9147928360710235032tmp

Filesize
90B

MD5
618863f36c6666b6e0b09f5804bf6eae

SHA1
0a1d93386a227a17725a04010b3994c0604b9b88

SHA256
cafeb3c38759b254135c3cd3b575027844696207ddb8ebd085b1f7cacd18bf54

SHA512
2dee139066a40196ece3ff90d0d82a2558649b3274de9b5e2a70e571a6ca2be1d8d5c9fe87d5a457f208a0fe04108125169a0297a0b1ff88bd62d132e14afc79

Download Submit