052fe0ddc8faff67d8a27366c0e643cae2fff21e65794d2d7265407f50f2150f

Analysis

max time kernel
5s
max time network
151s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
18-11-2024 05:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

base.apk
Size

3.2MB
MD5

1eb27cd5e5b35f30634bf3708d41829c
SHA1

a66699f9e3933017483edfd538aaa09f57819c22
SHA256

052fe0ddc8faff67d8a27366c0e643cae2fff21e65794d2d7265407f50f2150f
SHA512

3275845143ee9cd45fe7b6b27261cfda9b770d0ffbb3e1908b6c9a169900ccf0e06400ef4007397300490e770d734a182773ed1a79039c0652b91db5bbe22857
SSDEEP

98304:x/+9H56XSZIUaAJanXmyD7JWynPOj9zniN:x/iH5ekJa1nXmyNPOjto

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.Mad.api

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.Mad.api

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.Mad.api

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.Mad.api

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.Mad.api

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.Mad.api

com.Mad.api
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4997

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.Mad.api/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
92e977bd85068968b1b8956c23e8fa82

SHA1
7afc91eb5374fbd6f93958070a2177833d12bd57

SHA256
251c9e2b9a97b739834f45434d76e209661aa8a3b9de3a3ec96b0499af0c6e30

SHA512
486f625d8f046f8b033703979bae25705ad52229b5467647d098f0e1beb7b6b7a877fc342886fffee0c4f47191ac4ea3c39f874f7fc6142d15f737748f193aa0

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
02e5406ed7c58b34cbec1234a12a3b25

SHA1
74b5ec55a15333ab6da73c588730d7c36a708cbc

SHA256
c1ea9e107a57c2838a1755ebf6a7c031c457ed31a498cddf6f958ee82c81ea84

SHA512
022136818e3ece92ae01d73789b2fc397889af300b633cf4fd0247599a1ddbea12f0db5f391c206c001f5d9246a94b8af05af11f8915570d62af562ba9e2c504

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
31821284cade88f2c34e8101fa46e71d

SHA1
80a003252045607c67fb7e3e9a75ff93566e4118

SHA256
6a94548ed71a746051742adc3bf8a701150e9593465e0f70da536146e49d6702

SHA512
79f096b745b68fce6df7768cf6672a99603bded7a5fffc5a3ae7626899e8358145989df67a15c3878a20728f2c3cac232b084a5b2b996eae77f08c6ec1a95639

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
e9ad2dd5eed44d5f5c9aee8063fb783a

SHA1
005a1b07209ac69d8c758e177f84f1d869a4f4b7

SHA256
12804e9f1ab5cb9b51c6a0a155cd0ecfea16994a61ae3ba3dbce37c7d0ae9565

SHA512
fa1a1b265c01114c22bb3464b761e11be40c3c066350afccaaef1848409aea07f258070f26ae62a24ce6cbb37db5be0acc81ae18e5d582d8a5faf57337abc45d

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
314fb8ffcbb8cef9b03b9688fc94eaea

SHA1
19c5e2985227069b59ccc245c4026c1a7b84f518

SHA256
0e2641b330ef97ebba536dfbf36b4d7de4fbce32df2ac50128050e350d55cb0b

SHA512
fcf2cfc52d48a7ca1703b27ab7efbc24d4f24755e42c3b4a9777b375f8f45b26e9298cedb3e6e59071351de4ea4ccc297fe3628bf32e5d542051044861c472b3

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5d7f173abf4e4d27a1abe63519157e40

SHA1
0db915c55a05d56f50608b53f7a58db39434bdf3

SHA256
8fb3958e4cd1b5472e2bd7c63a5d2e3cbcffe13c1deea0dc2a83234a87937b43

SHA512
d168c79b330be5fdf3ea26b8bc200afbbad07f41dd8b3f7557ac37685664baf67495876df19c0f7d15f419f5437328ed22c75f75ce086ec7ea821869da9de2f2

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
e140194955366a3e9abaed93601b2f9d

SHA1
c91f1a061c93d6efe5d57564ec5fcc331630b4e1

SHA256
b0244bfb39ab280847d8eb98a362cb17301dd01c5c012e3a034dc2249ba1bfcc

SHA512
7bf4eb7d786fc82d1e67b1f47facf182a49bf3eb85a64246cdebcd068cfb3e2367b583d1923bc030974c2e5bcea4d6ebddd2c0ed079dff0a3859685227716eff

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
9dd39286638b6578b3b61a2b2312214d

SHA1
f4c052f4e9baa21abb6d9a091c0ec384de41fd52

SHA256
86e881bfb3f0598b80e3a9c272463f218a5461c8861ee5cfd57b68752ed2af12

SHA512
0af3356cb599b6a6528b49a35314f951b1e5f638ee2eec03e795f74ad216ec3caedf18059ecd9c0147659b66c2fcce2f6a08caf7cd267bc6fa536a7879edf612

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
493b20e55e629b99c4c7102c505f1315

SHA1
fbe289b16afc636b797035e2e3acff7702506dd0

SHA256
6cae7c9de509d2b42ba2d27b7f575303dfda2c5596cec389adcc2d9ed040d82a

SHA512
a689e84129cc3ed03009b690b5508c220cacabf7e755bb95341efffc2c4625463f98150df0da94b8b28759a9fcf112868e73c058df3cdb5fdaf43e65fb3a3f0e

Download Submit
/data/data/com.Mad.api/files/PersistedInstallation3929219452684688664tmp

Filesize
569B

MD5
e2dab569a449e958c9f06bb7450ee20f

SHA1
6f2ec869282eb0d78588bad01e57546508ce6042

SHA256
fc63a80c5ecad52a17edd9f2b8dec524e38a32776774c8028a29d9804f58d924

SHA512
754068b08e22126e17ab1b3ff7cdaab6ad6354271c3dc6b9da3f9fce1fae14876f37fdf9d05a6196299a5a9d895b85d5a5aed7a78b85d7283188e2647fabbcc4

Download Submit
/data/data/com.Mad.api/files/PersistedInstallation9104963779896578519tmp

Filesize
90B

MD5
eba6bc31c23060395b163c3cc6a58c4f

SHA1
c7fe0e686448ffc0a399071f818a9faccb406508

SHA256
715961676eafc0f4a41904a7bdc5c5f455367ff16f8f2abbb6e80484c28f3502

SHA512
7bfdbbe198a2107633415b05b93e910f3dcaa0a93a615165169392374961b2c5a619d59a66b5fddca29ed8ab820f5dbef7bb5d24c958f5bc56605fb78211615a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads