bfaf5a89c27e0a1b7eafc47fb9c408d98a5214275168d72e2e9749b4e7aeb3cd

Analysis

max time kernel
5s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
18-11-2024 10:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eblagh.apk
Size

2.4MB
MD5

d19af56235d6c03a465f2095a86a6da3
SHA1

3e4fed9caa3f3eef68148f2519c42c1916dacd12
SHA256

bfaf5a89c27e0a1b7eafc47fb9c408d98a5214275168d72e2e9749b4e7aeb3cd
SHA512

f648b8b5770bf77f1b0f6aed59e8068737cd52fc491be5b31ff94528f4550111675b06c80269a0e51d912637041b28eaa17b9e87af6e14dbd96d617088bec6cc
SSDEEP

49152:5/iYJslyMdUVjtKuLm3crRnJOu5Ef8TPxs1fY7WYKI:h/Iy+CtKoNlDxsGCYn

Score

6^/10

discovery persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	mad.net

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	mad.net

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	mad.net

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	mad.net

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	mad.net

mad.net
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4251

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/mad.net/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0ddc05f030fd9439b6647214b5bf67d5

SHA1
095f4fcfbaf5ce836a58c5838fd997ec5545f897

SHA256
e86d7feaa21e7a89f42d640ced8b6bed1a77ba0b693e3ceb523d479bf2ead939

SHA512
a7eac6168a3bef4d18c5d4c197c23f6884b04d7f7f882207a871c3965aa72aecb21b474d6424d8036e0f9588c9b1344e02389d269b3f945384023afaba53d802

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4a1e128bb0ca5847c738be849e980aa0

SHA1
3b508a7161aeba25b7e28d63d1bed86c0f90dbee

SHA256
de8ee1585ed4fd5d2e1ec42f0872525f62c696b9a2ccdb74905f0ea6fcbe4c2f

SHA512
fd4a9a0390549bdfc3c1f8665a1635c7c71170f43f0dc452f12cd32f85c35e0354be4f191f4ec02670ee1fa07a44be818bb6510080d22d075d87e6a8ac144228

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
46caebd02a52aacb998794e9e75b40e9

SHA1
02a2440a0b637a18271fa2052d04e97b04ce612e

SHA256
0d88658e95e37cdab8cc0eba7be2e40731ed3d6ed168e0889fb9e8d20f403c93

SHA512
09cbbb740fba5c26d480821b1357ebfaccd60d1e692e8bca0d6c9950abb906a594d37803b8f87044562e72a72898bc49570d2316cbf3f34288f6cd6411403a88

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
369a96eb21583ca5444578f4e669b480

SHA1
9f2b7da65bac0a5b53ed92600657a3e19d263b99

SHA256
856975af9f193334907f331c49b56fba5d8e3794c9f0883c868bd72d69636c39

SHA512
9b49063a41d7f4abfa2f40ea8d2eaca0464945bc78ffbe32efd1d4a87c624ee3940f0cca93149e9d68a55b31866d6b1484263c797750c27b028497075578f4eb

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3e881d9a01ca707bed38018ac69f4518

SHA1
5820f9351d7cc8082de6e5686eb9f8fedf6fb830

SHA256
4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c

SHA512
8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
78c29b99afc6e1fb000d5f64099be731

SHA1
93282a22b57879a6f861f1b0b343a8813f9e43e1

SHA256
e6b56f24272dbbb1d3bbe2237283d600e8e71dfd55eb7d3cc566fd42b3153f02

SHA512
67f9f92535828f9137fd4276c7c7baf8bd9027854bdddb5156407bb7b7e7403652f8f151904656e460719269f1b0e6a1e4ebb4640778e6a9ee30c6af0f5b3ee9

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
46069caa93bdf1bac74d6eff75cb638d

SHA1
6140a72ff548e9c3a6e63dc9a63037489de65be4

SHA256
d4561b39147a5824784b60864ab1e1745471be3aef93483d0ec0d2bcc416434e

SHA512
59bb6971f3d2d2eb45bc80805ffdc7d40d79761a37a9303cc6b3948306a6ec428095e4dd9e525def9288ae3eedd4f0a90be650abb99fecda359fe178808a3ea7

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
efd0e5a1e1f4fe9184d0285004d61f1d

SHA1
33eaf247de19776ee90b4d3ddfcf49aa2c2e56ab

SHA256
28e3c5b06ba001802964642c790ea9171771d6c35124c0977f1f08158705147b

SHA512
409adf1c3d292a3dabe4dbfc1c6a8fdbf511cf545e5924d7f75270c9200e144e407a688bc149c030dd72eaccd0f7f921f722d55b47e7f20b1f9d2d07ffd35a44

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
90b11eebc4ace69d20339ab51305954d

SHA1
ab86bc0af6a7fd2c18896623c6b6afe71360ac77

SHA256
0967839d62001ae35508c93661bc1a5f560410224df79b75917ba2cd4ab1a43f

SHA512
d6c4d570d64f9c81cebf488440d326eeeb5f054e80d7c53555d366149d4b4157b85e35a9250cb4274f7e6e9fb981a9940682877617dc0d5afbcbb823e19656a2

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
99b046ff3fb5303495c2873d0b739526

SHA1
90c8bcb1036a0689c5fe98f0f8df311ec5a8a4da

SHA256
f35fa2df119c78fda23a64a3e8508b59d7c396831014da138985b3d55feffff6

SHA512
3d23b2369f691797dbe78bd74f439fa2bf23e1283924991ab8e0c7daef2ef6ac43667ace762b5ba890943e590245084878b11e3a65920b3c6d32e83fe77566cc

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
eb61b8792ef99adf87af534928db0799

SHA1
901befadc3f4822493609c3454589126b410c43b

SHA256
42994e218637b1267c0e4e41280f7a260e42ce94dd7a362d547e22b77bd86cb7

SHA512
7d6549e5c45a828f9310529c723b38298573fc58c59e43098305bb7d7d4fa780b7a7385daf85f3d3859f18f58d29e0c60d0cd6133eac746c2f64b41c11677b7f

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
c387d970c239bcd2f246d17650d5fd20

SHA1
cf7687948cb5b4553bb9e29f368bca8fbfc0507a

SHA256
6a066dfa4adc201c51bf39108d5b01066b76a589df297b0125fa4390cab8440d

SHA512
f23cfe5574adc52f333f8f414cf59fc78005c54dc2944c4d746b556492c8b16508448579f7a1e15b2fe2afbf8069d4e9e3a0da4527d47555186410ab268f7eb1

Download Submit
/data/data/mad.net/files/PersistedInstallation3661490671441082031tmp

Filesize
569B

MD5
1d7cba22537b18f30b6277a37a869445

SHA1
37b25165bb3e56a84cf3df5e29bb0a459d61947e

SHA256
7ec09d7c1936816e8709f5c0d6b60203cc271a6258899a8baf3ead54c74dc480

SHA512
752da2afcc71b29655be18291e8b6999748c4af88bf35a3b1566f0235d203c730c5c04f9e64b7d0a78fa0fef59f7e806f5d978c8c85a02f11ac2c80735013c90

Download Submit
/data/data/mad.net/files/PersistedInstallation5962842165012218326tmp

Filesize
90B

MD5
4600a5f01664c4f8ee3dfbdcd23af165

SHA1
54ee5b78a58ed2b99d042653fc9208f488f7416f

SHA256
788991fa71671abb3a5b12741af84ca543a1c488eb440992ddfb09b1c390f511

SHA512
bb447c7ff379a163531182d05cb105e15b516e082b6da01599d60168d75a239d22300becffc425bf3dae770e4d582a0f797ae249bdbad49486a60eb6afff2d0d

Download Submit