1c03392d359aa6299b062468d464b5c0e19e42e309587458a45fff013fde5d2c

Analysis

max time kernel
149s
max time network
155s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
13/01/2025, 06:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

%D8%AF%D9%87%DA%A9.apk
Size

2.7MB
MD5

85238620a1edffd21f362b6e7602f3f8
SHA1

07099757e9b8d7a9c3136d6dc1c89674e3ed2a24
SHA256

1c03392d359aa6299b062468d464b5c0e19e42e309587458a45fff013fde5d2c
SHA512

0e86bb5cb96b706ab8844ed9bccf675a85cdcad69d5e1e51bb5178cd6fceca312e559aee6af430ad3c4d0565959248b0b1d6abf04704539bbcc5e3ea8b480c14
SSDEEP

49152:Y/FQ4KicxK35tLGW1JwNZ65ViTG83eg9I2IisvKDvdmeFhiPRidFNC:G2XiJvGm5VLS9q2+ijdmeqRAC

Score

6^/10

discovery persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.Mad.api

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.Mad.api

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.Mad.api

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.Mad.api

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.Mad.api

com.Mad.api
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4241
- /system/bin/sh /system/bin/settings put global sms_outgoing_check_max_count 10000
  2⤵
  PID:4289
- - cmd settings put global sms_outgoing_check_max_count 10000
    3⤵
    PID:4309
- /system/bin/sh /system/bin/settings put global sms_outgoing_check_interval_ms 1000
  2⤵
  PID:4332
- - cmd settings put global sms_outgoing_check_interval_ms 1000
    3⤵
    PID:4349

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.Mad.api/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
dc4138528b82500cfd7279d9e3a1d61b

SHA1
43ec3398378453badcd94fa800b16fb2be6e5a7b

SHA256
90339472c7a9a0c70eee49a1c2b7da02d53d326d5548266c029b8c906827f630

SHA512
48312b84ce5bec708b9dbdbcbeecfedac24a384669bddb8598bb4fe65035e668fc2b549bb1df593043a8aebd5b9b14c1819982499002b1a4ddd2e237116ac117

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7508919f3d8602640a11875796851dfb

SHA1
dd7a5c8c24fa6b027a7da718187dadd125c9d027

SHA256
adb8a9eefaf8a2c33a2c289360a095263e871ddced375cae50ee21555ce07b57

SHA512
d00a435cf1292f1ebaa5e86a03b951396b640512e61547eb4d1ee70c72389ad2b69e0246e01ec25a2efd6d74c58a21d7efc2eca92a0df40f6e47016dfd161e96

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d2c7ed12e47473ec0932d32bdff5f028

SHA1
c348e06b546bf9843203876888d9f00749c7bab9

SHA256
9366f5755d2dc359deaa0bf7824b541d2373f74d0b9f3f20094d54853490028f

SHA512
bfc2b27ea07d26553711f006b2885ac80a83fb7225b0b1fcc772cdf80ee06e32862e57f7875e9d7700964e1d96da8f315e24716e7de0b8dee8e99bc58d1c61b3

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
dc994341473d3b164e5237d89f7b1f13

SHA1
e44cb90b1cfb186e358aa6f25847462196d805f7

SHA256
80afb13cfd50709fa801b7fff75790755a90f3ac93fc77c95b33e137165d3583

SHA512
02b0c4feff330585cb1c1de013504daa90b7af99118738f2baf87701599c16601bad108e3b874c3c8b3bd6bbad87e0099eae443385e9b6a3e4a0ec5ec52e1e3a

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3e881d9a01ca707bed38018ac69f4518

SHA1
5820f9351d7cc8082de6e5686eb9f8fedf6fb830

SHA256
4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c

SHA512
8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
3d4143d7bb21dd9943b3a9a8bc305d3a

SHA1
53cbd71bb3b43481043f131e9f0aa2c2c5bfba2f

SHA256
8bb27d236d054848b0a5d00d77da539a3530f047de0f94f3205c772ad30db0da

SHA512
29f44a9d21d100f149a01b7b0dcd4068f65e29873f2c7700ba2e049d39faf6ac0e72bc1257ac555c2836760a636fc96fdba08d551c254459f50c181e66f40b46

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
ddcfa98aabd75e07277a7c9d32dcab94

SHA1
2e499ae00b5d601904f1b6d50fa810636ff34b7a

SHA256
2bd019facf8688b3876725252a1de2c54ac99787c204a2d150e43db9ecc5c862

SHA512
09ea1a7c49e2760f0943d2703a8cf07fe35f3058aaa9dec82e1ab864723e067a721366f66ab1737f98b0c0a73dc4d765d7aa4c47029bf004fca06cb469fff90b

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
2cd2c573357bb754dd949983de5a4493

SHA1
b74bab336e585aca36003f7f76eabb34b5b69c1c

SHA256
9154c1317a4f6270017ac6748d7a50077e379d57e5722992ec68554c4c3ec811

SHA512
f44f0887007a696f391ac09be27b531b75cbf075551110edf5f3ce96b1203cbc5eb9cfd1f40a1897ca260dd8d34f41261d38f905c6c2f96e5322d2f6caeafc55

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
be600e6ca7896740b52d10944490cf88

SHA1
e716bf55da2e69f465cfefe64efb5fe7f696974c

SHA256
56479cbf7b9d9eac3348e0d58990fc7a7c17e56359ca1b5f856ac09c6390e81a

SHA512
1b4dd745a1d7babd83ee4d4401341085b2bcff62b50fa64d4ce7961237cfac49c8bc08fedd0a4a240aaf7868f854dd6ff7bbc7ad9a299c87e81c6e9f8bfec050

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
25a08521364874e7a606792cadb43567

SHA1
ba4e6b0d2d366f9d864bb322d3f3f3ef6d6854d4

SHA256
f6f07f0f97b6f99431a1c5c47844700e7ea791031c4772e93e3b9b43b3cfe96a

SHA512
21b8fedbc6c6efe983506cb0b400e59c22c816b7ec40be3be89de70f1237924ee091ce16faaba3290cc8395943dd2ccf4096efe5f2247013403fabce92341bbf

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
97ba3159d8fa7110174996a0ed534f69

SHA1
0aab7a29b7e377e3c570e9c9e79d774b7f72c305

SHA256
3e424ced57d12fc877e05f91e79741bca60492a1fa3f07b4abc62dd4595f31c0

SHA512
617de9ba5b39d71dc5a5abc528b184d4ede0c242b3d23f4097ca5867bc6d46cc7126c3d3b9752bf389b0880c1bd94e9eacb16465c186e0fbf48dc38bb921b14c

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
be8200b029a9b8c093ce692237e6d9a2

SHA1
040593470319a3c85560954fe2ef1f50e72a67b9

SHA256
6e660ffeb8a58a8eff17f3e1e9f5feb4a6aef49a3cba7d6d4d6fa17684b6b7f8

SHA512
15269aa6fc74068cfbb40756f471a91c1293bd3efeabb6e82e7d8725171b800bb4f6350debb65f93ab97859042ad976155545b7b3b0aaf9732b3865e23e4f4d9

Download Submit
/data/data/com.Mad.api/files/PersistedInstallation7328462544388968422tmp

Filesize
90B

MD5
2d6fa54f4dda7354463663e24cb0b102

SHA1
306c89bdadc8fa87b6801faaef9167332d5c7bd3

SHA256
16f3032967d2a5619e5a62227a7c8e6cbc83b04a35cd36463d5ebb54c5da0872

SHA512
ad2877c66818ab7b35d5c62baacf15905dbadf7f63b4365d05ff2546887aca037045415843c88030dc5c2597e6f5dea1fb622963817e967fe45f69034e431b08

Download Submit
/data/data/com.Mad.api/files/PersistedInstallation7547958093504073881tmp

Filesize
569B

MD5
0f900ea076f1aa89e4c5426fe466968a

SHA1
4bfe14b9a7f8e7771e22c30073900b6b0ee66226

SHA256
20119eccd61dcb9cdca1b837edfde9c701b59b04d71f45c5601f94088ad03c8d

SHA512
08c89af4aee9b917ad762ca1878d473fbf2ea44f084cc945d0864a28c088f0d90faa3207c6e320c44c928de62fddf2e0994d5712eddb561189543afefa41e6e4

Download Submit
/data/data/com.Mad.api/files/starter2.txt

Filesize
4B

MD5
b326b5062b2f0e69046810717534cb09

SHA1
5ffe533b830f08a0326348a9160afafc8ada44db

SHA256
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

SHA512
9120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de

Download Submit