1c03392d359aa6299b062468d464b5c0e19e42e309587458a45fff013fde5d2c

Analysis

max time kernel
123s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
13-01-2025 06:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

%D8%AF%D9%87%DA%A9.apk
Size

2.7MB
MD5

85238620a1edffd21f362b6e7602f3f8
SHA1

07099757e9b8d7a9c3136d6dc1c89674e3ed2a24
SHA256

1c03392d359aa6299b062468d464b5c0e19e42e309587458a45fff013fde5d2c
SHA512

0e86bb5cb96b706ab8844ed9bccf675a85cdcad69d5e1e51bb5178cd6fceca312e559aee6af430ad3c4d0565959248b0b1d6abf04704539bbcc5e3ea8b480c14
SSDEEP

49152:Y/FQ4KicxK35tLGW1JwNZ65ViTG83eg9I2IisvKDvdmeFhiPRidFNC:G2XiJvGm5VLS9q2+ijdmeqRAC

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.Mad.api

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.Mad.api

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.Mad.api

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.Mad.api

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.Mad.api

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.Mad.api

com.Mad.api
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4944

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.Mad.api/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b3236916040f21ab0cdf1fdfe4ad871f

SHA1
7ac0e40714edcd767ec548cdcdb5319bb69dbbd5

SHA256
94bcfa4b448b223806ac1cd14cb4de0f83ec07ea2a30b9f20a6ab98e6e25cecf

SHA512
b841beffb803ba02b195f864a94e6adba0a12e51e790931c0a5dbd4fa5bd3310c57113e6bdb4ad93b214313eaf2be0647c92cd0ed78d61d2a3c51a18d2736d76

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1323216d9f10f9b4db86e973164b1449

SHA1
df69b599bde1c85695e53aa49ac3d3ece3ab151b

SHA256
8163a07e62affb897ded85e84f04d9031629cb3f408ddc9182e7005cdd4af331

SHA512
a3c5521236cd679717c457b7c480f2a5331fa33143ce760dbe3c288112e017eebb1d819c18d1bf966197b97c1365caa3c11c8bda81d255eb3637d7395737be36

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0f7f4a7156f818c2cd32c4fff228e85b

SHA1
b9834933729bf983346fa755c04658f783fe627d

SHA256
7d7c76332150d9214ec52eae1f6304b17769b91f73c1265ed1632b72728fef5d

SHA512
5027ae7a7e28bc2f3d768ac8bc5b91960234f6a4461f0e4eb71956689dc8bec4ec6adaf49a1d25952e4d03f20319728016b0eefb755a3dc4e4bb747c6a3bdcd8

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
dd50e30672afe0bc5bb28e83344c098f

SHA1
55c585277f3db582d62e090b415020002e4fa430

SHA256
4ca404c8c48a3e4146c6faa01ecbc84cab618fd5cd963f5737f997c5decac9cb

SHA512
81bae7d6994a9bccd54269a36acd896a8f59bddf3cb05d5801ec41a29b2d2c9f4308e886231d4d0ef246973ebcad67fba19c1bcf85fb328f8b8b617ffefc4f3e

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2c5ff897e29f91224b25d7384f8a8b5f

SHA1
b4d634be1d092fc6ba89ce47402248a8d988b417

SHA256
246efaffe2a59cdcec945e4f48943a5ff2f6b459d67c706bb2a9f46dca5a33ab

SHA512
98f4e8acbedaae5e86f3f60711526da85670b02a76751f388ccefe71c518a8eaf0fee02394d111415c5c0d386fc5d376fa24d12ae568911167047d516e60c4d5

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
38d718d8738c8668f2c7aa4f95a2243d

SHA1
e9be0fb71c390651695b37ff5f7f0e2de2b4312b

SHA256
f81446d380e1a0ef2f12e6a9b862ff8e9599b5161b0e59335f60328e29a79454

SHA512
fc48ee167ce73c66d813d9a97dab22e1af978a8b5f512ec44d87b8074bebbcaae5dbfa4099597d7630aa2aece6acc9dca6d81636e72c491eab8868ac16081863

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
455f01b1516501fe1f3ae78797229b23

SHA1
a055af52bca07e576c17bc30d4399d01637a5ad4

SHA256
1737404ba8f91affeecca86015ed94cc9ea1bbf567ede013d33102a518858ee8

SHA512
63888640e0d329d01cbeb352be3d0128a658367e1b98c28f34c7e3540bb19ed7d114714b12c812e557594694fa3807335bb0db0e5e04ba3008d09a0fe05d5bd7

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
e397988b7aba90f465e157ed621db9a8

SHA1
d88c5fa69c6943232da70cd0ab3cb4ab780490ac

SHA256
527a3fd44acde100b860c6624fb6611d66b898bbd055c00ab9249ba4493dd911

SHA512
d73ffd20d501fb14c52eeb0733fec0a53bb3a84c841a5a0685e1ff46fb59e9a660ab49e6ef4046cbeff40dd11416a9fa3f092887f831ba839e88ae13efc358f7

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
24126c75808537058e571272cf81e5df

SHA1
df23d916cd4839ddccad39a9a09997ff95cb18fc

SHA256
96aeb84965b6a747c3544b87c4bfd5d05585a832998f70b215870f45ca7bbbf2

SHA512
27461a6c9b1c6db78b0374574567ae5e74828c15b4f44cfb9b741863c0f2748ad96d2acf4aa76094b4d6b11b7228555c86b55b4a025d520a823d295a2d7c441e

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
1ec4f811d45513eb60b9a8981e685b1f

SHA1
cd9f33157b65eb82631c589b1577476a8cdd24da

SHA256
6a34a5f84d2ce70905787282e20c5366761d76aee7bfaa63d57ffee17af4bc28

SHA512
64e41020bb22a38456f12f8935e242d66ff6741654681f497ba5feac1821dacfa10cc05007a5836436f788eeb2379394f5d6e4db8189de1cf3011eeb40f69110

Download Submit
/data/data/com.Mad.api/files/PersistedInstallation6375718431344372608tmp

Filesize
90B

MD5
ae66e640d87197581fd88ee766e5ab22

SHA1
cf5620a7ec0767c700186fff6bdfadbd5e738ac2

SHA256
d384d6459ca0e13097d0c6540537ad046648020982f06059a6a86136d68b81b6

SHA512
6e0c6825c1f5d1550d1db4d2410af58f621a13bad2146e93d29c322d161af3cdcaf8efc00e1db09dc638aa307b2622d6f0f97657cdc111f056ff43703d5eda0d

Download Submit
/data/data/com.Mad.api/files/PersistedInstallation6904826799545865902tmp

Filesize
567B

MD5
0a5dbd400e07bd1218ec4db8717810f5

SHA1
dd96fce05b007714ef8615def05345d994c777b8

SHA256
d0a2904282c9e47d08edeea71a54a531bb7153b2d1317307c72a3313ca570c15

SHA512
b8eb3c66bb6ce9e9439f040a7ddaad97e745eaf54603318fb33bb5dc30a991ad30f9f0932d0a0d68723472ac74d074064dd298acdc55985eac5bec392b391e25

Download Submit
/data/data/com.Mad.api/files/keyfile.txt

Filesize
5B

MD5
7a5225076df72bd20e29e49a68a02a9e

SHA1
6cc3bdf942813f069f010ea8c81b8ccd4a629efc

SHA256
d74d7ffdb59bf50e3f62dc3a02b626b1455a83ee83c8a00e1545731621c6db42

SHA512
83f1763c103e0206c6e5083bdf7f72bde8c287fdd044115284902a637f16e628bc4d0b9c27cdd92879e76e04b2afa448c0325053e19bbecf10ee73bcc4a5b350

Download Submit
/data/data/com.Mad.api/files/starter.txt

Filesize
4B

MD5
b326b5062b2f0e69046810717534cb09

SHA1
5ffe533b830f08a0326348a9160afafc8ada44db

SHA256
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

SHA512
9120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads