1c03392d359aa6299b062468d464b5c0e19e42e309587458a45fff013fde5d2c

Analysis

max time kernel
123s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
13-01-2025 06:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

%D8%AF%D9%87%DA%A9.apk
Size

2.7MB
MD5

85238620a1edffd21f362b6e7602f3f8
SHA1

07099757e9b8d7a9c3136d6dc1c89674e3ed2a24
SHA256

1c03392d359aa6299b062468d464b5c0e19e42e309587458a45fff013fde5d2c
SHA512

0e86bb5cb96b706ab8844ed9bccf675a85cdcad69d5e1e51bb5178cd6fceca312e559aee6af430ad3c4d0565959248b0b1d6abf04704539bbcc5e3ea8b480c14
SSDEEP

49152:Y/FQ4KicxK35tLGW1JwNZ65ViTG83eg9I2IisvKDvdmeFhiPRidFNC:G2XiJvGm5VLS9q2+ijdmeqRAC

Score

7^/10

collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.Mad.api

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.Mad.api

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.Mad.api

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.Mad.api

com.Mad.api
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4516

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.Mad.api/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5308243ed4969beae43d6189be1183b2

SHA1
05f2e2526ede0168ce50d42daa021f5bc718ab3a

SHA256
8ebb4f763134b27f23f287aacacb6cad6cd9b46606672238f676455e6093d3a2

SHA512
0f852991e4cf1e624a3ece6932b7fb7a4a6c32dec9df914000d6680693373c90db0585b8b6bca6f573f33edbb2dd7332ef9a96cf36fdbdb8a2a4e1acd6433b8d

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a96ef682c2f6e7ced36afde35435f120

SHA1
9e61b83308c2fdaaef4f4d182236e808ffa2bdb6

SHA256
17052dc84f21cb5c503c21a07a88ddd390cb8df706da133040a796874603f3e7

SHA512
d4c8e12e7daef4781f71b1c583604849aa6139ceff274104c1632f21362ddb8aa25af61c82730bed31b32ad7e591e53ff7447aef70e616159cf873c97daf4f2c

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6953c77a3e9549691fb46c7b90bab842

SHA1
25039c1a761f7636c2ecd74f840c5ec0999286ab

SHA256
2ba09f5fd4c9abf6e14989aba4f864eb0311a578463f84e760a21223756001b1

SHA512
08edfffc5fd4e70911b89f9494f1f1d16d741fd189718057a5912f4d40cfc9184dea3ddbed9953e4d7c22ee33763932eebec63cc3c876bcaa16073b496c8a5e2

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4fbd9eb05971c5eb5c68d10353666a58

SHA1
be218db71b0b7d635771102e57fbf7927b43fb8b

SHA256
7ebdccafff551cd0d180cb5b9ee4708c6123109450412d5d50ad4bc86755a896

SHA512
100a3d387a9ec89a5a73d8bd9977f9ce4fcfc6f733bef1d8bd767c2000c7d6affb4fd814b8a292f888f18fbbc7ee6b0f64a0e0fbaff89428a7639300e70ef3ba

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
de82e2c94d2718988804b035a46d17b1

SHA1
705f5ff19093ad209f2a666085d6ccaed3bf58a4

SHA256
29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39

SHA512
68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
02158f1c6f73684f94cb450cddc39367

SHA1
3b165264ab9ca20d180eae76cae983e91b2111ed

SHA256
08ac08a3ce1f6a1a7c19a7f23ffa9b13af6a0a10f38b803abe865171070a1360

SHA512
904b8fcbf1d023afbe41c3055d06343b8ddfdb7da058bc383295361a0c79de1c6c890ed1745a4a73742e797a2beab4491f43e3d5233a0413316b4e43ce4fb77e

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2e9755721783cdc6c222cefa3adca50e

SHA1
9176569527429d0ecb279cbbf105bcf32ee874d0

SHA256
e5f585c50ee541b1d5cb9efdfed3b3df2a45a6a6058b283f62eadbff3194cf44

SHA512
febb2b252cfc26bce534c3a52973dfdb5eda2a5a26d4fa2dcb90202a749cb38b1835b908edabcf483a324d9fbc1322c2d7b4ed844f266ac6b6b13987ee7e9db4

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
17f7173a3e0a2123487aabc91b3851d4

SHA1
8f6a1011a8612542ad582daaabf814f9942eb40e

SHA256
5e95cb3f2448beb4e47d4738db95c9a36533375de61d70a910856c63387ad9a8

SHA512
d71e9de2a41e6d093a29d897711040fc623d1d79cf1251832ab9b4577169d549ab056fc3da8223feb99c33aab8e7593dc7a3a6a9d64a8ca152973e35c2653ac5

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
adfd571c9fd4e656aab27fe09be95355

SHA1
40479c675ef8fb2396703f650f30ccd3d4a55144

SHA256
2b350c714ce0a91603331ebc098dc7f553fb83c5e0e302175174871f1d1e0f53

SHA512
676e326fa33b595b54e7d5920370a5931fa696e44d012456bf4b68458ef5ab83fd82e66c8a5e12af15f97752da5520a70c4ba7fc44d47861e2318f960bdb4526

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
d754836e785edaead9a88ef9a2a93a4b

SHA1
2ce7103b3521f7f2b2d16db8250546fd6cd5f64d

SHA256
8618be52782b4563c2ba738be48608c271512b143cc4956bd45a8c20ca40ad6f

SHA512
c99b7cf1d8b81aa0cc52e6e04c28077c5124bc71eef3dd9bb221798d446741084383caee5b0e441b821f4ef56a6ffba99e6d18c012e91fd64c064ee7c1db4d46

Download Submit
/data/data/com.Mad.api/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
8839e1e477c78cc1f52b7f07b5420a99

SHA1
ad658a46e7d9a3a7be77acc718136fca0ccf0e73

SHA256
5749c041fe5f71e170ec8b35892454b47c839dab10b1486b5a35e81be7aec9d3

SHA512
036c58cf66fd411c448deab662eb4ffea73d63b837658df66a83d1e9d511ded06d69cfa5fd8b186b7409e2e9f83bf21b7e9f09ded5b5f9d371702c54148420d5

Download Submit
/data/data/com.Mad.api/files/PersistedInstallation1987433231282155940tmp

Filesize
567B

MD5
b7dcd2a74aa2788e49b350ea5199b448

SHA1
4a3484033e76c49f6d5985c8dfd51f6408f253b7

SHA256
1a07f4b606fd5d0bd6ba9aca9fb0b101a7982557e93d8a2556c0fa30bcb07a6a

SHA512
3aa590cb060b621b8deba604d6f56cf0fb4304767a2385ec71ca6a903f19f42d855c11f24f88804ad2a019078bf87b17227116df9ae6c1fff0fdcd5491bcfa88

Download Submit
/data/data/com.Mad.api/files/PersistedInstallation7442483933584813513tmp

Filesize
90B

MD5
17fcfa3a1b4c2ed338a3d715e9b4b9ad

SHA1
47a5c86bf9f5d78dff51005efd72be44ac08ab1a

SHA256
9d6bd067ae0bb265489c334d5ca1a378e190047e64de2081475f1534257f24de

SHA512
b444d609ac7f18c272ab7d256158f30cbda02a37f8ba639e233ac73c58e3dd87d8d045d8ea0eb330435f9f09dd7cbef13acc48d4a8ebecacac605745fb7143ae

Download Submit
/data/data/com.Mad.api/files/keyfile.txt

Filesize
5B

MD5
e9c8c72816ffd1b23e14c4e8885bccca

SHA1
8e20770b3d4f22922f3f8fb8609e052afcb87bc0

SHA256
a0b87290ae15581c7b36f4f3f5c1949f499c59b7fb85f73f21ea9713cae142b1

SHA512
2eaab4cf57caf727bca95e0540b29992868e10057224580492516bb0d6c58165edf0b1c0b455d6ffed6a2b4b09c653a3fad6d72f9fae55a5b1705fe123f399e3

Download Submit
/data/data/com.Mad.api/files/starter.txt

Filesize
4B

MD5
b326b5062b2f0e69046810717534cb09

SHA1
5ffe533b830f08a0326348a9160afafc8ada44db

SHA256
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

SHA512
9120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads