c3d9705928d0fee0ca3e718ff4fa3da062d354ce7e8dc59b3ce2ab224d79ad69

Resubmissions

13-01-2025 11:13

250113-nbp9saslhn 10

13-01-2025 08:09

250113-j2b3mawqem 10

Analysis

max time kernel
4s
max time network
152s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
13-01-2025 08:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Application.apk
Size

2.4MB
MD5

5af781cd5036adb21cfa6d68e845e1f7
SHA1

e24e5d4af0c469b1a52c9c8be735048215b19d92
SHA256

c3d9705928d0fee0ca3e718ff4fa3da062d354ce7e8dc59b3ce2ab224d79ad69
SHA512

841642f2cbf3fa112bf3b5e2d305cd4a4a2daabe286276b040e84d17b68c65854673110601351d014943e1a4837a00ad8663ca96bf1152af957582d8b49e54d4
SSDEEP

49152:X/8YJslyMr8CtryBNrAQ/fHTCllOdW0BgaDunD+ocahnPt:PlIyG4BNEQXzWOdW2g3nKocAnPt

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	mad.net

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	mad.net

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	mad.net

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	mad.net

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	mad.net

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	mad.net

mad.net
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4966

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/mad.net/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d2df9bc21f89bf194da54bae4324723f

SHA1
1c8731774e5e186edbc25e83d24edfd86427ad51

SHA256
ac1c5508a71e43a443fac434ec1f979f94b78ede86d26ec5d22395a910fba492

SHA512
d444e1079c236439b5cf33d470c277fd2c664491b007d278f7acef5412e2061a922b747642b7d359a081a6a20c7d2dc5c8ac565e8114dc2fd0ca0c350427c437

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
21c61dcab09b3757315f48dba3a7acdc

SHA1
05c6da611a3d1de3c37858979708545f832901b2

SHA256
55bf9819ae4b63dfa2ca6ce2ee55db48d8a0e607daf3331c16939eebbab63c33

SHA512
3c6050da401b16eaa07ebaac7186dc50301027b213b22438aa96b6a4e7e09bf602bf12846cfca9c2a149b27d76a1b3d3e8ac1b2d3910dbabeb1c0310e561e551

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
98e4e7085a3e644d7a1cb03f61bfcfb3

SHA1
a0ac040eca156840dc98567463352919db5186bb

SHA256
958279c6ceeeee7dbfb87415e5fb4936f6d6b7221e10939e4a914cc8b0b54dc8

SHA512
13d0f26079b63a6ef4fe9ffd5f6223d9cdd0a134dc0873f33913780a7f45c87c8c951973b300ef67e11be2fd3b2213cb13b83f3bd313d28bb781e3bc6b4ed681

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
de09a3ffa32495ae3c37e61e2158b894

SHA1
e4bbfc82c4f440117a5feb392ad2ed9e5321301b

SHA256
3e4c93da32f8449069787ad1b69a62242a41ea984b90d0ad34eaf7f8d0210530

SHA512
17efb71dfd72ffabb6363a95bc3733700dd802483148b8eaffe1bf0e9cc0b781010a5c30eaed8e8d7f890f8bd1d42ef4daeb0d7c45dcb47b7bf6b6e367196b0e

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
6a9a027efdc5763dcf39d566a9951b2f

SHA1
8addbcb16bcd10a2a888ecbcfc2ce1c230414e67

SHA256
d4176a865e2f1c08aab05fa5bf55b74a6804cb14dbc2c084a728da32cd3d1635

SHA512
394f05db3b8ba968dc818b6c9a374e1f6eeca3342aeeeac547087504c7097d54b2db3e8a6c6993e4f48cab09a33921c1f4d30dbb7f0321d1cc6d7a071a1471a6

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
726afa840efe027fcef20697efcaa66e

SHA1
fedd5dc62685f9bcde0a60c59a99644f319c4029

SHA256
815ff88583262eaca1de81a1f2cb538acb4a6a4b3be4ed6580fd660254aa782f

SHA512
44e7fad22e20c4964a5c3ca1f05dc09c6bef1e1b1659de8143c5fa5af23d1df8e13834c8822d7638b0320b69a0793b15b7580028165df88560d81a2b79a6b296

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
105ac6e8c264119272943c2a2c3bc8b4

SHA1
7b85e22bd3b0bf46d441a95e7a7538076bea3d6a

SHA256
59e5dd8b8c6e9214467ebd9a7c45adf261a65edf9df753f079765bf98958b363

SHA512
42607b9fc3188bc337e70169d434cf73b3b482e030531031580c6c0a84ed7a27c0f5e1cb9c0d742bd51817ee50b8144a4b1c4d1b7a9d3473d3f6416aecb39fd9

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
4e0c28980224cfcc8ba03fdfb42f4de8

SHA1
b71cb998a3c9423b3113b5a58b6eecd9afb71584

SHA256
ff23543fd489ed2cc261e8b0766caedd82f3e7abf412098317c95248a2487fcb

SHA512
28ea01ff58778f86ea75cec10b137ecfeb96e35b74e038f288c05688558743e42ae754ccf764f3729e40ff2973899cd8c3283c5f14d9fa36582237d531e1fba4

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
94b197acf036fe794d406390e64f953e

SHA1
c8ca7e3d9c658d13ae6079aa37f1765a917de892

SHA256
b9e1d11d446748ffd9e8c77602742a2438cb378d45e4129e8373259859fd4f6e

SHA512
dcbff737a157bec17de1124715cfc70e7d594ca4d60c4388be117b3d3e41793869dd7ea36cab98c73e73ee81bb78c9c22b1eb7b39609ead723f9c6b427101f57

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
682761ce826aed28ff0f944e2443a199

SHA1
a03195c453b53b56914792725295a0e58242e9c1

SHA256
4dd1593e4f0360479a169dfc66e1577ec544f2b17013a153ebec44e59fef988d

SHA512
3650e53486e8c9d7d92da99b9dd690f6c7424a65dbba1188c3e7084273a82ef93d3a4d6b1781dfc20c5b0e30159fe0af2f3c8b430dd3aaae0003f1761d74bfaf

Download Submit
/data/data/mad.net/files/PersistedInstallation2440990698186231005tmp

Filesize
90B

MD5
64ed35db222f4f434de57216910ad6c3

SHA1
9c9149488ece6ecbde58892d9ea5a408c03fad43

SHA256
0cc39ac8929b707f4b1a998e6389a0f6acf52d1769f1a79b19d580bf274e88ca

SHA512
2c227bf6667d1c85bf9fd5b2af1eb566dc603458a190227abed65d715e5ff144b4e4bb12300a8f743e572460e447ee16af536b7270cce02452233d8ba627543a

Download Submit
/data/data/mad.net/files/PersistedInstallation3299136685385555770tmp

Filesize
569B

MD5
ee0cacf2d982b75f9b279f82044442fe

SHA1
8b5e549f7aaa551c2ee2717b55e1b8b37b9fa719

SHA256
52ac172256594e34d62adfdd702cb1aa920429b7dac911662630afd3b4d66075

SHA512
58b3c0c900ae855f0e2580b769150f68c1efb75d93eee58becd5e088c0a0137749a96c0bd95501f962c49873f61173f400d0111bd23355379c57d409b0493376

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads