c3d9705928d0fee0ca3e718ff4fa3da062d354ce7e8dc59b3ce2ab224d79ad69

Resubmissions

13-01-2025 11:13

250113-nbp9saslhn 10

13-01-2025 08:09

250113-j2b3mawqem 10

Analysis

max time kernel
4s
max time network
905s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
13-01-2025 11:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Application.apk
Size

2.4MB
MD5

5af781cd5036adb21cfa6d68e845e1f7
SHA1

e24e5d4af0c469b1a52c9c8be735048215b19d92
SHA256

c3d9705928d0fee0ca3e718ff4fa3da062d354ce7e8dc59b3ce2ab224d79ad69
SHA512

841642f2cbf3fa112bf3b5e2d305cd4a4a2daabe286276b040e84d17b68c65854673110601351d014943e1a4837a00ad8663ca96bf1152af957582d8b49e54d4
SSDEEP

49152:X/8YJslyMr8CtryBNrAQ/fHTCllOdW0BgaDunD+ocahnPt:PlIyG4BNEQXzWOdW2g3nKocAnPt

Score

6^/10

discovery persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	mad.net

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	mad.net

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	mad.net

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	mad.net

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	mad.net

mad.net
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4249

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/mad.net/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
aac27182a55fc96872d987aeac04b255

SHA1
f04462d0ea1155a77c2b2ef759c72dbf1e5b3160

SHA256
ba6c3acff7793dff723f2e5a64b3f14f1a0591c3fba57693adaaec52d0776b09

SHA512
4787cc0c34f84ee2a24b95efa347e7e85c4119e5caeab0c614baf7c8c190506a24b4a3a9b541db579491a6ed4572450d8db79564f2039b68d18f142c2b9a5dc4

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
45f369464b9c1bff27ed7e5d82be079f

SHA1
3981ebbcd7b6acbc0a7169b85d2c5c8d9d4331b6

SHA256
4a3e46c45c358739d076acceea234b49190a77cfcffb27061bc8a0144e43b316

SHA512
2606dbc118fa7b1d50fe44373db3380d382be7bdf91636be041843d3fa409c1da34aeb4ec2c7b90d06d44840a0a3e8d4ae7bcf3516cb508efbacae6c65d0997e

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fdff65b0fe9987e95f8cad39df718c84

SHA1
5f63092b0da6868e803052852a3a469b89091721

SHA256
3fea3564e0405b45261f31a66615ca6078fab6d829dd211649515bd99d74ba4d

SHA512
b55aae60ac4902d72aa107474a773dbd42b04888672f0836bab22601d34ddcf5f75bb0278d5626b9675ff61b396ec4b88515b6fef2dc84872025bbc4074e0c7f

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
8049306b285136d0b8b35e538bfa5c16

SHA1
233e86b5a2101bfa779b34da07d940512654b1a3

SHA256
f11b6699e1ebca0fbb1e09ef3af5e5e9597a27952766f7c1d01c909d9656098b

SHA512
598f355b0d78d195cf6b488f786e2927bbdb39340aae84f817f31d0cfb0a7bd95cb7fb1fdb1a777d087056bd746e12f7f735437e4b675adecd44c9bee1a07510

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
2ffbc5d3331c25b73bfe779814806548

SHA1
5b519f343382dd4e3ef92184e47fbec8afc86315

SHA256
f1051979680bc3f0266ce4c3a19368bf47dd442a41c6105a41c345b64c72c199

SHA512
26b655b38169c3c383369aad5147d20c12d183017cee486caa7d730a70303d757b72bd114294fdfebe826419f8bdd6b422e0bcac84855e158a3f0934f924d55b

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
f204f29bc20ddad62c268dda166bae41

SHA1
0393d218d95debbfb4a648dc3f3dd18ba6973cf7

SHA256
3e47d74c8afcbaf77e53e3cba608d1cb00c388383977a5f74875b2086135b940

SHA512
9c0fea1e39f3454081feb04d017cb92895a6d5fe81cb43d919a4c83baabc6e3e9d18a1f10872a05212c10b5ac73a60a7e10d06a7e86a721c568e4791ee72ad80

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
2c9931eaaa6d9115a50ee2dcfea0946a

SHA1
e49b61b37a4e4b64c765ab0bf4cc84cc00843905

SHA256
8b6a36b96967ba228b2f5abf63be431b635fc58fc57b0b084c236c7b6e47581d

SHA512
bd5843f2cdc2392418cb1d7054fb777ff04d5a1ca501ea8d033381c954b9e69319545938b737f8efe3de5fad9180d14586e41b50b9a9afd2619f62c136935116

Download Submit
/data/data/mad.net/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
e8af605a6b1d2fadf4f7ef8dfed1bd43

SHA1
052c3167596ea6d1b01b5955b91a5ebeea89b6f9

SHA256
46d5b99068414e9057e8fef7323e50f8527f9dcf9bed2f885cf5430676f1ed6d

SHA512
11b988f653df43c46ffdb86487201ffbf9c4278b0ddbf468900d2982013263ff59ed8c220d6c4e4ec5554c157c0f26e20109ca890027a30274381489751b7e30

Download Submit
/data/data/mad.net/files/PersistedInstallation4059444612603754045tmp

Filesize
569B

MD5
e25569bf401c85cb5fff6da159939efb

SHA1
97bd2a2de915d69d9c4fa415e83f24799de5d0f4

SHA256
d942e3215e76401cb03de99863c767f51e5da810439fee48cae9b62f056a137b

SHA512
1009b49932f121042fd99080f01c7275008ece062145479e7fa06fa6976523e9cf2fb5d7ba3e642a020ad9e52c57fba747f38aa8d81aa384eeeba910f099faf4

Download Submit
/data/data/mad.net/files/PersistedInstallation8761685974503624077tmp

Filesize
90B

MD5
7a710d9d21b168a471898b5a8f8482a3

SHA1
7ceb9f77b7b525deb982be28e11a6fbfa3151e70

SHA256
26163d2e8f0171b229fd44eac8f06cd1ae559da26956a13fad915bab1ffb59b1

SHA512
b9aa9b54663960adb2b2463fa019c74c5a645eb858cf4dca101786e78b821fccb3147bb1232d44392104f572dfa402c0dc46bc8c9495e76d690a73c91affc4bb

Download Submit