1ea11e37eed039b132147b7b5f58a52527e8d4b6936822348cc0db52de1d7dcc

Analysis

max time kernel
7s
max time network
37s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
03-02-2025 00:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sh.ppy.osulazer.apk
Size

215.0MB
MD5

a22ca5d3391931d7f4e602380da7c60f
SHA1

b5d80e4f458db8dcc65506194fc36642f03bd49a
SHA256

1ea11e37eed039b132147b7b5f58a52527e8d4b6936822348cc0db52de1d7dcc
SHA512

c55fdf6d1afc6072954469fb82dc2a5b555d51c948923d8012752326f2e6a0d61b4a562aaf489f9cdf7fa06fddca8422c610c0a31fbd308a56e737057a681d1e
SSDEEP

6291456:uHCLaPTVJqbqyI+GJQeQ0RAlry6h6bFGVHGA:uHlPvqbheYftL

Score

8^/10

collection credential_access defense_evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	sh.ppy.osulazer
/sbin/su	sh.ppy.osulazer

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	sh.ppy.osulazer

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	sh.ppy.osulazer

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	sh.ppy.osulazer

sh.ppy.osulazer
1⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4227

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/dist.json

Filesize
11B

MD5
148818e13493d00d33c3eba56fbd27d1

SHA1
5736e7d5077445a62522f7d167d081383a2538ce

SHA256
195f87c6f9a0f543916bc6e5167309ef47c79369fb869c9bc9e71f80b301b659

SHA512
8bedb07882b51672a21f783cfc2d1a5f35d39e21a2f8ee1dce1b876ac42447b018073549437b98ed1eeb675a68e257855454ca844e8e3be01fad56b49680ec61

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/environment.json

Filesize
12B

MD5
dedcf97dec548910cc8edae172ab5bec

SHA1
a37f222f2a89b4098cf681951ee75d76bd1f75e5

SHA256
80be2eb0944c0453a6ad339a56e1c8f39f8cc57a4e627758246ccfd274176fd8

SHA512
5e0d2b9be27ce24d6baa109ec8b2cb7e7ed3deb5622bd87ea621428857a8b8cbda98871552eb7e26df145485e83b2b3397cdbeaa4d806e955b4eeafb4a85d13a

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/release.json

Filesize
16B

MD5
4b31c6380a9fad9ec44b7ffd60a65505

SHA1
6346549efb0f4bd7cf9c467e201aa81a14cdd746

SHA256
5cc5d9b2d0a9d9479100ba8545fe7e75fdbe4a186f150d195dbc7ddb5c58035f

SHA512
c117592fe479d56a5f5d3814146f7ced1a2877da9cd2bec35eddd017b02c0b0e54290421d813ccaf8cdf265df0ccf12b297c58541f1d1870176a4ba9a317f9ae

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/sdk-version.json

Filesize
482B

MD5
dc245dc4d79adddd39dd5cd2ba32542f

SHA1
77248f5f0aa5a1031732cdb77ff1bd645bb1752b

SHA256
402553259cafd98e8a3f47d678a34e7dda32a3db1cc11d396e98c175c6dbb3e5

SHA512
986de094eb193abc658ff36187d8900998734980e04371d852c25b97ee13af507df032a117ccbd455ca80b2a1344324c6f046fd7b95317a97f0cc982a1ea5903

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/tags.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
131B

MD5
9a19db9b9c7b0683c4bb363ad4f4b858

SHA1
21293d27beb4aaea07b5f4837adec1eaeff23f52

SHA256
300305a996d2f567800a183323269e51d60159de13fe6035fd76941455aa64ea

SHA512
155467405184c6e4215b265471b1a5d651e527fee92e0850329159ac8ba0af8fcf5dbdadd62c9f9c475e44ba4cc6f8e270669ae2c9c8611740c9e8eee55b88b0

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
263B

MD5
39fd95f4f05b8fa583bce9b6ea6dd843

SHA1
03b00b393cca7b3084bdf3164e4fdca1cf421e28

SHA256
a8e0d71a10f2caa85783c12410598ca8e0228d9b26b6405a166dc2dd2996fdf4

SHA512
f1cb6023d329b109b2caf47caa9eba02d7159ed1c772460a244c13e55dc80d2fc0d7dcb63799823b23bee517fa61bff1d378a8580d1cbf0c4a5eaa92fde00e4a

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
405B

MD5
7dfd0b6c6d68d3fe53769e29864f220d

SHA1
32e4aa8fe03d7224180d5ceb545b1dabfe41d278

SHA256
ffdca107fd84fcb6a6fa28f9a0bca0a76b9c4301d8c0f966350dc8250fb1364a

SHA512
6ba8f3776e4b25d7fda86b0150d3c01a6446550450f2e43ccf1d832ed5da9e4b4ded464e5075802b5e645dcf024311326a25465c1166443732938ecda97dd45b

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
561B

MD5
02331673bae270f174631660cefb1825

SHA1
b9f6b06810e69be2f73a1dbe0ad48fc92bc7a36b

SHA256
80f8d819361e66886ac6466dca1d2105c4a4bdc421396b1d483e1d6a21bb5cc8

SHA512
41752943e1ce5a6e5177da189d6d6b3ef31bca754fb64092757b532921d9b58880edb5d3063a2515ee087fc00725cf100183d7abf8010e09013a8c4179ceeb50

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
717B

MD5
1733c74df667b9fef9d7e3ab0167babd

SHA1
943012b0ec7f0721b40333fd991bb6e4f004c3cd

SHA256
0562af3cbac1b6c97e3f4dc31c0f6daee31b84ef63abf8a7d603dc4ffcedb0bc

SHA512
672c0cb2f1d167079a25b30f793c7876596d7986b170f767f3e6c3af8c383ba8511898c46c206f7d8b550b3c9b167ea207d4f2c328e83c3838c6be7ae21bc244

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
4KB

MD5
3247e847c8a7095aaabb8318a9da56f1

SHA1
b0b389f3a34e37731b33e1d9a26b2e2178e39987

SHA256
56df76ca5d1add4cfbe0ded023135d8fd2dd5b81527dfc7998d55da75436f0f4

SHA512
7d796e058022f79e88dc56601acc7de8ea2441d92d3a91aa747922093320b5bf4ba8f8d10f9cbea8d2d93d55e38ed851840513abe289a08cf5913070a0e20e5b

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/contexts.json

Filesize
64B

MD5
600877927b2692613bb698e2646eb3db

SHA1
86f322722f53815689fe47a630f34dde3422d0c7

SHA256
7dab872ad640c3839276b80269ebd89742428a42f89dc53257b9e76b093cb469

SHA512
bded65bb1dc943f1f64636fe97c2bd3630f3de9a91423dd01f6cea48a50970bbbccec2c0ab1137ba5eb72fe09ab9bcf20865d8816cda0bdaa9a6b860bd080125

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/trace.json

Filesize
107B

MD5
7c5b69b423a28e6539e848cdde90d30b

SHA1
1d473e21cfcf588bea75fbc074e68467235fb2dd

SHA256
75be7ad58b51136925da99e40ef2ef7b94b46c4c21c0130ff369508e6c67ff72

SHA512
15eab2c79e2f13cfaeda3ff147e700048814bd27c2e9ec6b40725ef8382e76d3cf0424913c5ac4c705471595dc21cb3ae858a0751d3a2f8057861624ffa372bd

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.sentry-native/07849d1f-07ad-4c38-4384-27990783fdcf.run/690373d2-f056-4087-8b29-317686a494dc.envelope

Filesize
63KB

MD5
7fe1c647fa8e993812abd1c51db17367

SHA1
141e3351edf78aacc91d16b8536a3763252c7725

SHA256
35cb2956dee89a06d1124ef6325130e18824a22bef84a8be060e4f1cee4d2d8f

SHA512
64b8effa306ddd0b66c504162743967912fd788fa20c04e58b992d5a84a59112265a5c2283087bd82126c52b09cdff2bde78bf9fb6df6d7920c0cac8324a11ae

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.sentry-native/last_crash

Filesize
27B

MD5
88bc0a8abbdb8474257b34cb4fbe581b

SHA1
054492a2e7e639d98f9e61d8f2ff2530f0faab75

SHA256
8a0d7ed3e8641f39cc387a9acb1c5dd970b1ed9de730a12dfa0894afdc419f3c

SHA512
621837064d62427d7e7c956cc55cec55b83ad6602b59ac65ae3c7b395dfd9fdaf29847e322388a17226daa6c8812013cd558116c4fda8197e575d26d3a64f10a

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/25cd7341-aa14-4767-ab1e-8fd8bcf05e25.envelope

Filesize
802B

MD5
1023228a84e767a8d968056304607255

SHA1
9098d704e259bf29a220b570bc06f5ae69123c33

SHA256
41cae2d70eeb7e4ad784c1095f4780a6c48c2ffa73501e4de56e41e5caf449b2

SHA512
6d2fca62370fc4a337d5f18d5fd56a8de5fa73dcc026465d8d5fe20d6450cd17482beeec756f43c0b6310035266613f79d1a752a1fa32513022099355c8a75a7

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/session.json

Filesize
268B

MD5
1d056ee72d3b6d687f0d1b5e6358edff

SHA1
09528efe95aba3a8b0f1db677422602ef8739b0e

SHA256
973050b02ac0aad63c237cb2dd119adc5607bae7dfa8c336ed6e8ce7045db38f

SHA512
675a238e1ed5cca0195a67aaa7c6e6dadee227052571810fc8e5d46a971fc9523292f895685e02f7d6d32ddae0a2229d00a4bfe470f35ebac091ea591cb32f3a

Download Submit
/data/data/sh.ppy.osulazer/files/INSTALLATION

Filesize
36B

MD5
3e4d86832a560952fb0b68f2efce2ae5

SHA1
d06e0a407858104e046d7b1cfbce925ed86ef9d5

SHA256
94a6f6345f0513fa2c59c762cf8fed6f6857e4ec020577e4a66ab331a154f64a

SHA512
ae57cf935c83d1685d9bb85462ff175dba6cf056fd9e698f6fafdeaec751808dbe44f2ed7230f6eb1be245d81c0e53cc01c05c495e1b7514b987f3ac830203d5

Download Submit
/data/data/sh.ppy.osulazer/files/Sentry/9475B066A726B774C66441A00B887CE9CF16E1AA/.installation

Filesize
36B

MD5
b24add94421e16c83cc1a230004c5f7d

SHA1
b6db14c8164c3fd51ab3a4da270144ed572d8645

SHA256
c07544e15b6fa6421a41382315c0c327854f0c2a45cf9d15d5e98ffca7c39a6c

SHA512
a4c86d5540d0d3cc44d0dd00abcd3d4c529fd0389d1750b65d3372cf70e8c7ba4a7b4cbd7fb7fd5048cd46639d3640ab58e6d44b567fba7b621215a8205a3ba8

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1738540905.auth.log

Filesize
392B

MD5
505480d533eca3d7fd38782e5c7722cf

SHA1
a549faa9c9ff9472d29c8bc48c2eaad12abff017

SHA256
e09c189fda32397ad7d4af2c3b582dd6dd53407b459b926046276741c8c44371

SHA512
54dc902cf96aebb51b7ce029ac1fb65f78e599e720f3861f754295b82acb2956da83fcc78cc3ce7deffaf06531fb907b7b65288a8798534f89394219c088d4a8

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1738540905.auth.log

Filesize
443B

MD5
e414836b4c7e33a76aee116ea3d40689

SHA1
0105037c3d9e7221e32c0fc60f203afbe7c84911

SHA256
3ae4f92e941e498555ee47514c5f2af7700c44671a5ece894b9ca14f4dde685f

SHA512
24b402ce4f4da21aadf3c55307a2282ac28f5ef53cfa4c738375bdfe73d9dbbe4fb75573532822ed97494338dce7116e2fc0a01d9ae66ea65b50bdeb80f8571b

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1738540905.network.log

Filesize
332B

MD5
b5cc2ac29a6546776c1d3043621af060

SHA1
2162a332459f56cb6a006fd5b68a05b740bff165

SHA256
86d575a1ca3a0dfbb479a7c7f9d76c8774271aeec9a6ffd3b3ee5166abc1d5a9

SHA512
98651fef364037b09f3efbf656834cc3667bc7f1b6643b53084c771863092883fb10b7d7b17d6e0a0b4e339a380b0740e0cc909346561e8e11e42baedbe4cf8a

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1738540905.runtime.log

Filesize
314B

MD5
05f98a20b05cf46df9285bb27f7de9ec

SHA1
fa2ca03e55b1ff72d449d6ee2a6a1082dc9a438e

SHA256
f4ec3b3fef3581bf026c7e5856bcd62b033048e12f102d2c6059605c7534c33d

SHA512
5511ecc7eb29300be90facfa02b7d09fbb759a8d8f5a5d688ef2ab6bbe1eb4c3586f8e51f27cf82a18d2afe447dead42cd16744262f2a8245ca11424ecc7035a

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1738540905.runtime.log

Filesize
477B

MD5
fd919c26d9d8e74306f616b08466067c

SHA1
bed2494d1f499e1f17ebad90122938ac04402a3e

SHA256
fa68800e9134375fbe9463d08ab9bc0f82b3d19ac05645f44e70ec3b53118974

SHA512
e0e805d63f67e51902eb8995a70f6869bdca6f6e0d9017db3de144d6120295630e03bfb877bc89e760d3ad9c35153a15e0087b0d1eeab9acae5ceb0784336add

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1738540905.runtime.log

Filesize
622B

MD5
e25e38b4a1785c480ce37bec2cdb0d2a

SHA1
6c1cfafdcd2e409791e198e46930695e59426776

SHA256
1497b5b16f513a0f519d2eadd8be6dccecc8a113a8497ee8d66b7486a9b74e83

SHA512
03d66d50c6ab7d2baca12518bbe740ee1325532e812d6b1169a79d48cf73e4e32c5eeee257e66f56e2454b70849806fe25cc85d3c0adf24601fa3a79f808c72c

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1738540905.runtime.log

Filesize
797B

MD5
061c7ac08495ca10b37df6b9d6e6c68c

SHA1
856fd375fe9d39b2ef8b81cbb1e7b9e042976c68

SHA256
9ef6d4acee3852a2bf05ec91c563f2536452296d7bfd4486503e88c7ea1e69b4

SHA512
f227cb0904c365451ee6d4e6c7e95dd1e0e373c34dbfb2d621585b686fd016f10c0d55d3e9a72a8a39db9b4728ae85c733d287ce1b797065c582291749936cef

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/osu/.auth_startup

Filesize
12B

MD5
41aa48e354ef8d9e51b36e166ed5015e

SHA1
b4b84c339534c9f95fd9b9191e703120dc339503

SHA256
6e1c5a67f7d52174f8b24c1f5b8fc42bb2000109e3207b84751c6bb1f7fa799b

SHA512
99cac217f14251e736826f20a3158e80d0619eb6d54feebdee1df33a585210ad6fd66393baf38f4b5cbf620c8a06b5ac22e663211d4cf010a829c9d209146dad

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads