1ea11e37eed039b132147b7b5f58a52527e8d4b6936822348cc0db52de1d7dcc

Analysis

max time kernel
6s
max time network
46s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
03-02-2025 00:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sh.ppy.osulazer.apk
Size

215.0MB
MD5

a22ca5d3391931d7f4e602380da7c60f
SHA1

b5d80e4f458db8dcc65506194fc36642f03bd49a
SHA256

1ea11e37eed039b132147b7b5f58a52527e8d4b6936822348cc0db52de1d7dcc
SHA512

c55fdf6d1afc6072954469fb82dc2a5b555d51c948923d8012752326f2e6a0d61b4a562aaf489f9cdf7fa06fddca8422c610c0a31fbd308a56e737057a681d1e
SSDEEP

6291456:uHCLaPTVJqbqyI+GJQeQ0RAlry6h6bFGVHGA:uHlPvqbheYftL

Score

8^/10

collection credential_access defense_evasion evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	sh.ppy.osulazer
/system/app/Superuser.apk	sh.ppy.osulazer
/sbin/su	sh.ppy.osulazer

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.sidecar.jar	4625	sh.ppy.osulazer
/system_ext/framework/androidx.window.sidecar.jar	4625	sh.ppy.osulazer

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	sh.ppy.osulazer

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	sh.ppy.osulazer

sh.ppy.osulazer
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4625

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/dist.json

Filesize
11B

MD5
148818e13493d00d33c3eba56fbd27d1

SHA1
5736e7d5077445a62522f7d167d081383a2538ce

SHA256
195f87c6f9a0f543916bc6e5167309ef47c79369fb869c9bc9e71f80b301b659

SHA512
8bedb07882b51672a21f783cfc2d1a5f35d39e21a2f8ee1dce1b876ac42447b018073549437b98ed1eeb675a68e257855454ca844e8e3be01fad56b49680ec61

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/environment.json

Filesize
12B

MD5
dedcf97dec548910cc8edae172ab5bec

SHA1
a37f222f2a89b4098cf681951ee75d76bd1f75e5

SHA256
80be2eb0944c0453a6ad339a56e1c8f39f8cc57a4e627758246ccfd274176fd8

SHA512
5e0d2b9be27ce24d6baa109ec8b2cb7e7ed3deb5622bd87ea621428857a8b8cbda98871552eb7e26df145485e83b2b3397cdbeaa4d806e955b4eeafb4a85d13a

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/release.json

Filesize
16B

MD5
4b31c6380a9fad9ec44b7ffd60a65505

SHA1
6346549efb0f4bd7cf9c467e201aa81a14cdd746

SHA256
5cc5d9b2d0a9d9479100ba8545fe7e75fdbe4a186f150d195dbc7ddb5c58035f

SHA512
c117592fe479d56a5f5d3814146f7ced1a2877da9cd2bec35eddd017b02c0b0e54290421d813ccaf8cdf265df0ccf12b297c58541f1d1870176a4ba9a317f9ae

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/sdk-version.json

Filesize
484B

MD5
48a43424c145d9b46a388b5bf57998d7

SHA1
fe5345124ec5cc14864b2549e218cc65475fc805

SHA256
c650b89c2a95d6d66f271619181dd46b41ed568987bb8dc8ce20cf5e630cb1b1

SHA512
5121b9ea6f6f593e645ca9e0306cb05996284ebcecd22dda84a43bfb52fdf894392f3cf5b616fb99bc04bfebdecefbc342e3807b2947a94a232be4f3b358aefa

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/tags.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
131B

MD5
f4ecc2e7eafb9030699362211182ae7c

SHA1
67c47bb9bd7dea045f387cd11559a9d1c1ffc511

SHA256
f5a8a49380dfb8811d31326a3b779c1f68026681c88397af8f3035f9056a9791

SHA512
9892414745e09a5a0b8a9bcec319364f27419e996abc0d107b68c9a55d53cb3d41d71beb6577b99d3ce287a3972792355f30a695817c34d67bf519c32804f705

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
263B

MD5
4f1596c9b74d4586da7f9c175f4ad6ca

SHA1
5d927ab64be55dff6b467263ee19385e6b50b8c3

SHA256
69f83f0249332a5d0e90b31efd339953b95ed138a36f90b6f23a369dc465e4dc

SHA512
ed711ebe0380670b1d6d5c6b441057753d2d8792d78a72af3dd17a4fa074f1e1273f24a689f11c641bd8318ba14ef7de738a7cdbe13dfb471fd51fd49a2e396c

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
405B

MD5
12f4c5a27a66cb9e82bf3672ca463bd3

SHA1
d861475625a7927726004864133267219d2bc084

SHA256
20b59c9810d39688971d202df0015952c20af0b8e2f3abfc868a13b3aec4a72c

SHA512
e7ca8652e163398f817e632b2fbedcb3db66c53fe4995dd993f26dd1d7f00896ba7e0d4c89f9e4ab667c6e8fa663a920c986cc2bf1c817ca4634b2154a00b85e

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
561B

MD5
5e35f924628222005c5324cd8cdda633

SHA1
4130dbf614bf248c80ff5a4e584107609644be38

SHA256
8dc05a952fd6ad7ca81c0f6af1e67f9de497f9fd52bb911b9e0b03480d8af164

SHA512
8451e0b19eaaecfbb170f4241401ac72752c743aefed8f162525eff86caf8e45ac034c451f75823d1ad1a3c8e013cc2285b6a59433b0a01c18435b322f7edc25

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
717B

MD5
0872b44b6b46ad4a8696f2c949bc2f58

SHA1
aa460d217eda92c642b19d9ed5a349fc74324371

SHA256
c96b7e1fe43477228d09824e309edb93c6ba73b8bcfb75a051996d75511b4521

SHA512
84c982b586a3d119f8ff482cf1b3b623959c88f7da8f5c65d38a677ac8c78b8f49913035458c09df40316d502bb1d67ed198703b517f73df0ca7e105de40033e

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
4KB

MD5
c2f5631185ba8e15bab4500aceae7e3a

SHA1
34dcabef9e0c7a309bbd98aa586082aaff538cd3

SHA256
9919064819c549c24dc7fd219ccb5249e7d3663a58ed3ca49f86b8c88231672f

SHA512
143e4b64cbb3e25d5ae762394d032147b516c3718990859594605d3bb365b634e220df9c2e1f5caf73dd2ad39bdd46266db64a687789b60ca4f49b1586f38af8

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/contexts.json

Filesize
64B

MD5
600877927b2692613bb698e2646eb3db

SHA1
86f322722f53815689fe47a630f34dde3422d0c7

SHA256
7dab872ad640c3839276b80269ebd89742428a42f89dc53257b9e76b093cb469

SHA512
bded65bb1dc943f1f64636fe97c2bd3630f3de9a91423dd01f6cea48a50970bbbccec2c0ab1137ba5eb72fe09ab9bcf20865d8816cda0bdaa9a6b860bd080125

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/trace.json

Filesize
107B

MD5
2c7ddca6c915a0ed4f69980aebe3578c

SHA1
ed904ab9fad8086a35ff0bb2b8f7960cba758b7a

SHA256
29c3c0435596d2a34c70fdf57305f75a5a83fa88507fba7199dc8b0ef10c2ba4

SHA512
62265ae4ebc77c3be019d0d9912028046635c1bc980a8d997f1620b5989fe8042472616febba4c6e4ca272f58eadc8810910b7f01d1f61d00445709776abcf25

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.sentry-native/b2e32c95-5399-4faa-724a-91a33c4b5cdf.run/9796d05c-bd1c-42d3-41fe-414ab06f281a.envelope

Filesize
80KB

MD5
a027e34f86f5a7d7c8bc3dbeb0809480

SHA1
d38f4a83401a3563ab49f21a1e9e1a62ecc1ce71

SHA256
a871e0bf1fdc4a96991e8b4656083dfb0f09fc51a43dc322f7d2fd9493725aaa

SHA512
a152111ee9fabb0f98823257a5ea484d72c9586034f227b327a9d9dd7eeb6dde1da23f857ea1605c84542a6818beabc90c59163f8d76612f880abbb33410e8ea

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.sentry-native/last_crash

Filesize
27B

MD5
22e2003cc33ab651889abef666197bde

SHA1
b431c20a3066f9b18a9f10b229f041df316b405d

SHA256
396611cc06baf22da064d528c8a107a2c4a59e8131a37365900aaeca9f863174

SHA512
5590258046aae1935e9db2f15b2853212df37e922489b55b5518061c3cbeff68706ab386f980bfa0ba60dd8639d15665e0626bc9c531912be7a06b9a46b748bc

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/9d7f167e-60ac-4b9d-a15d-a7a93f46e8d8.envelope

Filesize
778B

MD5
8d8373909d63bf22cf026de989db86c2

SHA1
7d16a9fd0add1bf10db596f8a33dfe9a1b81d874

SHA256
ff2ec97634797aa52d47495d1adf7faa36fa254a6723af4a2ab8fca7f558aaf2

SHA512
c8d75a7e0ac13c84e87c056bbebe3246a5690771a012a3006e89d75e5a44571a0f6632e339588306e5bf0997258f0d8814e5511a833a3cae5cbce9fb12f64f8e

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/session.json

Filesize
268B

MD5
3c10dbf656a958ece911bd3523347bf2

SHA1
47a9a2aa29d0372b995ced6e3bd759d7dc112888

SHA256
516f0db8f7d08bb7f1e5a6e172854cfb72eb7df27d718011d3da1e47e40bccc6

SHA512
8592acaf13d6df454c9e546ae3e24acd1f82326fe68913c4ddd7949c79bf3d724e3ad620f05e81ee7d1be7b13f1f94bd708e5eeee31b83c681dd85a133eb30bc

Download Submit
/data/data/sh.ppy.osulazer/files/INSTALLATION

Filesize
36B

MD5
3a3a399f432e41a8c271ea6e2c9ca8b0

SHA1
3c8252123c781063273ce65b2f527439883f38a5

SHA256
edd1cb4819120c70a02bed9ee4312359a1df3073d6d921f1b7d87766fffde521

SHA512
63567703104b2ad06636dfc3011930ee430d32d5de396da68284d29c25a1d60c068a152066c6e4a0aad5436e47ebfeff4328814b688accf163d558a3be16b8e9

Download Submit
/data/data/sh.ppy.osulazer/files/Sentry/9475B066A726B774C66441A00B887CE9CF16E1AA/.installation

Filesize
36B

MD5
6ff329a8cd2ca587bc3a88d50be6f4f8

SHA1
457ad0ef2f1fc9dc78827e5b42538999975c5c10

SHA256
b44336a449fe9b312d6147a44ae096e49c84898d0b727b508e86c23fcafade5d

SHA512
ca0f8eff4cb51d4c17d84d726ac8ab2c4c6d4f245bc7368c655f27e2444b790d619cdc39e3cde08aab43d603f8c800caa77e378393a4a80983bbf4ab01c034fb

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1738540907.auth.log

Filesize
443B

MD5
b1024e686b0d350be3095f1830a5cf39

SHA1
7ef731cb4492446cf768411da3d0ec8bd26a9af3

SHA256
36c1643a8625e4f76b4d895f9fe09c27223f903d39a817eeac5aa09c9d00ab7c

SHA512
f1aaad3e3a904a59be782449a4c9e1244be607b6cf9de7339737336009ea99eedef697b33ce6faef49e2db39f161a5504bf2df3d9829faabed8c6c8ec6e4fd03

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1738540907.auth.log (deleted)

Filesize
392B

MD5
8bc50b978a0a50174420b322596374d7

SHA1
4e0b053f4efcfc55c08b8d23b9d1279b071c1207

SHA256
ce8f6932115f5d5c4c65210adf715563a5a38345b0de36b4252301dea3abe061

SHA512
5560614b00157f02d82dcc5934b14e4256e3f32d451a2a47b9513ed3038140bb29c304a2b254277e081183218f9f847f3dadbd44c8a32712d11221b51d0bf5e6

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1738540907.network.log (deleted)

Filesize
332B

MD5
3601b43ed80570f46edb8f4ce1d11f0e

SHA1
871056b5509756afd5a446fac9558544ce7058a0

SHA256
1d2a264a45c4cb5572d5a63066c3d90cd168f629c14079334c0cfeb0d6c304b3

SHA512
516d9de121710081d912545438d84fbfd33255e04d5882b55c316c4222181a93f2c90a01091848d2c4a171ab5ff881f57365571269148eff0870b747df8ae934

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1738540907.runtime.log

Filesize
622B

MD5
a686b191740dc0dd86fcd355d627fb63

SHA1
10e46d4afbf4bfeeeca60555610db93c2ca5bf13

SHA256
bc2fd7fb256562462798fbfbc028b489f1419ada3164e75ce7db9d4168fcc709

SHA512
8cabc3990de3735e94dbdf3005dd08fb2a067ce48b634e8942f6a1df7bbaf0fac086e4e759e88522d5d6fda28068f6ed3785bd4f61f52c4bbca7bc47254758f1

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1738540907.runtime.log

Filesize
797B

MD5
f1fb5dc24a461550e664ce8adc18eca9

SHA1
20e3e9bc9ed3d9f54da9361589a893ccf124dfe7

SHA256
4b506f1f6d2e9556f081ba73641fbb34c9359512210bc1e6c99a8fe1fb4dc830

SHA512
2423447e69068e2a59638915928409f34519202b80f9b258feaa2db49d2f5d4be520eb285e4a061327bbe21be82224ba9b8afec5576c1ff57dd79e36dd27a7a4

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1738540907.runtime.log (deleted)

Filesize
477B

MD5
47a7053155b6f4439a03a24071794d9a

SHA1
34cabd325c165d07b840d3f4b50e050b4cac1767

SHA256
52d8ad494a1d5368e8be61c39f7a8e1c2d5b5849ef26ff4d2f049e18e45f865b

SHA512
94bc7e03f94e3459616b0cdccd00f2f032136a250b4905cb1027dd39127dfe0f290b173ac351cade4a70028a1cf6f3c8a27f1dd973ab8ab98a28dd4ffe55760a

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/osu/.auth_startup (deleted)

Filesize
12B

MD5
41aa48e354ef8d9e51b36e166ed5015e

SHA1
b4b84c339534c9f95fd9b9191e703120dc339503

SHA256
6e1c5a67f7d52174f8b24c1f5b8fc42bb2000109e3207b84751c6bb1f7fa799b

SHA512
99cac217f14251e736826f20a3158e80d0619eb6d54feebdee1df33a585210ad6fd66393baf38f4b5cbf620c8a06b5ac22e663211d4cf010a829c9d209146dad

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
12KB

MD5
bdf3529e80318eb14e53a5bf3720c10d

SHA1
25c9ace4b1af6e80ebb2572345972c56505969ba

SHA256
bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

SHA512
48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads