1ea11e37eed039b132147b7b5f58a52527e8d4b6936822348cc0db52de1d7dcc

Analysis

max time kernel
10s
max time network
47s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
03-02-2025 00:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sh.ppy.osulazer.apk
Size

215.0MB
MD5

a22ca5d3391931d7f4e602380da7c60f
SHA1

b5d80e4f458db8dcc65506194fc36642f03bd49a
SHA256

1ea11e37eed039b132147b7b5f58a52527e8d4b6936822348cc0db52de1d7dcc
SHA512

c55fdf6d1afc6072954469fb82dc2a5b555d51c948923d8012752326f2e6a0d61b4a562aaf489f9cdf7fa06fddca8422c610c0a31fbd308a56e737057a681d1e
SSDEEP

6291456:uHCLaPTVJqbqyI+GJQeQ0RAlry6h6bFGVHGA:uHlPvqbheYftL

Score

8^/10

collection credential_access defense_evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	sh.ppy.osulazer
/sbin/su	sh.ppy.osulazer

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	sh.ppy.osulazer

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	sh.ppy.osulazer

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	sh.ppy.osulazer

sh.ppy.osulazer
1⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4943

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/dist.json

Filesize
11B

MD5
148818e13493d00d33c3eba56fbd27d1

SHA1
5736e7d5077445a62522f7d167d081383a2538ce

SHA256
195f87c6f9a0f543916bc6e5167309ef47c79369fb869c9bc9e71f80b301b659

SHA512
8bedb07882b51672a21f783cfc2d1a5f35d39e21a2f8ee1dce1b876ac42447b018073549437b98ed1eeb675a68e257855454ca844e8e3be01fad56b49680ec61

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/environment.json

Filesize
12B

MD5
dedcf97dec548910cc8edae172ab5bec

SHA1
a37f222f2a89b4098cf681951ee75d76bd1f75e5

SHA256
80be2eb0944c0453a6ad339a56e1c8f39f8cc57a4e627758246ccfd274176fd8

SHA512
5e0d2b9be27ce24d6baa109ec8b2cb7e7ed3deb5622bd87ea621428857a8b8cbda98871552eb7e26df145485e83b2b3397cdbeaa4d806e955b4eeafb4a85d13a

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/release.json

Filesize
16B

MD5
4b31c6380a9fad9ec44b7ffd60a65505

SHA1
6346549efb0f4bd7cf9c467e201aa81a14cdd746

SHA256
5cc5d9b2d0a9d9479100ba8545fe7e75fdbe4a186f150d195dbc7ddb5c58035f

SHA512
c117592fe479d56a5f5d3814146f7ced1a2877da9cd2bec35eddd017b02c0b0e54290421d813ccaf8cdf265df0ccf12b297c58541f1d1870176a4ba9a317f9ae

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/sdk-version.json

Filesize
482B

MD5
dc245dc4d79adddd39dd5cd2ba32542f

SHA1
77248f5f0aa5a1031732cdb77ff1bd645bb1752b

SHA256
402553259cafd98e8a3f47d678a34e7dda32a3db1cc11d396e98c175c6dbb3e5

SHA512
986de094eb193abc658ff36187d8900998734980e04371d852c25b97ee13af507df032a117ccbd455ca80b2a1344324c6f046fd7b95317a97f0cc982a1ea5903

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/tags.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
873B

MD5
1373913a4e88b492fe3b563ef612ee9c

SHA1
aad9fd49b9e1adfd8f9fce0ab5e4583261d11e79

SHA256
f83913598c6075e476c6a82447d93f8ab11ec736b801e80b4369f4aa34f38ca0

SHA512
83da77c93109695ea8c800cf67026f0c92cf1dae74733e64581a4ff1fcedfcefe4416feeaa03eb56fdbe27713fc1d7f8c2fefb21987f23d0f0b0de8828a00281

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
3KB

MD5
342838ac7e77b71fadc64acc7979395c

SHA1
ec8ac8e3851b869593e47a39aa7e351fb6f6c941

SHA256
7e53483cfb0b6afcd74c0bdb1964af9127de5c12effbbd8d6bf27803fbc94501

SHA512
8e037955c80c7c4bc20d68e045f5279b10ebb9cc9ce19d8b2515c6a4a24fee68db91d775102375de3c0686119991fc1f08b035be829df55d3c4141346bf67086

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/contexts.json

Filesize
64B

MD5
600877927b2692613bb698e2646eb3db

SHA1
86f322722f53815689fe47a630f34dde3422d0c7

SHA256
7dab872ad640c3839276b80269ebd89742428a42f89dc53257b9e76b093cb469

SHA512
bded65bb1dc943f1f64636fe97c2bd3630f3de9a91423dd01f6cea48a50970bbbccec2c0ab1137ba5eb72fe09ab9bcf20865d8816cda0bdaa9a6b860bd080125

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/trace.json

Filesize
107B

MD5
966978277e743c18d3deab8cf9111322

SHA1
7c76ddfbedc8a3a52bf2d926deb8fcd6ed45da6e

SHA256
a9cb8466fe81807e6273c773e9420e057e1d6eee5f7de3384fb6119ab6325f09

SHA512
3100c8a1598aea41af21316f6c228ce27e422526dfc8851ddd7b13ddf92e502290da500b6aafbe7a72f57b2b4c19f7790678819818fc80e95800a24a3563fb35

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.sentry-native/3606dfb3-e4b4-4233-b852-fb0ab7bc09b5.run/08528156-df94-4a5a-57d7-ad9dc174c0b6.envelope

Filesize
70KB

MD5
a7ddfb6c90e3a324572484d911f6de25

SHA1
dc2b66a4d3fb50eaabbb09c59371cb23b5bef40e

SHA256
6672af205bc3ab6b38b087c4290f4f17b17e1206b4b48e1b4b68d156b4e7ce8b

SHA512
df4702a26a5059bfe67a9461bd050b12e953665712f9ad6f8bb52f6673397dbb5573d21dc1d8989202ee5809321691a3a9c39967a9b6bd1a222b6abffb7c4a76

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/.sentry-native/last_crash

Filesize
27B

MD5
9e111703ad4afb188570a5ea335a30b6

SHA1
5ea19641285359a5ee74726a3f7b4a9950cf82d2

SHA256
822cce9a3438744f4e524d5bae768ad03b19a2c66d965f8a4b458f84096f1e84

SHA512
bed87013c4b93661209f890acc3725c1260f8a20ef868833ba13ccbfdb9d79476b2ef2bdac4b7fb44ab3eaf807c0c8ee08e387532c094e6f02682d6166ad565c

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/26a10324-415e-4967-9e3b-17a7c656b390.envelope

Filesize
776B

MD5
c53a80fcf34f6e78efed4f86a8effe90

SHA1
bd649d4bfad97d604780744071b40acc9cbca9b6

SHA256
8c05975bad9d3ec22c482f603d80f18cb7dca4afcb1917eab474c3eda5b3267e

SHA512
e8a8e547ca920d3657296bf74d8b01697429582c355729eaefaa160d8e23b06d30f41f65fa5f2f91e5467946bd28736656146f35b94d84c0b9a70eff74638c04

Download Submit
/data/data/sh.ppy.osulazer/cache/sentry/9475b066a726b774c66441a00b887ce9cf16e1aa/session.json

Filesize
268B

MD5
e14409ab2ee6cf6a295cede44317901b

SHA1
bce93ddf5a13657acbefb72563483ddaaa185605

SHA256
289a3fdf3df5546441d1c03b16dcaa6ed8f5ad8f05b9e44fc3050adad23ba4b8

SHA512
c8422af7e7bfc813ece9e75c8671d15f14a91d2cd32ffd2606be5c1503efdde43423c3e3215e619bd824ba14491ec0ba2be6c47e5ed7ad54650ae5f5ef52b57a

Download Submit
/data/data/sh.ppy.osulazer/files/INSTALLATION

Filesize
36B

MD5
8a4c69883a7d2cd8c34719c3931fc710

SHA1
102e4cea6ad47c2aefb342787b99ed0bea5c7500

SHA256
d8eb52a612ecd2af61f06190908ddf9aae9082432d63b51c5505aa1d0f0ce5dd

SHA512
55827b669358e6519ccdf140029697b07de2d8f63dafc63d5f6ec134649fc1386d94df451eef20aab97394ba1598bb017897ac381876332e0f885e0a220e83bd

Download Submit
/data/data/sh.ppy.osulazer/files/Sentry/9475B066A726B774C66441A00B887CE9CF16E1AA/.installation

Filesize
36B

MD5
b1e50601045e132e9e29ada093d4c5b3

SHA1
7abf14d19a2bfa5c68fe1e4b7e99c298435e09f9

SHA256
cfb5712d5e6d64ff4cc88c70f3e34bbade43c8fc46a709f677542083e2cb5a22

SHA512
841537e88f12230119d4b0d0680a902fb9050b18a06cd5313ce3045c102dbab0ad1ba7f2ea2cd5b594dc79cd0dd503c707fad0c83d4874b532bea10b073b5bf2

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1738541465.auth.log

Filesize
392B

MD5
c15242e2343f6cbed94a439162c71a4e

SHA1
3fd0c3a9d06a459fa35789ec7c8b739b8f7453c4

SHA256
e86477b239cd6b1a334145e184be3ddb87c2057548ba7fa03665b531081620ee

SHA512
8f4a7c11ad25c221db06ef732723110c1af5d4af975769a7454183b94d8220927a3a9bf96394323eb7d796d129e36d0cf50a9d6fd30831296d11a3bcefbe9933

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1738541465.auth.log

Filesize
443B

MD5
ba1f025179e9622afaff00474b50bc9d

SHA1
d88cf650d410351a8cb5c23d4c7d0946199a34c4

SHA256
e88df3105c6fd012b10a24c6b9ce0ddd2f27c015577882f68ceec71a47ff4815

SHA512
078d3fdc4cbed085581ee60bbf231e5f4af27b4279a11e16d9cc049ed657fbff8321f2d0026536f56a765fd2ea1e4453e12ddbbbe6580f24e7a770b0cdcf005f

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1738541465.network.log

Filesize
332B

MD5
25310f8e704783d6181ce135090978f6

SHA1
f0b3a7edb45475dcabad7df16972e1a721d728dd

SHA256
72b255c88dabd55886fb1123eac7cb5fb19596044635edb8f32b460a00ed52fd

SHA512
2be3f307c9e24300645eb8d62502a160cd06d23d7e72e7fef6b662ab1c7fe9016ac2b041219cbe3e01b0b3b8df84f16127e5dd5ab985e65cb5b47f8fb93fd4c4

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1738541465.runtime.log

Filesize
314B

MD5
f9df3056e7851abb280ee7517c12d2fd

SHA1
f86be656702d3cf13f2497d7751685e8f8bb719d

SHA256
a9ba75ad9abd8b50cff7299d954b90f1bef3bdc132a155f68d855c7ba4a81038

SHA512
66902df6726828271ff09e398427023f058cbbb0f95d982deb6769984644465aed8ff01e6d626f62378577fc78d6ffb3ad87075280b49c3a244c98f94269aa48

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1738541465.runtime.log

Filesize
477B

MD5
ad6e63cd7b374f04b86d9c4f105072be

SHA1
aa0f0d031688204fc493660d21484d5742827813

SHA256
733ac4c04e2611783b21261ca5ec9a18dbab499e417e37510d1712b10e2f82dd

SHA512
538e762d17c02de602cdd6ac1e63a14b0594c4ab67c51b2e23c077acb26333a708c5fc1709fdfec979372ad67a6f6f64056b53c474637cd87501a089b9a59520

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1738541465.runtime.log

Filesize
622B

MD5
183185690cfa1b6a57e3b88329882968

SHA1
44a5cee122ce2acfe58a2c7773d7751bdd6216f8

SHA256
acc09c71b1a6ee9858d7bb5e5e6988e8c84909ad338f8b5fd46ec1eb72cecd5d

SHA512
d64221251f7d0c177356750ca7fc7c5616a0f230170287a396b9578d68d5b5c302b1e8fbd45bf198e0ead5d9a94d9dabeeeca8d6c837d8cf7346d8aa46bbbb97

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1738541465.runtime.log

Filesize
797B

MD5
ee28f7b9abe5977894e4220a050ea5df

SHA1
28954db2849e7cef7f42317aa59c10cb5b6dd657

SHA256
fbac055010908997abc4ba4f74006e222a4b9670bafef97cf52704e5d2552f59

SHA512
d207467ea398958e783ccb9bd67017db15dd01225e86080d517fec6122929570db176bcc755581ad821f4b14006d357495503d89615c75bbdcd151fe6b5874f3

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/osu/.auth_startup

Filesize
12B

MD5
41aa48e354ef8d9e51b36e166ed5015e

SHA1
b4b84c339534c9f95fd9b9191e703120dc339503

SHA256
6e1c5a67f7d52174f8b24c1f5b8fc42bb2000109e3207b84751c6bb1f7fa799b

SHA512
99cac217f14251e736826f20a3158e80d0619eb6d54feebdee1df33a585210ad6fd66393baf38f4b5cbf620c8a06b5ac22e663211d4cf010a829c9d209146dad

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads