f62c9f476ba036c70237fbd66efa1815907ee76e4a1cea328a2ce883e5d63409

Analysis

max time kernel
44s
max time network
65s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
20/02/2025, 22:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sh.ppy.osulazer.apk
Size

215.3MB
MD5

59f11c3d9bfeb933d791db251a256a15
SHA1

0f6d70e2a099eba4326aaa8c2681b11086284b64
SHA256

f62c9f476ba036c70237fbd66efa1815907ee76e4a1cea328a2ce883e5d63409
SHA512

a6d91ef5177dc86bb0281c558b709ae45220581f3637ac3d47c071b9b9ac6f09749c09631e502522589473a9558d1e795f6e9d9cbff1bb06d9e2381b6c1c3871
SSDEEP

6291456:aCLaPTVJqbqy++GYFDHctGQ0R9lFkTh6qFGVH14:alPvqbvVfmKi

Score

8^/10

collection credential_access defense_evasion evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	sh.ppy.osulazer
/sbin/su	sh.ppy.osulazer
/system/bin/su	sh.ppy.osulazer

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.extensions.jar	4366	sh.ppy.osulazer
/system_ext/framework/androidx.window.extensions.jar	4366	sh.ppy.osulazer
/system_ext/framework/androidx.window.sidecar.jar	4366	sh.ppy.osulazer
/system_ext/framework/androidx.window.sidecar.jar	4366	sh.ppy.osulazer

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	sh.ppy.osulazer

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	sh.ppy.osulazer

sh.ppy.osulazer
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4366

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/sh.ppy.osulazer/files/INSTALLATION

Filesize
36B

MD5
93288c5806c7d4897f0d7233acdd92d7

SHA1
17bb20175dcd07a43acd385a048510cd512766c2

SHA256
184fe69a9581d94656025d1f21f95bba841eddeae7a26f31249fbe922eb4925e

SHA512
f8e5a8e7b6afdc12cab953c88451d05f2a8162d732d595d44e48e02e16238dcd6f8e722560035e780516ae10d03742109e65303bcd4640ddbd1cc2db788360db

Download Submit
/data/data/sh.ppy.osulazer/files/profileInstalled

Filesize
24B

MD5
bd6e76611282a4fbdad11e20d1857541

SHA1
0a0656dfabf9df84d2583b643c37549aa7aac36f

SHA256
b153fecc71fb4cad14f15cb5297624d5decb8a5ab5014c1f994e55f7795e178f

SHA512
c3bfd0c50f0a7541824237ec545a2c25eb82757f20d26405463ea10bc42bde74557392ebdbf7165237ba28ad7242611709b36714aaf7fc24a2f7f3dbc224ef70

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/dist.json (deleted)

Filesize
11B

MD5
ad1de469298a11a3a226717ffa0b6adf

SHA1
a5b8112395782b0674f3fc48b029c1db0847585b

SHA256
9862ad5224e3206384f056d8d230469edc064701327324dcb65e2340e7e48e00

SHA512
8da7b815e6b73c2021ab5cd1643d90176fb85c91a7caf2c744dcaf4bac121dc4c1f1d43665d6e839fd23b19c5937cf9eee97773e667b13c9b9ab385ec7b81454

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/environment.json (deleted)

Filesize
12B

MD5
dedcf97dec548910cc8edae172ab5bec

SHA1
a37f222f2a89b4098cf681951ee75d76bd1f75e5

SHA256
80be2eb0944c0453a6ad339a56e1c8f39f8cc57a4e627758246ccfd274176fd8

SHA512
5e0d2b9be27ce24d6baa109ec8b2cb7e7ed3deb5622bd87ea621428857a8b8cbda98871552eb7e26df145485e83b2b3397cdbeaa4d806e955b4eeafb4a85d13a

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/release.json (deleted)

Filesize
16B

MD5
2cd3f2412f21c4736762a17fa1c51930

SHA1
dc9eb0d186b2262c08db423257e293af7fc0c3d8

SHA256
6f6859895f5bc101b9d8a571de0815da0e464495ad3812a01d0b4a58bf831673

SHA512
f222947750df15dd78d84711ef0c889b063f99df95806e76b1433b005add525207c37284ba9188133bf498bd8ad80f891c471445f241b7c47634506e6339b8de

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/sdk-version.json (deleted)

Filesize
484B

MD5
e915d3c59563059738ba4d1699d41494

SHA1
424ec75ebd6b4133fa798234c5c744e816c13947

SHA256
836fdd5c4a1e3ed5648e8f3f3767094a87dd9a09e9d37c8576666808796506f5

SHA512
4320e5e56198f380da90696ef4a41e5c59dbf7c1a6551d7e7bdbaefd4daff3eb3f257608cb66af397c3ba0649e0cb4fe7585f95cb301dee839dfe67aef6f0102

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/tags.json (deleted)

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json (deleted)

Filesize
165B

MD5
343a363659d356b391b24ca8e9236c7d

SHA1
8a5ecc2df28d8cf72d57d16a7849cf41fe02ffcd

SHA256
7f0cde2ecd16e9647401a44c72976dd616b220ab6567b9f8edef619094526aaa

SHA512
dcfc16246e50aa030568173974641d6802d8993ac7b083e66529452c76b79685ec8e1aee024f2a239053d091a91b92dfec8e4d5d57a720c81e56ed8bb5e70aaf

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json (deleted)

Filesize
333B

MD5
5d75ad156df9ee1beadf87e797f7a5b2

SHA1
dca980ea2ce1f0f4a5d62f6d80e43e8abaa4ed03

SHA256
a183b398b1576347730dd9ae0f551f99f501d842376faa8e6c178829fffea891

SHA512
91ee03980e66e433db7f73094c3454a5bc2a504a39376deeece2ee36e19d03be622b658b429adee005a5bd50cfd6af45068848e062b8f398a286ad4ccec57a4e

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json (deleted)

Filesize
496B

MD5
364416e4b375c5081184eb7ca0dedeb8

SHA1
ad740032d79425c9716134803cfe8c8ccf0d7b66

SHA256
2cd7cf0db393319433959ffb6557c8de914d00f502d3424e6af04ec3faa33235

SHA512
ea970d8bd0f9d74119f249c06dcb271b92e326711990dbc4d42be7c158840e5d3b1b06bcd528a3188e682efbea2e6a26e9876551cba97ae658373716cc597cb5

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json (deleted)

Filesize
676B

MD5
526a0a16740d790a4f1cbecf2eacda4d

SHA1
c3f655534ce1ffc7c6d0d8de9775ba864845be16

SHA256
a9389073b90f467dc19b725dadf1080557d0b4465b0fcb2c7ac62d5aaa3627cc

SHA512
bd621e25abb5802d713ec3a2b50b22a166832aa68a9c9071db0da4cabf6c77d4d57048f1e7018bee04a2534d61890d900143ac3fe5f70e9d5c629fea26d9697b

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json (deleted)

Filesize
906B

MD5
15c27e1cee4e29d74edc2d84f52d4c59

SHA1
9576335161277cd19ec54c301082830caa29fbf2

SHA256
e5275caff4e1398c36f2efc413d4314b8834ba3ed4819db0406d966597bc5fb5

SHA512
f9363189d7482fb315e2d4a15bebc333686bc858bb07b4ef37c8786d13fc9b05f8a6c02814a2bc7c645b2c8661059899ef4f20f270581b4094e51b34154449af

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json (deleted)

Filesize
18KB

MD5
7684862b58f0c3e3caddb31089897d22

SHA1
dd13288ed472e57bda2aef16906d2cb1a6b74dbc

SHA256
f9c37e1e014c0c554a88f83fb2d27f0519bd4b21335a5764a1c90238b4ad63ab

SHA512
740dcc6b64fc9a7f731150b94093ff5272fab5f229ec7565846304647a0e50792ec5126e034e30c0f8a3b4de38472f1855ab9761623dfc10c1e878008a9820a1

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/user.json (deleted)

Filesize
29B

MD5
ad0c9ad384831e2bf3603dcc92e93d90

SHA1
4a41cc41f11df837cc039fac8929a83ca3e28beb

SHA256
7d0acbfcadc26ffbbd00817d4f91974ee8a59a48b279c19603da7437459fcb9a

SHA512
45d03cf23dcd41bc93b17353182ed2091cc55807b4815164216493cc376b2e26124177acf0e23d53ce09d70493fe3d52b1702913a74f05fa515063effbfb518e

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/843362fe-0128-4283-a421-1772aac46bf0.envelope (deleted)

Filesize
778B

MD5
8b5e2f8125f3b959dda44cd126eab877

SHA1
83639a3f6ac24abfe60bf29270cac4d9c4c22817

SHA256
570539239d038955772419eb39d6a39c8603ec6b300089341e3bc3fc3077fa2a

SHA512
a69589b3258717731b575ac599079ba50ce9440b844906233ab6449ccdc37eb2f691e1edd79e1a51ecda6622cb316776d8bab3892976e7ee3116af271846fb45

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/session.json (deleted)

Filesize
268B

MD5
84f51b08702ab9948541f6f9a76b1eab

SHA1
e41f219c816c4a2cf43c8848b1583ecb31309c30

SHA256
8d71a5e7242380dde81ae133c5bebca10e3e2bebbc0f9ca599ccbcdb042c02ab

SHA512
429e8e2207672ebd6ac54fc730ffff73bd03eece78dc61eb752ccd638efadf1718e473a2a5877161421e48204fe82ccd2086df0c1adc715b3dfade61ff06d252

Download Submit
/system_ext/framework/androidx.window.extensions.jar

Filesize
123KB

MD5
3056e1bdb7d4e19789d0319eff484bd0

SHA1
6791ae47aa9466fe0bca27ad6643f846853bbee4

SHA256
8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0

SHA512
c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
25KB

MD5
29469324e59dfcc052f24b5af4e7b2c4

SHA1
10c1e17ac6f598037bb51baa07945663645de4eb

SHA256
9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a

SHA512
5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2

Download Submit
socket:[59725]

Filesize
41B

MD5
016a9e794263341f840dce720ffc12da

SHA1
b29b7b52fdd47737d64472d508371d6e7ac01fe6

SHA256
b1ed5d7697eab6037de5ac423c2e3dbc10436408d06adc4bfc4decb616e3a34e

SHA512
89b5871eb724705dd555da791fee2f50c3efef37e262d2a99c5fea75bce47090f076612ff03f55a6c3ea6af4e823ada92c8d457601f2f9804969fdebc3ee7755

Download Submit
socket:[62995]

Filesize
41B

MD5
a43a78ff3f43e19e587ab40a8c2c7666

SHA1
86dfb769d04bb0141fdcb5718d7abf87632365fc

SHA256
f985ece6e96d742876cb16f6191ad924b16201e0c978e9e0f172ec1fa8d45478

SHA512
2b47248a48f9c4b1a635f74fbe2dbae7676c5a4d413a8bf47ac327b74e4fdb4700bc080c97701123cf1eddddcf502861431f84d4356a8bc7fff1c76e6133e277

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads