f62c9f476ba036c70237fbd66efa1815907ee76e4a1cea328a2ce883e5d63409

Analysis

max time kernel
6s
max time network
69s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
20/02/2025, 22:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sh.ppy.osulazer.apk
Size

215.3MB
MD5

59f11c3d9bfeb933d791db251a256a15
SHA1

0f6d70e2a099eba4326aaa8c2681b11086284b64
SHA256

f62c9f476ba036c70237fbd66efa1815907ee76e4a1cea328a2ce883e5d63409
SHA512

a6d91ef5177dc86bb0281c558b709ae45220581f3637ac3d47c071b9b9ac6f09749c09631e502522589473a9558d1e795f6e9d9cbff1bb06d9e2381b6c1c3871
SSDEEP

6291456:aCLaPTVJqbqy++GYFDHctGQ0R9lFkTh6qFGVH14:alPvqbvVfmKi

Score

8^/10

collection credential_access defense_evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	sh.ppy.osulazer
/sbin/su	sh.ppy.osulazer

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	sh.ppy.osulazer

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	sh.ppy.osulazer

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	sh.ppy.osulazer

sh.ppy.osulazer
1⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4268

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/sh.ppy.osulazer/files/INSTALLATION

Filesize
36B

MD5
80c25f720466159987fd205025e737e2

SHA1
62c6701bb52ee159914fae88ef204287d6e367b4

SHA256
1295ea29660c8ce164cc6e5b7e15eff74774318eab634e55e4fd4cc2ed6bf274

SHA512
cf8f6f8650b0ec594efbf806acf1b0c6424143de7b0cbde6d056f4fc2d7c8ca25d8205fc4b8e40401f3433979db17aacc8da4d77228823c286344886a7890ef4

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/Sentry/9475B066A726B774C66441A00B887CE9CF16E1AA/.installation

Filesize
36B

MD5
69adfb1eeaac3c236c62eff0c634763e

SHA1
9996f336b23202bd024c4a63ad560562e7981e75

SHA256
b6b4b00d0f8a7d73661932bfbbe58c0a64e58c62005e488b7ec7287bf5aced00

SHA512
284e612921ced12e48c36aff3cf05c3df355ec302ba3a8497c9a04f91eb8f11655b2c34ee5caf580fdade3c8cfe1d8c4813521fbf1837ec042686f7f8e7f07c1

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/Sentry/9475B066A726B774C66441A00B887CE9CF16E1AA/.session

Filesize
300B

MD5
47096c78cdbc4378a6df7e20bba3138b

SHA1
9ab0fbf029b2a8c204dd0c38c60b9cb3879a43a0

SHA256
6c00259ff5870f86f23e0013cea865ac7af2bb99f7ff19c0359b47977ab2c702

SHA512
87adc1ecd1432b7e241e2272dc6279b29abd78b2e5e3331cd1bf7f0f3330d389f58d704c6d8d206370d82657e1869d66b0e615816a4c23f606f739e5dea16214

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/Sentry/9475B066A726B774C66441A00B887CE9CF16E1AA/1740089796_-399__921640488.envelope

Filesize
373B

MD5
c34591bdd32512c0b9811527e552610e

SHA1
e076b0262c575d9be91970df7893eb96d3624bfe

SHA256
d4b73b77a423d4c962df514c342d0b5b0d16d211241419182bc37d2fd8eec7a5

SHA512
0103208b317e20dedc1de571f8f2bd3968d4d4363b1e0ea291dd06fbcfbaa62332d2b056f918c750a8c221db8bc498c98956255f2e29be9f448894ca1100314e

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/dist.json

Filesize
11B

MD5
ad1de469298a11a3a226717ffa0b6adf

SHA1
a5b8112395782b0674f3fc48b029c1db0847585b

SHA256
9862ad5224e3206384f056d8d230469edc064701327324dcb65e2340e7e48e00

SHA512
8da7b815e6b73c2021ab5cd1643d90176fb85c91a7caf2c744dcaf4bac121dc4c1f1d43665d6e839fd23b19c5937cf9eee97773e667b13c9b9ab385ec7b81454

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/environment.json

Filesize
12B

MD5
dedcf97dec548910cc8edae172ab5bec

SHA1
a37f222f2a89b4098cf681951ee75d76bd1f75e5

SHA256
80be2eb0944c0453a6ad339a56e1c8f39f8cc57a4e627758246ccfd274176fd8

SHA512
5e0d2b9be27ce24d6baa109ec8b2cb7e7ed3deb5622bd87ea621428857a8b8cbda98871552eb7e26df145485e83b2b3397cdbeaa4d806e955b4eeafb4a85d13a

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/release.json

Filesize
16B

MD5
2cd3f2412f21c4736762a17fa1c51930

SHA1
dc9eb0d186b2262c08db423257e293af7fc0c3d8

SHA256
6f6859895f5bc101b9d8a571de0815da0e464495ad3812a01d0b4a58bf831673

SHA512
f222947750df15dd78d84711ef0c889b063f99df95806e76b1433b005add525207c37284ba9188133bf498bd8ad80f891c471445f241b7c47634506e6339b8de

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/sdk-version.json

Filesize
482B

MD5
423ee0e659b2442f2315a872ad25273e

SHA1
6b4a6aecdc35c1744a318767443017ca63f5c8ee

SHA256
c70d2c48286bc5082f9ca492fcaa64bc6fa45e382c82f6c0b7b27211c2faec1d

SHA512
6e5feddc095cfe9d50ecd172d3b454557d9664425d1ea52fe27842f9bc5dbbc3a847c4810bef8afb63b30a2e10583d624496fbb6c6f55024cd4183cfffe0297d

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/tags.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
165B

MD5
ad1bebeb98435111b8c57f5807e8a758

SHA1
80eedf424eaf2bd1699084d6b39a5b148a0be053

SHA256
233c0693c9e206c28a571ecf2f6609905803bb06cc7e058d647b0dca0a1696df

SHA512
fc36eb6a1070031061b9eaddd5bb049774a63a289bcc82d4f47f64f72506d508ea82926eb77f900480a4a79b77b15367975aba7d89f2e81fff79905b64731b56

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
297B

MD5
69aeb0850803530cddeeef357d027144

SHA1
2575246b15e979ec6b45f8617cdc8753c887deb5

SHA256
32931460b0364f4e086e1dd15833f8b509bb51eb21e14d8b7fcb9adb18a1df6e

SHA512
2e35f1a707a5ff2e65354a29a04d14e1d0c8207d861feddb78c959b0961992ae7f96c696c12585b640e3a0a7fac7b90a6914b8d82639148355453cafaf687704

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
465B

MD5
baa2c0f66f0ab21c07ecd7ca6023f78b

SHA1
95b7710df33c2e2a1f684865f48cafd99da4be84

SHA256
14727c692420f2f09b23cf07f725e1ffeed95fdb00e2e891386e4e21e47ee286

SHA512
a8d1b6950026ee74a7992f0001b24e71dc4063fd72cc505e7890a1323b604422fd4e1bfc2cdde38aaa8f5a5aa5bb27e8c5505986db98c9763151c57de722be90

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
628B

MD5
7d2d9e0485dfa17ee8482f05924d890a

SHA1
7565ba00dddca3ecc79a2ffc77154b07dc91a063

SHA256
86e37ed445ca73006076caaa0d8c3af076af7fc751205bed0f7e22e44a0d923b

SHA512
458f1538279bdd5447016fc32d2d4e8167caae96da2965e4f5a0dfc208d8c1dddd78d3d901872b9a0d3a6993e3b273e629f36723e8a0671c944b07397e2bd410

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
808B

MD5
34593be925ab4bca990a7b58a8a0ffe5

SHA1
eaef6c0af70951716755c4a9ff1f3a4524f7d2c6

SHA256
1fc5b47e1863b80810d84dd187413dfe77957b5e4863cb4aa66d11709db3ccc0

SHA512
c85b583ac753b14dd811d34228e02361a6006c59b40734fe3a1bf17c8a49eff59dd353f61a303c28cd645b7b717d7768229a233d2d50ef764b1fab7c60562dc2

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
1KB

MD5
f4f086f6f9af0277b684436ebe54f223

SHA1
36bb0c340e0730d7c6ea77d27a4f38008abade2c

SHA256
c6c5dcf6ef9c8b994208471d5a304001acdffac6ea5221b8c9b026065df017c3

SHA512
350bb5cd88aab34c0780d2af783675d5a17693a6979aa3ea03aafead6e7246f3549aa57b94dd50eb781bdee44fff8528ce697eb429af84988f9fac3b3e41a76c

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.sentry-native/44e33192-330d-4be3-cce3-9454b83244f9.run/fda39494-f6c8-4d3e-9040-affb2afb8e8f.envelope

Filesize
62KB

MD5
4d1cceb88697a5097f8a24eedc89997b

SHA1
1656574747f1610ff03600ba443f2e5c3fa81a2b

SHA256
ea763bdc6171428ec4071620230936bd2bf01edc9cbd58aea1d1e616f0bb6050

SHA512
8e381aecee55908f98c054792dd5cc1902a98d335a1667eab2e4a96aebf515021de11a27b4a02a7fc0cf4b2aa976ce58e2fb497ba7c6a7f869bde46453d49ef6

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.sentry-native/last_crash

Filesize
27B

MD5
cf306c32f7a2808c28787d7b4099091a

SHA1
8f72f406a478772a1f78c1a83e7d4876a7facf3e

SHA256
c075bf7bc34bafc9560928e58c23343d4074f57578bccfe59b45635027757176

SHA512
af85e609361e1881926c4355f98909c33c3ed04226bc593a005f01d8cd9d1b203f590369a2bfb7501387a7d0976126ee928cf3f1cd06c39736fafdd975b157ea

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/aff607fe-0a9f-482f-89cf-e12ac50c4abb.envelope

Filesize
776B

MD5
7aebb615f870bb82aa380d5a14ab79af

SHA1
7c506483b16a41b2b9646427a3fec553003d1590

SHA256
f4b8b53e412150fa10a3ebac26118b47005124a4f595daa9e78a19f9cd43773e

SHA512
ea1bf5228eb919b8336d4d4069d89ba39a0b842bf424767ef2ae22eba5cd0eaea32ab3ffbfc304d3c7f98de6bc88661f51dc942ce53cdd240ae00b1041bbed5f

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/session.json

Filesize
268B

MD5
d8e41faff961af3c5a103ed6338c8fdc

SHA1
6f331a8d1238f8ff187643a38ae056e0eb279e7f

SHA256
5e707e6e715c5d0ef4b9ce6b07cd570a872f2af96b9f8240fc8b1d9ab61df4fb

SHA512
5fd9811ddf958e794fd055b9428289cb31dde9b34a103690cafff275e50a349c655a5785fa101a0096e5cfbf00f06adce4bde21e4fc71a9d284361949fe7d67f

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1740089794.auth.log

Filesize
443B

MD5
75aeb228b8c608e5425602aa9a96cef8

SHA1
a6b3709413e74e64199ca8e1b0470cd90f37316b

SHA256
d8b4dd6a44043e6a155e711dbd523527d3c5e2284115f2dc6a59534d9bdecbb1

SHA512
21ae192d9a3f4f54f3a578fa0849cd3f3cb5a131b7653f368a625c09f2a0f53d44a3d78a4bbefbb195a2a4728c260f0dc9a1e5910f21cf85a67c945c855a64e9

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1740089794.auth.log

Filesize
392B

MD5
2a2911d35a9877c1eba4e46c39ae8e23

SHA1
8426d896e6efa7fe32e0e825dab9ed5be96fbb97

SHA256
63fea1cf77320ce0f69e67f32ccb627e15f4d830971cedeb71d4e6aed09443f6

SHA512
42097e12e05d6460b8309310830b3c6ba4df861272fc21ac8af03f7e8360a058c804ec0cc5f700e11a3996fd203a1d6dd3870288ab212a09baad4835bc3076ea

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1740089794.network.log

Filesize
332B

MD5
f775de61c29d6a2bc0fefe84fd270133

SHA1
2b0e8bc4c866030178cbb9bdcb1ff0db569c530f

SHA256
0442ad9ee20dab1757a0534e4a8f7588c3c708d841c8102f656ad387af788c83

SHA512
f4a8205a61fc1ffbaa0c32240b26d045b134935ce6484ba549394c119805114a5c97ad4fe751743024ec359b5bfe0d6a4592ef31abf98d07dbc240d2946fb9e8

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1740089794.runtime.log

Filesize
314B

MD5
27e5dcceb0178dd957f9e95f1e049d9e

SHA1
45a9be1eeef856c6e25881cd48d6e1cc1d9ecd79

SHA256
5b26fc617687971bfa1bda27fddc59a6207c33771dc8e767f64c5de099e6a722

SHA512
45ead47cb33369a2430e97c80f5ef80b0d7e1b0e663a8230c93b13ac8024d9fcdcf9fae2a4bfe406cd4767f5e92d0abe199f453b29dbea1ed45350e2deb50d9c

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1740089794.runtime.log

Filesize
477B

MD5
50468d9d96a156ff5025d5e1b62a32e2

SHA1
4f97a29d63a06e53cbf93801677f98d0fa0ef065

SHA256
2504ca3ef086963ea2f33198226f73d6bd97701fada26ef0e3b004a14e585991

SHA512
eede5dd9bb0eb452a2849545fd91a2222dd27dfa37011bd945b3d9244fbbe82787b94baa5e23832a2d3761b741a99702c8799ce5343ad42d023d50a4f1b8fdf5

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1740089794.runtime.log

Filesize
622B

MD5
88060c1a7466a2e28875df2ad8fbf9fa

SHA1
53e497831e63cb64c669231de520d5693fc22a0f

SHA256
7c2fccee640b04df1e6a971acb36e5923dada819f618b285b2d7437260ae6b33

SHA512
a16851275d6d94dfad98ebee72ddc915b5d012a575d36f1da349f0aa75c5db4eb8606eb16a2e6e8ac7789ce2972946efd14d9ac8e6449d6d87fd4a5e5d041381

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/osu/.auth_startup

Filesize
12B

MD5
41aa48e354ef8d9e51b36e166ed5015e

SHA1
b4b84c339534c9f95fd9b9191e703120dc339503

SHA256
6e1c5a67f7d52174f8b24c1f5b8fc42bb2000109e3207b84751c6bb1f7fa799b

SHA512
99cac217f14251e736826f20a3158e80d0619eb6d54feebdee1df33a585210ad6fd66393baf38f4b5cbf620c8a06b5ac22e663211d4cf010a829c9d209146dad

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads