f62c9f476ba036c70237fbd66efa1815907ee76e4a1cea328a2ce883e5d63409

Analysis

max time kernel
7s
max time network
22s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
28/02/2025, 04:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sh.ppy.osulazer.apk
Size

215.3MB
MD5

59f11c3d9bfeb933d791db251a256a15
SHA1

0f6d70e2a099eba4326aaa8c2681b11086284b64
SHA256

f62c9f476ba036c70237fbd66efa1815907ee76e4a1cea328a2ce883e5d63409
SHA512

a6d91ef5177dc86bb0281c558b709ae45220581f3637ac3d47c071b9b9ac6f09749c09631e502522589473a9558d1e795f6e9d9cbff1bb06d9e2381b6c1c3871
SSDEEP

6291456:aCLaPTVJqbqy++GYFDHctGQ0R9lFkTh6qFGVH14:alPvqbvVfmKi

Score

8^/10

collection credential_access defense_evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	sh.ppy.osulazer
/sbin/su	sh.ppy.osulazer

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	sh.ppy.osulazer

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	sh.ppy.osulazer

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	sh.ppy.osulazer

sh.ppy.osulazer
1⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4228

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/sh.ppy.osulazer/files/INSTALLATION

Filesize
36B

MD5
b49d479666e85d6cbd40276242380d44

SHA1
b4f4acaa36418db98383ffe0c3493e38bcbb9e94

SHA256
859cbba70dc01397fdec5e733d971915cfffa6bac77c05147d9bb339848a87e2

SHA512
cfac38b8854f525ab2f67fc912be221f8fab7c4e8585a1876bfb1ed1526ac875c1326766c9162be456ec72fece3b0a982ff99e5bb445f18468f8e910e0333cec

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/Sentry/9475B066A726B774C66441A00B887CE9CF16E1AA/.installation

Filesize
36B

MD5
b7b3c8ac5e2eef8c7c2a8400b6989f09

SHA1
e7074b72bd3ab5358be674cbe31b9f9559cde069

SHA256
a406d23fe3e68cd659954668e179910ef691ebd243c1007191920df8055a296a

SHA512
7c8a233196ae3d552a2ebb5edb8c41a8d235a4333b4a2368d0c29285ea6a0e3579ff680acfb8e1cc6632c8f890d12b92cf82ca1c2ecefb813aa02ec5e9b011ce

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/Sentry/9475B066A726B774C66441A00B887CE9CF16E1AA/.session

Filesize
300B

MD5
4388bf1c7a2fad7ec678b6c89f07c0ee

SHA1
5bf05027e2598539bfb5ebebf201418ee6e6c34d

SHA256
3ba3eeef30866a8d20e814a267d3c36f4d7507241b52bdfb9e4f445739d3e39f

SHA512
b99d57fc89cea8165282338c49e0a40aa3297678de79edbf964e37def1d41c0382c73475d1b324b5129ddca93a3cd7239328889566fcde6d05920855c67bd0d0

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/Sentry/9475B066A726B774C66441A00B887CE9CF16E1AA/1740715401_1812__639973161.envelope

Filesize
373B

MD5
c5468184f3aa5f37dfbb42be1623db88

SHA1
2445532fae062f9ecd65bc30187ea73deffc2275

SHA256
35f4957ed9a5e8add9659031d40598f938884d3e8e8c9d2a7189f54a79c77beb

SHA512
2560b246a17e8a58fb78a4d8cc5ad4fbbe7761bd9309e612c5b6e2ceba151053a18f3258d7e18be4f52ed2ebb4039d6629ef42b6d987188a9a453f18691b9a35

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/dist.json

Filesize
11B

MD5
ad1de469298a11a3a226717ffa0b6adf

SHA1
a5b8112395782b0674f3fc48b029c1db0847585b

SHA256
9862ad5224e3206384f056d8d230469edc064701327324dcb65e2340e7e48e00

SHA512
8da7b815e6b73c2021ab5cd1643d90176fb85c91a7caf2c744dcaf4bac121dc4c1f1d43665d6e839fd23b19c5937cf9eee97773e667b13c9b9ab385ec7b81454

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/environment.json

Filesize
12B

MD5
dedcf97dec548910cc8edae172ab5bec

SHA1
a37f222f2a89b4098cf681951ee75d76bd1f75e5

SHA256
80be2eb0944c0453a6ad339a56e1c8f39f8cc57a4e627758246ccfd274176fd8

SHA512
5e0d2b9be27ce24d6baa109ec8b2cb7e7ed3deb5622bd87ea621428857a8b8cbda98871552eb7e26df145485e83b2b3397cdbeaa4d806e955b4eeafb4a85d13a

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/release.json

Filesize
16B

MD5
2cd3f2412f21c4736762a17fa1c51930

SHA1
dc9eb0d186b2262c08db423257e293af7fc0c3d8

SHA256
6f6859895f5bc101b9d8a571de0815da0e464495ad3812a01d0b4a58bf831673

SHA512
f222947750df15dd78d84711ef0c889b063f99df95806e76b1433b005add525207c37284ba9188133bf498bd8ad80f891c471445f241b7c47634506e6339b8de

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/sdk-version.json

Filesize
482B

MD5
423ee0e659b2442f2315a872ad25273e

SHA1
6b4a6aecdc35c1744a318767443017ca63f5c8ee

SHA256
c70d2c48286bc5082f9ca492fcaa64bc6fa45e382c82f6c0b7b27211c2faec1d

SHA512
6e5feddc095cfe9d50ecd172d3b454557d9664425d1ea52fe27842f9bc5dbbc3a847c4810bef8afb63b30a2e10583d624496fbb6c6f55024cd4183cfffe0297d

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/tags.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
165B

MD5
7a2180ab1329faf573e19de1cffb1af1

SHA1
1eb13e2e9d8c74bb4e34138f86e4ca410d3ee45a

SHA256
901dac590f95915efb76ec74067563987cd795f4e54445de1b85fed918aa4b9d

SHA512
a9bfb61a6069f52dfcb4c015a08a0e59cd7a2ce2d73c64beeb3fa2ab03df13ef8fa5dd1220da4220b479cc32543ad21eee407db23cbf82cd79ad93fd4e62c883

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
333B

MD5
42d0a2438a022f641d020aac2b86e840

SHA1
d1dee248d7e2a93eeaaab5ea49f656d156d992c9

SHA256
1edf693380a2250ac7e3fb2ad8870521c4edac11c5732c21885343a6c82677f4

SHA512
90ad6a16fbe4b9ec44e37901fbf5fbd980d7e83a7ddfa0130595a44c41b5b9577bec8822fecf4517d0b52f0a7d4b4600475fa4cec354a5d10b0941ab31cfd7fc

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
496B

MD5
54b57c081ca5cbfd69f16ad4c45bb550

SHA1
4236476e9239178bdc4a631faf83737336b559fc

SHA256
915ba1e02b88dae0ea245d852f97dd5a5dfc234ba01d8d24b210ef441a0378de

SHA512
03a84b65a7a8177c9ad1ac9422d1b39beea4fe165dd5fca812150e91714285c09ba9749ee93988bbb1bbc6b999dc378b9feb0d19cd8b6bccc0aa7025fb3fbd36

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
676B

MD5
a2471533311b6e660d498be18ed10c2c

SHA1
164e6fac50e87f0abb994e24a17f755c5ad09d93

SHA256
d5c68e46e58f9b2d65aca8a0764da381eb7fbf65274348be9a798b47fb5f2c82

SHA512
ac379764f1c920e1c37686b54c83e40c9cdf5aa881bb23ede7307e3404d42d44039de8ac88be73c6219b69bc86d19d3dfcb81bb18c178717e42897c658193b19

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
906B

MD5
89e483431722bb2c60064ed26ed328ff

SHA1
5188d0f852b963bfe96865b68ec3b094ecea1a54

SHA256
62596dbb2bf528ac5de634958555f84dd52571e25255640ffec74a82c97e6c44

SHA512
02a7bc3c8cdaa381c81957604497193126b73708e737e8f94ab1069d42f81655ed8e1f8e926f1ce6307bb562716fecdadec28a828d68f1a142bc059b32ca21c7

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.sentry-native/42e04b99-1678-4691-3b88-04aafd5f4914.run/378c11a5-390d-45a5-1ea9-b729b0c81a1b.envelope

Filesize
62KB

MD5
9a27bb6ae77abf6f8bc3f3e8ada6521d

SHA1
c9839ba04b058220e5c1667cce70a5e79f24ca9b

SHA256
95cc0d63e31c3c711731dea19065e1cfca4073014684b90a067be3717111b127

SHA512
3b75246dbaaa3735789548950bb683d7d3dc6b90de12c30460e2d57767f4855a22835087734d84516255db1cc2dfffaaad2d97f325d12d708551d900cd17db3b

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.sentry-native/last_crash

Filesize
27B

MD5
faa1e5d1b963bf0aff7b55377a0dab45

SHA1
70658eafada1d7dd9f16cff96469bfde51d74f28

SHA256
128cbf5acd1556636a218a57c4d92cfdafe7fd88953389822f5aaa54f7a922da

SHA512
52f3d21a69db4ae9b21422a53b72c9bd0c09ea6dffde2ad44929e51164157e54e25a95b7d152305252ad79e3bac82a173da503d325528140e9b4b59a08a5ebed

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/c1a1e3f1-f6d7-40b2-af69-c1371b4aa3ff.envelope

Filesize
826B

MD5
2b8a327b96c7d18ddb73eca2f31d0dbd

SHA1
9165b1ab871f782489b2da59771e55b676875f02

SHA256
8b3ac3e54d0ee29e490b24df3b7f78ebe57552fc1000e3e9866bb15808733e34

SHA512
477c143621a185ba538cacd40b4f031228e799f49d200a54c58c79531a8e99036038ecd82327c1faf4d168ae76bcb17f08a1920f6c0de09eb4e1dab58fe6fe63

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/session.json

Filesize
268B

MD5
676efe8a7fb51a768093e315f70c04a1

SHA1
6f5a37e64c05423b0d78421b93d3bb48d0b2179b

SHA256
9e5b42dbc56dcf8bc9536c6ccbcbceabef6b182a82467364166ade0c9c97aa9f

SHA512
f2ec81b8616ad02a4ba20eeddf117476cb5afed9b853482fe4441f86b3984fb1f239e51d4362e97f22636f9f60ca23ae6a06b278c9f9251c52a6520603cc5bec

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1740715399.auth.log

Filesize
443B

MD5
d7d298fcc2a9d9f2b3b1bc8bb85c5a55

SHA1
59dc09c1481a6d67ee56b6fb2f058116f3e8be76

SHA256
860c73e617d319a313d86e71e97b26df96c76f6f4ace0d546565929ff2d488c4

SHA512
636ca3c36f263459e8069cdc4d7061f2ac31432833005d304941b810b530094b54443ab29c791f73398c424b76c01256ab5a788a4d5c99b53e5f86175af828ff

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1740715399.auth.log

Filesize
392B

MD5
a27a4d23bc0743188aedf40b13d614d8

SHA1
b854cad52e4087e599754072e5a8d9f7d74a518a

SHA256
5476436fc973dd6c38a3ff82087733f6c75a14bf7a940094e3b5cd17a6be89dd

SHA512
4eaae8fae7231c7f9d333acb411469f721d7be2c2806988fcb2376376b6877e90ff1418dcf480557f0a18f37557de478acca36d6627f3bb4daf79d3d9e1d7cbc

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1740715399.network.log

Filesize
332B

MD5
1178f7175aeb74f6cae2f8fce08ed3b3

SHA1
9944e4a7b4848e76bad2664c703df0e2ab2ae849

SHA256
556c71ff6501307dc809eb8ec512108ed6f2a1f01f6de2e874f8d40eef34adcb

SHA512
f9ae7a828313e0f77e58e11590d6e474e43f6e34b8ce69bc03707893355856c5c4ca209cf680da449eea1aaefee3ac153dbf4ef1f08ed9af555e2a434d3b00de

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1740715399.runtime.log

Filesize
314B

MD5
4a9aca55dbfa4fa9a83de9c374c184db

SHA1
67a10b91e89f04a80c63e31ce9622a4cec3c7464

SHA256
59cb7e217daaff63b194d72189415050331a7d578f183ff415c15c754af92138

SHA512
6a340de3e522d52cf8330046205157677079bb73a00d835f91178f9000a1816f5bab517a88309ac948d2ab8730638072849845cf26ab8f651b6fa3ead178d24e

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1740715399.runtime.log

Filesize
477B

MD5
66ae7a6fb4d9da265e840d803c5d2fe8

SHA1
ae47045c436f7f4836a68fd821e9ec7d3f1856b7

SHA256
f3205854d5d82767a1cc5b960fe4f281d65876ebacb7eea5ffe55737bf6cf71e

SHA512
f2d0ea643cca7c7d803946025dcfcbb05f827501d642cf022f7b54765e556dc86d99118fb4499c190183828037be64cddcedc5a3b0048464a6b2e2423e6cc85a

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1740715399.runtime.log

Filesize
622B

MD5
e920462fa825502d9f925213dbac9a68

SHA1
da38b69f0b50c6ebc9dd15a0d37592c63aac2a5c

SHA256
6eb9a668b84d1c38d984b027b026ad7dc4a00ccce52c476a8ae285a26e30aef6

SHA512
9e05085bbbad566b5208705730708feef863b42d37e80b1029d6221925dfe5eb45daa1754ba73a4b74063ca37640b2bc3f51e3315c71740bf6e9ac1ca241c93e

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/osu/.auth_startup

Filesize
12B

MD5
41aa48e354ef8d9e51b36e166ed5015e

SHA1
b4b84c339534c9f95fd9b9191e703120dc339503

SHA256
6e1c5a67f7d52174f8b24c1f5b8fc42bb2000109e3207b84751c6bb1f7fa799b

SHA512
99cac217f14251e736826f20a3158e80d0619eb6d54feebdee1df33a585210ad6fd66393baf38f4b5cbf620c8a06b5ac22e663211d4cf010a829c9d209146dad

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads