f62c9f476ba036c70237fbd66efa1815907ee76e4a1cea328a2ce883e5d63409

Analysis

max time kernel
6s
max time network
52s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
28/02/2025, 04:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sh.ppy.osulazer.apk
Size

215.3MB
MD5

59f11c3d9bfeb933d791db251a256a15
SHA1

0f6d70e2a099eba4326aaa8c2681b11086284b64
SHA256

f62c9f476ba036c70237fbd66efa1815907ee76e4a1cea328a2ce883e5d63409
SHA512

a6d91ef5177dc86bb0281c558b709ae45220581f3637ac3d47c071b9b9ac6f09749c09631e502522589473a9558d1e795f6e9d9cbff1bb06d9e2381b6c1c3871
SSDEEP

6291456:aCLaPTVJqbqy++GYFDHctGQ0R9lFkTh6qFGVH14:alPvqbvVfmKi

Score

8^/10

collection credential_access defense_evasion evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	sh.ppy.osulazer
/sbin/su	sh.ppy.osulazer
/system/bin/su	sh.ppy.osulazer

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.sidecar.jar	4470	sh.ppy.osulazer
/system_ext/framework/androidx.window.sidecar.jar	4470	sh.ppy.osulazer

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	sh.ppy.osulazer

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	sh.ppy.osulazer

sh.ppy.osulazer
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4470

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/sh.ppy.osulazer/files/INSTALLATION

Filesize
36B

MD5
f9945ff7908c543108d89cefb0f5f5ae

SHA1
a511f7dddbb9d5cbe76003177bcaab3c000105b2

SHA256
d0c5957c0e764a014906f41ca4740bb1e1b39d0573ce71878ebb90ecfc4cb4e9

SHA512
4d34645b1bff935f85c2edf4714c364cb612d3aa3d576a78264f569c862429e5d7f820fcb310a09954a44a31f74b595441c3071a00b1389c54ae3370594b2264

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/Sentry/9475B066A726B774C66441A00B887CE9CF16E1AA/.installation (deleted)

Filesize
36B

MD5
362b2b4d40a1891866967ad571a7b1d1

SHA1
47a6efe3eb7a4d723adba2e2d9369eda3fa4a6d0

SHA256
920300dc5c90e413fe8fb0a59d0b7fb968423fa0d9ac8c4ddc8ac443d8ad1c0e

SHA512
5d148d42e4edb940a76c1f687e2b3ea6cd8afdcb56e39708d125880035c8e04fd957e0f95c575a05018aa3cd019ff23587c37d8f09cfc1907d2934e616bf943d

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/Sentry/9475B066A726B774C66441A00B887CE9CF16E1AA/.session (deleted)

Filesize
300B

MD5
dfecc9a333130cff8370ec69e9b7a446

SHA1
50280c7f1a9a9e21d2304c48e5aac4863d932909

SHA256
051ee352025cc93e9e90a4fc2952ba5a5f917ad069be524c0355a3ed84371a8d

SHA512
1a870c8413d05334b354c155c06a2425c2ad1cc0ed7b11269b2ea99c918614c8a5cef8d0ab26d8a1776f408efe39b9966323ec0a8e86c0c0117e07cccca33779

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/Sentry/9475B066A726B774C66441A00B887CE9CF16E1AA/1740715408_-7705__605382916.envelope (deleted)

Filesize
373B

MD5
11642fc2166d9bce221ce276f147fb0b

SHA1
2bc316ab911defd847a159be019538ea3d8db6d7

SHA256
0cdaa209f2a9343a659a8775958887527fba2144ec4ece85cbc73d2f38e1bba4

SHA512
f80123ca27b863606fee50a77fd454c5c860f65ee494430173af9bf08c5d29291704b35f9316a13cb6096f01bd0340414b83980dac47cfb885dbba33ed111e67

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/dist.json (deleted)

Filesize
11B

MD5
ad1de469298a11a3a226717ffa0b6adf

SHA1
a5b8112395782b0674f3fc48b029c1db0847585b

SHA256
9862ad5224e3206384f056d8d230469edc064701327324dcb65e2340e7e48e00

SHA512
8da7b815e6b73c2021ab5cd1643d90176fb85c91a7caf2c744dcaf4bac121dc4c1f1d43665d6e839fd23b19c5937cf9eee97773e667b13c9b9ab385ec7b81454

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/environment.json (deleted)

Filesize
12B

MD5
dedcf97dec548910cc8edae172ab5bec

SHA1
a37f222f2a89b4098cf681951ee75d76bd1f75e5

SHA256
80be2eb0944c0453a6ad339a56e1c8f39f8cc57a4e627758246ccfd274176fd8

SHA512
5e0d2b9be27ce24d6baa109ec8b2cb7e7ed3deb5622bd87ea621428857a8b8cbda98871552eb7e26df145485e83b2b3397cdbeaa4d806e955b4eeafb4a85d13a

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/release.json (deleted)

Filesize
16B

MD5
2cd3f2412f21c4736762a17fa1c51930

SHA1
dc9eb0d186b2262c08db423257e293af7fc0c3d8

SHA256
6f6859895f5bc101b9d8a571de0815da0e464495ad3812a01d0b4a58bf831673

SHA512
f222947750df15dd78d84711ef0c889b063f99df95806e76b1433b005add525207c37284ba9188133bf498bd8ad80f891c471445f241b7c47634506e6339b8de

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/sdk-version.json (deleted)

Filesize
484B

MD5
e915d3c59563059738ba4d1699d41494

SHA1
424ec75ebd6b4133fa798234c5c744e816c13947

SHA256
836fdd5c4a1e3ed5648e8f3f3767094a87dd9a09e9d37c8576666808796506f5

SHA512
4320e5e56198f380da90696ef4a41e5c59dbf7c1a6551d7e7bdbaefd4daff3eb3f257608cb66af397c3ba0649e0cb4fe7585f95cb301dee839dfe67aef6f0102

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/tags.json (deleted)

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json (deleted)

Filesize
742B

MD5
5a996647ebab34cea2db5c40d715a6c2

SHA1
d5007387385e78fa48f89a9f325727507d2187d2

SHA256
77d0f740579c0bbf35a773dc30c20b8623c650f82cb78aceb5a4fb7c9c5f7008

SHA512
f68e4dc02297074a409313e2aca664207b26129b575111d8980ad8c6a393544ed1d7c80c71d55366e68f52d8832c68773f5280617aba8cc7cb5b08c49321d2c8

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json (deleted)

Filesize
906B

MD5
da689ff9c519f4d11d570e0f5e7a598e

SHA1
28c38090f58c3eff0a4b96622532d98739018b4b

SHA256
1cf829c3a089a7b50dabfe65a3280f8e520e00e2ac2dfcdeca268a72d9a58c4a

SHA512
b1dc3fa7250507965740fd7b508c0bbcb455403e498ece17e311ec80f142569fc6d772e57d254440b144308d98f734f91e4daece4f02172a3a857c3581f119c7

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.sentry-native/53e6b7b2-0bd7-4065-0c97-62cb28d5f4bd.run/3b9193a9-be36-42ed-77d3-8d816ac8cd1f.envelope (deleted)

Filesize
78KB

MD5
476004f338360ee7351d02467bd2596e

SHA1
a774d7ae82e905dacc999e5fb6ed2759039e588d

SHA256
6159cb7d5f0973d438be350668a4b2c0484b1251dfc6826c2f6c367bb8cf3d2c

SHA512
8372bba9c6b9ac5ab6f729ab95e2a20bc66360921cefa95787d19738f8cb444ee8b1e23efde08f1299719ac63093d0e919c2a613b19584df8f3e9db5d7d5a0ec

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.sentry-native/last_crash (deleted)

Filesize
27B

MD5
dc1ea1e4a3ddc7e0c73528e3d39d1b20

SHA1
638272d7dbbd5032ba41b479db7b232d26750dd1

SHA256
0afc3b3da23225d48ea769ed4b33b1ccf315df5ea16968614df9a383ec20bef7

SHA512
d5cf48f924ba3de49cba562f380dc5bd98b954632f164b280e7206ca0e7fd816ffef22ab7cdaec3a57698fab60012fdd0de61af1b72471f2765909dd238880f9

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/9821878e-e44b-43f7-b338-0e0ad902f9ff.envelope (deleted)

Filesize
778B

MD5
f36b8c71724a3781176e7aa5df339ed2

SHA1
f598de9b57c2036f925697ad409144b8068e371a

SHA256
f9c7410b67c4934b8e058c724f5d5c546779555067720c73f326de0c5c63e872

SHA512
5bf1826f341942250cb66525f79302ecb09a2c2a5f7202b1721f917e654454b382395100e756b650573d806ffed423f4df86fd652e5d05aa194c3d2717f5726b

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/session.json (deleted)

Filesize
268B

MD5
d0627fd8f2241d0c7c01fe4ae3abdc40

SHA1
7e075d510ccfbca7f338e4eeca3ba6ef4e901381

SHA256
cc987c0f17e50b735d505bd146e71854521407ffe2d41206aaf492bf1087050c

SHA512
6c25502d56418fd1f4b58f6726e543857b9fef3ec0f8db2f427a5b158b2cd40523246bb48a8c830cb2b3a02fb41b8a4173488ff3cda44f6689d06734cc3233c1

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1740715406.auth.log

Filesize
443B

MD5
cc7a3bef8afc0d42dc8de7184eae3819

SHA1
a0d6a9fd87241cc3f23e49282e60af1d9e96cdf0

SHA256
c012981779b737c4074e5731a1615b5422533acf25a88d16f07fd7d5e079dbf7

SHA512
8ae6922e991ce688b21683ea1ad53a3e40df6e86c955348a2c2de87fcd0ef6c5906ed2b4f2d3be26af184502558a930f87d65a19a41dd38e968568ec8c58b548

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1740715406.auth.log (deleted)

Filesize
392B

MD5
07cb92787bf3fa8412f77710f2679cef

SHA1
1833105745cb2083d405ede27e626bc4825d7116

SHA256
db4286784ae974d41267898235030c0eb26739aa10c9fab06a9944c64728532b

SHA512
7c29433bb5700355887b30cd97a0568de5f6a5682537df61f685c5924c17b465c1c92ab277274f46b7ed015a8d1880454b1f49a586a17690233ee6eb27a3ded1

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1740715406.network.log (deleted)

Filesize
332B

MD5
8c017ef612658f0a9d0e542cc19e67cc

SHA1
e7311d0079632de8d7c4ea0eb28c1963c8d3c256

SHA256
78f8caf13ce3014ae528237e577f818eab08c51484045f2d935588c862eceeda

SHA512
a01caa96556fad3dc97d3b7c0d1603b0165db4795006541ed5f61b1d8b54f4d6a00286ff01538081b24cda76d3cd217e1f4359bf44beb4b2410be45c71c39e4f

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1740715406.runtime.log

Filesize
622B

MD5
5adebf1c7efa7504a91e0f680f01fd47

SHA1
f25246752dfe74c3e0fff0b745f9d096f6a508ef

SHA256
f7a6232ce46d72b7fb3f62de9d793d530eecee802205a18658088a1a15fb8b67

SHA512
2558c75e028aa8a6f7fa483f5c15bc287367d9869fd3b5e97ef3e859e549f2c4214021d75b985e786a251982b8182dfc8f92e49cf51a5ac206f293853a5e6ca7

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1740715406.runtime.log (deleted)

Filesize
477B

MD5
1e60b7e83735c3eab04085a708d1fee1

SHA1
627c75a7b321667330448dd1d3f6e361475eba98

SHA256
f2b054aeb02c7789959a6f7e4566b72aae6b224a22cf2f89da60e5f2c059552c

SHA512
423673874ee173d2b8b28c879f8a456610792526609fee1687a7efeb3887bce5fc35332eb3f360132e5ed6b10b519a258f46eeb5be274a649e6eb453c420405c

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/osu/.auth_startup (deleted)

Filesize
12B

MD5
41aa48e354ef8d9e51b36e166ed5015e

SHA1
b4b84c339534c9f95fd9b9191e703120dc339503

SHA256
6e1c5a67f7d52174f8b24c1f5b8fc42bb2000109e3207b84751c6bb1f7fa799b

SHA512
99cac217f14251e736826f20a3158e80d0619eb6d54feebdee1df33a585210ad6fd66393baf38f4b5cbf620c8a06b5ac22e663211d4cf010a829c9d209146dad

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
12KB

MD5
bdf3529e80318eb14e53a5bf3720c10d

SHA1
25c9ace4b1af6e80ebb2572345972c56505969ba

SHA256
bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

SHA512
48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads