dc38980f106a1e4db217b97a7e19c028ac4b22b5bd13715a841d2b3c9751686e

Analysis

max time kernel
12s
max time network
154s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
09/03/2025, 15:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sh.ppy.osulazer.apk
Size

215.8MB
MD5

2eb93a9334b3b0811840a7393f696264
SHA1

abce7cdd868c8b1d3f50ade034237f4690131dae
SHA256

dc38980f106a1e4db217b97a7e19c028ac4b22b5bd13715a841d2b3c9751686e
SHA512

14c663709becc170af640bacb038b76cc3b7a6e51945467337ae30e88dc7f963271437700b7ce09cccd2decf685706c76b7ef10828b90d443653dd1ac7a88aa3
SSDEEP

6291456:kCLGPTVpqbqy++GtLd3FbsQ0RAlLWKh63FGVHlL:kzP/qbvTYfxh

Score

8^/10

collection credential_access defense_evasion evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	sh.ppy.osulazer
/sbin/su	sh.ppy.osulazer
/system/bin/su	sh.ppy.osulazer

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.extensions.jar	4480	sh.ppy.osulazer
/system_ext/framework/androidx.window.extensions.jar	4480	sh.ppy.osulazer
/system_ext/framework/androidx.window.sidecar.jar	4480	sh.ppy.osulazer
/system_ext/framework/androidx.window.sidecar.jar	4480	sh.ppy.osulazer

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	sh.ppy.osulazer

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	sh.ppy.osulazer

sh.ppy.osulazer
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4480

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/sh.ppy.osulazer/files/INSTALLATION

Filesize
36B

MD5
14614ad533aba37bedf17df549d410f2

SHA1
8286441c85da250eae9dbb4e02b6a5db38fdf72f

SHA256
748b6483a213582c5c727f1a511948614e1d41651813dd19cd902bbf5de0a544

SHA512
96489fede4e182cb0c4184eb33049324289390fd791b8d61eb988519491c1f13ec2c4f4e3ba1bb395a4a7779fc9b2d6031c28f9224a8d6b1e725d626b0a17850

Download Submit
/data/data/sh.ppy.osulazer/files/profileInstalled

Filesize
24B

MD5
53b8ac85d38410117c96ca88b100c190

SHA1
abd0965f9bc81d562d3de16a90cbe0ceb319fedb

SHA256
29166dcedd3b78ce6e9c95200680b760c1263b6335b38aa676aa5d8b13e03f66

SHA512
7d93e590d6d6e0bf02de5e93b2fbe29a8e30ef584ea328937d7806cbfaea0d953c27d36f866c4ee078f23ed3fa9d0000f23a69e5a44dc3ce2bfe1103bab677f6

Download Submit
/dev/goldfish_pipe

Filesize
328B

MD5
21fc0463029def6ed39fe978c4aac7e4

SHA1
6608c7a2cd007f3332d912d9d6e12b941b340d1d

SHA256
515d88020651df51bfe8f8468f51b3aeb30ccc3425299479111a36a8997939f1

SHA512
20cfdb0a3fdd8c9833852b8e9d9084bcc497e10def52b52400d23477bb847a3cc21e65fbf6c132fd8cbabf530e3d4a34d287bd5c4843fdcf7bcd019cb3da2061

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/dist.json (deleted)

Filesize
11B

MD5
e02a5d37fdb7520bf58afb7c0d031f0d

SHA1
799fac8e37cd77e5cc27c5c3c7ed5fb69b1c3282

SHA256
394629839434be005b8f27417914d08ec9334307f94b8bffb3fdd4b53572dccc

SHA512
8118ecaeca1c4f8b82dd6cd787eb7fc724b3b01d7b41a6cf41314f18264372c985c3b010b23d29474615a7a11b4327036be3d87830fcd89ee8a8c8aeff2e2201

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/environment.json (deleted)

Filesize
12B

MD5
dedcf97dec548910cc8edae172ab5bec

SHA1
a37f222f2a89b4098cf681951ee75d76bd1f75e5

SHA256
80be2eb0944c0453a6ad339a56e1c8f39f8cc57a4e627758246ccfd274176fd8

SHA512
5e0d2b9be27ce24d6baa109ec8b2cb7e7ed3deb5622bd87ea621428857a8b8cbda98871552eb7e26df145485e83b2b3397cdbeaa4d806e955b4eeafb4a85d13a

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/release.json (deleted)

Filesize
16B

MD5
47495f3efa1225d9e30d8a3245b12f75

SHA1
ad3db8100b62bc62aade3cb9cbfdf70001c9bbd9

SHA256
34ee486c5fa9bbadaa0346334d92a9026d18b660f328dbec508fc4d86fa88a4f

SHA512
4ce9fd906111a08fdef3381201745eb3979f4068d177b86ae023d86dcf5d8f3edb63f910a35f6c617d892074a1ad5b78652590adf8af3bc5ce36c2b2cb7befe2

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/sdk-version.json (deleted)

Filesize
484B

MD5
e915d3c59563059738ba4d1699d41494

SHA1
424ec75ebd6b4133fa798234c5c744e816c13947

SHA256
836fdd5c4a1e3ed5648e8f3f3767094a87dd9a09e9d37c8576666808796506f5

SHA512
4320e5e56198f380da90696ef4a41e5c59dbf7c1a6551d7e7bdbaefd4daff3eb3f257608cb66af397c3ba0649e0cb4fe7585f95cb301dee839dfe67aef6f0102

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/tags.json (deleted)

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json (deleted)

Filesize
165B

MD5
e63d87f034dcff065c7f7ad7b2b149bb

SHA1
cb69e5a9d27315a54c717d08b454515532cd3fae

SHA256
9a8092868f4ccff9063e52d465947d33b7a1846cbab5ee41033e1f352c37371e

SHA512
78a973694661abcfa02d94ec187fadc420daa9fc3cad535a6f25003c3fa33a8b9fe62d8fed38b1d797751a5cb72f1fa6d1ecd11ffd675357d34752444dcbc210

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json (deleted)

Filesize
333B

MD5
b913169bab6392be1afa6517c8f86bf9

SHA1
b594fcdf9fa2e3b0f0b4dc47e391d7a3b87758d0

SHA256
f6880229d35bf61a653d1059ceb7603f442a7a215a156b0ddb923614ea76d560

SHA512
c4faba966ba225cf3575841c1ec9ab4edfb0d4f4b4374497d095aead3cfa6b05e5de7749dfd3ee332d49791dc7ca33744521350552ac5b947c9ac6e480cfd249

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json (deleted)

Filesize
519B

MD5
0c923122cdb4bff8685c69b9e27be430

SHA1
08ec8560957c8b81ff9998c3e1110a48f3ac458e

SHA256
c20e2109e7a281607db9155e00698f59337c705648ac518d7bc50148eb6b5d58

SHA512
ca5db09fdc4d9002aded067e9ac9757b21925112530329c6363cfc5f4868d24cf2391abf2d7661a9344cbef315982f5e1e39ed23e92f94b27a6f55903a5fdf6b

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json (deleted)

Filesize
682B

MD5
12208bc51f476019ac36d179c59ea82a

SHA1
74b49a98395589404c25ce1775e322f275922b1f

SHA256
1664100c7ac72eb2a3c4c4fce517d1992e854ee0383f50927079870a16a31e7b

SHA512
db1cf90092c2f573f29c3dcb579ff3a01eadee196e7d35d15c63d5902d257dd6cf0e93a73ae9f44eedf4ad139764717f045538ce5585741332edc2e180f95c7c

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json (deleted)

Filesize
862B

MD5
7237e8e25199bdda132b0d89328ab698

SHA1
74e44ac436c672b9c410200accab303e14a30eff

SHA256
dffad421fb635f7d9eb07c739fe4cafac7b29b1d8227848f731332266a6152b2

SHA512
ffdc9c1c09b806f004f425e7293e0b920fdeb62b27cdc6f02662accbbfa639c8fe11c50f3ad9a86279aebace7736b3401e50d9eeb06f305433519ec310c76cc6

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json (deleted)

Filesize
18KB

MD5
b913468c6a45cf546d8e1676a2c7c0ae

SHA1
fa29abfa74835f7ccae21ebba15e547b021f3d96

SHA256
036444b7176c93e6b4c9d5c710c1af607e442a84239d0ad43d18c8744496c499

SHA512
faac63e3cf9bde4a4d9c2dfc314896106ef672b9a9ecec914b9a3432894093484030ce7856f117009f51f4277ad6c70c560d3efc88a0794832760ec100687b70

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/user.json (deleted)

Filesize
29B

MD5
ad0c9ad384831e2bf3603dcc92e93d90

SHA1
4a41cc41f11df837cc039fac8929a83ca3e28beb

SHA256
7d0acbfcadc26ffbbd00817d4f91974ee8a59a48b279c19603da7437459fcb9a

SHA512
45d03cf23dcd41bc93b17353182ed2091cc55807b4815164216493cc376b2e26124177acf0e23d53ce09d70493fe3d52b1702913a74f05fa515063effbfb518e

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/79af1939-35e2-4d37-b781-3210b24f6d6d.envelope (deleted)

Filesize
804B

MD5
aeb62dd70de133f9d4a8f2c82b67ffc3

SHA1
892092e3376766c03a174bdd44f29f46dbb8206b

SHA256
b527d9cbd791a50c1b3cec38ffbad65ef33056aa669c3f390b5c2187138dcb38

SHA512
42a2aeeac16fa9597d9ac0c8630fe0d5afe19f62852c669e74ec446239f0d14da330225d8eff8f958f6790aa18ec1366b1d317285e0a64a1597bbdb03261f887

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/session.json (deleted)

Filesize
268B

MD5
79c0bcbc1813a35fb81cacf022f2418f

SHA1
192d9fbd2a372bfb128591dc75f67a5cfdcd7adf

SHA256
8dd1ce23f420a1f8c8f2c6373e4b78b83cb13259e10cb059740ff632e499b207

SHA512
18d47952c6dc1894aee09e5170ce7fcef58434cb2f13d756d2eeb8641cd4a61bc8a7ca4b6412c8a39334bc1ec55bd591beaa04435001c54959f529f7273c10ab

Download Submit
/system_ext/framework/androidx.window.extensions.jar

Filesize
123KB

MD5
3056e1bdb7d4e19789d0319eff484bd0

SHA1
6791ae47aa9466fe0bca27ad6643f846853bbee4

SHA256
8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0

SHA512
c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
25KB

MD5
29469324e59dfcc052f24b5af4e7b2c4

SHA1
10c1e17ac6f598037bb51baa07945663645de4eb

SHA256
9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a

SHA512
5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2

Download Submit
socket:[60430]

Filesize
39B

MD5
1de5af833bd6ad6c24533bbb1949c61c

SHA1
632454721d0dd41876a19f3866a812849bba481b

SHA256
ab199acf69461901a6991c38f4f599013a60f7b508783888402c5451a25304c2

SHA512
fe9d2ca4a7b8e20883523a7519259d852f7ede24e368f531a4590a8d7460d8422717066c5984e0dd5a7f9da130146c196a29d1204b71595ef108c406ca8d5251

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads