dc38980f106a1e4db217b97a7e19c028ac4b22b5bd13715a841d2b3c9751686e

Analysis

max time kernel
2s
max time network
144s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
09/03/2025, 15:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sh.ppy.osulazer.apk
Size

215.8MB
MD5

2eb93a9334b3b0811840a7393f696264
SHA1

abce7cdd868c8b1d3f50ade034237f4690131dae
SHA256

dc38980f106a1e4db217b97a7e19c028ac4b22b5bd13715a841d2b3c9751686e
SHA512

14c663709becc170af640bacb038b76cc3b7a6e51945467337ae30e88dc7f963271437700b7ce09cccd2decf685706c76b7ef10828b90d443653dd1ac7a88aa3
SSDEEP

6291456:kCLGPTVpqbqy++GtLd3FbsQ0RAlLWKh63FGVHlL:kzP/qbvTYfxh

Score

8^/10

collection credential_access defense_evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	sh.ppy.osulazer
/sbin/su	sh.ppy.osulazer

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	sh.ppy.osulazer

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	sh.ppy.osulazer

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	sh.ppy.osulazer

sh.ppy.osulazer
1⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4419

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/sh.ppy.osulazer/files/INSTALLATION

Filesize
36B

MD5
76107a869dbc030114ddc04ebf2384cc

SHA1
150d1cf568442225f88402c1d66bd3f4edf18017

SHA256
b7ac41c6e7ea8897e123a297fe0d340c47aca3dcdcee5b15ea38e0c078fc8371

SHA512
3af581b9e58bfca753e6a374c72715b735e570b7963dc1c3bbf761d9d43b588ff738a68d02ccf65ef26631a5e56a09155b23dcfee10b57ed211acf9c011d883c

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/Sentry/9475B066A726B774C66441A00B887CE9CF16E1AA/.installation

Filesize
36B

MD5
bd63c402aa31c8dde3bbe461d4dd1777

SHA1
12ee13881e2cdea5cce8f61b0a3726c3e238823b

SHA256
de1807b3c9ae8a5858b383188b5cba0f95fe3667fd48c35d65d87c3dc351a7bd

SHA512
b56b223e4ce8a4eb9c7d052a5d238f340747de82446095261c7fdfca6a18d1d6074705ff35350115990487f18077d5430621fe13dd6800875fba20bd6f486d64

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/Sentry/9475B066A726B774C66441A00B887CE9CF16E1AA/.session

Filesize
300B

MD5
ed60612f51e0ed5d6a1268abeea8f961

SHA1
7f2f7649219957f9fe60e60b73d95b400b4e43d3

SHA256
6d18079186acb3dde01ac36e5441d138e5df164f18c103c2e64038b0a850617c

SHA512
5ec5a51854eeea05b05fdaa515ab4069ae91fcf3174b40a39e9635d008e836919bf5608df26ba9929f6fb8a18cbc87410c7f2b2dc2871bfe5c07af3de119685d

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/Sentry/9475B066A726B774C66441A00B887CE9CF16E1AA/1741534424_-1879__489922604.envelope

Filesize
373B

MD5
68872718ce647d9a76bc8d5507f7269c

SHA1
382f917ba3e1d9bc70edbd1cad9d1184ed892632

SHA256
81a4cf3569dd6711bc71543ec491bc6e2090c419231da37d1d7e5ee06503ad96

SHA512
6423f1b331bf979aa1847f632f5c4d2d349bac85463c9527aeee60a0cd161ae53a9c47ac6765a30702b03ca14b44adaef682bec8cbffc5947eb3ae2374ea9ee7

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/dist.json

Filesize
11B

MD5
e02a5d37fdb7520bf58afb7c0d031f0d

SHA1
799fac8e37cd77e5cc27c5c3c7ed5fb69b1c3282

SHA256
394629839434be005b8f27417914d08ec9334307f94b8bffb3fdd4b53572dccc

SHA512
8118ecaeca1c4f8b82dd6cd787eb7fc724b3b01d7b41a6cf41314f18264372c985c3b010b23d29474615a7a11b4327036be3d87830fcd89ee8a8c8aeff2e2201

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/environment.json

Filesize
12B

MD5
dedcf97dec548910cc8edae172ab5bec

SHA1
a37f222f2a89b4098cf681951ee75d76bd1f75e5

SHA256
80be2eb0944c0453a6ad339a56e1c8f39f8cc57a4e627758246ccfd274176fd8

SHA512
5e0d2b9be27ce24d6baa109ec8b2cb7e7ed3deb5622bd87ea621428857a8b8cbda98871552eb7e26df145485e83b2b3397cdbeaa4d806e955b4eeafb4a85d13a

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/release.json

Filesize
16B

MD5
47495f3efa1225d9e30d8a3245b12f75

SHA1
ad3db8100b62bc62aade3cb9cbfdf70001c9bbd9

SHA256
34ee486c5fa9bbadaa0346334d92a9026d18b660f328dbec508fc4d86fa88a4f

SHA512
4ce9fd906111a08fdef3381201745eb3979f4068d177b86ae023d86dcf5d8f3edb63f910a35f6c617d892074a1ad5b78652590adf8af3bc5ce36c2b2cb7befe2

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/sdk-version.json

Filesize
482B

MD5
423ee0e659b2442f2315a872ad25273e

SHA1
6b4a6aecdc35c1744a318767443017ca63f5c8ee

SHA256
c70d2c48286bc5082f9ca492fcaa64bc6fa45e382c82f6c0b7b27211c2faec1d

SHA512
6e5feddc095cfe9d50ecd172d3b454557d9664425d1ea52fe27842f9bc5dbbc3a847c4810bef8afb63b30a2e10583d624496fbb6c6f55024cd4183cfffe0297d

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.options-cache/tags.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
165B

MD5
66fb25a60136a1fec8a36b50affb550d

SHA1
c47a0bb9b6d0b97eb290d0e7083b2336b3e75f8c

SHA256
ff8949dbfb7e0beb9c428fe6889fe70db6b896897c9bda588b460e1444beb639

SHA512
72a700bf18e8c095353f7bce50d39f7ed8a20006a12e62c76f2d68e1f7fd95d08c9781af4cbbd58af1024bf3aebc9a41a853ceaa38ca67786960d03fd7869a8a

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
351B

MD5
4b43eeea49bf708ee83f060f1e1b9bae

SHA1
1ab0b0aac423b8c9f00c13bf82bcd70a160337fc

SHA256
7b881bf1164d9572f2f5a7e99e4343b76bd4eac770dde348e4927c4b9a477a7b

SHA512
67c5410e37b9911218e1e25cf7a70b11135767d65abb3795c014443b8bb36b160a0a92eeb196d131df67bb823e3dda26121d565af69aa40546782823789b1169

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
483B

MD5
39211ce424395aa88e79d16eacfd64da

SHA1
63397b427144f431038c7aa815689c0239ee90df

SHA256
650177ea3ef7b147859d695a61b3a754f54268abf1fffa6b6e3d1577e79351c3

SHA512
30701073405797c3ff6b1953ac4d81b0f3237d70b086c8f294338ecda69425eec664c5e03301c11469de1fd267200c63a95f976c4dd9eaa3fa4969c85b7bedb2

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
651B

MD5
493d427616cb3e33aafd6d98b52c4388

SHA1
0c74d452c07bdbcb96b6494e2d821cd07e53faaf

SHA256
308c1c1c708ac94eee86e5852d4b42e3be65c7e64a70b887325285a3760b9a7d

SHA512
f0e8c969f01f2d9c44365a3aad548d0de75f297362029b1220e1449a3b8e4c84ad27434cdcb7c1d1b575b970b1e6e76999eac17d36bc66b8642f6d77fb79ac11

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
814B

MD5
569114c14bf1ed2012b6487d5a192c75

SHA1
0838f5b6c8f77a622fdc7c5e7d1585ca7554e3fe

SHA256
aa5f6d2d8c46e81ecf4f65a1b3bca669e41ca4aca3364efa2f515f563d76650c

SHA512
46e3fa0384275cc780b74b1d915c3e371c4e8eddbb4224f36d9645f12de100fc2fd3fee5b22b2b645187ac90995e0c2e3abcac487a01995acb3a3b759c4a4f74

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
994B

MD5
27190615399b7629075f6d6e569f20d9

SHA1
036a50f8262f4c3c337c07db2eb8c7d9081f9119

SHA256
e801b0dad0080d97b222abd01f326dd6d141d2f8d15b8eb1cb29d5bbba9a775b

SHA512
b7f3f4cc01c3bc8127a3d7eeb2c35b9947216905499ad6dc6a7d0783c75dd054eddc238628fee74b5c6c082d27d26842287e2afc0c51755c4263145447436d71

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.scope-cache/breadcrumbs.json

Filesize
1KB

MD5
045e6d7ff2c778a02e4b72c92a344e91

SHA1
61d3e9a1adae8f8e1747efcf5e3ae28fdfc271c3

SHA256
f00f7c506424c9781e1be07c707aaf86aab3ac10dd363d54eb56d12add81ccce

SHA512
ac18e98c54458d80bf528e6dc0b80cd13984f0362399a98868818b36ade806353d32718d74c9f349a6cf3262bf3607f3ea512b3d9ebe8894b27d6b561278ae2b

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.sentry-native/b2922651-289f-4ec8-9836-ef2696b90737.run/f55f1681-da30-4043-3b66-60bf2f1b32bc.envelope

Filesize
62KB

MD5
af6581f652354dc37a45164b9390506e

SHA1
337ef04e245d186fc61c12862bc009ffd454c21b

SHA256
caa8426a01bb827c5f986faa307503f191ac424a0e9692740a7d97248bc3c993

SHA512
bc7a4592d62f0aa83b4280b4c9e4ece1f42591b82119114e3ceb9759329e100949e8d0174c8d41dafea9170e61f0f0072857fdd2e7227f7c0863bfbce92dbc12

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/.sentry-native/last_crash

Filesize
27B

MD5
22428dd235e5b78092ced0bdd083113f

SHA1
cc2ff734fe0ef1660c54031c3ebd0438d43dfe79

SHA256
22d7c59059d11dcf49618dce4cb7485b1b653a227d73af360dd6eef28a6ed77f

SHA512
6c3605f1df2f0f6cbeba3fd6a0d14a64a8c9de04d4b99e42df3656257e874843ed540784517eeabd5de4194a9d5cac147498371ef0d8b70f55b750ae5131beb0

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/385966e4-c9d1-4a35-b136-cf3b18a1339f.envelope

Filesize
776B

MD5
1496ab55847e184f195c914c6d5352ad

SHA1
92d3aa7a84adab657c461fe0916412e81af69c6e

SHA256
b5d4f4deb4d46e047cf13e2a75a54c810651a71d99658af4b2144a0691d0ee40

SHA512
d8afe69a131799fa2ba5792c57a2493dfb8ff7128a0cda10643775408600dd3fb9da94d75fb4ba810238e4c0cb290d71c6c95928aa7c0b62080ca2415ee6bd81

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/cache/android/9475b066a726b774c66441a00b887ce9cf16e1aa/session.json

Filesize
268B

MD5
2b6c1ce3d154472333022d07b50757f0

SHA1
ee980ec23e0a5ac88d35f15b14944b525f822563

SHA256
321d82296f8d98ec4bfd4d2553cd7f551baae223976c1cab0f697fb8b7bc4063

SHA512
a45eca233a9eb420738d680d01fce52a0daeb63cc390fa415dda2fe54143a91219d02226624e65e3b06fc459a8893591b1d50597e9f80008bf777bc5289a7171

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1741534423.auth.log

Filesize
392B

MD5
3542249b3e85cfdb93f8cb02565930b5

SHA1
2026a426e5c9026359e14e7bb5c25e6e1bf73c88

SHA256
454bf33c2523f39be75450268b2a75e579d532f357c3cc21a32f8e6eb07b6997

SHA512
84aea6fd0e9e2adb2e56a14e5284e5bd273465281a29fe61995a76d21f92de05fbd81d78746eb8eb8994599d72152097154df71d7d59efd5906d28f40395c288

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1741534423.auth.log

Filesize
443B

MD5
ec8d6f84e870c427eeb5745f44af7b10

SHA1
2c6e5a525a2f25580b6d8e5da9e4b11923273e2f

SHA256
83f946c1f72bf07cfac7d435ee8cfa0a05062e070e726c09c4b10c3292fc5a97

SHA512
cab1bcf0e46c06374d1fccaa3fe65468b78ff598d8769ff20a628989d9bc00c82cfc8f80d6dadcc6e7aa586236beb44c824820b182af0691fa660b6ee8657ab7

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1741534423.network.log

Filesize
332B

MD5
df8d372f811abf73170ac53da919ef0d

SHA1
9babd7eb797e5235afa1346852bbc8e625776c3c

SHA256
f9d55742354f2f69d47f3b31c7f5342bb5a47cddc32f7b19a3d1f05824ce6582

SHA512
db9016c8db1d8c5394b24595f3f40dae219960a65fb5020105a3736f00f40afa7c1be01617871f851e8fa154bc72481015ab95a8a8db33c230086113ecf14430

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1741534423.runtime.log

Filesize
314B

MD5
04e6b2f07e641824169bee23c6b476ad

SHA1
c491237741d2a0d2621b2191668de04afd0a1b9e

SHA256
d42c53b9e925da25ab91f1eac4913723b38d739ff6019a2aaae7b8a8da25806d

SHA512
95a3c29a0b376f283d5e0db709b2b8d7c5fd741153e6026aca046fbf000fd4b01bf9c33add0379800b2c71f42d6d3a01df5f53d57031df2171f156b7ed02bba1

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/logs/1741534423.runtime.log

Filesize
680B

MD5
2773b13f21132c9ffddb050eb786f118

SHA1
013a0ffd47f01fedba36947c3c717541fa2c687b

SHA256
9f46a8a42396b175b2d9b8edd539159d93f027d1e6221fb8b90155cc411fa260

SHA512
fc27506abb54c9c26b20f4dfa10d286e643dcfba10406f91cc2334be1aa4ca76e5ed2dec6bfb70db163048c3282f2888b4353c921973f21c32f4b9f245cea5d4

Download Submit
/storage/emulated/0/Android/data/sh.ppy.osulazer/files/osu/.auth_startup

Filesize
12B

MD5
41aa48e354ef8d9e51b36e166ed5015e

SHA1
b4b84c339534c9f95fd9b9191e703120dc339503

SHA256
6e1c5a67f7d52174f8b24c1f5b8fc42bb2000109e3207b84751c6bb1f7fa799b

SHA512
99cac217f14251e736826f20a3158e80d0619eb6d54feebdee1df33a585210ad6fd66393baf38f4b5cbf620c8a06b5ac22e663211d4cf010a829c9d209146dad

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads