c015292aab1d41acd0674c98cd8e91379c1a645c31da24f8d017722d9b942235

Analysis

max time kernel
71s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
27/03/2025, 05:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c015292aab1d41acd0674c98cd8e91379c1a645c31da24f8d017722d9b942235.apk
Size

3.6MB
MD5

56b1f4800fa0e083caf0526c3de26059
SHA1

5beb25a2d169b0cc691eab6c55aa6151d6324096
SHA256

c015292aab1d41acd0674c98cd8e91379c1a645c31da24f8d017722d9b942235
SHA512

174ce1f5efd4863069936c97e023a3fb5a40d18c31601d9edd4ccb34910e0fa8fb10bd5981b878bf1cb9b455aa74eea1787a72560d3db9cd37296fad6a8c47e1
SSDEEP

98304:0Lad5H61q8p3kXExUZWj1zAlk925P4hn5+mEaydKLHw:0Lo5H61TpiE+Ij1B9WAx5+mEt0Lw

Score

8^/10

collection discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4223	com.cool.pu

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccounts	com.cool.pu

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.cool.pu

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.cool.pu

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	com.cool.pu

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.cool.pu

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cool.pu

com.cool.pu
1⤵
- Removes its main activity from the application launcher
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Reads the contacts stored on the device.
- Reads the content of the SMS messages.
- Reads the content of the call log.
- Queries information about active data network
PID:4223
- cat /proc/self/status | grep Cap
  2⤵
  PID:4276

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

SMS Messages

T1636.004

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cool.pu/files/10_d20250327050554.json

Filesize
58B

MD5
34788b1cfd732c4a139af2e1453e5c58

SHA1
da170242a7e40b8701b061c022c95ac739250a72

SHA256
2183a52f945ae96dc439e38180ac46f49a9986fca7ca886173f38f3cb1f1fe3f

SHA512
a61d0765222d8b2c107994e3054081879a79611b9ab094ab2b51887ea4a5954b764b8d7fa68747264d4d7d990a63489cb9e0da38c9a47e9065ce6853c0773afa

Download Submit
/data/data/com.cool.pu/files/10_d20250327050554.jsonx

Filesize
64B

MD5
2dbd8d774b7761ee330666aa92eefa4e

SHA1
e4f953679bd47b6fe461fe744f4f3ea40776bd25

SHA256
95b6e5d52e19457760c45cb794a405eb3b4a8ae2107b0c7c5fc2f9a35ef3c641

SHA512
413d0df3b608e1cc0aaba1fc6093a2bd553f09a312b1ace39e0e098fe5086b4f784208af8b5e5cedf0f1e1fc8dc31936949246f81661c107cb4bbcdfec92824f

Download Submit
/data/data/com.cool.pu/files/10_d20250327050557.json

Filesize
58B

MD5
914b0e1c060cdbc02b2eaefed81c1516

SHA1
bbc59f670d7f1648e7273f73bea1dc3eea43145c

SHA256
45568fdc74691f288a7e05cced3bccfb32f79e633466d7b312c8b65de57e11ad

SHA512
ebe65fe7fc38d89ffa3e69fc6e43d24a30cdfe798b8e2ea5c0399984dda010cf982f6f0733187e05a8646caec3911b7493bb8138edd6b861b9b396f08c7c607b

Download Submit
/data/data/com.cool.pu/files/10_d20250327050557.jsonx

Filesize
64B

MD5
f7a7a85f84aa10c5f0b4e5028bde5505

SHA1
fa97532c100822a63fc5b233dd22420e15656d87

SHA256
95eb2e55f7335a96bc7f30170e6ce654deb3b1b21571f9b9a5ebedf4c9fa173d

SHA512
3a37a4a230bec9eb493507418d4ca3fb06e397031e425e4bb0131dacbd13f5ed61e0cc1fdd72db3101e7124cd23bbdb3174cb9810907438f4feb628a92db4aca

Download Submit
/data/data/com.cool.pu/files/20_d20250327050555.json

Filesize
58B

MD5
b286c1897c1c78bad308dff8ec345a5f

SHA1
1febcc86fdc099a62c04b73c8f7256aa945af255

SHA256
d2d75163b856b3282f81638ef2fef151b35de2ef392518820174604a23540316

SHA512
68eabfd420b66fafd41987cbdf519f5fbcc840e177713b926a8890d38f0923d3647d8c0a5d6497ef1dd88cc5716009c4ee74230d8736851af9fa505d00473b28

Download Submit
/data/data/com.cool.pu/files/20_d20250327050555.jsonx

Filesize
64B

MD5
ce3dcd03d7a18525b68c88c555aab878

SHA1
28c602df837e34eea7590dbb4337a1d91c669da4

SHA256
15aa9e0c7ef94caa0ac506ea74e643ce181464af3b2d1bffdf10f659dd76ad32

SHA512
d80088814603a0af0356cbeb7bcfb4ea3c9f660c5cd8ad3761836e28d1a4bc994a88302f8d97cb91e74cc3d84a4ef3bbb1ef7014d46b63ab9ccd2c3255c10a14

Download Submit
/data/data/com.cool.pu/files/20_d20250327050558.json

Filesize
58B

MD5
1bdec8b89c92cf1108e7bbf56583a990

SHA1
be7ee9c0a300f533d17abe509c1738b106473fd6

SHA256
7af824fcc229fc692fff43179a0dc19867ba6b234a12368b1ae60413697fc5dd

SHA512
2e791e401e282de8ed92a741f5f2cc3d470832238eddcb191809be1ae50f09f13cb8b508c584f093cc851d8c96e57baeb6cb4b6533b3588ba105bb4aa87af59a

Download Submit
/data/data/com.cool.pu/files/20_d20250327050558.jsonx

Filesize
64B

MD5
98de3d7066309dd3befbf477de021f2d

SHA1
e0a9e15d567326246f695c896e3e9dc5ae7a9f8e

SHA256
d5ada335c288d74a27dc6096ab7dea3c759dfdf3b358d273e7df274ee541579b

SHA512
23e13557fc0bb76c1beff69197f308de8437fa77d46ea2aae53656af861eb9b7f48b559fdbfef18087bb6f2bd10c9d942f9fd5da739e6cd8f6e33e59a8ab39a3

Download Submit
/data/data/com.cool.pu/files/50_d20250327.txt

Filesize
149B

MD5
c406665c0643bd55acb0614d2db0ef8d

SHA1
ab3963fbeb657e420fbcff0b87a4f2f9eaf023c0

SHA256
337b86fff8ddce763a9c7fe194bc1e5775a75707fc2c804046d437858dbbf4a5

SHA512
9817185714987b8d946594f8cfad7eeb0ed73fbc61897c8f67ebf195bdcaca577016a1c69fa5164200ccecd97a6a7b6d6da65bad60fe94096e50cbdc2c52dee8

Download Submit
/data/data/com.cool.pu/files/50_d20250327.txt

Filesize
149B

MD5
fc876ede31e936fcfd445fca6c05dab2

SHA1
b46aaa59ff7a119c746c1ffd402ab327c60f2ab6

SHA256
25b4d01bcf5ea6e8478979b13478464b06371ec13edf539241de23a3b2f8405f

SHA512
c89c9425240e3b94dcc603fdd354d520a01a0d8ddb87b05149602de3063bff321591c64d663ccda9c2bf049190dfec0427ef645a1b4f84da64951b7e30962956

Download Submit
/data/data/com.cool.pu/files/50_d20250327.txt

Filesize
149B

MD5
58bb6665c58b0ef3656dc633c0b82f3b

SHA1
08ffab9ce5d6286e0045e660edd9ee5a41450e8c

SHA256
d24e1806ed78b704f4a5a62245dadab96bf58cdb8d86088eac52b6c6b9e79a78

SHA512
740912e20a1b883dcf3fc3d10b2ef3e73efc3b9386e85ad6725b58029f828b6c68ff3b74ccf35e51eb2b962aac0e796490bbbcae2c4b86864f9b66121efca677

Download Submit
/data/data/com.cool.pu/files/50_d20250327.txt

Filesize
149B

MD5
f3342692dcc191a6386c45279eb60468

SHA1
cc96fa7f5291e1931e21241793f55367979d3771

SHA256
f689a80f034ff4618ab208f87715596ebd0a5faafb752055e82963197121e628

SHA512
862e22b7901e53640edab2662cd932032f2be5d904b3742522bc4d898c2d356abcf1e5855b35dd916f84726dc7efeaaeee4a31dcfbbd0eb7e55f100793109dd2

Download Submit
/data/data/com.cool.pu/files/80_d20250327050555.txt

Filesize
534B

MD5
558c080f41beeae03b3a6ab23cc01488

SHA1
f959affe2502527b5a798167d21c3241b1f5cd0b

SHA256
0c6235379e46c25647dc68e3b47b1576a3f17b51469081404c6922ac2b4d9d7c

SHA512
8cf9e268e4ab746e22f36944777eaed0f7f7a29a52795ae1701fd436698800d0999364ade922063a0b0f662cb54c4407a4e89ceab0ce3c60891383aae22719d4

Download Submit
/data/data/com.cool.pu/files/80_d20250327050555.txt

Filesize
558B

MD5
6cb15e91ec3e82861e8c622ac21d52c3

SHA1
9e1c34e820387a9c4d8a0646148ebdff4319bf2d

SHA256
5588fb25d6aebfcd0130a497d9ecc5cc68292a213a5bee8a22f8a713fa4a5fd6

SHA512
e2fe14de21fee5e4906c2e4f7e8b28d4372d41f36241d24f3bb8b5aecf0ffa8a5bbfff9a05c06a88f7bf03b085837c8b336b36c73f65570310a4ba6a34865767

Download Submit
/data/data/com.cool.pu/files/80_d20250327050555.txt

Filesize
1KB

MD5
3d69fd0ed42106bf75eadc63ac0ec50f

SHA1
8c2a1a8d142fa3a9b969f933f2c1f596a1180068

SHA256
f18c9ab75f4a1b58a6f9e3bcc5ec0a3571aee01e427400a4b4aa9983039da947

SHA512
a9834594b241dd959dae6d4190e5ede3ab17da1d5e13480ab57324138dbabdebb3316d9c0244b9d6ecfdef7e6a41d2e7b4bb960862a1762e62e8c845c6cb171c

Download Submit
/data/data/com.cool.pu/files/80_d20250327050555.txt

Filesize
2KB

MD5
74ab8314f6b4dd2eda9045b9bfa81b47

SHA1
5c94ba5bc348e232bf81cdc74961072667226334

SHA256
6894c55da5eaf6f8cff7cc8871563024d86624c86265085d99d0017bffa0f66d

SHA512
303ec0f3a0b180e935ffa2a67a3f3bc0322fefa48a2a980aac35125bc5c37bd1f5f26e1ec58b7cb5e50db3ac46626688366b7fb80745234bc163fabd61c779c3

Download Submit
/data/data/com.cool.pu/files/80_d20250327050555.txt

Filesize
500B

MD5
3e39a66fe928c1f4693d797504161ea5

SHA1
4781eb85248d5354d87aa9421dcc6304ecd7d93a

SHA256
62e666d65a7cf6b1f5f0ef546fe404a753664ec258616fc6e1fd77c300921498

SHA512
79a9e35dcb69f8c7b57fe024249c57a38f81f9ec18b8faf3b3726ca2e06084584798b7c0cc0de67a704e43ea551b22c36f6c622b74b2f7a7a66674181d019da8

Download Submit
/data/data/com.cool.pu/files/80_d20250327050555.txt

Filesize
519B

MD5
0ce2eb25d016ba4783753763526f4006

SHA1
b50c63fdf42caa96012333e89083afd5ecdb4574

SHA256
a440d73755ffb573b7421326feeea270c287afd9e9cd9ade59e3c0555e9866d2

SHA512
55f5799412be08722704cfee50b6fc7b1b34bcb6168fa68ba7828aaceb316fe603ac958bf1bb6c92194d80266c38f46a87f8f6e98e3bfbb817f3dff28e1764d5

Download Submit
/data/data/com.cool.pu/files/80_d20250327050555.txtx

Filesize
2KB

MD5
36f82f979e96c0e9d9b453e4d1c647c4

SHA1
a47a8f90d858e1c1d9513cd5fba8291cd9c7d830

SHA256
12f9f54bf8c483427264d7f3e3f478e6763a89375f16a6f2d566de259308ef57

SHA512
f234c067235730ebcce781b1964edab8cee2f1b4ec68e32056d71d0e89e72acc457ab84cddc59ec2b1330e56fbba52cf03326296c571cf49853d81de481263f2

Download Submit
/data/data/com.cool.pu/files/90_d20250327050556.json

Filesize
58B

MD5
f66840f915f13957e6a4579634623181

SHA1
60677e2e024d051c2a4c06aae7b720372d7de74d

SHA256
4ad778fde9515faf7ef852aaa7d0af36e2c3dd1457e563593a95fe1da7cc1992

SHA512
c546470399a67d8c2241f20ad2e4a19e57cd5f41caebb7831ab9a3f6da420eca0174aece857cddcd68fefc1d78724f473b0525696b2c918663b4b3293908c2e9

Download Submit
/data/data/com.cool.pu/files/90_d20250327050556.jsonx

Filesize
64B

MD5
42ad1f7327b0a4e81db035e54d795e5b

SHA1
28de4d561558f3bedd5db45baa4a641740fbafa8

SHA256
12960b7f2ccbdc3f1bb76cf552711d58578ac9cf0a77b5faa08ba7778ee08177

SHA512
bdfcb0c72a6404278f81302f6abfd791aa18c9aacae852fadb8d5a80db04d776447a15afb4df12275ab84cc89687ea393555f33ab5d3825f3a49fc7eb4b419cf

Download Submit
/data/data/com.cool.pu/files/a0_d20250327050556.json

Filesize
62B

MD5
8654c79e80ab2c22907c2aaf4bbbcad0

SHA1
b1e3156e537dfb7f8ba2f579d6a63b68f26982a7

SHA256
e5d064072a998b5411e5eafaead95ad82148e6c2496b51ebebe30459b8266565

SHA512
897130caadf2fe39af67a2a8b7f43fb93eeac4e315d78881fbcecae5c1ce116b5d0dcb7a1a0b1af77009154d4bcf5a5973baeae325b9dcf594168ddbd4282c65

Download Submit
/data/data/com.cool.pu/files/a0_d20250327050556.jsonx

Filesize
64B

MD5
283422131219e268032d2170c6cfd171

SHA1
525af061ca49a04f0248fbda40395664ef8f1b62

SHA256
d9d4fb47fed214f9835a1e46c989bcb7be0fa29720823869c5d5d7cbc6a1e391

SHA512
4532e2dfd0e0df48dc46f221bac8f715b4e909132b7777227cd1e615cef3c5012f349e3fe1eb4a178367dca8adcc4710603cb5cb61d99d2fdd18321febae44ef

Download Submit
/data/data/com.cool.pu/files/d0_d20250327050557.json

Filesize
2KB

MD5
4588e2539e5a17cbabb0fa20c42fe743

SHA1
dfc17456b708035eb6c5cb2b4ad4a7c3f999cdd3

SHA256
738f005bbf33b69b260c902492818604decc4aee5a13dc44ba9dea7e693487ae

SHA512
224d3c37ca752a96681bdaffd8ca0f429f23006903972fe8da8911510393683530e8bb77a1582d25a4c7e12e9dacc5e2515625bfba646bcce921e6c01726774b

Download Submit
/data/data/com.cool.pu/files/d0_d20250327050557.jsonx

Filesize
2KB

MD5
75c681c2c92ccb45fd0f001fd6c3ad14

SHA1
8f4e018f84500e6acf95ee083d8d1c1485c004a7

SHA256
9a46ce4bca2c02f00872bd8326d1f4c58c4aedd87f3a77e4a52d2ea838643249

SHA512
94e050fffc001e7c8c8ff5c38b79b88db1c2190609d4d5c73e94c287458401fb0de17be9aa2c0f9541abc9501fc025fc8ad6271198bc9af059b833feef24d6c1

Download Submit
/data/data/com.cool.pu/files/f3_d20250327050556.zip

Filesize
3KB

MD5
e6062d4760e1568dd74f77c02d0f8b89

SHA1
9081594425e2a0dc9cb894db1ff3edb50aa8db7c

SHA256
3763aa11ec64473eae9ce91056bcdd250a123311a22ed3fa99e07ddf22c302c8

SHA512
c9bcf29e27d69f56e2721f6b68b03fbab9c6465f9e1b018054266b2414394bf778c41cb22d703c87bc00d03b264e4ed579e7ec8b27cb7051e2d34581ac155b89

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads