c015292aab1d41acd0674c98cd8e91379c1a645c31da24f8d017722d9b942235

Analysis

max time kernel
73s
max time network
152s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
27/03/2025, 05:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c015292aab1d41acd0674c98cd8e91379c1a645c31da24f8d017722d9b942235.apk
Size

3.6MB
MD5

56b1f4800fa0e083caf0526c3de26059
SHA1

5beb25a2d169b0cc691eab6c55aa6151d6324096
SHA256

c015292aab1d41acd0674c98cd8e91379c1a645c31da24f8d017722d9b942235
SHA512

174ce1f5efd4863069936c97e023a3fb5a40d18c31601d9edd4ccb34910e0fa8fb10bd5981b878bf1cb9b455aa74eea1787a72560d3db9cd37296fad6a8c47e1
SSDEEP

98304:0Lad5H61q8p3kXExUZWj1zAlk925P4hn5+mEaydKLHw:0Lo5H61TpiE+Ij1B9WAx5+mEt0Lw

Score

8^/10

collection discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
5091	com.cool.pu

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccounts	com.cool.pu

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.cool.pu

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.cool.pu

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	com.cool.pu

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.cool.pu

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cool.pu

com.cool.pu
1⤵
- Removes its main activity from the application launcher
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Reads the contacts stored on the device.
- Reads the content of the SMS messages.
- Reads the content of the call log.
- Queries information about active data network
PID:5091

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

SMS Messages

T1636.004

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cool.pu/files/10_d20250327050553.json

Filesize
58B

MD5
7997acece3b1e93161a8118efb572372

SHA1
e4c3d3bba049fbf94eec090ad3a3e6060d0d76c5

SHA256
b0d824b0f0d14adf6834b017aef45370012d3d809256859003dcb3266793971b

SHA512
83c1f05c337dedade28cc10a41fd9bcac0d4ea056bc6f8223f387bb6178139066e68d21648914b485ac5076d8b11550b6ace6972f7112f1b2276697c917ba961

Download Submit
/data/data/com.cool.pu/files/10_d20250327050553.jsonx

Filesize
64B

MD5
9073fc9ee17e882f6df37e1b72e285bb

SHA1
a1fbb7ae7ac23a604236623c787d7d0c206b7a4e

SHA256
9831afd6b5a737221795961b6b8e96dfabfd3a2a7761b6ef95449ee4bb09e75c

SHA512
d130f31d11f90198374c47274a6040d939ac1171edafe3ba15b2a4b5fe4c30160c6cebef9ce5d9b8178c3478007a748e5c9d4fe71fb8e621e9772e1a065da7af

Download Submit
/data/data/com.cool.pu/files/20_d20250327050554.json

Filesize
58B

MD5
34788b1cfd732c4a139af2e1453e5c58

SHA1
da170242a7e40b8701b061c022c95ac739250a72

SHA256
2183a52f945ae96dc439e38180ac46f49a9986fca7ca886173f38f3cb1f1fe3f

SHA512
a61d0765222d8b2c107994e3054081879a79611b9ab094ab2b51887ea4a5954b764b8d7fa68747264d4d7d990a63489cb9e0da38c9a47e9065ce6853c0773afa

Download Submit
/data/data/com.cool.pu/files/20_d20250327050554.jsonx

Filesize
64B

MD5
2dbd8d774b7761ee330666aa92eefa4e

SHA1
e4f953679bd47b6fe461fe744f4f3ea40776bd25

SHA256
95b6e5d52e19457760c45cb794a405eb3b4a8ae2107b0c7c5fc2f9a35ef3c641

SHA512
413d0df3b608e1cc0aaba1fc6093a2bd553f09a312b1ace39e0e098fe5086b4f784208af8b5e5cedf0f1e1fc8dc31936949246f81661c107cb4bbcdfec92824f

Download Submit
/data/data/com.cool.pu/files/50_d20250327.txt

Filesize
149B

MD5
e789c561befda2178a20b42bdec47fc5

SHA1
8d38ee4fdd8f9ba1d9bbb7ad00bec9f5cd274082

SHA256
f05cf1737a642f86671b825126e763a8d1d6198066df3fc5d7a5b81c5acd7de3

SHA512
6e378642af7d9d8bdcccefb3fd8b8986353c83bf3b378beea57d8e34f724cc91883e849d3b0d6262c4a7b7483031a578d43180fd7a113436d07100804d152bc8

Download Submit
/data/data/com.cool.pu/files/50_d20250327.txt

Filesize
149B

MD5
f3342692dcc191a6386c45279eb60468

SHA1
cc96fa7f5291e1931e21241793f55367979d3771

SHA256
f689a80f034ff4618ab208f87715596ebd0a5faafb752055e82963197121e628

SHA512
862e22b7901e53640edab2662cd932032f2be5d904b3742522bc4d898c2d356abcf1e5855b35dd916f84726dc7efeaaeee4a31dcfbbd0eb7e55f100793109dd2

Download Submit
/data/data/com.cool.pu/files/50_d20250327.txt

Filesize
149B

MD5
7e65bb67b0f43ee9ef5d98758c555ef2

SHA1
e9408f2f049b31250769f696dbdd458df048202c

SHA256
b34eaa43f9f6132fe74dd0741ad20e6caf35a159a30c5605d0a2a40df5767f91

SHA512
d420b729f7c3c30ca8635e6a8033a77b39327349d0f461b9f987a1a32f36bc406547f17f3cdac2ac24da59d205fd65be70fa927f71ac38035c32093939c7960e

Download Submit
/data/data/com.cool.pu/files/80_d20250327050554.txt

Filesize
515B

MD5
f8304f58fcc83f2e3d1828b8f966921d

SHA1
afc2a4cbd3057678d4a8d562c6e6e87e1c7f498d

SHA256
2dffba08641b703946afb2941edc495fa226e015d3ef74c3e43c651912dc6b33

SHA512
76b2a71b60673cc324454806d2d203ee80d763c5fc35a1916b42b18c7085a75cc113019ff7e8d46267d5914300406fe2f0e856eadeab4cf24e99ca2c716d09a2

Download Submit
/data/data/com.cool.pu/files/80_d20250327050554.txt

Filesize
535B

MD5
2763f1de191ef827284f6c7283c3b9a2

SHA1
144091d788f4fee55168eaaf55cdb5addd737af5

SHA256
0d7d5e5bacf287f6518ba829dfdc64e07b0d49ddfa29492629db7a9b97b41a2e

SHA512
36e1e16645ce270c232f059b3d9fae552417c45a6314b089028b06ba02305df3f6d373a95e48aff1d065bdfc08be33f2dc090d0e0aee3dddff6986c11bc95271

Download Submit
/data/data/com.cool.pu/files/80_d20250327050554.txt

Filesize
551B

MD5
708a0a917395d87808b18c5569748645

SHA1
27d7619e6d958c079dad736bedfa0c6476fd5c63

SHA256
aed952fbce01c08b5a2923a8de5c3d10eb1d7c0b7aeeb6a43d599a1feda0f8cc

SHA512
67ea6ef152a7a78754ea0ca22d9af3d298ddc24b3d9af2d79df23897aea65adc0fd629abced69d08a68775863bd6cffbb8fef3b61f44a7a17685fb307d893875

Download Submit
/data/data/com.cool.pu/files/80_d20250327050554.txt

Filesize
570B

MD5
72e5d6b8e853c9f2ac8602b8757d6653

SHA1
857c6efcfafe478c6f73d8c3343528381379a23b

SHA256
f805b9b6a2a87ad187f7e6db57f9f6ebb03368f432bf650a5161a77c20070961

SHA512
c485cddd9a9efad26e5aeab48b9886d41e283e62c2f3078559f3ca05813fd98e615318abcbc8ba4bcb16a6851f9921b3f6de2a52f28a1b2b8e719e3c121289ee

Download Submit
/data/data/com.cool.pu/files/80_d20250327050554.txt

Filesize
3KB

MD5
0d11e5c78b63c963d04748743b3303a6

SHA1
2f9798fe64dfb0f0cffadf86bd40168100a51632

SHA256
36666587a8b3e6095ebd8ded68499e699d863de277c72151d6c0c50b03fc89ec

SHA512
92b31c7e42dc2929b35e3fe1a6144f65dc1353ce11bab2a9e7444d1254043a4c09e459d3ff6f67059f47ded431ba5a9f9be59ce52fe02811ae1c4a50130857a5

Download Submit
/data/data/com.cool.pu/files/80_d20250327050554.txt

Filesize
500B

MD5
0b97fa0b3f3360333544f9e58b3086a0

SHA1
8edee772662e2a00692af6c5c93f3e405006cc7d

SHA256
98501a236e83eb99e7973ab3371c0d9e8b68095b73b7ab8558c5519fae2a526b

SHA512
5cd66ffc1f77d5fcfc7bfbbddfcfaa86a2f8c4ced2e765f83a275c0f4756973d2ba2fe5d03f049725eabdfbb7f7a39d5e13ae4e992cc5b7b54919f7c19308b1c

Download Submit
/data/data/com.cool.pu/files/80_d20250327050554.txtx

Filesize
3KB

MD5
5855bc59e7ce0bb05c19bac59d80af4b

SHA1
2a30f22efdb75422cffde7bb666d16774384262d

SHA256
1fabc1b7e5e6d6afab4b329019f2e6ba43b75ab9c778b98e6361f7ed7aad3382

SHA512
fab15c3c396e47c11cf6784ff303c382e90069d2a06cec2e39f617b7c24a6ab236e1d45a612f3ee149420ef7c320293437e03c289defbd7089bfa01c34b0d2c6

Download Submit
/data/data/com.cool.pu/files/a0_d20250327050555.json

Filesize
62B

MD5
95c44144319fe0673262e96e037e0b6f

SHA1
6a2ab8cf88cf6a50e53ea75f827a3fdbd0d5125d

SHA256
8ec3d48b1c6fbddf13416848f1dcb391239b13bfb04b333a1451122267e7071a

SHA512
3d1e3f645227e5cfd28d875cd2c5b97061ab4130232f8479cee10f54e9c5cbf0d34328ad8a0b8ce1e40ecfe556a01db857935ee0bebd2c153257a880c978ec50

Download Submit
/data/data/com.cool.pu/files/a0_d20250327050555.jsonx

Filesize
64B

MD5
a7401b36ea14f101ffc98c6b9685bd00

SHA1
3b65ccf068ef74dc7e0b89056a72cf578e7b34d1

SHA256
df4a36ed1835c08ad700fcbcd1629a8e8a70d0bab00cd37139f02ba93f274f7f

SHA512
20e941b1502ae044a2591f1cfd6a8752d5cba6262ee577ad9eddce52f168970df37b1b62301d9aff2bbb5aaaf1b579db1dd357809fedd9737c85e4f1bbeae756

Download Submit
/data/data/com.cool.pu/files/d0_d20250327050555.json

Filesize
2KB

MD5
46926f773806fb153dc42be126606f0a

SHA1
f08c59d8155d54c162e5d47da586e96d65c33c5d

SHA256
8b62bc4733fe9beeb5555211418262b128dd6b67594c8f34636187afc17733f1

SHA512
d56d6de18d07bed2bc41d8650c8ab6d473709c92a225f62ccb6332fb53086f8a71b9683e7ba95a65adaab02f69ebd8e50b9944962b31e401838a9b040f5e6f41

Download Submit
/data/data/com.cool.pu/files/d0_d20250327050555.jsonx

Filesize
2KB

MD5
3ee920993c7576068db5c26d16c76759

SHA1
da847225015e1b7f182ccfe27a781457ee880abe

SHA256
1530597063451b1006d31cbc2a42808719da33e269fcf808e81246808110f8a7

SHA512
4eacaf3f8443e3b871555a6e787a7a479eacc7558d83a7a55434b77dc7291208838a87d47c39695e4427a2af341c2f160c9ff50bf9d3b3eb089317ae09c1af77

Download Submit
/data/data/com.cool.pu/files/f3_d20250327050555.zip

Filesize
3KB

MD5
12c95972089371d9dd33a03f8c1db7cd

SHA1
391537aff2f029b25ebdbdfa571b17a42b96287e

SHA256
5919f1ec2e3844da784540c7a9c0377b8179107f7f9b5d42236f680065d3e85e

SHA512
0fa0b1c766220f9085eea71ecbceb5bfefaf4d86abcddbb044c2212c5224823b1b21e0a732ce575dec3b198807ec5136790bae0f82daf024d6bbdae72cc08570

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads