c015292aab1d41acd0674c98cd8e91379c1a645c31da24f8d017722d9b942235

Analysis

max time kernel
69s
max time network
150s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
27/03/2025, 05:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c015292aab1d41acd0674c98cd8e91379c1a645c31da24f8d017722d9b942235.apk
Size

3.6MB
MD5

56b1f4800fa0e083caf0526c3de26059
SHA1

5beb25a2d169b0cc691eab6c55aa6151d6324096
SHA256

c015292aab1d41acd0674c98cd8e91379c1a645c31da24f8d017722d9b942235
SHA512

174ce1f5efd4863069936c97e023a3fb5a40d18c31601d9edd4ccb34910e0fa8fb10bd5981b878bf1cb9b455aa74eea1787a72560d3db9cd37296fad6a8c47e1
SSDEEP

98304:0Lad5H61q8p3kXExUZWj1zAlk925P4hn5+mEaydKLHw:0Lo5H61TpiE+Ij1B9WAx5+mEt0Lw

Score

8^/10

collection discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4772	com.cool.pu

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.cool.pu

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.cool.pu

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.cool.pu

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	com.cool.pu

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.cool.pu

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cool.pu

com.cool.pu
1⤵
- Removes its main activity from the application launcher
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Reads the contacts stored on the device.
- Reads the content of the SMS messages.
- Reads the content of the call log.
- Queries information about active data network
PID:4772

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

SMS Messages

T1636.004

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.cool.pu/files/10_d20250327050553.json

Filesize
58B

MD5
7997acece3b1e93161a8118efb572372

SHA1
e4c3d3bba049fbf94eec090ad3a3e6060d0d76c5

SHA256
b0d824b0f0d14adf6834b017aef45370012d3d809256859003dcb3266793971b

SHA512
83c1f05c337dedade28cc10a41fd9bcac0d4ea056bc6f8223f387bb6178139066e68d21648914b485ac5076d8b11550b6ace6972f7112f1b2276697c917ba961

Download Submit
/data/user/0/com.cool.pu/files/10_d20250327050553.jsonx

Filesize
64B

MD5
9073fc9ee17e882f6df37e1b72e285bb

SHA1
a1fbb7ae7ac23a604236623c787d7d0c206b7a4e

SHA256
9831afd6b5a737221795961b6b8e96dfabfd3a2a7761b6ef95449ee4bb09e75c

SHA512
d130f31d11f90198374c47274a6040d939ac1171edafe3ba15b2a4b5fe4c30160c6cebef9ce5d9b8178c3478007a748e5c9d4fe71fb8e621e9772e1a065da7af

Download Submit
/data/user/0/com.cool.pu/files/10_d20250327050555.json

Filesize
58B

MD5
b286c1897c1c78bad308dff8ec345a5f

SHA1
1febcc86fdc099a62c04b73c8f7256aa945af255

SHA256
d2d75163b856b3282f81638ef2fef151b35de2ef392518820174604a23540316

SHA512
68eabfd420b66fafd41987cbdf519f5fbcc840e177713b926a8890d38f0923d3647d8c0a5d6497ef1dd88cc5716009c4ee74230d8736851af9fa505d00473b28

Download Submit
/data/user/0/com.cool.pu/files/10_d20250327050555.jsonx

Filesize
64B

MD5
ce3dcd03d7a18525b68c88c555aab878

SHA1
28c602df837e34eea7590dbb4337a1d91c669da4

SHA256
15aa9e0c7ef94caa0ac506ea74e643ce181464af3b2d1bffdf10f659dd76ad32

SHA512
d80088814603a0af0356cbeb7bcfb4ea3c9f660c5cd8ad3761836e28d1a4bc994a88302f8d97cb91e74cc3d84a4ef3bbb1ef7014d46b63ab9ccd2c3255c10a14

Download Submit
/data/user/0/com.cool.pu/files/20_d20250327050554.json

Filesize
58B

MD5
34788b1cfd732c4a139af2e1453e5c58

SHA1
da170242a7e40b8701b061c022c95ac739250a72

SHA256
2183a52f945ae96dc439e38180ac46f49a9986fca7ca886173f38f3cb1f1fe3f

SHA512
a61d0765222d8b2c107994e3054081879a79611b9ab094ab2b51887ea4a5954b764b8d7fa68747264d4d7d990a63489cb9e0da38c9a47e9065ce6853c0773afa

Download Submit
/data/user/0/com.cool.pu/files/20_d20250327050554.jsonx

Filesize
64B

MD5
2dbd8d774b7761ee330666aa92eefa4e

SHA1
e4f953679bd47b6fe461fe744f4f3ea40776bd25

SHA256
95b6e5d52e19457760c45cb794a405eb3b4a8ae2107b0c7c5fc2f9a35ef3c641

SHA512
413d0df3b608e1cc0aaba1fc6093a2bd553f09a312b1ace39e0e098fe5086b4f784208af8b5e5cedf0f1e1fc8dc31936949246f81661c107cb4bbcdfec92824f

Download Submit
/data/user/0/com.cool.pu/files/20_d20250327050556.json

Filesize
58B

MD5
f66840f915f13957e6a4579634623181

SHA1
60677e2e024d051c2a4c06aae7b720372d7de74d

SHA256
4ad778fde9515faf7ef852aaa7d0af36e2c3dd1457e563593a95fe1da7cc1992

SHA512
c546470399a67d8c2241f20ad2e4a19e57cd5f41caebb7831ab9a3f6da420eca0174aece857cddcd68fefc1d78724f473b0525696b2c918663b4b3293908c2e9

Download Submit
/data/user/0/com.cool.pu/files/20_d20250327050556.jsonx

Filesize
64B

MD5
42ad1f7327b0a4e81db035e54d795e5b

SHA1
28de4d561558f3bedd5db45baa4a641740fbafa8

SHA256
12960b7f2ccbdc3f1bb76cf552711d58578ac9cf0a77b5faa08ba7778ee08177

SHA512
bdfcb0c72a6404278f81302f6abfd791aa18c9aacae852fadb8d5a80db04d776447a15afb4df12275ab84cc89687ea393555f33ab5d3825f3a49fc7eb4b419cf

Download Submit
/data/user/0/com.cool.pu/files/50_d20250327.txt

Filesize
149B

MD5
10c3a6b02baefa602a4fed8d576b6387

SHA1
dc9ead0a864974f82a6cd7b431bfb3ddb954831f

SHA256
d4b81da81b068f62a87778c24eaf59b0809f866720a05c557f3581dcf707ee02

SHA512
161a438b0f3a2a2dcdb8e39b552e8ae9c007b507edba79c40a4bb021e8149a24ae07aaf20aebf0db07a84190db3b9718e2acd40657dd440923686eb74d99b9bc

Download Submit
/data/user/0/com.cool.pu/files/80_d20250327050554.txt

Filesize
848B

MD5
e6624b6f46a56f0f91fa7721f30a3660

SHA1
0caa0a0a50f648d56a8e56d0f82ca5cf42e9a90a

SHA256
b18e23717687b62e520b94b89543452713af1a9d2aa6899a5b8b76484fd74a06

SHA512
292992097d1924e959b4ad47ec183455d179ec1512d802ca59fb59e9afb8f7bbee0e7f948c0d1f2022d05bd9857abf51ae955deb3a014e3ff821bab2e2bb05ee

Download Submit
/data/user/0/com.cool.pu/files/80_d20250327050554.txt

Filesize
1KB

MD5
01726e0c3dbd5e068fad0f06eb48e3fe

SHA1
7dacca8380d012b64c6e6f94f6694f6d26e64ce1

SHA256
118857f99d730a693d57c67f019915882dbbd689cbeaee552c60c38c58dfb610

SHA512
a8117ace553042ddda9f82599720c02099b821b1191375443a691e8e497476dc18c7414a2f03969b3b851cffe7c0f44c206420c6449c17e2b591ad1277e5edc9

Download Submit
/data/user/0/com.cool.pu/files/80_d20250327050554.txt

Filesize
601B

MD5
56f1457ac6875d0dd61e838e6337c34b

SHA1
0c00b4b4cca83313217182d05f9525ee8cea3b4e

SHA256
ff366ef3cc1a5205e09f969d094a653a7ad601cfabf4f9969df0891c68a95702

SHA512
f4a5d0f5e348997e3ec334ee7841cdac425e494ef043196f8d9951cebdff74582204d147ff423f2eb89b6a8193f6dd255f1a12b175ec7bd90f4b9f49918e0a65

Download Submit
/data/user/0/com.cool.pu/files/80_d20250327050554.txt

Filesize
620B

MD5
de446b9856bd75d552fbcbc8efe5ba80

SHA1
7e3c2c9a2f2489c562fdf19480accb5314adb72d

SHA256
a9ec443a01a9d95ce725a76095f2e0e39c8ca771f507815da7c6d5a90f72bd9b

SHA512
a3fe62de10d90618f19d527d6c9e0081a8e6ce5bcad47bd34b22e715d4cd9f747990ece8096c5d306bf8c16b5d9b24214c3ae3ebe06312854ac39dc23b3a9194

Download Submit
/data/user/0/com.cool.pu/files/80_d20250327050554.txt

Filesize
640B

MD5
21737e14b7762187eda8fc533377ef13

SHA1
d7df45cf9cb4445ea283d725f9901066f22f7ff5

SHA256
65cc1adc69723e6fb0a3a05cf7c8a7bf543d90e73bbeaa2991427e5205cb3d25

SHA512
e3b28f17ff0fd483e2b16efe4db7473375006f5cbce7474dce9f1098a6658186033930a7b807c5b59e12ee7d939127dcd77d98a27b093ca3678e1035799f9cdd

Download Submit
/data/user/0/com.cool.pu/files/80_d20250327050554.txt

Filesize
655B

MD5
24a3c9fd3a009f8fbb4f09cb00998747

SHA1
c6961cdbd8e70f6e75db4d48067a318ad18afe0b

SHA256
041f060c723149e2b0c157a6dbfc4336aea23419c89bcc58c8cd8ed79748a847

SHA512
2b86f21a2f4fc4d4d0f769ddfa30218d621c8e6c4af0cda792633b32660e3da06b2c33974ab9da082c3573e93042b5b958b9e23acb4faec96fe80a285f9a48bd

Download Submit
/data/user/0/com.cool.pu/files/80_d20250327050554.txtx

Filesize
1KB

MD5
b35bda938c04796888192e7bfcc4e039

SHA1
177bc1f842ce4f1b98d2d2e3179179df6157d733

SHA256
ed919d61cabca9f27079f7a43e917eb90c9e8cebda4b87de25a06c4f3a6a3a2e

SHA512
55de49fff6dea0affd5415225a77c3f2e0bf9f2d254fdd9ed148b99babff45bd3f36e1ce157958b647b20a696ad92c0699934acf48ca19f6e0f8fa621a584cd8

Download Submit
/data/user/0/com.cool.pu/files/80_d20250327050556.txtx

Filesize
16.5MB

MD5
239066adf8fa0c3ff2de9ef1c0c6908f

SHA1
a741c56f401651bc8cde481c04dcbf64c68c1cd4

SHA256
81e5f9064dbd5538d2e0ddaa7fc5c80d988fda699a0333c342acb378b8f3e212

SHA512
453a04c6a8c2b3364771bd347d932cf834388fac199c7966bd240be1d8b9be0b54b722b0bc2326ee236c40fe29f7f020ab54c1795158a5ea703b54e477408466

Download Submit
/data/user/0/com.cool.pu/files/a0_d20250327050555.json

Filesize
62B

MD5
95c44144319fe0673262e96e037e0b6f

SHA1
6a2ab8cf88cf6a50e53ea75f827a3fdbd0d5125d

SHA256
8ec3d48b1c6fbddf13416848f1dcb391239b13bfb04b333a1451122267e7071a

SHA512
3d1e3f645227e5cfd28d875cd2c5b97061ab4130232f8479cee10f54e9c5cbf0d34328ad8a0b8ce1e40ecfe556a01db857935ee0bebd2c153257a880c978ec50

Download Submit
/data/user/0/com.cool.pu/files/a0_d20250327050555.jsonx

Filesize
64B

MD5
a7401b36ea14f101ffc98c6b9685bd00

SHA1
3b65ccf068ef74dc7e0b89056a72cf578e7b34d1

SHA256
df4a36ed1835c08ad700fcbcd1629a8e8a70d0bab00cd37139f02ba93f274f7f

SHA512
20e941b1502ae044a2591f1cfd6a8752d5cba6262ee577ad9eddce52f168970df37b1b62301d9aff2bbb5aaaf1b579db1dd357809fedd9737c85e4f1bbeae756

Download Submit
/data/user/0/com.cool.pu/files/d0_d20250327050555.json

Filesize
2KB

MD5
d782084aeff4f9228e7d509d3714db24

SHA1
44e9645a42f47eec31973e6974f195cd40a8a4b8

SHA256
fac37984d31385531cfa684c482ad09df92e71a83342e7a7d9d472aaa5b6c720

SHA512
e70c03706b3d62f853f54a6775a2d98b6dcb14f0f18a7ba680b1dfbdc072a03457c70577a360ecfb26eed4147a426da3acb6238629df75f9e681f8f215de2f4c

Download Submit
/data/user/0/com.cool.pu/files/d0_d20250327050555.jsonx

Filesize
2KB

MD5
4c9d5674f27118133cfbcd7f23a960ea

SHA1
f6b386a6befba9fe8c0ced6e73d95c74f504361d

SHA256
a2ef89036daf0a985a181267e58fdc53994544d8881311311f8c962b44f36e05

SHA512
5a73ae0789fc8f09171961eb97e071edccd90cab979841f5d748ffb2081a0473d5788c6b17e82ccf89c0e4ef50d0d4c636c527a1258b1a85e1f1c19d46e6981c

Download Submit
/data/user/0/com.cool.pu/files/f3_d20250327050555.zip

Filesize
2KB

MD5
0ac7509b374f5c456a3c9698af339a9f

SHA1
7c989a771c92c2eeca1ff93c45f66504bbed4034

SHA256
869cd19b5ccf6c43e9a087dd8e3ad413f39640dd511d8a046403a1bd54ade1ce

SHA512
ffc546ccaef60c462ef18701a7dee49250e1fa7023b5175c20e12b87c979c6da10c493035192183c3d2c701363ccbf740742fc997e9d2218e8f94bb738134cc6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads