5d8cb5eaf285f9d58916feea7bc60b07a9323ca458d280d2f02e93df483fdcb8

Analysis

max time kernel
132s
max time network
152s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
28/03/2025, 22:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d8cb5eaf285f9d58916feea7bc60b07a9323ca458d280d2f02e93df483fdcb8.apk
Size

2.2MB
MD5

dec61e01a02c596fce64597aeea6d443
SHA1

61c8c6a0989151c71c8f760044d9e280bc15f639
SHA256

5d8cb5eaf285f9d58916feea7bc60b07a9323ca458d280d2f02e93df483fdcb8
SHA512

87593ee0f158524e13453617d5b9cad96367b6bbe36ea1b2ee97102c7a2904209e14b3e3a6032fb9f857b99e4de33b28dcbb455edb50bc9c957c67308b26f91d
SSDEEP

24576:n2w4m51+WtE0aXONePUPKIwFJKNrEaHDLoKF4FtJg:0JWu0UCNLo+4Ftm

Score

7^/10

collection credential_access evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.rasugames.pls/app_com.rasugames.pls.YYYYbaseGGGG.YYYYBaseApplicationGGGG/newobfs/0.pobfs	4505	com.rasugames.pls

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.rasugames.pls

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.rasugames.pls

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.rasugames.pls

com.rasugames.pls
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks CPU information
- Checks memory information
PID:4505

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.rasugames.pls/app_com.rasugames.pls.YYYYbaseGGGG.YYYYBaseApplicationGGGG/newobfs/0.pobfs

Filesize
1.0MB

MD5
e2b8dffe48c4167867e8ab29c687e508

SHA1
94553b39e4758fe201eaad64efa4320a3bc6e41e

SHA256
7d107918329c2362d072f66713b547a6189d66f9ee45a999736a3aedbede6746

SHA512
652a96d16042208cfe8949555fbc84d2ca8fdaebfe3656455030044e45a84e3799d8e6b2c28ad450483e38d3602797392317cc37c17ed9f9d8d80d811db8aedd

Download Submit
/data/data/com.rasugames.pls/files/config

Filesize
130B

MD5
b38b86f40ad560e2d824b2bf52e2ce7a

SHA1
94ce3d3bd1653ff8150f46c9256bad311a80de02

SHA256
8008cf46b1936977cdbdbfcb90f55227374527b6f91c1cf1437cd440eda20c3e

SHA512
86aa3c4e5fdd75d88c66ce31b5ec796f15245c64793ffbfee360338b949c116fc5df3286a4c19601da10506a237a7ea7ee5728c9e33917c40be6419a3d21fae2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads