91494ac3740da51f0715ef2c9d40d975c367ad4dd52d27cc0e8a0151571b0072

Analysis

max time kernel
71s
max time network
151s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
28/03/2025, 22:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

91494ac3740da51f0715ef2c9d40d975c367ad4dd52d27cc0e8a0151571b0072.apk
Size

1.2MB
MD5

52118a9caf8c636aa12403c2a3375a0b
SHA1

f479c915f44793d80e0ea5174692415f22db901f
SHA256

91494ac3740da51f0715ef2c9d40d975c367ad4dd52d27cc0e8a0151571b0072
SHA512

5c614cb5d69631900049c806c4c3fda7ebdf420dbe71e63d6d97f7b748f0f43e8da8202a96f4f9b18c0d60294c517748e435fbc04f0de354380bde2f62caa13e
SSDEEP

24576:pFtCeaFt0AsrmaobBeWI67vT4m51+WtE0jI:pFtCQrEQWIxJWu0jI

Score

7^/10

collection credential_access evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.rasugames.pls/app_com.rasugames.pls.YYYYbaseGGGG.YYYYBaseApplicationGGGG/newobfs/0.pobfs	4504	com.rasugames.pls

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.rasugames.pls

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.rasugames.pls

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.rasugames.pls

com.rasugames.pls
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks CPU information
- Checks memory information
PID:4504

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.rasugames.pls/app_com.rasugames.pls.YYYYbaseGGGG.YYYYBaseApplicationGGGG/newobfs/0.pobfs

Filesize
1.0MB

MD5
345d75e49ee764ba2fbfe62da7e52135

SHA1
9038a0429eaaf4320188b83d19846da1f6fe23ea

SHA256
58be2012978d591e91f405958df0ec204a10e72c8e9438b42bce172025b8f222

SHA512
e1d02c3e14acbc839843d20ba8ce0c6abed7f402b0963f541d8b1c41a50e8e0f56444666c409c51df5940d64114707e974f6f1c55d03488cffbdff918383ef59

Download Submit
/data/data/com.rasugames.pls/files/config

Filesize
130B

MD5
b38b86f40ad560e2d824b2bf52e2ce7a

SHA1
94ce3d3bd1653ff8150f46c9256bad311a80de02

SHA256
8008cf46b1936977cdbdbfcb90f55227374527b6f91c1cf1437cd440eda20c3e

SHA512
86aa3c4e5fdd75d88c66ce31b5ec796f15245c64793ffbfee360338b949c116fc5df3286a4c19601da10506a237a7ea7ee5728c9e33917c40be6419a3d21fae2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads