dabd27db7125df7add24fa016a826e9683d9680cbe24d63d38f77ad099057387

Analysis

max time kernel
179s
max time network
147s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 12:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dabd27db7125df7add24fa016a826e9683d9680cbe24d63d38f77ad099057387.apk
Size

1.6MB
MD5

b92d6293a171226e6b932c71a1dddbbf
SHA1

79664108e90d144fa109143f91a5e297ba20da80
SHA256

dabd27db7125df7add24fa016a826e9683d9680cbe24d63d38f77ad099057387
SHA512

3965314e69d4c52758b76fbe605bc1be6cc70b191fdb50be0c6d55f3fe1fbfb6af603cc3fc72fdeb53e8d686e186d0d6574e3b44961b8217f8bb1d8f30b095a4
SSDEEP

24576:32PiBPX83UMau1jKjbjEgyI/zV0C3FyqoEhpMjQ4OFXiWV7ALtmX9bFd:3LX8+uYjbjLyY1miLCLtmBr

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.greencity.highdive

description ioc process

File opened for read /proc/meminfo com.greencity.highdive
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

com.greencity.highdive

ioc pid process

/data/user/0/com.greencity.highdive/files/7a5955f0.dex 4310 com.greencity.highdive
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.greencity.highdive

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.greencity.highdive
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.greencity.highdive

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.greencity.highdive
Acquires the wake lock 1 IoCs

Processes:

com.greencity.highdive

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.greencity.highdive
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.greencity.highdive

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.greencity.highdive

description	ioc	process
File opened for read	/proc/meminfo	com.greencity.highdive

ioc	pid	process
/data/user/0/com.greencity.highdive/files/7a5955f0.dex	4310	com.greencity.highdive

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.greencity.highdive

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.greencity.highdive

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.greencity.highdive

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.greencity.highdive

com.greencity.highdive
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4310

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.greencity.highdive/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.greencity.highdive/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
3f163ada6479df75c00572ff69a9c93b

SHA1
f2ce07240dc285d85ae2621e53724f2dd415fe85

SHA256
559482d070b9f2b07ffbca59fe456b1b13cd230996fed66ab0210c80d116ccec

SHA512
897707341b9f88aed357f615ca616ec33a5739dc237887b3dd39cffe4b1fe8537f8bc1905f9c405e1a9964b77a75d24169ae8521ada8c21bb099e9dddcb9a99d

Download Submit
/data/data/com.greencity.highdive/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.greencity.highdive/databases/com.google.android.datatransport.events-wal

Filesize
52KB

MD5
d438ccd80f5aad9b40b7a27d6a85b145

SHA1
20285f1852e32b3e1bd7533f3b34cc2515cde976

SHA256
b0e93cb9ea38a611a40397748223bd922373ab4b2945baea9a0c19e06c54334a

SHA512
4b50ec63df3115761e648461913c55a00bdfd818ef129c02447330e8037158c5ef3dd905201e44911885cbfa158d722d447c0e6ffda9d40bbbce01e7a383202d

Download Submit
/data/data/com.greencity.highdive/files/7a5955f0.dex

Filesize
261KB

MD5
6541f54e96e194c048387b57f9422f28

SHA1
d5e6cdfa18ff910ee848e498edcb57190a346770

SHA256
c25c28bd3de1b460f42aa6210f77df7f605f7e1bf4ae78d72531d9dbd453bf31

SHA512
153e393a1631e4bd06a5147ff004a8d854805da71d7325cbe586edc6ddf1499a408b63cd0f1217231fefa532003f347d0fe076d199cad7a52ce3b0325e7cf5a2

Download Submit
/data/data/com.greencity.highdive/files/BGEaUZrY

Filesize
495B

MD5
b52101b975342797f31e5ddd674cb32c

SHA1
267368b2ea5acd703e990b2ed129795dd82f3bf1

SHA256
0d27cf2882e0439a1c52c165d711645f712471d15bf7e02f40313c2c3a88408c

SHA512
cce10e376601eae7a49d6d3f627fd91ddf3234ca8c15c5ce648af89393f2d9ec47af4af2a5bf8f80baef27c6804b3859436069d7e5ceccc88fabcfb728904e55

Download Submit
/data/data/com.greencity.highdive/files/BGEaUZrY

Filesize
743B

MD5
385fb5930d25df3bf6cfb5dd696ee152

SHA1
4000fcf7b3b7abed09edbd99de9720ab96f2a632

SHA256
e6df7f45bf239ebed06ff894e36edb1fd58b0c3f990fa635115f6f2bab023556

SHA512
178bc0ea995e8da0d04965cb4dbb9b5c102880ec25c9064d8613c8d4ae11fcb7c0c42730f38b3c1aa3a564214d9dd4f2fe092dd81ff3e2eb5e24c57062b23588

Download Submit
/data/data/com.greencity.highdive/files/PersistedInstallation4988131926035807111tmp

Filesize
90B

MD5
a2a8302b00774f9159328fb9ca2f660e

SHA1
d62f844bf32c1d0a3cd170251f03603e0195eb79

SHA256
50fef815c0a215e93258e0d5ed993798cab5ef089b056b0a07864c80e1b98e9f

SHA512
b5514107dd4473e446e9980ef38566f5d6f115a3afd2cdc2db501e4eaf9df362edcc283a8eed581cf94cff28417c38574b6b9969520d6fa8b851082da4cc0201

Download Submit
/data/data/com.greencity.highdive/files/PersistedInstallation8457414724973253321tmp

Filesize
570B

MD5
3392c3c74416aa6bcf9630bcd81d7e28

SHA1
74fc57fbfe2a3f3fec804b7995794892f1081e64

SHA256
009a83577baffeb396c8071517f443f2549d69300e4a43ad3f9586b741d78ca5

SHA512
58ee272d68bdd969cb85420f2d22570ba7fb287567b3a0103eedd46ec21b18226c9a06c8e4095a394a2477f27004f58d7d14e77c5dbb6ce4850c21929d62ca14

Download Submit
/data/data/com.greencity.highdive/files/TrPJFdsN

Filesize
336B

MD5
1d4609284914f71c47af19533a460464

SHA1
a6014ef15541337cda17c14d39e88ff6d823e430

SHA256
aab931c323b30d9f415c7109fb995caa80a1014ac101732c29cf727f017fe42e

SHA512
a79eecd7d5735416a723ec92990d55b46901fc02dc8723965ade130a2ba272971aa027ad74203ffc0fff41df1758248b286356e0ee5971317a3e40e298ab426e

Download Submit
/data/data/com.greencity.highdive/files/TrPJFdsN

Filesize
336B

MD5
830a971ce2cb8d62be1e532cfe77bf46

SHA1
ba69c9ed8664d0335f0d83e8f0e51fcad91e85af

SHA256
1737a5623b7c9916fbce857bb39cdaedce2a6184215d2db4ab9960d089033bd8

SHA512
c23ba430584dba61b46027fbf2423f93e2fe75238cef75baa88cf8849c477ac60c3ec9f581494cf16eec3b096a88925551ba0b319acf08652d5375b1c1ff62bf

Download Submit
/data/data/com.greencity.highdive/files/TrPJFdsN

Filesize
336B

MD5
75fc68ddb9ef4c174c1951cea83e7567

SHA1
b1a48938651e649f721031ba3c3322513412a094

SHA256
8411243688d380f6f9fca0661873685b68a71289db0500c4541b5cd9bbe5c2d1

SHA512
eef03c8314ce7fc06ca27717e617adcd91bb4193e8f637f26ec4c31eda68a6cb1743d833b1775df772e9b8177fed72a271f755ae68b05da30288ca5d30d18bd8

Download Submit
/data/user/0/com.greencity.highdive/files/7a5955f0.dex

Filesize
613KB

MD5
fe14e95f31460cd2332e4ffb8e4957f5

SHA1
04caa3638ac98987e15070a97f8789b7a62ed0c6

SHA256
65cb45562d19755d4e7b4828389f4ac6df804d80188d43759255f50ef72a0b5d

SHA512
403b053a3aa7314f928cd6cb89a36346e23edb074f72064607b3d2c6ad419a3679b5110ad63a06a25b5df0ca30b78f025301d218d7eb204e719577318b12f2bb

Download Submit