9252e1cb3770d273137e7296385537f39cc12d454855268a4e24c012e6f6f3f7

Analysis

max time kernel
47s
max time network
168s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
26/05/2024, 11:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

oxygenapp-v1.0.35-api1.apk
Size

2.7MB
MD5

ba5321a8daca25db3dfebe2f4a22bfa4
SHA1

9455d01c733bf519b6e84d0d44d3c2b95f1ec0eb
SHA256

9252e1cb3770d273137e7296385537f39cc12d454855268a4e24c012e6f6f3f7
SHA512

0f2f8a0c68567c03d7a6c71d010038c8293451ad47aafb20484ca5df51145f862dc561e73ca0af4c8f852cce61dfd2d3a1bfdb9de64ba1fd67b5ff9162c7c717
SSDEEP

49152:/E1fnbIRMziyU/Hf35aM5Rbhe8EwRClVFWzZwlg/Fpmh0CB:YIRM7UHcM5jOluwKmh0O

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.doohmedia.oxygenapp.player

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.doohmedia.oxygenapp.player

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.doohmedia.oxygenapp.player

com.doohmedia.oxygenapp.player
1⤵
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4235
- /system/bin/getprop ro.vendor.product.model
  2⤵
  PID:4359
- /system/bin/getprop ro.ebot.display.model
  2⤵
  PID:4378
- /system/bin/getprop ro.vendor.product.model
  2⤵
  PID:4399
- /system/bin/getprop ro.ebot.display.model
  2⤵
  PID:4417

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.doohmedia.oxygenapp.player/databases/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.doohmedia.oxygenapp.player/databases/androidx.work.workdb-journal

Filesize
512B

MD5
d9b4b767580ac336e0320ce118d38924

SHA1
e859ec29e6434a1beb79b30c5cf15c01a8a32261

SHA256
22a2a490599947c70cc29953f9da054fb5b5c24f67774a4aeec11d161dae0b62

SHA512
567c8cebf8d8b046b709f28ed93bc892e597a0532a65373b7cc25363fd951d63dc3a78b652f133580edf65d900293af0ee115b6ab1936ecae23cd93345869e46

Download Submit
/data/data/com.doohmedia.oxygenapp.player/databases/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.doohmedia.oxygenapp.player/databases/androidx.work.workdb-wal

Filesize
16KB

MD5
cfc379b92f7ea87530cf5b9e88da484f

SHA1
b7ae7876cff7c4cea95782c88afbf0fe84c62c4a

SHA256
8681bf9be13d9ababc424d8194bdd47f8f5edfa93d793f3640b2c80cf76f46fc

SHA512
c4fb63cb5db0cdf32d1968129af06d70f08a093326bb0993d4da5d763c61cf16d72987cab4b3bb28f8ef0ece06c491c87753b702a4e3888511b36280c4ce3a72

Download Submit
/data/data/com.doohmedia.oxygenapp.player/databases/androidx.work.workdb-wal

Filesize
88KB

MD5
292188a6fc19b829c42a77fe763a4820

SHA1
d3b47053eb6143cb9740520b3092c70ab5be86e7

SHA256
f876b031a7989bb11bb51eaa27bc647864bb914c00b2cbebebb0e56bc6193026

SHA512
253008227592c87799ef13fef4c4e16500408f42bfa4ffab8165c1b72d187d1ce953c27ba64b851c220e59eb12f4fa060fd715848f63744465ba0ccb230c279e

Download Submit
/storage/emulated/0/Android/data/com.doohmedia.oxygenapp.player/files/app1.oxygen-cdn.net.temp

Filesize
428B

MD5
08f2a8c18971ed587ecde175942121ee

SHA1
bf0d6274c4f0edfb2ff01fe6954add9351878874

SHA256
c5cf331a6626a7c9289940b4e6d3b0450b020598d9679a33dc0046076a060f18

SHA512
fd17e128b90b409cd8da26953f6ee4de14ac0d7d0aee6a62d2f44b11b0e556726c0afd8cc09c27b4c830f14f8d10a5125b0bde74f68f826f18b9894ea69a0426

Download Submit
/storage/emulated/0/Android/data/com.doohmedia.oxygenapp.player/files/cache.txt

Filesize
135B

MD5
884a99bcee6bc946257492e6202ce726

SHA1
7a2176ae4f06389c03ab7bf771480248379f072b

SHA256
621c0cd98ed1b656b356dc60c98b5505dc2bceb7a11565af6b66bdf86e098c50

SHA512
c79741261276bd76f7f5fa63239f62fec9e91a67cb1cfd2bf8f7e714c16a9aee1f626d136d30e3ef075b8a3404c15ef8e35bed1e26ba17b65ee7577d3717d5bb

Download Submit