0dfb898292c16c395943a38ac8c5eb7b4e9f7d72781cb901df295ccc279717f9

Analysis

max time kernel
5s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
14-06-2024 16:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eblagh.apk
Size

2.7MB
MD5

d790728ab443c2f8cbcc75436d015667
SHA1

f5e7c9f2f978cfaccdc83af40496644496e7199d
SHA256

0dfb898292c16c395943a38ac8c5eb7b4e9f7d72781cb901df295ccc279717f9
SHA512

43c5eefd1eca0e29e3ab48066f0f3ffff19985e0fd23897205302479f2a2084f5eabbeff07faaf6164bc67ef69c75cf698a5bc0e3b491ecfbf2f75e3a82f9366
SSDEEP

49152:w/mbwyKDDDDIDDDIdRnNOA+Wj765PNGtCkJ97xxZPk66gEYiNXZ5qI8ZM/xXgqEN:ejyO9n+WK5FGI09Tt6fYQ/8wXpEsQ

Score

6^/10

discovery persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.general

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.general

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.general

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.general

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.general

com.general
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4238

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.general/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/com.general/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2816b1806e57de5cd7accaf6983c3c58

SHA1
cf848aea462e671d5000c6f80adbc500df8ef719

SHA256
4f0218edaa12264780cae9fdb537fc5764a3330b4990d36274cc9d727be0863f

SHA512
1c0de2b12615ea29f0da2b28b89d552bbf18f2b4b7b9d5b5de93bc2c7803a8704d705370a8cd7343dee4ad0e7758f6e626e57f375f8c0ca6e70d9b0e8f0f8351

Download Submit
/data/data/com.general/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8db1cd6c2ea0974f13c4cc8556add39f

SHA1
fdc23eec353b60e40e3c93ccc05397f8333fa149

SHA256
423292de8d660cd112145dc65b5c10ee1245df3a623d58861e8e4c8beb5df32d

SHA512
d89acef4650aa2cc3bb1433906a6538c862b3878e4120e0fde22f74238bf54961442597682ecd1c954607c1a022e6161af42cd45a57f07970dca2b0ae52ba07a

Download Submit
/data/data/com.general/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b58459941bcfdb7dfad5a7e18f3a9878

SHA1
aba68e044718aa8e1e2e6809f095ad46c9cd30d9

SHA256
f3f2d838619726af640b0e3d78530348cdfaef0578949fd4cafd4715ac7793cf

SHA512
1dfd7a3ccb8ecf7f28df76f661b7aa78a1e13f22d8b27b6a5b87cbbf9bd0af28b6279027d76c7ef89baacd4a940b2370d79735cd7e09f0a79e0de2ed903dffc5

Download Submit
/data/data/com.general/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c9fd7ff08d697789ff21e43355d0c9f5

SHA1
dffa841ee32f1329882154847e60022647b4aab1

SHA256
75c178ce99acdda8313cb4a6f9de68ac2a909bb3396e7f816b9e2a6bfdefa966

SHA512
5877b5347e78013b004b628aed276f03db9daa76d4b3efcd0fc0ff2020d87c9607f4d947320b86132304a112bd4d7c3710eb1937af4a841ad37b6b4ec80a5093

Download Submit
/data/data/com.general/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.general/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
91aba17665ed322ad11485aa01e34cf3

SHA1
0e24e0b3581c1f10c9a53577a57e1f12d6e5feaa

SHA256
af64668f6e51eea6d7c1c71094b4d7d2a8be27586901e7cc8d2fc04d5c53b773

SHA512
67088f2116a59ae35dbba220eb8cb6ce104570e727e4e3cd6caa9fdd87c8ddd9c892e145894dd3662ad9f16fbe5be1bb600642f416f8087954bd3df269ed8f40

Download Submit
/data/data/com.general/databases/google_app_measurement_local.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.general/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
0ffccbf5ab6571f735ef08760d673c75

SHA1
ac2f0f20c82226f8b78b27e9e883b20374f5a1ed

SHA256
94a2d66c1f5268c6120d8b6d079483ff1a2bc54f6004c7b4f682cfbea68d2889

SHA512
afa94075417978cc025c1635cecc70e7947da4bc06f88baf01306e540affae506cbe8746f9fede364e37487bcb85bcc7b6df89eaa03b7874911d34dcbc2b0f0c

Download Submit
/data/data/com.general/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
4285a358f153e0a83c8c147343e7ba31

SHA1
5398ec1ecf150a5ad41f8d76b1d78e97e6e3f8c3

SHA256
f982105a09cedb0e50983b56e9737fae9cf47a8b4370b09f11037d99b6a6a4d6

SHA512
6ff0270dfdeda3df4b19c585b6b3af16760c44b057b506faf0e05e3914030e78211beb6d3c6cc274297056ebeab8a39d946db706755d760d945c234982c1ebc5

Download Submit
/data/data/com.general/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
ed60388a4234890c3679d4941956a5ef

SHA1
a4e603cd6ded85bdaaf5b2aa4114b5aa21cb05d3

SHA256
0b005a74a61d0c22687f685303ce804c280258a9c13f857fd2908d692e2a66e2

SHA512
53bfbe91156daf0689276218e3820aefab78f07357c4c20b85efda025a7a0adc0ec9550d65b3ab2a64896ffcb08906d29be048c82795c2bf43a937c026983afb

Download Submit
/data/data/com.general/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
1586223913aa56d5a57ec32a1cadad45

SHA1
625af0de6c860e055240f2c812cab4d2abd5ca7a

SHA256
a7fd8de6000db091982ea7e2a1d1cf06e3454d34f230784b147e69e5fed615c9

SHA512
ebf68ea50ac77982827d61fa8c17306b559ca31e210841603428fc752916609c75b43c12ca52e78afe9243e689d14ac20f0a6d7c37bff1eca766c44822d4120d

Download Submit
/data/data/com.general/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
26f6798e2cf99a77cc7de354434d212a

SHA1
9188f51b5800ae32e13c39471d305b19880ba819

SHA256
c6b7f3b67c0b5e22a6bf6924c9392e73275ee735d08cb9df9c63296374363dce

SHA512
e7600e57c39db8ac2e7cc983aab6c2ab6f7506a3036589efadb32e02fee6f3b252db8cf12e0ead8b6165e5bec466dae77a9c5628fd6f3d4bf3f11c26fd5c519b

Download Submit
/data/data/com.general/files/PersistedInstallation359774148897556296tmp

Filesize
90B

MD5
52d850519dcb0afbb270a695328c72e3

SHA1
02176dd7b93a46c911ae9cc3f9b63d4b961e8c12

SHA256
030d68a38571cac14b0693dff1531d4502329ee0413cef1b1c4c189d4a53519b

SHA512
39e555021f4d593b7e2e6c38519b74e9cea76423e8d0342814bd8d03ea79ef90ebf2e4acfcc5ef856080cdaf7545dddaf59b9a0fce49305eaf3205df13bf4e82

Download Submit
/data/data/com.general/files/PersistedInstallation936996682067516974tmp

Filesize
569B

MD5
936d40acd9f420eb3132fee21411efc7

SHA1
6457530c61f5a9b0f9ce56522b05da4473abd82b

SHA256
7c14d29712f7aeac72c420c96ed7e0cfbe13f86a77e60e8207eb64f0ffb7034d

SHA512
0fcc3a47d538ccd3c9c6c771d5a33ab6c1f3d299c44f5631671e10a6640176fb7e7bb071825fd7215707ad51ea453fb2aba87e2444ff61cddb6c56b7f1e3c762

Download Submit