c65c61ad4f25a1861170356461993986e32b55e7afe1043752244a219b50fe05 | Triage

Analysis

max time kernel
117s
max time network
152s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
27-06-2024 08:26

Sharing

Report Analysis Logs

General

Target

C65C61AD4F25A1861170356461993986E32B55E7AFE1043752244A219B50FE05.apk
Size

40.1MB
MD5

0fcce1dbfe142a72075b72cca5307bf5
SHA1

0fac87f32d986cddb0ea7357008f3c4df3dd3af2
SHA256

c65c61ad4f25a1861170356461993986e32b55e7afe1043752244a219b50fe05
SHA512

0631dea72fa62d4f53afa45347ab9b113314c686861c1e14126a8a9c380f93838486e9f162b403bc89f16b7854adb030fe863465914609174da10320e858e139
SSDEEP

786432:5fzNUEwTP0RnNcPdwSA0VmmP4jQtyMYSjA:ZivTcueSrmmP4jSPXA

Score

6^/10

discovery impact persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	no.gomobile.dintaxi

Queries information about active data network 1 TTPs 1 IoCs

System Network Connections Discovery

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	no.gomobile.dintaxi

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

System Network Configuration Discovery

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	no.gomobile.dintaxi

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	no.gomobile.dintaxi

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Data Encrypted for Impact

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	no.gomobile.dintaxi

Checks CPU information 2 TTPs 1 IoCs

System Checks

System Information Discovery

description	ioc	Process
File opened for read	/proc/cpuinfo	no.gomobile.dintaxi

no.gomobile.dintaxi
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4250

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/no.gomobile.dintaxi/databases/com.microsoft.appcenter.persistence

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/no.gomobile.dintaxi/databases/com.microsoft.appcenter.persistence-journal

Filesize
512B

MD5
fb792ab0e5e29af9cfac63df3813f79a

SHA1
31abf5220f156c288ad3d36f4bea2526c5095cf3

SHA256
c106b265f3c393397c2b86c29b35ac9e27837cc05efb945ecbee2040535ce83c

SHA512
f6cdd79df8e3f53a1e32466a1b8c4967f71dc860a5f21630be9b92effd9e4030c827937ad859a48df160900318641a5ae5d849ac60035083a0c55183ebf0c66f

Download Submit
/data/data/no.gomobile.dintaxi/databases/com.microsoft.appcenter.persistence-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/no.gomobile.dintaxi/databases/com.microsoft.appcenter.persistence-wal

Filesize
76KB

MD5
f0a7c0de3b40f4782c24746fb49c6836

SHA1
e3fabd1a3fd145aa2e7e95086a4a1c8de9b69c78

SHA256
a1d22a4c072e02aff7f12df5fcaacbbfe5a1ac3bbaea8d50498e7e2de2d0fbfa

SHA512
93259be7b7a37a25a733b00573a0e3268f0ee894d93cc392b38d2bf8824e88c06fe7c152e5ea0d722f990e63ab382a18eef4e792ff1a639cead8385e19fb052a

Download Submit
/data/data/no.gomobile.dintaxi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9e6941e0726f36d3efa18a933cc81add

SHA1
76dc69ac9f432ac0cb64588fe2dfe4abba4cf728

SHA256
82ded495f44938e8f691222149929b6d10470635f2b8bfa9669c18376c66cc8a

SHA512
89713943fadb108e79c3af776f4b2242ce1d8015d77d4c61d0c9c1079533f8585a433d6e6455c07c2a2d04ae897ba44aa905dc7140c7bc3e88c88c1a0e666685

Download Submit
/data/data/no.gomobile.dintaxi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6b63b92f6d4ec960961ab1deba76d015

SHA1
bf6ffccf76f70b897c1a6cb46d129418190f509d

SHA256
a16377ad9b4b59218937f24a93699b9a7cc2409814ad71504ffb45c59fc699c9

SHA512
43e6e2290c76065c77021b625e5f31d41df9f98b2efec0db7e363c7b34bbbeccff92699465c899a34400ddd1195d67f580e4f0eb92479defdaebe4ea24fd9e21

Download Submit
/data/data/no.gomobile.dintaxi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ec5b0ca7d678f6a4e2a15f4195edd3ed

SHA1
5e74e79e8abe63fb0ed1ba9c4c7e143e522dba9f

SHA256
d6401b1461d8ba9d398a71267d9a3c3551474529587afdda7ca0f63ea8d1bad5

SHA512
3bad087a8095034fa8b7586ee9f51878d2f54fa07c61a5a5b01f4da2dcd934687cca8bcf267093dfbbc6afb47facbde8c75beb2ef8f070af099162b93f479aa3

Download Submit
/data/data/no.gomobile.dintaxi/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
3a4a2ca6d51eb47fad65c70cea9897f0

SHA1
97086c48f98668b607d8371f1c303170d9fa50ac

SHA256
93ac6be94a4ae701499be693a7f4c33072d3e59448a4e2276761110f5fb6ad5c

SHA512
6b67b251591e11691db8bd935d5c352fd050bf73c6e462a3ceec6f776c1ab62570498bca3b35249a6ac15c25f7a94e212bfee336f3a080260bd7bf0c440e18f7

Download Submit
/data/data/no.gomobile.dintaxi/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
7caf76c827d91495e6819c039f1b8718

SHA1
e5ce2fac8b0bb3c751a055a009c0ef26012a7327

SHA256
232fec5463dc3d3fec7d722c7d601aa0c7a1d40b1bc65746d0e07cd7a3ddde12

SHA512
2860658f6d989ed57839dfeb0c3ecf94e2876023ab3d2deb8b33964735a702dfc18094cc55fdfd889ca087b063547263830e9b4294ff0b04f0ee7228f27d72fb

Download Submit
/data/data/no.gomobile.dintaxi/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
c1db04e6dd40c9de9dc1344076532e82

SHA1
6a095bea170000a2abecebb3e020db197ed91d77

SHA256
54ba2aa16d2a8d12085bae402b8a52fabe3fd14fb5a502109ca370bb5f306681

SHA512
0e995a3b40ca663c809e03c086586e5364dee68fd127d6e52549e26d2fd63d32c99560e83e423d531702cf47b7e4ea6edd9a947fa74fa085797b629f74a951d3

Download Submit
/data/data/no.gomobile.dintaxi/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
050a2c5aac478b65bf69bf539bc70503

SHA1
fdc8804ae8e0f68d7545124eda8589e3335be205

SHA256
653525a9d6b9a7e4e76bd3d78ee0a652de2c8f1c83efcaf549a27c5538c3b3f8

SHA512
a2b7a00b88ca0860024627dc050129c4ff1db52e28265b0cc11a6e7ca5c77b208b8aada1ca4c04d90bee6a927cbfdbb8f020bf0bf197564fbae3bf9e986fba7e

Download Submit
/data/data/no.gomobile.dintaxi/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
5a761267c6a13c0b14027ebe16701a43

SHA1
82fdc05b8674cca315c7619daafe2cc40217d44e

SHA256
c4c0b23b4b9daa2beff9750fdb6f7d1fe620f63a02275780f4ccf9e9b17a1809

SHA512
ef5119ef0a595543ac02997215c27ef3d0b47a63eb979c0f4837b3b4e87242ebf9a3956778b48e6b61bcc1b14f177b57512fc0ac071e6de2b0e9a147007dd0c6

Download Submit
/data/data/no.gomobile.dintaxi/lib-main/dso_deps

Filesize
292B

MD5
8dd73dae129b4310d47f122d4d36b712

SHA1
6181e682038b5491909e91243d02dd97bef0b75a

SHA256
c083ac643e4c4b508f6db523a5ea086c721e7101b5460543f44947ae1d536b32

SHA512
26a6ac86065f028897ab62ad41ff4c38f3dedeb20af783d41db8efcbfd561348df6c8cbde2fe0d2fd29f7226e13ce960c133b4a684188775bf28d80d557e68a9

Download Submit
/data/data/no.gomobile.dintaxi/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/no.gomobile.dintaxi/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/no.gomobile.dintaxi/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit