26c66da28ce0ed61a696886af8fcf510a0cf40d14287716467610e21c3645e1e

Analysis

max time kernel
20s
max time network
132s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
28-06-2024 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26c66da28ce0ed61a696886af8fcf510a0cf40d14287716467610e21c3645e1e.apk
Size

2.8MB
MD5

f808f8871b6360e6a1a28e641adbbc27
SHA1

f8ac7955bfdf8f3303cea5a46fdcb359e7a36047
SHA256

26c66da28ce0ed61a696886af8fcf510a0cf40d14287716467610e21c3645e1e
SHA512

07f99ca702e7c8e4db6aeac14dd440bfa30d32a62a8665a527a8feee71bd3ea4868997e875a13b626985f9e84962898d7f0ada412470df8a13050542604acef7
SSDEEP

49152:sfngviGN7xmC8LQqVDVmRErDKv+NH/W1xvidHS+xLMwOMqFO3ue1B0BQHff5JxvA:sfng6C0C8LQq/rDKvgHMOHZxLC/83TA/

Score

6^/10

discovery persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4249

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c88bcfb3b65dfb950be897aae10b1d26

SHA1
8f5c8d1bee388328123f52f3a8d3bf33c3911a8a

SHA256
c3a298e2d40fd2208a0fa8fb26e1170e69ec978fc21ffdc4ce4679b916acefab

SHA512
008bbee590c8d6e23e4703629e651db3ec6fac5d08cced80c013e5f5caebdc582e68375a4ec05b7293d256d665253509719fa7d4fdb751dc3af1c7646f25a587

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
cdcf57a0964c3bd7bbb7f630da8348ef

SHA1
35084dafd24771434b3cc3d7240315f9839c14ba

SHA256
1d5f839a79027591e81640723b2436bec072102de39e151417f9be81fb9da847

SHA512
823d17802ceb43839d39e5f9625a94b877cc8a22c65789c15ec12898c5f6c7b6a72c1c11eb2109d6a2c653a9b5ac0d5b9cca745429fd56495f79e412ae6ffdc8

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4468b55da6d69fd04a3c1a8d9127201f

SHA1
91a815890cc042b8eeac1a5572ad3b372e3ba56a

SHA256
43fa9a1826d880943a69a5d525fc36a07cdb629a15f25e1c815c2d0ca0737fca

SHA512
4ef3938f64c3124a3cde3c4810d2ca02bea74c5b00f1d1c32ddde3affea703130078a0103524718519ceba0e1ff775730a5f8cbff17a9fe70d51fe03d3b7dc41

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c66ddf6b725cc59b5794d8fb272936ed

SHA1
b0adeeefc8924b2c9ff834a26ff9ce9814309dd9

SHA256
bfaac8fa3a96e01abbb0100294ea38d53ace0a9b89d7d047f79ca0b23c802ebe

SHA512
30986951f6c8cf3a1a2000b0c4a4c6112690939ac8b1032fbdc129a570cbd0da56f484f031d19bad319dd70429b3ebbb88f0caaa0d42fea142ead14167c1611b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3e881d9a01ca707bed38018ac69f4518

SHA1
5820f9351d7cc8082de6e5686eb9f8fedf6fb830

SHA256
4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c

SHA512
8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
8e39a33152c6e5109b74f092dda34f90

SHA1
9b43b5b142f136412e509f863df4b5ad3abfc4c0

SHA256
2769940a7a251cac215cbbe1427f9ed52e249a0ac895d4938e1e69cc3ee163c2

SHA512
36cc7cb3e24a51944c53c296939827639eab66ece05716a4b2879532c3ac0ae07093d589a7aa168449a35061c01d322174730d4c17e56f048dda59331c55ea4c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
9d0f31617d3eb8a2d49c83858fed48f0

SHA1
57b1215e7263c656f04aac8f14295d17acb8de57

SHA256
6a6759ecd6a2ea977732cef3e9ab760d9b71fa724e166288493c3e5776f5ba66

SHA512
0f1f5c2051553f73880289454151b4e76ec8500920be457843026633cc9ae577f4aca5a6eb63f0a659430c5e54645f53e85040b7236cbfa7a4ae601660cf0f09

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
603d075e12b1252ad5a3c0db40843f95

SHA1
6a87df8614776c7e15a867860dec5a74cf86eac1

SHA256
741cf0d46dc80fbba95c8fff76ed14565caa55f6c43fa2c0b155540dbbbeff45

SHA512
be72fe29071fb1d1fd683cd11c86b90931ffb5d55860c6c1c8b4ef0a20da1a4c2a8f12e41413d73266218467baa0da6d01defffe96b701630bdb7c776a966aac

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
a68a2e26daf4ac481cc9838970e6931b

SHA1
2ebeb558d62bd7feeddd5b54be40a24837cb690f

SHA256
ee29f0f80bf69e8733e940d20549ebf3e3647ab759b63a12b68811d0d0bd104b

SHA512
ba8cc367c3717febf448680b800a2d4e9fa4183052a811bfc2c4f923322b71ab3e655d9bb7ff4c5fa695f9160079cd095a6cddba74367176ec1caef6df3b2a0e

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
f45f96c318a2d8c31afffea5c796328f

SHA1
974c3df68a6c330faacbf6fe69deff840d655e1c

SHA256
4168952d483e00e8a959d8e5f407ba3920bb4d3bdf97d941475697211a39aae7

SHA512
6395e92d431dac51cb5feb62a003cde06b50c1e728568de778f460e2c8dde63a2c04ca4ae40ecc76e2edbe9a53258cea6afc9c0a5dd63e375fa9a29a77814bdc

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
05b75f055111b4d171ec50680caecf30

SHA1
e17a4942101032d259ca3758fa400865471c7571

SHA256
97fb94658107c545ae69feb5b093248d48d91d9a92cb6e1357d2a5a335d6de4b

SHA512
73c1e3346d5ff33b867418b941ddac85b766d214c9b66eea9b9e25906dd10e6bdd3211cbd5735737472ead3e5f6bf2b60c05b92eec5eb43f6d9aabc1ee478f06

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
dd00cf76cdcb4825d4a05dd0a2d354bd

SHA1
c13e07f0700cf5b2bf40c5b19efc6ab9e9a8023e

SHA256
07a70265b54b7aa4d261428bd1f65e585aaad4baa60c892442b5d315443ef269

SHA512
a3470d296c93e3aa0fb94d6e8da25d350459ad253e007c17566ecae69bc4167a1436187092a3bbac8516388330bb0727a467cda8dc84c6d17765ffaa50eabbf5

Download Submit
/data/data/X.God.X/files/PersistedInstallation5645559257305553948tmp

Filesize
90B

MD5
5151fde755c7afaf291171f9fc58237c

SHA1
bc4ae17f9b214877679b0f6edcf77396ca480cb6

SHA256
130c47d36510b4eb9ee0cfd82b99c62a436fe3406a337eee01732575a078b396

SHA512
fa44623143a63d6eb284c01556f274369b51f9b5389e72f4bfa90a199230130398d57c43fb0eb04bc59376c83011018dfa8c4cdb1fb41484156f726ad85d06b8

Download Submit
/data/data/X.God.X/files/PersistedInstallation5842636252868270865tmp

Filesize
569B

MD5
b55cd4eebc139e30943a4fc2d75be79b

SHA1
8afe3ccc860babec6287f9672dad7c6b145a2be7

SHA256
0446415dc88c00a7c04cff909478d583dbd889252c9db6313f3647bcd0e07add

SHA512
73b5a1ddc8dfcaf1855959c5ba454939c7084081fe91fb3ee829de32e893817fa7ff57c571db26d29b0b605c000e74569a7af976940716aab64c43659f503e0f

Download Submit