b89ecafde09182f1b0eaef752d5a146c465e49d51840a9b571a63d359fd5efdd

Analysis

max time kernel
19s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
08-07-2024 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

base.apk
Size

2.8MB
MD5

ff04ad3b47d9b71753545bc02dc8c33e
SHA1

184b7979dc29ce42fcbbb033671fb928e695331d
SHA256

b89ecafde09182f1b0eaef752d5a146c465e49d51840a9b571a63d359fd5efdd
SHA512

6937975030162551b38e8d91a35b175009be470d66eb30992a460c3c9275f16e8d58295a7a20cc5e544cfb3455ea247d3c22dc6212d791de06c4ea6758dd9d6f
SSDEEP

49152:mPSe9096pV6rX+Q1VpBaHoIkoo59X9SABZ+nm98mFBXAwtWk0ESkbUxpP:mqe9b2rX+QFMIIkh9tSABAngW6qP

Score

6^/10

discovery persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

X.God.X

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

X.God.X

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

X.God.X

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

X.God.X

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

X.God.X

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4262

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7dcfa5cde39dfdd614fde9b868b87cf2

SHA1
63616d27c164be3965a238e849d025cf90f2a23a

SHA256
b458a92838d3d6c69a583ed91eaf72bb860b841d11e01fa6883fafb8603654de

SHA512
6d74988e4876a911955356387b707ceb53005bc03ea4b30ef5d445385ea191b703d74408d4210b3d0fd0606ffb209f236df0459d143c3a24a1ed2c0c9c952921

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
48eac7c979d2974632744dd7e6e29a29

SHA1
6836a7d9c5a26798338c5919724161d438ebe470

SHA256
3b728ff0b9ee5a5e7b3105a46b06f8807afa823001e32c8e40f628da9da975ff

SHA512
01c8099cd688f1c65495b6c0a5afab1e654e65852ade260d915df3e5cd3dc58352fa4de65446f4aba4d90a5337486f93481d7e3d83a778dc840d27b1c312eca0

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d99eaa2d20b66389ac8e791f12947a1c

SHA1
5b9a45a7fd27f2343f59d793b691748ba0f510bc

SHA256
2866615228c3cae6025434bb9829263d6790c1c263e39c824b5df007d94264ba

SHA512
f0e4c3f52b5706a63c8677a73d4fd2e3729a429eada090c5b7c1ff765996157abc7af4ff70021d68ccd1e5b369600e8061f8bc24cb104aafddba63f27bb437ba

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
377bfd282b56cd82af2c4315c64a2011

SHA1
28ed4501f6056acb3173380177f6ceb88c0c1268

SHA256
ebc0032f0ebfb057a8e9c7c5f1e30dce2a2a8a3233daf622aeb4acca5e524d2d

SHA512
05bba544ded15bd19f04872f7b30f735632b8dadf094c0ddfcf9fdb0eeedd9ef9f47a61e7dd031b549006ab4ac6d65b7fd1739e2c348b895f4dcfa55a24673f9

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3e881d9a01ca707bed38018ac69f4518

SHA1
5820f9351d7cc8082de6e5686eb9f8fedf6fb830

SHA256
4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c

SHA512
8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
ab0170583c47a2ebcbe1cfbdb0000677

SHA1
2d498f8b5f1653b86c8bf2d86def66907425cdae

SHA256
bf5d1226016e9cf02cbc2f5ef0abf6ce85f7ee05054c3a03303c731eed6a5d19

SHA512
3a3794cc1bf34c537b2bbb11b8e64bfcdef02fa13556b3e5bb6f6fa8a00712ddf6076cbb6b10e1c80e94c034680cb16a9c4d4de042dc0f6c80ad9cf11bff90b6

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
1c921ceb5f88f5071406ccb3476ca716

SHA1
dfe4bc1b1b2a9675f2af69371f3f623e94a50f00

SHA256
6753e3e4485a592bd92798778f4d8c877f36ea6277887bcaf0a074710b385525

SHA512
089566029541051ecd294219a2a5ee539727028a3e524c60bb6048912409925535cd1334026662e4a621aea5a158e1c24bf30d5dc05fb60e22d2d43a3dd4f991

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
ca88751df2007a5ad7d68185910a5f09

SHA1
fbd6b10b508c10f9dbb3eb6da7ac2624fc7be488

SHA256
b785348f3f7b56b550c001a9ce545f1d8d64495e172bac8ac628232f14415cef

SHA512
e1862021c72c77812a37196ca3ed2c66bdc1abd74e28a170cdc55884cd76f9f8c0ab74990a6df2d1fb4bc40ef238290d0ab5e4b9142713ec4b89304e01ce95f0

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
1518a8f85ebaf52f7fecc4e64ab8b869

SHA1
3416e92998169c0a7ef484bb250796290008d733

SHA256
7d37946c2b2ee4f121b2f63e42e3d30a70d3ebd0d28e9dadc815937c9e100c64

SHA512
2d9489cd8049f5e217684e35a3ff2b8ef1fb39b9e6742ed02eb711b0a85ea3b3c417bef72e57170f60c49bd9accb11ddde7db0b98dd64533ebebde1e80787c75

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
8f85093aceec9702fe5eab39f1b8e044

SHA1
05e22434657f56d2fcd79d65c99ddf0b8f4f24dc

SHA256
f1bc6368dffbefecb6ad0740c3044f1d6e509da5209a45cfa969161977c090ae

SHA512
d16fbb73ec4212d3ac898e7c6b8aa1002a28f923d652478bbc3998b27ac533e618542ada9806323b3608b8b8db47026229cc4eaeea7fc358a5ce907ea8cf9a0f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
a1a79b207befcafef5a6699ff6ca5db0

SHA1
53db96965e2e0e1c7a741c4653d2c8bc5fcf3ba6

SHA256
c41addc9908b53813fc926b819dad6f11292150c34b75d50bfca6c5e7441cfc2

SHA512
63ed39e8d6d434dd0dbbbab85090ed46d5e4544ae98ca94d435bb223129719183fa22ccddfab44224f7a88888c2614cde4fd31ede465d65ed64dda699ebbd465

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
bc5e9fd54f5561661833398d8e97f348

SHA1
59df9f975bc95f73b82f3df29a4e161d8887b9c0

SHA256
ce3f1f385fd4ede1d47b080b9326047c50556a3d6321fbfc32c5c2f6a998a771

SHA512
87b1bdeea640f6de9cbf08baeff54994dc07f59a076a546a0873025644a0577d5f23ffb948f091135cff2ed3bffc0ef3b3333864fb0b423355048e2dab0f5400

Download Submit
/data/data/X.God.X/files/PersistedInstallation4879156533359611356tmp

Filesize
90B

MD5
ab831139fe900a4736ddbad3a09d43d3

SHA1
e67920b6bb527a1de9dfbe178f70391d19f70cff

SHA256
19f429c29ede2c168db3386b0ec2dc29562a669a7256efdbe7865859dd7af666

SHA512
42a6b690bab8bb37a95ac15947094fdb237b8569b8334ae253baf8dfa08405a3f106a509105ce7182797dcc6b91fb94376118be847a1cb44c7a11a5419b3fdec

Download Submit
/data/data/X.God.X/files/PersistedInstallation5393547780787482069tmp

Filesize
569B

MD5
e0872566cb9f329860baac9435e36649

SHA1
8f1a31a2199080315d01843cb5316fd157f45d28

SHA256
475070251d78c6191c3eb60b1486707506d15dd4ea999037640006b87cf4e386

SHA512
c25a034fb52b403b0b6cbcc20107097968808c2189f7268fb90d2348f2130533f39818b5efd0b15a70581151c0a6f7c7addc1ff3cfb0829e734061b4a304769b

Download Submit