b0b006464c4eb6ecc09ebbcea91f56822f97bab9d8e4341d362ed94257c76aa2 | Triage

Analysis

max time kernel
30s
max time network
127s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
08-07-2024 00:14

Sharing

Report Analysis Logs

General

Target

Edalathamrah.apk
Size

3.6MB
MD5

137051f21856123cb25530994883e1cc
SHA1

024bdee3a7bec368a8a460ac09e07e361776451a
SHA256

b0b006464c4eb6ecc09ebbcea91f56822f97bab9d8e4341d362ed94257c76aa2
SHA512

4579cbe55dad6ad44a14b166124fd047aca37aed136258dfe5d976a27e955239568c3091f502fa4d7b11b3136a99e453b99508385812c373f6a74cdc6e2b8c0b
SSDEEP

98304:OAyaNOBvwbNZapFvjvyjJUy1lDB3uQ5ZWqyOSvNb:8aNOFwbupFbvyjJlfeQHWqy3b

Score

6^/10

discovery impact persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

System Network Connections Discovery

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

System Network Configuration Discovery

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Data Encrypted for Impact

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

System Information Discovery

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4244

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f8fa7943f64223a58e4e6121dfeff89c

SHA1
60fad780b8c496217b6751fa2f0406ef60ede1d8

SHA256
e2d0b784e25e7e9687fdf7ec3131460efadf961b53b23407d84b0a72694d4ec1

SHA512
86be911225e58e17edbe479a989f9cc21f6f5ce2453655910a42d28aa638c636f874bd3cb8679f0a3b6189e367771285c398f96c6acb9b2e69cf07f266b08639

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c8f6e37b25967c0712795833d77f861b

SHA1
6a8b2d831ec619d50e9b06de06902dec608b5696

SHA256
82321791af7f86188e218a7d596af531e35617e8269b89a7dc64db1fc183af6f

SHA512
8b9b15e99d12015af2cff6112ef550155647d6c449f2ca3a022e28b650823fdcd6700022b700c52adfe6aed6d0f5e4e72541bbc963850a7de18001ea6705a123

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4e40ea28ee44925d09d5a2c7ef61f350

SHA1
579e4e6c03e6f0765ca501e6b07a032f28f1ee11

SHA256
f46b37778a3dd2ad0374173e99737b7770d8f8ff1e1c42c56f9807d1ac96b932

SHA512
b8f24bdd3428830ac5265af34f8c490f6182ed0f693d43e6af1f1463fdbf38f2b76420cf53585f2943fc3ebac1bc4a6de70dab143c738ceac4120af31b03fdef

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0a80e960b7c361418d1fc1e9feb35c0a

SHA1
e7317e9079111d4b09f3a53d48919e176be4d9d2

SHA256
5078795d6e0afe1d2fd35cf04c2ff7706e3d6a1a10d1d997f6a9db6c7264d6e4

SHA512
87ff9b82082154425cce88a68ccc1a02a6c7a54238f8a481f4e181b607e53f8a80881f2eaa18c9dc2f82afdda20dcaa39234242af46a20838a1c35e5c180929f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3e881d9a01ca707bed38018ac69f4518

SHA1
5820f9351d7cc8082de6e5686eb9f8fedf6fb830

SHA256
4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c

SHA512
8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
04bbb4f5cf57f58e2355bbb4ddb04437

SHA1
c591d75060b19266cda4172320ac8556c0f8728e

SHA256
b7b657246852df0a3f99173dada27bada4bb38ff4871c80d6ed1b27838738556

SHA512
5122b6a2325dd464d8e80b7404e42b8034a1916bce13061d7849e07f48286e487cfcb9d01883e471920945cd5d67d3455c022b16bf56f1ffd6615cd79565fc0c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
55e2d72d1bbeac92b09a7ec51ae6e645

SHA1
0158f7936f8d360a0e18e3d61a3d89f2f8952d1d

SHA256
ab3b460b8440cddcfc094404f6e99750fdfa536a376eb9911497009569e43ff9

SHA512
c3465987e51c0f882274af7ee442b4b4a64d71a0469221af10355ee07e824a5027eb0ebcf78ccbbc55baff581324ce4761499aa0203fd5adf58237e966bce1dd

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
3a402ee4a85b9a666d4711751d189361

SHA1
d4261ed0cf7430e8c10bfddfeef47a2b1cf325e5

SHA256
aff552a4051923a070098c05e3bb0bb3b213991cd1024023e1d08e837fdf59b8

SHA512
5eb681c9bb9516bbdb1a1a6691d2d418287f2f4044d064160dabbc30f74aef397f89f7a4ef4e7e7e36adb4df2b1ac8fb6c528ff3ff68b26fd6387d698503335f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
4aac03ba8c75754cf4136575c94c0d4d

SHA1
1a9ed50e492faae779f3ad697acbcee60d100832

SHA256
47b28395be8b46de8e61ed86a27ce64247233b769c726645e93f4d3a9fde71cd

SHA512
eebea913799c1c5470b71bd57b654d00599bba049608819782c976b2f08b808e79b62a2b5b1492a567c503812d9e2fd8a69656ccc812c4948021950a216fb7f0

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
5e1d346da78b65970c9bf02659fe4015

SHA1
d88890e040ca8f9be8311bba5286f041ecbcbd5c

SHA256
db098026861c7cd6ad9fc96ed0b7501e82ae55068043e341f2bf6f714455e6ad

SHA512
d7e923a36e20ed83e721db07e26c3de0479bd2c6a811bc817b2cbf40f77fc5bc534df7d75f0455a7b6cbd8ec5b0904a7fd6fb7f230d9a12b0896ec302dbe7809

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
417613b14ba7bfd44eef058214253943

SHA1
40e48a7d0d593dc6ad6b170dffcbce22d85dd614

SHA256
a251c00aacaee348606982f9d4cbf34de07a01c8e7c32745a44ae931192e8cf4

SHA512
ba6763d58984bc6fab69a5955fdb93cc5e5b9473f80877a78e8bd78aea8a642acb93cd3ec19acb01d602ed89271da8b43f23b892832b3c6b8e692ec5ecc1355c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
26aa4d2d04b7c072abcdf771068f90ae

SHA1
66e7818410cc940a129e477c6db2364fd8a22f0f

SHA256
5666ac996bb4146b12598cc937394852fdea70623c1d71873f7d2c9ed8c7f980

SHA512
95647e589588b27b4bd017a624a621fb8a8a83575db359161cc670a615d734564fef3ee8c3cd8f0665c44f057c19cfe3accf564a5cd37415a386c05a6f2c0107

Download Submit
/data/data/X.God.X/files/PersistedInstallation6240819198974408316tmp

Filesize
90B

MD5
e5ad7eecddcf948e3540bf7bfd4b37cb

SHA1
b36899df12f858d2dfc1f3e418e67bc48c75b3a9

SHA256
353ca3bfe9a601dcb7e5726e495c9dc62a72a29fe49301b0cf4eccbf3f00f987

SHA512
8f3c643d6f68f2cb83c4b17134265f955c945317b1d7162a1bbd56e12e98f882d83a57128648199cda32498c403d105270e459058d6cfa4d9d2a105b44b54a2f

Download Submit
/data/data/X.God.X/files/PersistedInstallation7091098365760158838tmp

Filesize
570B

MD5
cde19c5fe99ebf13bf60f8aed9ee1f11

SHA1
9ae21249cbd41fd7eebcbdda6d85efde668e104f

SHA256
f7163d26793fb3ea705f85eac2d47279af3f14560793019fad5616fbcc3a0e27

SHA512
2bf7baca97ad0452eeb98eb2aac670ef5fb04fa1bc6fdd5ad9041e2eb66723a39fd91882407bf9be3d62755126ece288506b690229fa8fe3925a3c4ba237a371

Download Submit