42557a21a58510a23268509e4457921f81b507b9d407e42f3365a6514de1baa6

Analysis

max time kernel
19s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
08-07-2024 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

base.apk
Size

2.8MB
MD5

6bac095ca7c3546e1764695f9c09474f
SHA1

5d729d4f4fcbc98681ba7b1478ca89b1131a0d8b
SHA256

42557a21a58510a23268509e4457921f81b507b9d407e42f3365a6514de1baa6
SHA512

0bade827030293dea806ef2a5dbd31e37969759898d6541c82116281f7b8f81f92155618df1fc4743885359b487937381f225274cee60c7ba6e8cca5f2aa2ed6
SSDEEP

49152:Eiu3F1J72GkfbDVJZYhXnT9/gHKPE7Zi/cNzgLNNGjCYrHPgDf79:XYFvaGszZYhCX7McBITk9I39

Score

6^/10

discovery persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

X.God.X

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

X.God.X

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

X.God.X

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

X.God.X

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

X.God.X

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4254

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
36ff0b125acdd96a2d045a50ee6c1021

SHA1
89a4d260550e2c73df29fc387cee8db89921c259

SHA256
ccab2150e659ae8317e71d7d21759fa13d893a92449b6a5c083505f0b4a33f46

SHA512
a6a8b1b01596c78f1abf952c6cf679d1138fd60f95f3667f288fc27123657374321f0508c6ca60a6eae38fd9fbb1c7acf3385f7f4824f3db0c782de40bccffa1

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d62c7c53be72a40d3e489d0f72544d3f

SHA1
9db477e7ea4ceb871d84bda2169faf2fa94076b0

SHA256
a484e92dde784b4c674a896a5e8a3f16e677508a45df2cd7dc998772b1b0e85f

SHA512
dc579119341fa2d1c3c6754230f1de8448e2b96c2354004e022ba45a1a5892efb88130a9679da0bd6e8a1bf5e896b5c8f384039503f3bc33fa8a6424b1fc07b8

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
845e2323c0e42d1ce44bcc0ca7f47c58

SHA1
91cb662c9a17a407ddbe425b589838840401b08f

SHA256
58edba9fd9579a334125c32977701d2c4a1ab29710389a6e139bbd9f9d7a7675

SHA512
6d37ef218fb4b6a6943065b95b22a276d7b589ef9fd924e1da15d3130066f4723736c964797c196ae21808c6e418940d76fe7937022a6d885f9a1d5017491cdc

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
beab4bb6b25d0b5d34344ecfbc639aa1

SHA1
7cbb2e2a5dd0f7905f78d9bb2c1dd19762cdad98

SHA256
87f7bda95f334f45ebdd5bc355c8ddb76731aea00e228cffb0052e59150d3343

SHA512
d82a5029216c5583a54dd92a94553c6b4821cdebbe26096ca9b400970f7519d08efe69b0e8e7dab6199d0db3187e9ae93820ad3d30ba7572ae6af2ab651acd81

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3e881d9a01ca707bed38018ac69f4518

SHA1
5820f9351d7cc8082de6e5686eb9f8fedf6fb830

SHA256
4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c

SHA512
8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
7feebac3eec9ca78fb488e56852933fb

SHA1
8f6ea612156df2a9e693ff0f25f89a309af91205

SHA256
0133fee22e6ceb995d71bfcf7f1e9c2360aab4c51b1c2929d2ee49f7e12e9bef

SHA512
54f988996f060e103c659f02eaf114d8bc508f17e671a0242b15ab737a47bb8bbe351163a20c4be4c46cfe23ea4831970cf12572051635e0b559f22a8e64a286

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e2b7850131e532eb92827f5d23d6b51e

SHA1
3c2a35a9cc2b03947fb3ec83db4f7212d94383c3

SHA256
ec985b32f2d7eda0b927ba29dc12a7dffb74f83ed69eeff81525fc630e67114b

SHA512
0589625b590e158fda7c5934ed7d65194d0251bbbcfea5e1a6f4d6927e4f0fec470fd5ca24ab2e7f98a471ea06481ddc92cd52c8dc6cc269bfdcc19643c29942

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
ab76f1e53cf25df85e423a7e4fed85a2

SHA1
547b86e32daf54f6271dc14c66d1e7a7fb38517c

SHA256
0aa5f6275a6e5684e8539be829ad4d396bcd7071ffd8b2d193d6c4737d457fcb

SHA512
8e12154b52dfab7b5752379286a12685dd556055046d0d0eb72ad02695b8e949192d5fdb8216fe4634e80ff49f867585cf6b79ed5109a69a6133f32e44630595

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
3199edcb7210465a0ca876f0b6180fed

SHA1
4898fe3e3c423e43db09732ec45cba2df53a9111

SHA256
8ea1b8cb3aae70093e6316bae32d870faa0e680f94e4de097237e5bae5cc304d

SHA512
9387bcf4b66326e3549c132362314ea030000e06366b54899497dd1d2465b85466c2f9eeb58b4ce0fdd14e09f33fb5ce8ecf5bec9085b425d5b8f49ff2a3f8d6

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
ed1c38d03ed7ad76e166da19cb4d02f6

SHA1
a9ef93b4c944626c5e6d1284dfb77bb49e6e0841

SHA256
3c9c93c56f0028eb45f3f69e41e8caf244484269657daeb2fcaece81bed9dd12

SHA512
12e5669f9a6a0e89ecbcfff9ffe841857f1caab3fb8e99b7657e0e5915dc165add030907e13650314a43eb30b4bea93c5bd304a574a35312a6465ffa249a0c95

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
13f4b8b03b4a217f08fe0e5eecc1d618

SHA1
f64620d6823219693cb5ba5fe760e5eded4a09b1

SHA256
f4376e9033fdd72129c6fd38b479419710828fe2fd4407b056f2ef3264051793

SHA512
06192a86eb358ae3640e66ed9bf2a9e8445614da21bf2c127b38f7def74b11cdb17cf226dba057e33214f9676bb1f61b55b31beea540e66f81bb9ada5c3cb37c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
2cae91abe01211cf52f54668ed04f377

SHA1
13a4dc462e749af65737a0e57d061226833ee1e2

SHA256
f9867d89de5f3003dbde8a99caada35a6c6d318f570d5a908a0733d136a84dfa

SHA512
9918858516a01106370967d1aafd52020cbb0443c38cc7909c1d27ada1cc38db8fbfeab6e9735c78545a85d0be5c7e7e1cffa68076aab9b5fe8b1cee6e3ded66

Download Submit
/data/data/X.God.X/files/PersistedInstallation2324307682570653436tmp

Filesize
90B

MD5
d5c3e26ecfefb37ba0a1b436f82482ef

SHA1
5edc4a8804b17d5fee8f55c2512760742d13ee56

SHA256
c8f7f5f1ae9cc3749db4ea95d954bc52d9318b09deb184f7a831692d9ece5b40

SHA512
92defbdda1e6dcdd2f5267fc1f58615023ec3b140c2ef8a2b1dbaadce0eed8ae3bf24eb9ca9a92a30190ccafa62d75caf550e92e42ddd1f037f3219a7c406607

Download Submit
/data/data/X.God.X/files/PersistedInstallation7668000789562974577tmp

Filesize
569B

MD5
d8683b833ce2ffb7dcdf24ebda4bca58

SHA1
6ac0dd7d1747410fc8499821cfcb7d2ddc819d15

SHA256
8391c02bd555a8a0e4eb45eb4cd16038688d472e428834aac4f4ab548ee9e504

SHA512
8caa9d1916c1cb4f9c91025cc0957d39e869fa0c402000b43e960f232e73872acfb5fc5a14f560ee32f4179b1de8f6c13bd02fd891a55d1f8e0d9ada80f57cf6

Download Submit