b0b006464c4eb6ecc09ebbcea91f56822f97bab9d8e4341d362ed94257c76aa2 | Triage

Analysis

max time kernel
30s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
08/07/2024, 00:22

Sharing

Report Analysis Logs

General

Target

Edalathamrah.apk
Size

3.6MB
MD5

137051f21856123cb25530994883e1cc
SHA1

024bdee3a7bec368a8a460ac09e07e361776451a
SHA256

b0b006464c4eb6ecc09ebbcea91f56822f97bab9d8e4341d362ed94257c76aa2
SHA512

4579cbe55dad6ad44a14b166124fd047aca37aed136258dfe5d976a27e955239568c3091f502fa4d7b11b3136a99e453b99508385812c373f6a74cdc6e2b8c0b
SSDEEP

98304:OAyaNOBvwbNZapFvjvyjJUy1lDB3uQ5ZWqyOSvNb:8aNOFwbupFbvyjJlfeQHWqy3b

Score

6^/10

discovery impact persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

System Network Connections Discovery

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

System Network Configuration Discovery

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Data Encrypted for Impact

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

System Information Discovery

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4311

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fed96ef54fe29f0cb3d4c39b3712639a

SHA1
f5d32bad83f8d29b771031ceaaa5fe020073d011

SHA256
c5d54a305878dbcb0f5e1b8291991a8638df0b0510d4ff8769e39083015575c2

SHA512
6a0db004c05f33a9da70394c7114d52863c4ecf1a4f573e7a4faf08e10548703ba7ab90dc1a7bf91cb70c21114719765ef14d43f6af1b33e9f0d4f24b3df757c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d187c854e906de75c84771722553923f

SHA1
825a3e005c5d166ca5a526d26ea4fc45f74bed76

SHA256
73c5c8fcda0d5e6e89111d93f025f14753b83c7c56730a9f72a54e2ec8515864

SHA512
5f56ca010bfd86c88660303c629503c87a7879631fb4e28aea0a87bcf569f0cb08d4d75076dbe41b6f3a118ddc09d5fa88414c070c1a54eae5ab236ae9fcec3a

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a163ec662d6a55aea75a524c876f4591

SHA1
443add8eee9a18a13aa464449492d14babeecf29

SHA256
d2d776191adede151b58c46e08cc3487023bc640888d70ce2f2dd9ad23e0a06a

SHA512
38eb83a8ca61b4bf50dd461b1f7bff043428f4e9ccb055fd12726c12c90091fb3c9a998c0d009244610beacc51eee4c070374a4725e2b70ca2ee73fbf74bf5b2

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fdfa27e5745bed6239105610b8e69d01

SHA1
06260b3db9d1a1e556e3aaafe2374868167a6657

SHA256
c08f541199652d4964aaaa5c350d2da561e2150deb925366792388b8716e340e

SHA512
f90a4c2c1f26a2f1315cd593c7a82c520bf25cc24a58c5bbc40c90f8f4d33bf57ddc2cd4d74a6fca7818eea29163b249786ef54b69721821c10eff8ee54f5bed

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3e881d9a01ca707bed38018ac69f4518

SHA1
5820f9351d7cc8082de6e5686eb9f8fedf6fb830

SHA256
4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c

SHA512
8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
9b9aee6416e965cfe208e02e64dac9bb

SHA1
b3b7d51e0fdc2dbd4276aeeaa72a9707b95670ba

SHA256
53d38d892d1b6b9f653655e7496fd05b5454470d3819b465cfb0dfc85ddbcf5e

SHA512
15c4b0962b7aa2b2f80485a5403d17d617ebcb44962053edad49c384318a7e532373d8b51a02629c5c8a49d19efd0cbf53b135632963ca9ce32e9d4e8264462e

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
4ebde2f209c965f601c0575713121b34

SHA1
947942a08b841cc46b25cdb18048afc3c4a5ef86

SHA256
873b0f6aee350e16caca9660bcefc52b63031fe94dcaef3e7506ef52c578ce22

SHA512
276d967cc81fd851344d5bc32ad4b89d5ef749b74ee83e7eab61005b4b7bf468ffa824c8686c7469e6741c035e2aad46b969f090101eb1a1cb47c62c7c684cf9

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
28308f523257317c98f83e8119c785e8

SHA1
dfb78dd5bd5a90ebe6909510c677b43a45410895

SHA256
67005d36ba27e80ddac6d7ed3e407e1b97f337052282e915201d045f2a02ec24

SHA512
82cddc153c95ed5d41ccbfdb39aa531bda3f0d5950311ea48984be453df7ba2a5d2c31c3fe2d54b149ad6319ca14fe122c4b73648fa919fe76dd3bcd18066d93

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
7df1e13bc75301fe6ed96d85f4840a0e

SHA1
944f3a1778e9dd4712a958b3c61643b545f270b8

SHA256
0829ac47bed8f29ff4df194ce5aacc92ca0a387a6be5ec8bd78fe618b8310a11

SHA512
61951190d7830e3cf9ffffce1625e7f411331a76ccec32ac32ed66b9535212340689369cc1fd1eb2468950351d7a51c1939f0fb7ff2a4734375294ac0140e97b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
75a5447ff4b544378bf7e6cba1e82a4a

SHA1
af6732b038d477b6fc2f44047dddc0bb3a99e7d4

SHA256
d9ae9ce2a0a9276b15ca374799d25ecb14545c98b54946c9cf665692a30a8410

SHA512
19d114f905fcb83454c74d4b5123843f989cad04e48f1b9707864af0281ba14fcf3f9aabe9ac88b072730ddbbfcc9d77b1ddb80d5ac258f98104f8ab40a698d4

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
08c5202c9cf243b88f90c22cd1c7e387

SHA1
bd1ffbc73a691a45cbba127bc6ea04f5b178fcdb

SHA256
6db3d647c449d928e64ea8ebd25728dd785fb972debd39555d81275655da9111

SHA512
045e5f48676048f1cf776fba8c2c81b1186380d5d5f57200665fc561bf9ee3219d112b0e03e05cce420d901feb0441d3779e3cc6118f58750ec4f990a751efa1

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
3b49415f7eb1e71c916ed9d8171007bb

SHA1
0a1c5e360be94db15e31d4d21dba5b02fe97f912

SHA256
a860c14a0934f68c7247fbff7456ce7d88c2c15e0d87a82c40aabf6d21ec0fd3

SHA512
fe79f4a07008494050b1416290de30a88756fbfc4c8e57bd6c0e28841ca3ddd78cc4753c873343d02f245cc62feafc7a1833150081d941b44ffe647b6b906156

Download Submit
/data/data/X.God.X/files/PersistedInstallation5265999432271324417tmp

Filesize
90B

MD5
a2f2c37c2b26723eaed87673a4336f9c

SHA1
71bf9aaaea7824943e65b140265a4fcc69a29e4a

SHA256
cb811c8e5c0ff5cf417e55ac27061f1741f698fc87f9094879b94ec44e6661d4

SHA512
999a98d7710d1bd261f1bfd9f54f070f76751db09c023dac6e0f0cf80ff2379a44353c46e93c0c0a12d338b297ea370edf9aa690e6b224085eb8d5b3d0c2eb2f

Download Submit
/data/data/X.God.X/files/PersistedInstallation6476741166723940772tmp

Filesize
569B

MD5
b3a4e955037381258e6869f7ed05ebab

SHA1
7089b60917bd8afa8e721afb1b5c70128fd04225

SHA256
8bbb6cf2442552ae49975a08e5632f37dbe9d7d23dea0af121db622ed701a442

SHA512
3010dce6ab53aceb80875816d7e8e9a17c75a1085775f81f400ee7fe15ab81c6ded15da7511dbbd99dc3b253fd1625f020e59262b3a1f40cfe9abee0843e5ebc

Download Submit