b0b006464c4eb6ecc09ebbcea91f56822f97bab9d8e4341d362ed94257c76aa2 | Triage

Analysis

max time kernel
29s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
09-07-2024 02:00

Sharing

Report Analysis Logs

General

Target

b0b006464c4eb6ecc09ebbcea91f56822f97bab9d8e4341d362ed94257c76aa2.apk
Size

3.6MB
MD5

137051f21856123cb25530994883e1cc
SHA1

024bdee3a7bec368a8a460ac09e07e361776451a
SHA256

b0b006464c4eb6ecc09ebbcea91f56822f97bab9d8e4341d362ed94257c76aa2
SHA512

4579cbe55dad6ad44a14b166124fd047aca37aed136258dfe5d976a27e955239568c3091f502fa4d7b11b3136a99e453b99508385812c373f6a74cdc6e2b8c0b
SSDEEP

98304:OAyaNOBvwbNZapFvjvyjJUy1lDB3uQ5ZWqyOSvNb:8aNOFwbupFbvyjJlfeQHWqy3b

Score

6^/10

discovery impact persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

System Network Connections Discovery

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

System Network Configuration Discovery

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Data Encrypted for Impact

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

System Information Discovery

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4268

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0f066ee7fa4f9eb7badea1b4210e2b02

SHA1
b10f05c3469cecab6d84a5ab99e2177de3b3a24d

SHA256
47508127175c88261f1f311b90535581c1c60ee59cda3c1a8dad6cdc178d5a1e

SHA512
ff46432d17bcffd277b735be466033ae6af14cdb9c52a18221afd81ba9e4bc988c64d3a2bb7e5b6c6a164c966a82c2048f0700abbb8256294e47f0676cb01bc3

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8a5fe8c5ddfcf32da93e858ac1746c1a

SHA1
695c89811f4ef13d273936e1614fc7b425d29a5a

SHA256
deae7c4d6ce2f7aad2cf347eb7e782403cf48a9e79b8f0ef02bee2e93a52359d

SHA512
36544eb467c535c0ba5962c89f3df290a18b7ec495860f9fc0db3ab49310ae44bc21031076b8e323c719f0afe289b82d04851c22a880c7f3c6f2da78c0139126

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
44518365e6e9e8299fd39e61feb1edc6

SHA1
7362b263745b8f41072fbd83d9808025e8cad666

SHA256
1eee720d008ea0ea9fcc8708d031baa261b1e038e4204271ab0732910598c152

SHA512
108012cede0601193b016de9bf9a480079f133a28016f2d1d799f9b4909c5b5f8a8766b6b46c46c7cc1593383ff8cb1626d1b698687a5a2598f2636a2a4194c0

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4261b1c2dcd3de9363a7421bbe102cd1

SHA1
f5f8a70901861abd15beceae37a4adaa7bcef1a2

SHA256
662569bb0197aca3ff34a526221141d549a72fd0c2e93948c3b8d4e21bda91ea

SHA512
a64fe69eb68012cb7aeaa636589d913d29d8d10fd00b2d5b4a368f6b1c435559faee91132c28e6c6407282bcae7548a20add4797c14545468dab4ab9eacd4488

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3e881d9a01ca707bed38018ac69f4518

SHA1
5820f9351d7cc8082de6e5686eb9f8fedf6fb830

SHA256
4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c

SHA512
8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
6af997cf06b1aabd814c979064ad718c

SHA1
55fcb5b2c2fd36faab9ca40739a600ac92a14ab0

SHA256
49f309917544753168083de70466abfc88d1b6ac8b2e2b4654bded2d19e0c880

SHA512
2899198e470f957a16164069d9517ab4b82d5a18ff8378cf6bd29dbfe1666ce542b90159e584a2c031c3558fe4bcb7e6392ada10f2bbc662667f06a7d070fc8e

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
7b2ccef186e1e93d3dd17bf98c2a1b24

SHA1
84a9aa3ff13721d1a1b1c1f4e66be538f19d0c30

SHA256
410e3e511ee39dbcce85aff8dbaba30a6c84008e5e5ea30c2855b95ade9d98a2

SHA512
393c4a5f624c7e2daf85c0a0b56ca5c00c5579815695cf7729de0b15679d75329a75f78e1abdbdc7bd46baec61fb1ceb9c5d57e9d36fb8d4298b6dc9edb7d2eb

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
3e56d8f7b69ec8cab415edea0c8f8897

SHA1
5a1baad43f3a06fb9b34fae1bd2f00701d7a1407

SHA256
bd9c441082f849a5c68a6b2e0d3fe2b437d9074293d31eeeeedfff89b2c03edc

SHA512
5418161a468bc6927fc19fd36af94627e089268fbb66d6b5df8dd8f7958ce69119acda1ba6eca23479b6608d73dc91c671730c5dd2d16f16855b1d3b18bfa020

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
719a83428615a12761d889f0a4d57276

SHA1
374add39cfbf6d22526af3a78603bb1953d09eba

SHA256
21aae6c16fe995039e45261fef96b999a7c6ce106b6b19ea4e1bbb81331f878f

SHA512
588613741f5bec486aaa4797eb663c28eca9452c5a1e301bb65c6baea5c2fa098f3beeaa75ebbc8c51fb60eef904df95be58cf0679dc90e9f8a609bc2d27ff9d

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
52ea0ab1362a24ffb8b6b4e088f99af0

SHA1
be55bd7d69731ebb5c70064c2970dc93d4e14fdc

SHA256
e250895010bfd9930406c0551caad9b0ee71fb572241f99e78b31a682b3e330b

SHA512
af4139a7451267d168047b89c7d2fa8e1caeaa450af3c4887655d3a70fac1816b6368f5e761b922b4d64bfeec920e170c74e9c0bbc7297e2dfdfb165c47f1105

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
409d37577a52ce82fb10b3f8f7737a5b

SHA1
d08028a8912807873cd34da3c6368cece4388952

SHA256
ee7c55dd4b20290d710602a9dee17a20778d424f61e27e836cc7fdaaab067bb7

SHA512
7f40d8b5b30e9032f33c3ee41b1bbb61d3fa8e780c5cb930cd5dfd030d3a4d6d17b145ea0bc3fd0b3f975699c4818bbf0df776d415911eb856009cff66392e8b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
64035ca319d3a0335446caf3ef3d7b55

SHA1
34dbbc4bb5c83070759e71c5046a0a7303e5bb2c

SHA256
4dcbfd73bf773f650d9c2cd031de76823cf1af575fd1af721abd6c240f62d1fb

SHA512
27ce5a5b4ebd1e020bc308ac2726e55f6e579ebe73cc79aad1e9204cc855719d44c1d312eb9e1d8b052cc9076db52c8ff7a9fc5faa17799c373eec78275e0aae

Download Submit
/data/data/X.God.X/files/PersistedInstallation4000137196476339969tmp

Filesize
569B

MD5
245dae2b5806b3237fccdb299c587e5e

SHA1
60d2ad8c0912295866778c3a92785e3d54185b6d

SHA256
8c52dab6aabb81d31680b73357fa6405f655c9a5c1b81f0568388717073bff9b

SHA512
db07693ec7365236648be568abf9f6caa1a028548314b3dce528d748398616024bc23368e5bd2cbcc92a45a39d70b1bf931bb4a2510aba19db801ab270d9dcbc

Download Submit
/data/data/X.God.X/files/PersistedInstallation8829835113092394978tmp

Filesize
90B

MD5
f4ca72bb4f2eac579c948f3663d4d485

SHA1
e47852cb18ffd95adf6d1fbd3a1c22d3c06d2458

SHA256
c539415edee628b4de3bbf0a22a43c241f3076a4627902cabe08ae04dbe275fb

SHA512
ef7844f08e8ebda0cd7f04d904d9438991a5803d4aafc51f89418e1f4e8190d45fef293c80e82ddf904b0be082d46c1a6101476d90964d1c783665bca6d6ae00

Download Submit