fe4e6dfd3608d3ca567558d2bc77685c3b8b3650b783dfb248e29ba3d0dcbac9

Resubmissions

10-08-2024 19:56

240810-yn7ppszbmh 10

10-08-2024 17:49

240810-wedn6azgnp 10

Analysis

max time kernel
19s
max time network
139s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
10-08-2024 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

base.apk
Size

2.8MB
MD5

7b39bf11b45453c54a771125af3787d3
SHA1

cb8ce2a7dab63d1de60f1216036644dba715b5eb
SHA256

fe4e6dfd3608d3ca567558d2bc77685c3b8b3650b783dfb248e29ba3d0dcbac9
SHA512

1f63f7a839d1ba506fc23ece9133afa02eb25a56fb0ae7af3dd9c0c628e320021f439469b514923d32e1fd7d66a8979eb304c3829fae4a069c0d761f75f65942
SSDEEP

49152:KTbdsl35rnglmqdJy2WTx8Xt8VaamfvXV+1tda1Mt54OLkf2fbFfNTeMvOefo:KHy0mqTy2UU8ViQv+Mt54CjRFTeMvlfo

Score

6^/10

discovery persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

X.God.X

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

X.God.X

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

X.God.X

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

X.God.X

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

X.God.X

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4258

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8bb199e508b0539f22d72c16bfccdba9

SHA1
36b7df20742c872378155900255ef3388431e1ae

SHA256
9c99524f3f305659c9fae27813359de3a9d82c2fb251ecd0a8150efb4fba2ff0

SHA512
567c2327a85ba2b842927183ffdf7d1764989904861e7cb1f9b5b0f15dbc36944ac3a62f0a2f60200ea0ecb0a7222e538aa2ae9fc722027aa46ea48cc0deec91

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
abaed9ebbc97ff1337b5681c6d0d3781

SHA1
f01011e867aebbd12eae2b2de75b5bf8fd0aa58c

SHA256
fe18b172412e417601adb3f8b031cc69531ea5ceb1c66a7a0f5299d18dc9a02a

SHA512
2139842144448e611c033ac571bf587236986430f0b082cd5f13b2ec724eac9958cf85cd691e3d8a2421f1d581213b6b904b7d0bf4ca1b1eb10fc1e21c9df242

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0e7c075be805a3150df57084a40c7f59

SHA1
f0a0051f6b716c03b6d5e9bd7d6f73095a4e868d

SHA256
732e21a7c8de2e1e6714545650d2b57498d580dd38860b8224a4805d15459cb0

SHA512
e641c4961140dd90b85c5b54868c9c0413ab869add43a84a00c77f0c91ea57532ce10f0a52acac22f193c1ff9eeb9fbeceaea051673c1deaa73c85889c25da28

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
93ef30309f4bb751bf7010fec0a28050

SHA1
26d0389787cb5c498ca5551b5a6cc74425a7739e

SHA256
e37e97e15df0f72753da3d703d1c073cad7717ffb86f03b4a9a088c5d5256dbe

SHA512
6caf3dae2c79e1c91944023125b76f0a52aa921e64c2459c1ab78c45fac54abd2299dbc63496d94655366c9faa3a8f6b124e6fcb9fda89df1bf3bc72abc5a140

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3e881d9a01ca707bed38018ac69f4518

SHA1
5820f9351d7cc8082de6e5686eb9f8fedf6fb830

SHA256
4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c

SHA512
8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
006a215f759f3b6a1d313527d17e945b

SHA1
2421ada415acb5ee0d325a9690549e0b7d8f2755

SHA256
dc86437d1c4a606a800e76fad9cb300c020ef6a0de858ee765b226af4ba648ee

SHA512
9ae5a742eb345d3d3c08aa304fbef726f19daca73b8bafcb9c0b5a4684bd7d25252c8f9c3b086600478b342c8a25a9aa038e9a83b8bfe08a745e50e090f19d54

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
92a49c905f0d529dac4e02321f1e337e

SHA1
52c4c8829597d0de3d398aa93324ef9110e6ecc4

SHA256
b5c52cf41be3f5b18d685cdfcf103dcfef1639e179306d3ca2ec1f05e7e4f33a

SHA512
10b1fb1475755114991ca595853c4ff96b2fc4197843a25b88b1571d14d44cdea3cabc99169d63d6977adb4961deeb3f65ab9e927652f26e5d03c413b2d82335

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
04865f5e3e1ea91446bcf39f72c3a802

SHA1
27176bacdbee3f7265552f04a0dcf97e54003112

SHA256
d8e13de5eb1dbd275f67dc4e827a7ed7f288c87f3f55d9236c745a41ecd671b5

SHA512
ee299ab7281f3fda4ca1b4916b6d468d105d1331d800b022f8eb8297b01b6a8217d006c184285565a5d248c6a922523eefc98ff519888aba6fe88ff5baf48a4d

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
da37a1e35fd6e607482b528b15b0ba92

SHA1
198f5976b44b6e4b2c5976fb41b6bd86ce11eed0

SHA256
ce6845edc6a7f074bd78b2b9edbae8ecb0efdf7e7ed08f8c36f4f167379973ac

SHA512
dd2864b81bab4a592ea2989c45ce2619d07c86453857a2483f65d366629fd5c85d62d170a12a9c826edbbbfaa7ef9be267b36ea75629ab585b8750aee0da3cb0

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
1437f83a63c1908b99836867d0b8acee

SHA1
c51c5fba016161fba5bc68768bfbe27b37ea4309

SHA256
415d0ee567ec6a481249ff8bc264ebd62aebbbf3a0d36573fffeef6af90472f3

SHA512
3810574c86581bb9dc84b501eb02e8c847db475ad56783956ed9df0ff6c7b2e3db1ce21fcac04ecedddbd888e670790f6eb2e14e2b16c76f14a526112ac393f0

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
2e8cfac887bec605a683dca24d295aa2

SHA1
d2ef20b416468737cba8d4470835e0746665609f

SHA256
6b874fc887f3938fb0162db71814240b4ae716c1884131953dbb489f80de996e

SHA512
77fb682d1d6effaebcfec4d93fa4730077e1066cf84ffcba3b66df71a4804d2578f16d16c4fdd49e5a88024d9e6060d793dd11b81d3ad39e47f61ad42a75134a

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
b03adec05c1cf1d30200b63d5bd7c1af

SHA1
b4afa88e9603b4244f9291628f0caccf4b25aa5b

SHA256
4343911a3b72c30fdf8c61bdc84ed8cfcb6c2b9e05d48b1e2e0d61365d1d0f2d

SHA512
dcdf8d93fe547f505689bd3a84621ce6423dd86a16afa2e846089d5708cf4f00719e922437b049b24da0f9682c3d601735ba3311897906a11688322087b48d8e

Download Submit
/data/data/X.God.X/files/PersistedInstallation3998042575004233385tmp

Filesize
90B

MD5
c79dada311292dc586ad2919b5f75484

SHA1
0eb53e1d0dc7f5360c58c220d7aacc302ea46bbf

SHA256
026349b975a66f44a7736fa2ff4449f24a4a00c1985d4ca0b5d7a3d5f6dfb4be

SHA512
891dbae2107974534293e01415692b3100f044ac8137ac8a93e7dfde7d64c0506d2c95b454c7e97cba551d83b48456db378f356883cd934db81c9a672f0f50d8

Download Submit
/data/data/X.God.X/files/PersistedInstallation8841416013174561899tmp

Filesize
568B

MD5
fc6b8afecca1404f5a9188878478c3f5

SHA1
63518aac1abc816c4b61913202ea4b36e012d626

SHA256
8ec9311fba9a9517ebf338ad65ffbc5a6c9dca4ed2a1e535e877fcdca0915d32

SHA512
be77c95747c9d405351f724d3ababcae922cf921c96c849a5ef437da0f48d3722a3cbe6c51c9346949d2c97f5360789f3beeda9b6a97b3d525074115cff638ae

Download Submit