f7f263df801aae9e10506bccbda155d911131382ba93e7925dc987eb204d7478

Analysis

max time kernel
179s
max time network
139s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
11-08-2024 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7f263df801aae9e10506bccbda155d911131382ba93e7925dc987eb204d7478.apk
Size

2.6MB
MD5

b15308050b2268034db7b94f7a2500bc
SHA1

ce49d757ca2c49c2191620e7def8be85aba786f1
SHA256

f7f263df801aae9e10506bccbda155d911131382ba93e7925dc987eb204d7478
SHA512

887f6a95e98706a2eb580b95b940e440587122c9758b9b7efab23338ed2364ea64ce8c982bf5ead356576338d47e20a946eaae41b8df645ae2f67fc58fac5cc2
SSDEEP

49152:XZxncHiOVHCluyTpQ4/DjrBh0EjMMac8y78er4PZH8GaKW5qoziBP/fmD3+/MJ:XZxnIlViJDjrBaEjMMac8yJOZcoWhzKC

Score

6^/10

discovery evasion persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	pgh.vo.oad

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	pgh.vo.oad

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	pgh.vo.oad

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	pgh.vo.oad

pgh.vo.oad
1⤵
- Acquires the wake lock
- Queries information about active data network
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4316

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/pgh.vo.oad/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/pgh.vo.oad/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
73f91b6170c63866e52e36ff5c22a2bc

SHA1
0da3078beb4608b256e694a545e7c59feb2b2900

SHA256
850a80295da05091ace1af084580f3deefe0213e64bc5e4f3201bd39c2e2184a

SHA512
6db1056d024298c254483252ed16b39a4caf29f873f5657104bb443c85fbb768ea29c36e0eb160aabf16dd36c0e1ec46fcc5e9ec5d7e040889eaafd9cb348728

Download Submit
/data/data/pgh.vo.oad/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/pgh.vo.oad/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
18c074345faee97cf63d5a9ebf35739a

SHA1
2e5aedbb0e1d72634d6f3494aab0fe5c42f3c914

SHA256
48521dcca9502a9761960f4c0a1992b1927d3f4845b674b601106c9a815d5ca5

SHA512
1dd17ad43d98a219dcec892f578aa298b893ba4721318d827d538dde98eef736ee3775dae6650325e79ec87ac1c900075fe86322c4ed3a1cd27e6df8f3f9cf08

Download Submit
/data/data/pgh.vo.oad/files/PersistedInstallation2222849647797823897tmp

Filesize
570B

MD5
6524c32dd0cd030e50f77b389618c711

SHA1
bbdddb16ffc2f3193624d8a6d8ecf223a03f65bd

SHA256
5f24c34d18312b06bbea9e6ab89b0ab4427905dfa4f11db953f9f86b00e0feb2

SHA512
e80500a8fd8d1baa3060460fe4edb074a22863620a3fdb4c20ab07087e4cde0001d1e3873df6e74e12e82426b69ef7434eb8265a92293b53a050ee88b09edd45

Download Submit
/data/data/pgh.vo.oad/files/PersistedInstallation7167563517354539201tmp

Filesize
90B

MD5
bbdc8bebe934c30f52d1f0b7a8b39cfe

SHA1
ff8e83130da78c049886939d8b8f923a3bb97b1e

SHA256
b93f6e27fbac4a5cd0fdaa060e4a3d1b01302a0fa3b641ad7083d874ae6871c7

SHA512
f654694debf0fc96af9c232bf292bf30371fe53bf221c7618cc22684bab5d76c26813e5e7de9953093d782ec9f3e813119a8d64407e6214e5722b8d1210982fa

Download Submit
/data/data/pgh.vo.oad/files/mmkv/mmkv.default

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/data/data/pgh.vo.oad/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
f9b27da4c5cc7d416f1f0355a4629528

SHA1
8ebf2284c0c14889cfb31ad958082c210177dbb1

SHA256
2cec87592dfd0eff201c81b5f8a101d0df4f5cbb55adc0cb298a30830174a1da

SHA512
ec9600829d6aa0faadada08b1077aad894c9cf5fc2f317eb0ba6b5d35c9811c7f252775ced211a80ec27a26064b061a76bda637b08870e205c9a7a9c6fa55187

Download Submit
/data/data/pgh.vo.oad/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
84ca481d60612dceadb85144d6c47b8e

SHA1
21c7062a8fb7e6bf9469fbe112bd9f3f14047a60

SHA256
c71f226912fba571edc7304b38d33a56d837a8e986ca1d8c02faf0005843edcb

SHA512
54f879642268a7a5e0a08f6c1b0395505784851f0c975588e39bf0bfdc8535393a24065b2bb07679bac72f3d404df4dd2660af4ae4a30ee4c9d38f4d57bb5327

Download Submit
/data/data/pgh.vo.oad/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
a92c7897ce30efbd93405d1c74528722

SHA1
99df6e80ca4672083e8800a915b64298501a145e

SHA256
9e613fe2741bd9f3f4dfa04d00a141db1807814e4d76fc2a4b45391849be4463

SHA512
bf454932134e30639491b7484ca7045653c0c24b23fe7f19a521ed6884ea69d2a4a31eec780e5c5796e9c73bb4abdfb674a3d658962eaf7b5707b8de2ce079c2

Download Submit