52bd9870e87357e66a416b9a8a374138048077e7fc1121025cf3790bd5efd244 | Triage

Analysis

max time kernel
31s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
24-08-2024 13:44

Sharing

Report Analysis Logs

General

Target

Application.apk
Size

3.6MB
MD5

08878d839c3106967e9e0472bbdad562
SHA1

c727e854536485b12e064a1d523de236a705d790
SHA256

52bd9870e87357e66a416b9a8a374138048077e7fc1121025cf3790bd5efd244
SHA512

19830fccd9f8568393f1b7c697f485e7a45e20cd01a01470788915b942ec6f62c4464f5eae6a5eafc8fa1d4f71c05df2e01d15c0d737227b3ae4514207e38abb
SSDEEP

98304:fu9WkQ/jMdVWxfAatYZNKlEmmP41aHpxvPe3TyTHQs9W1:fu9WkQAdoxIaOrRP41aHXGjNsk1

Score

6^/10

discovery impact persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

System Network Connections Discovery

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

System Network Configuration Discovery

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Data Encrypted for Impact

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

System Information Discovery

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4261

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9c59c99a30add62527c8fdf9d029de30

SHA1
e943d49111997e6c157792210efc07c95644576c

SHA256
dadd2b18546c5c1e5db7176f4a98d1fa29a4f97740c95af2028d4e2aad6e09b8

SHA512
94b127c3f075069040884c7a16dd57948301284dee0a71b466db969a151a75d5617661e7f0e57fe520f0291e04363ba14deaf81313a64ce02d64b5e9561f80b7

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
22dcc4e4681bf53f5360f0ef973b886f

SHA1
dcbfdb011d73438554229c9c46d48e641c46a5dc

SHA256
abc086fafd38c93416b8492a8c0ed869ca0961bca8f14e6b3376ecbacdc7f08a

SHA512
bca8944f03c6b2c160da13ceec5089587c7e6d7c87b0008af24a6d9e1cb7257863ce113034f91b9ace2fa49422ca437fc2b9855d5d0c6320e71967da27a6a137

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a12c9c1b3edba662fb05c532181d1c5c

SHA1
98a65445a26a313ca05d4a023d47492240f2f832

SHA256
3ead805ee1985b56bdb0870ec7d812b97e48fc3a4168fa6b376eb11377ba7c0a

SHA512
6903570fd71bcde83cd75a96a527937b89a84f4003140600fb8353a562b52766ed2122245f1214fed91148f89b9c31541dbcbe40064ee330f4081d9498b6e579

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d962bc5553fbd0c6636035c977ac3683

SHA1
f829c5a8f2586e9d63f2ee6434940138793aa51d

SHA256
ebced4dd65c7c94ffbe6897b0b596eba7eafd8d0ac06ef169a177aba6d5552d4

SHA512
917523382b910783526c201c3bbbe708785ad34dce6df41a9f7dc43148766a4f7751f172a708141d1c027dcc4712c4bb585e287b8b31078d3983e65800e3924e

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3e881d9a01ca707bed38018ac69f4518

SHA1
5820f9351d7cc8082de6e5686eb9f8fedf6fb830

SHA256
4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c

SHA512
8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
3d18c4a85551133ca929b63426938073

SHA1
2c2f6aaec289f775d0fff876f7a18f73c60f97f7

SHA256
1aefa906a2c01cf6b512859788f0370d1b6dded1dd7c71302e55307433701aa2

SHA512
6eeca10dba82379029c8cce279d1abe5f870bf7d6ae86fba08b9a588defb704a9a55420b48bb58bb3528341b6fcc802b8b9de79be091ba453c9466f643ce9219

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e74006609e1fcf5ca17252587661dce2

SHA1
61c33d02b8603afacfaaeacaaa5a88b0ada461f3

SHA256
94e619eaaae77f25d8e5a68e9bfd14b22acd46f3cfadc17d725497449702ab0a

SHA512
e462280c81f12f19e7dda9a09c84f8c5c117a55ccbba4bd41919de9446d82e506989837d5b9a45e4f26cdc765b2244c2179ba3b27031a1b1f315b5dae519390f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
882c82d3003e07ce2333907b1daba5aa

SHA1
844e1ee32b8f4fe280479f7acfcaa67b28f93192

SHA256
a062da5ec1fd878bade3643028174dc99aab57d00b84d032172e33eae03ec47d

SHA512
4f376791c9138212be7c5674691da98ec2c1b90d53740a2233b6a0aa6f9f57af8798051594f8f8e4cc948d04076bfe776c6388e3627cb5dc3891a65a1e66054b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
07ebe54df0cc2880684a4bb33264f72a

SHA1
376c52a1750b0b1c44d9fd69333b3977f310b03d

SHA256
a98236d96dcbedc014496c164db5bca5f63b9d8cd2055eae81d0032012eb7219

SHA512
da38afe2d1e1bdb74091f2f32689a0456b3afd1aff96cbfba85d84de39d5e62275620d6a8f430360ffc1ab194b68e4fbdd8e30061559613fe1ec601a995b5f59

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
2fda9c80198467e230286aae26d4165a

SHA1
5c4c32d7eed596927411aff3e94b6af044594c74

SHA256
943eb095bf23f9a3c67372cb03f9bf63bd6839abac96e42ca92221cffb145e98

SHA512
ed688a6b09b4be203cf3420e058d43df43fc9a78746aa21643c3bcf678bc62fe9b3918bb55ef0fb0500b4610c7ccf15e10ca40a8e720894e2cdf336c4ea3205c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
2aa11f9e27ae4c36d5fe4e35eed038b1

SHA1
20bf4476792eb118fdd20bf83986c41704edd0d1

SHA256
20cb75d2a4afc6d9eacf6fdc7fa13767836c12adb63960f6d6d2cc860f9685a5

SHA512
fa49bac322a4dc14df81d3e77dd56bf30aac523e77bd63e52ef4ab489bcba3c0d1c6cf8cc14961d8d4be14d95eca5340530b36ab1f75d9c5829fcc7bcaf36c9c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
b23170a39acf1bbc13b146b6d78dbaa3

SHA1
c13515ef876669e814502e4529486dbd6a05e871

SHA256
ce7b7813215763ef7ac1ad166399c3e198adcf63d591fd868f03f731d60a8c2c

SHA512
532bed156446fd5e7094a7f4369468407c39e6407296a1efd3a7c86f5c628678447d377dce9d94043cb2b5b792989dce76d93a666c91e05ffec78ba6444c6ff1

Download Submit
/data/data/X.God.X/files/PersistedInstallation6936017134505295739tmp

Filesize
90B

MD5
d899abdde9f479257fbb8105f757bdc2

SHA1
88caaa95318da944c390338d794a01e2246c8b13

SHA256
189727877b6225838a7e137687328a4cc0c5ffc8e4a1ddeef4c0f61806942cae

SHA512
28c4b242087ad0462f4f6318684bb48a51055bf55f64e7dbe8ba2244bc8bec2bc6ec93dee7341e91b02e8c77a0f3c001cccb46e1d658125c205a469cc43b43a8

Download Submit
/data/data/X.God.X/files/PersistedInstallation7516677289562462377tmp

Filesize
569B

MD5
474802cd513eacdfaeea0557119c6344

SHA1
af6a2460a0bef5d1f3bad0f74ce8d1974de3894e

SHA256
2b8263090a401e35f6b198d71a7cb1a454f726d089270f2690f80aca04032e95

SHA512
2074c3a97b91f9d9aac2b51aacc76cb8917157a1c0766b93b484bb5ae38c5bb8a1ceb0ae2e653b2d7d87fea469437742bfc1bee817bdf5417d5e408a6206750f

Download Submit