464c736df632c2aaabc3be139cee8784daf74d363752363061235585d985ff60

Analysis

max time kernel
20s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
24-08-2024 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app.apk
Size

2.8MB
MD5

12a7837bc99946ce9d24dfffaffb3e16
SHA1

2684184514239d29ac2724a019f64f1a9ac81644
SHA256

464c736df632c2aaabc3be139cee8784daf74d363752363061235585d985ff60
SHA512

b1b8b11a06fcc8bc006c472a383e0727deb2b25c077b85269df78924c301c42bd63d679db2e26d41396b0894694c492fd78ed4abe3f01ec685f876b5d557c7ba
SSDEEP

49152:6Tbdsl35rnglmqdJy2WTx8Xt8VaamfvXV+1tda1Mt54OLkf2fbFfNTeMv+R/V:6Hy0mqTy2UU8ViQv+Mt54CjRFTeMv2V

Score

6^/10

discovery persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

X.God.X

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

X.God.X

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

X.God.X

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

X.God.X

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

X.God.X

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4254

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
15c4efd562793d71c1d4f83b9ff26f3d

SHA1
6a01adc1358f63053965b58cc70cf282c9c4e30f

SHA256
06450b9fc9873be3dc1e83741608c229134b1037fb073acef474f45c17e83b67

SHA512
d44fc8d5b847fc2a91f60a8505a5b169d098de0ea1d9d3cb33e90f4083c73e77cf2fcceb4081f0a9122aea0ab991b27ff2b7602f612b7ed8c6d64d814b6657bf

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e7612165227190faa286301cd709b93c

SHA1
41645d752473dcc310acb84d527171381fa22b3f

SHA256
ba8f5c518b95b59e1323d5a720f07094e8de3a7cc04675cf4f02fd1077406168

SHA512
2d23a10c68f9ab91acca8c7750bdba0762e54b7fb5581bc3763e46091c8cda97af192a88fc14145fe60ea92f97375282bfa7ac086d68a38cf8913811f273542a

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
37f095f091b4d29399f57f5b3d9ca5a8

SHA1
3100b75c5eaabd98207e3d87b3cb7d9987034527

SHA256
0baec02fe82c1efe8d745583a434e5882ee8e885537048fa07892cef729160e1

SHA512
1413c1411dae2d5d9143f194a709a25877c9acd8a47ea58557f4a2d94126eb3c9c4878e47740e4c9cd793cd5f6dec1ccbbb928f3cc46750e52e26bedab3a97d7

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
11f2b330e191224eba3b0d5af3c167ca

SHA1
8889664c5b42c07e5dce99bc4248e0ad2e36a48c

SHA256
75adcb7150f0476fa7af17691f26b311546a6a7dedaf6d0d34500de8f26667aa

SHA512
b981e376cf40024637e25aa22cedb6d8cd056dca1f980d4226850c41faef5397b83a7b0e69b1befa757328b058ff1779337608d85a74fb6972daa8b0c343b2f4

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3e881d9a01ca707bed38018ac69f4518

SHA1
5820f9351d7cc8082de6e5686eb9f8fedf6fb830

SHA256
4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c

SHA512
8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
5480d4e61d6c3209709d26b057244297

SHA1
3971ce529b6b8ec1e65fdb7d1cf543f4b6d4f5c4

SHA256
08536369fc6cc9177a742c6f65a6788aca010c370b09311043e4f8c8689f3291

SHA512
e69307ab41c2fa753aa1113a269ee812ffc0ba6da8cc1d5c6888d490d1bf2e4509e695c074c29fadd94cbd1e6bfb80a0e8b39bf5ac7051866553e9b2b56a1025

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
fd89d3e98a913278383fbab32f756c6c

SHA1
ddf41ffea98c1c1a40f4526f29f4e60a388123d3

SHA256
4c5a07400cdbdbca4f6231a4ba72755180af3e695805f00d2b2f9d510bee111b

SHA512
19d1d618e64acf7a4b1e5eeafdef4301d1401db0ecb8c42bf276b4a3da7bc19d175a13c2e9a038a07d32ecef156a83fa9244c8a86f648372b6370f3c038e5e9f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
39dbc72e273fbb82092a076adfb0dec6

SHA1
4429b1d9edd5b562dd02f4bf39f7528921834ca3

SHA256
125c9f72a3e8560bc375322a3b7ce694138f62d851ec4c0054db47cc8472db26

SHA512
669fda92769273c114cf21eb3103a87de1cb1c5a16abe10cc14715752457ab7a212bedabfd5f9530fdbc1d32a2cbcc0ad2d26fe5973cb52d703d9649311a7957

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
38ebd0e03f24609134a92e0ce9bf8c46

SHA1
b5b1f6cd7f424c2322e8ca1ffe5f38b614e7faab

SHA256
6cb6a7bfac33ba087d43696a83651e2b70725097a1038028b4678a04f19ff5a5

SHA512
4494ad4bcd59ff3e0086d05b3ca96c379d260f0dabee4d587e5487421ace9f544364141f1ea59bb166c08b274a8b63332f078b65cfdf53dfeb8622cfd23a56e5

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
ffe1c950f3c10ab2b337b73f668869ff

SHA1
b3695a8389d46cd5684de1d5c8c177082074445c

SHA256
1bc05bc1236516a59d863d5cf8e030c69b19b2a5461caf1654ee8c6c498ad4de

SHA512
59cc5f21a1797f492ec1ae56799e113dac3768c0f04e6cfef305038e80b94d0cefd0d462b5338cc6bd345ba7ce9455c40f4469dc322702f703bd1326556da8d1

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
6b9d6f1bb63714e1106fdbd8950c0cf9

SHA1
e74e9fb0b6c8f6d1de5fea396b56621fe177b1c8

SHA256
84df51edab981a273e5297106e2acce8f905312690bc1ad621c52ad97b339aac

SHA512
e3bddd5dfdd07c44888df2070aae26264a90d2d8a7a6b0e0c9df97680eb5f04dbac443810694df247a1911b87e9397fb8cedf6338c6482d45f7a1b6004e36956

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
c2b2be7fb74ce7decd7e8b290162f647

SHA1
2db4e4d8d35a44e35e0c3fd5742a3367301a8e6c

SHA256
76534e887834b26b11c30cd3c43241525114b289055a051eb32bc1236d82523b

SHA512
0151ede98dafaee9ae54901fa26e25a922b829c1a62de83dc094afe266c556d26b9194bf1cfb2c5b68511986966965090efee1b8deedbe44e8c5f7d218a5dda4

Download Submit
/data/data/X.God.X/files/PersistedInstallation3061979120040729728tmp

Filesize
569B

MD5
76b65cf001a33c31c86fd9c3a43d60ae

SHA1
7e09d61a8e62e5beaa00afc298c3f4a6e42b384d

SHA256
e7283c867de0c1fbb3c117b06ef2b4d35c1b2ae28cc0ef3f9a5c5bec8cb37258

SHA512
745349fb4e9196f1385b88b36350c1cab7dadf1b9f44924a186c5fc0f7f9f3c38674587f276d0c058f1e228eae9e7b0e1714d7910c2d6b3b1094fc706985d5c8

Download Submit
/data/data/X.God.X/files/PersistedInstallation7920984090525533023tmp

Filesize
90B

MD5
756eb92ad0b3e3eee90a637431f55055

SHA1
d1849ec549228fb3645df36ab2b84bcb1a3a912f

SHA256
5d194695d679538309ebf11ef56b337fa1acdf5a4fd1bb3e120e41f7ad9df98e

SHA512
5214dc70139b5f65b9e74518576f37fdf148719e558dc0704c3bebbf2a7be5eb67c4356c8d4d544d3fc3172c7d97e18f8b9fe55774eaf315261f9ea68592f4e9

Download Submit