19390c5069814743cf75a979e733e54846b26c38fef6e6063d2127d8fcd6dc25

Analysis

max time kernel
19s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
25-08-2024 00:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

adl.apk
Size

2.8MB
MD5

a9c325de4633252138fb2892717feffd
SHA1

c6e2cecf49e761cae125c8a7f1469535cc71d5a6
SHA256

19390c5069814743cf75a979e733e54846b26c38fef6e6063d2127d8fcd6dc25
SHA512

52a665c9016c4351bb59ef3a215895132d2e879b46cf4d3977bc6ae550a450f65d7860f7d99665d174ef54a5846f81d7ed2269a333290b1617d89b87c8d5e995
SSDEEP

49152:DTbdsl35rnglmqdJy2WTx8Xt8VaamfvXV+1tda1Mt54OLkf2fbFfNTeMv0HDHN:DHy0mqTy2UU8ViQv+Mt54CjRFTeMvWHN

Score

6^/10

discovery persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4250

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2d8c938c7ad6aa2eeaeb462064baeb3b

SHA1
8f9f4313bb561dcde9d229b1c918c3e360484745

SHA256
ae67f51b912fb85b96a398d764de283206a61a693e35ef1956051565d903df84

SHA512
9a977ea9e7eedc2dbc039e023ebe621b6a591dd7e680afe89f5454ba1b1860c5aae98926a11b82f912bfac3907f6b299627a6c29bdd8a5380418f5890653a7d1

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9186d6c90e0b572840a2183c66d4488a

SHA1
45001394f65b0b1dc6c0e9c48a316d2faaa4ec84

SHA256
81034c132cfb13a3f6b5e0963a5f9b747afc27e2e7cf70822fb775bb037b7afa

SHA512
069a7776a5da442317d2d1d5a6fe7a52e16beaaf43f31bf369db04b4d836b587e94acfa279d3c2f8e511a34e4e0f576642677fa1305fbb2bb171d556a8ad6274

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c3e855db07a51869bfcc8639090d1c12

SHA1
a0290fafbe54c930b16e47f7bfd30acd9b1d49f5

SHA256
03eabf0b423260764f37782a5b7b48549227dffe5fb7e87e7d20bb9a1fb808d2

SHA512
50910a8e27de5590e386aab633255df03605a65430a9b9f3da42c39dcdee22b28f1eaf2d386599c176f6d0e4e2c08f311ffa90f3c7e9dbe96ead2300203a0666

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f7306448af8908a7e0dcabe517f230c2

SHA1
5bde4238224e347d8933277c05a810c23823f639

SHA256
5f3c3fb2b6ef1e2c40a895adc3da5163ad858e28da7365a12a251be1e8bac6ce

SHA512
f67786aafcbe4e11158cb79527892cf5e1c3b3b308f80a020e5144162a5ba836173684753f68944f618b572cb64d265f3bd7b21bb20fc612bbf02af1572b2f9b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3e881d9a01ca707bed38018ac69f4518

SHA1
5820f9351d7cc8082de6e5686eb9f8fedf6fb830

SHA256
4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c

SHA512
8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
e1788062e15c9aa45673b86948b3eaee

SHA1
facf3dbadc8ca06339e0baace698486a0a50b559

SHA256
9472a427cf8135d2134ec7e3248ae24ccb8e6ee9395def49b76767beb39b9ec8

SHA512
b0fb69a57922cfe45b1f4520190229d45861a4305576c85fa8e42470d359f3d70965c961786d153d3a51c49dad6cad05260282ff5f73080c34546f955eeae9ee

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
d7e07952ff2ff80289738a7951e09ac9

SHA1
1fdc10280199bf511b4bfa1c2f06f8537b0ca45d

SHA256
e2ff1cf8e82d12e0b36702f9cbb99e7c15c9d2feebe6575c5f40a79e06134431

SHA512
34a5b258c4229fff0e3d8780bdca86afc1996607256bcce89702208cf54ec60b30e5ac81fc51f9442e7af33ebcbb85d9e9b41bee0f097da17eb632b9c63d8af9

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
c71709b7566e8d8ad34500dc4f78735b

SHA1
87884def9a2e3c6157c25525f6d5333fd5758994

SHA256
c02c3236d791076e855d9a57a875470d866afa88a0208f4dd9912d980b4fb461

SHA512
d6f89a6e0271d5c40b5a7e07ef04f9569a3ebda602ba4a164b2486dc1697e39738614b14a52688a466d582f8b04993f54d63bafe4729c740436de1116afdffc8

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
a364bac1cdecf6533113bd33d42b2096

SHA1
31845a001cc2497bf09a8d4ac5271275b3baafb7

SHA256
8796d10ad0252473a46cdd221c3f22f0ca416a132e4353c446d67a8f923e704c

SHA512
5d6b2444d39147da60f23ac4771b0539f756bbe593271e56e371a9fda8eaa0a89eea186c35589217665b2d3f0d944529b4bd7c96bb19a7135c6597441ece838c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
a9e59fe2e46704cf0068ccd7318c2d49

SHA1
74b63c7622087e7b9c59e72e98d265bc7b5a3b59

SHA256
bf4168df87f4be917e940abcf57ec675983b28798cafef9194c33163120f80a0

SHA512
81999fc19d9abb3b9a7391349b8d7912d7ace1d9719f7d0be929f4c826f8eceffa64d9a4d389f9ca4462c1a5226a289a7caad7330490efaa29c49c89bad533cc

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
24642f064fbc7c4ebfb038a1b121e439

SHA1
dfccb781ae3c4e7b3b5614dab7ad3effb073c688

SHA256
f8edb2343632a1ec34047fb8fda0d2122b0d1d23701ad6cf7071abac6c7d58af

SHA512
4e3751d9116eece0e7426b6b71b318b347d98cd955ad5cdf0c63f7e991f610c874ee5a61312f8c5d9c72537d2d14d3e398595eb01455aaf34e4ffc050eebe7cd

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
c2e4b7134463ec3fdd665e37be5dc852

SHA1
071b82386c94ad02753bad6b4982f43f1b0745da

SHA256
a5505502055dab266c8352f690a20ecc47af3d68f39f670807594b9ea88e4e30

SHA512
17fab2be148b80b6d62d4115b666659137025403c974f2bc53f1aed6c461beb48a89847425abc16b9ab4616b1c62d37224099b4cfb1eb1fe7ba5ace18c366891

Download Submit
/data/data/X.God.X/files/PersistedInstallation7995142951182234989tmp

Filesize
570B

MD5
12a5d5cb03edff2ecc15aa4175ce6e64

SHA1
406b0bba02e1548f4263d5fbe859089c0183e426

SHA256
f7c9c1d0e69ac5172f9e48d47b7a4cc4fea725b52fd4f3e788231ab48c175c50

SHA512
a11af164960891d599a5f5c26dc897107e526bd873715b35356faba76e6646f81e8435c28b6d702f6a57d90413395d5b8ecd23349e1c3f8516d53b01d2dd4e14

Download Submit
/data/data/X.God.X/files/PersistedInstallation9007497121520120998tmp

Filesize
90B

MD5
7f8cb32023fbf6db75a189c0afa92cd2

SHA1
c3b957e495b4c6ecc63ef217df9880dcf0402a1d

SHA256
e7d2254a2ede573d365600f0e281aaf77438851c3ad23f9501b5c04f18613740

SHA512
af293e75d888c1942f76ec4e32e699c29ab12f01fb51999fc9ace3e80e3db0a2e98237f31ad708700ec4e2caaeaee3abf4ddfa0a90739d134294dc1bda7c2886

Download Submit