0e51613c7e0956d96cdc76ae1f44f45d1e72b94115ed60d6b0a9eb1620e2b84a

Analysis

max time kernel
39s
max time network
133s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
12/09/2024, 06:50 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

base.apk
Size

2.8MB
MD5

109a6d4475e2a75f80dd1d4cefae7200
SHA1

36915de350398161cf825265b9fec0c702263f55
SHA256

0e51613c7e0956d96cdc76ae1f44f45d1e72b94115ed60d6b0a9eb1620e2b84a
SHA512

a163e82a57ab9631c2d50651fd9ed1cee3d4b342bd4f24c0adc7a253e18f9af04e89baf25a289796a420d0bf77971c5f1df9a2442ba309024310c58f1e338d93
SSDEEP

49152:WKu2GSlhq+gpveu9LJOwtQMCY9Guk/Bkoa3lNf0viCsjRCOQEbTMozt:jGSl0veuDCMk/GoajySjRCynt

Score

6^/10

discovery persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	x.akuma.x

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	x.akuma.x

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	x.akuma.x

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	x.akuma.x

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	x.akuma.x

x.akuma.x
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4237

Network

DNS

semanticlocation-pa.googleapis.com

Remote address:

1.1.1.1:53

Request

semanticlocation-pa.googleapis.com

IN A

Response

semanticlocation-pa.googleapis.com

IN A

216.58.213.10

semanticlocation-pa.googleapis.com

IN A

142.250.180.10

semanticlocation-pa.googleapis.com

IN A

216.58.212.202

semanticlocation-pa.googleapis.com

IN A

216.58.201.106

semanticlocation-pa.googleapis.com

IN A

172.217.169.74

semanticlocation-pa.googleapis.com

IN A

216.58.212.234

semanticlocation-pa.googleapis.com

IN A

142.250.200.42

semanticlocation-pa.googleapis.com

IN A

216.58.204.74

semanticlocation-pa.googleapis.com

IN A

142.250.187.234

semanticlocation-pa.googleapis.com

IN A

172.217.16.234

semanticlocation-pa.googleapis.com

IN A

142.250.178.10

semanticlocation-pa.googleapis.com

IN A

172.217.169.10

semanticlocation-pa.googleapis.com

IN A

142.250.187.202

semanticlocation-pa.googleapis.com

IN A

172.217.169.42

semanticlocation-pa.googleapis.com

IN A

142.250.200.10

semanticlocation-pa.googleapis.com

IN A

142.250.179.234
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.187.206

142.250.187.206:443

tls, https

1.2kB
40 B
1
1
142.250.187.206:443

android.apis.google.com

tls

5.9kB
9.2kB
16
25

224.0.0.251:5353

3.7kB
11
1.1.1.1:53

semanticlocation-pa.googleapis.com

dns

80 B
336 B
1
1

DNS Request

semanticlocation-pa.googleapis.com

DNS Response

216.58.213.10

142.250.180.10

216.58.212.202

216.58.201.106

172.217.169.74

216.58.212.234

142.250.200.42

216.58.204.74

142.250.187.234

172.217.16.234

142.250.178.10

172.217.169.10

142.250.187.202

172.217.169.42

142.250.200.10

142.250.179.234
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

142.250.187.206

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/x.akuma.x/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c6bc2474e3f80a8f4333138770a248ff

SHA1
3d164e28b30d25272500506760977ae6c0891f3c

SHA256
31ca264ee1ee66e91caed1cbbc1b1350923ebd8945ea9577496e937fb4f4e955

SHA512
0d3ba57abe05e817ebaf603a8e70d4cef6f84f5986fcfcd9876eaf372500bdb4bb9d79ab282cc6e14e88e9d5418c3e721767df548bf4a8ed302aa5b945203cf1

Download Submit
/data/data/x.akuma.x/databases/google_app_measurement_local.db

Filesize
16KB

MD5
31e2eecca4bd0167365f4f7bca2e1d58

SHA1
33293d2d5c5156d0f813ae1ff115858e5a977b31

SHA256
74a5460e1493fd17f85fefc42a136dc3bc983ba39b5329b02d201b6fbb60b9bf

SHA512
bd9b130eeecc997a8ce59057c4654471a2664fcc8d7161408199d629b5bc0a9ee2bb95784c1bb2d9b2e907c5136ff0415dcfe4c7a3caecd5d65606d74d9ca39c

Download Submit
/data/data/x.akuma.x/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8f243cbe0623a919ff414e5cbf4d74a3

SHA1
12ee1c5c2287e976e194a4256b25beb9781b711d

SHA256
7ce940806b0d3313d623cfcaec35aa62b9e75326ad618aa32b39f9f1add81a1b

SHA512
eb1077be1493f0651353712d9050bba8f633b1d05c05c927f2fbe9eba901dbd374cc2e0683e3c9b42ae109cd5a3339e1a71288286170e996bbddeda66da6a6c1

Download Submit
/data/data/x.akuma.x/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3ef1beb121f9854e2ceed4be394d89e0

SHA1
22729f11d6aa5ca48664e00940e834aeb88beeac

SHA256
f08374ffc96ddda943641e67dc9debb5bf36bb14122b2b798cd6c400a548dbc2

SHA512
c937c3f62752e0af78a8eb4aefeb39daf36d5e29b5b1e0a143ea16d1862b7b89cd2419df9314757ebb9185cab184310baf0a243785354e3369dfc11a9b57c4c0

Download Submit
/data/data/x.akuma.x/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3e881d9a01ca707bed38018ac69f4518

SHA1
5820f9351d7cc8082de6e5686eb9f8fedf6fb830

SHA256
4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c

SHA512
8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

Download Submit
/data/data/x.akuma.x/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/x.akuma.x/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
b8f4fafca6ab0b090281100e0d3f2f1d

SHA1
d3c06e1006f13e8206aa3d2dc03c8dd30d54c4ce

SHA256
ff61f7071b6ee468c73bb8ad893e6a15fb45d29be34c873e0e4e71555af7cc51

SHA512
03d2062679a29a61e49b7462c504b8e1487748c36a45e8a007baadf479a202c35d98fc70cc106fb421afbbfc025f6e7168ba7a6445908416d9565eb030077bb8

Download Submit
/data/data/x.akuma.x/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/x.akuma.x/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
2d482d66757b35a19c16da6744e4a707

SHA1
ef4ae0fe579d67ecd2bfccf3c92321f308d6ae14

SHA256
27717b283528f073476488dc56e087817fb3e560aaa642f7d2ce0d37019b9138

SHA512
bc1d058d4b720becd11bf1bb3f754641132ba15541475aaf8b2ec7f3ab7a59b365bc66c180d5742f5f781dc325d51446edb6f62b56727522cacf8546b6b93094

Download Submit
/data/data/x.akuma.x/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
a127c54f0cecab8a88dc8080a4820f0b

SHA1
056315aa69e8fd511c3517d395590175c6478485

SHA256
3b54396c4d9115fc4a87fad5081b152a945aeca2272f3d8f63581b0686fba0f8

SHA512
5d31f312e78250b60438f497f7c56d8bd67db5e45fc523513579ea47d6cce3cf2ed2c0cddaaf8509349163c5d1ab042c4dd6e689cb5e47175ff8280b85aa79a3

Download Submit
/data/data/x.akuma.x/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
339a02704ddb87af09861fabcc683306

SHA1
c80e25afb3addc86c2123d37c15589b00710eb80

SHA256
89fdae501241f0decbf8f675acc9b9535505029013ead5a48ddd0ca7027e1795

SHA512
f9395481e9fea992583fba1a1668848dca3f53eba0edc4b400a3edb4a2f7be55c01201813f9e4586146b6238f7c06f936300b1fd8703be6b256be678cc9580d9

Download Submit
/data/data/x.akuma.x/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
beff82cae5b267d72e91c8c0ccd2a79e

SHA1
5efe899e2db2f0a9086a0064a613d2cc1ecf4871

SHA256
9fe55a9484ad6eaa3e0ebc792f3b5e03c6b45c5ddccbf6661185428890fd75c3

SHA512
8e395c487ffcc49e9dfa0d0d8190276d533242f1bfd3d51ef188afd4b2ab13b86bea1f3af1e5a9bb8639854be4c29a39cb618c6898f70e52ef5c331da90a9e89

Download Submit
/data/data/x.akuma.x/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
f94813245cdda8aa4bf452ddb6523a63

SHA1
7c21c31eff3df13560b32b05a9aa3224706afd17

SHA256
76db924096740b911e2e989065d7e4e20f7186e7547665d147807dd65656f74f

SHA512
34ef205c229124d5e2f0515c31f93cfb2224a93afccc6879d47d18538b0c82cd61a77d9a37da398bfcffd55c320caa050040801f36fa9d7472ae74698a411169

Download Submit
/data/data/x.akuma.x/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
b7c01e8cca207ef49783f57fe21720fb

SHA1
ff0bb8241b5b4499148a06ef045b93ef2fd1a449

SHA256
9393580afda9744c1b53be903fe41678a003f6b9aa3dfe2b2d531da6baab44bd

SHA512
1de5a21c7f27cb10a47fa58001e594f87b1092bb99211304c852bdf19883818cff43f2b37db65522cc9020016863c559d0f15e3e793a0fb152a2c3d23968f56a

Download Submit
/data/data/x.akuma.x/files/PersistedInstallation322089971245897797tmp

Filesize
566B

MD5
494ae9b9783258bdfa6151968aaa8c87

SHA1
9ea0e96ac400e4da500604a31669bed56c25f694

SHA256
8b82900daf22c10dd8e07eba038617deb124468c36610ebdbab6927552a400bc

SHA512
231475495329177bf0f4da665453a619dcbd2d4ffedcc846465d700adf7fc8bf688aeab02be78ab422550ccdcd0d4e703d124acd4d351ff3ae0e78fa5ae089f2

Download Submit
/data/data/x.akuma.x/files/PersistedInstallation3872420243623151393tmp

Filesize
90B

MD5
1aa03d526596a3e6a01d918e6293b523

SHA1
44e4ee153f1255c48b59df03215fa25d8306576a

SHA256
46ba0214046e31d2388745bdcd6bbdfe47a95f0a5f43b1bd8a46c0083b87b3c9

SHA512
eaa808f77ee29fc3f0bd247cdb03e8db3b6a2dfbd2d5bfeb5e36ed4b3d0e8767a73ec0ef0a52077c3171de62e908e641b7fe9699e95a4913b18596168309ebbd

Download Submit