e6746d0069dea77ecd1d7a611c45e5af220643c23f7b473e1bc2ed8aa2923475

Analysis

max time kernel
26s
max time network
158s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
17-09-2024 15:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

oogleWebBrowserAndroid.apk
Size

12.1MB
MD5

d0d130c855a790da28fdd744535ef07f
SHA1

e9760321509f198ffd80667cc8fa34c4c76f4cc7
SHA256

e6746d0069dea77ecd1d7a611c45e5af220643c23f7b473e1bc2ed8aa2923475
SHA512

e6a08e435d5ea53de01c765c7747e2bcfea9dc99e67ac4e8b5d5cdfd7f07894e9554b04aca9d0310a7cc09b180bfa84f7e9192c03e79ae8f664a230a740a2a5f
SSDEEP

196608:wvyd7pyOZgwi70nk6zLxs1yuyc3u4Ly3UUnKEO++lUU4tjBZPqECEtZWk:wvi7E4gh0k6z2UHc3u4GnKA+lUx

Score

8^/10

collection discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 8 IoCs

evasion

System Information Discovery

T1426

Processes:

oogle.chrome.web

ioc	process
/system/bin/su	oogle.chrome.web
/system/bin/failsafe/su	oogle.chrome.web
/system/sd/xbin/su	oogle.chrome.web
/system/xbin/su	oogle.chrome.web
/data/local/su	oogle.chrome.web
/data/local/bin/su	oogle.chrome.web
/data/local/xbin/su	oogle.chrome.web
/sbin/su	oogle.chrome.web

Checks Android system properties for emulator presence. 1 TTPs 6 IoCs

evasion

System Checks

T1633.001

Processes:

oogle.chrome.web

description	ioc	process
Accessed system property	key: ro.hardware	oogle.chrome.web
Accessed system property	key: ro.product.device	oogle.chrome.web
Accessed system property	key: ro.product.model	oogle.chrome.web
Accessed system property	key: ro.product.name	oogle.chrome.web
Accessed system property	key: ro.bootloader	oogle.chrome.web
Accessed system property	key: ro.bootmode	oogle.chrome.web

Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
evasion

System Checks
T1633.001

Processes:

oogle.chrome.web

ioc process

/dev/socket/qemud oogle.chrome.web
/dev/qemu_pipe oogle.chrome.web

ioc	process
/dev/socket/qemud	oogle.chrome.web
/dev/qemu_pipe	oogle.chrome.web

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

oogle.chrome.web

ioc	pid	process
/data/user/0/oogle.chrome.web/files/audience_network.dex	4304	oogle.chrome.web
/data/user/0/oogle.chrome.web/files/audience_network.dex	4304	oogle.chrome.web

Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

oogle.chrome.web

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses oogle.chrome.web
Acquires the wake lock 1 IoCs

Processes:

oogle.chrome.web

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock oogle.chrome.web
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

oogle.chrome.web

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo oogle.chrome.web
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

oogle.chrome.web

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone oogle.chrome.web
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
collection discovery

Location Tracking
T1430

Processes:

oogle.chrome.web

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo oogle.chrome.web
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

oogle.chrome.web

description ioc process

Framework service call android.app.IActivityManager.registerReceiver oogle.chrome.web
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

oogle.chrome.web

description ioc process

File opened for read /proc/cpuinfo oogle.chrome.web
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

oogle.chrome.web

description ioc process

File opened for read /proc/meminfo oogle.chrome.web

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	oogle.chrome.web

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	oogle.chrome.web

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	oogle.chrome.web

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	oogle.chrome.web

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	oogle.chrome.web

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	oogle.chrome.web

description	ioc	process
File opened for read	/proc/cpuinfo	oogle.chrome.web

description	ioc	process
File opened for read	/proc/meminfo	oogle.chrome.web

oogle.chrome.web
1⤵
- Checks if the Android device is rooted.
- Checks Android system properties for emulator presence.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Requests cell location
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4304

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/oogle.chrome.web/databases/StartApp-d6864f2502af7851

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/oogle.chrome.web/databases/StartApp-d6864f2502af7851-journal

Filesize
512B

MD5
e36ed37ebeb8f7a058095cadd1702b53

SHA1
df8b2ad99e1563eedcd890552fd1de20de1151be

SHA256
a07c1ad6bd0be3422b2f8c8a12c8b3c024ff05f362767ea425916418c5f9868e

SHA512
385f85491f458331bc6f6d09a4fff22f157831bc917a8d5b73d3d23963bdfa5754016d08c2ae91a29abbdd8375360f83f8ce3523d0f7c6f53278cc48710536a0

Download Submit
/data/data/oogle.chrome.web/databases/StartApp-d6864f2502af7851-wal

Filesize
40KB

MD5
2b240b6c840577bddb563e37cb66b5c5

SHA1
13e0b913ec71be29d4531ecd8a71d9f8f5c69a30

SHA256
bda5ffbedcb658f9840187956a845e4d9673839b9ec8ee9bb07a4dfbaf508496

SHA512
250af84588b32d6d7a5142db884931bc66bda9aaa6c41c9c679977b56eeafad2183c2e1a21e468c05ab0dda36b1ce1da2e2a9557ec7f66c0894a7126fdafff8a

Download Submit
/data/data/oogle.chrome.web/databases/appnext_dbs472

Filesize
36KB

MD5
69f9a3cbee94ce51bfd16edf2cbd31ea

SHA1
ad9caf25250503373464772d8d8ff077d98f020a

SHA256
c3757d0124d83163c230f91c1ecf5ec189c1c08f9ab6ac6eaf85594d8008ac92

SHA512
d58ebdcbcdb2f28fc9aa73c80022776bfbcf2521e8e936c88c2446d6507f54762c113e91df04076709efdb9570c8152c1c6bc4d0a32b2632ea8906dc1a21f8c3

Download Submit
/data/data/oogle.chrome.web/databases/appnext_dbs472

Filesize
20KB

MD5
d9cb16256afcf5f3e841718e2a9990ff

SHA1
0f646bb39a2aa0c41aa7148f279cd10faf8e02dc

SHA256
040baf56762c78daed243da22401fe2e13d2aa0f583ad2784d4cb2f7f2b5b629

SHA512
1d5a7663d66b3bd8c6127f18909941ad4134218ca1260af5b107eb873876d97e21b81e9ae39eb31031ca91df7d2118f4d8a245f12e2c08a2959807a5967c8000

Download Submit
/data/data/oogle.chrome.web/databases/appnext_dbs472

Filesize
20KB

MD5
3be7d96977ecae72cc8ff26fa43116b0

SHA1
b2b46c400e6c872acb65f8be3d2c7eacb7fa24d0

SHA256
ea72ca4aeef60186039342f230c57da94dbdcdf0e7a1a453f172a5ec8ebb4cb5

SHA512
91d1f0bcd2e7b7f203195b11aeb29c406e1c92a6642bf86dc7f08c58ade3c7d543233f6bbefeeaaddb522697ba8eb75b58e7b2e7ab32b8e1f34ce94313fa10a1

Download Submit
/data/data/oogle.chrome.web/databases/appnext_dbs472-journal

Filesize
512B

MD5
469e32d0e1a641808abb0887ce23a610

SHA1
449e1b9214b0075615844a2268b85a3680925443

SHA256
e144af82786cf2d1924b8a4bb80f95b5733ed7543df0dab6117a9031821e8448

SHA512
889607060ec01c64ff9e0e48f905e5ac8d848c4f311e96c0ecf8604014eeec3c827d9e81f502d6ae140613cee851b1acfbe5d42ec79073de47449965a2321053

Download Submit
/data/data/oogle.chrome.web/databases/appnext_dbs472-wal

Filesize
48KB

MD5
56628e3899a49a204f789ebf86c1413b

SHA1
e57cfd89ca7038b1f4fc7031764d269802bd234b

SHA256
54b820c4da976383c45e436c268875bb1950c378f1bac08541a43089fcf884e1

SHA512
0833b3960f3edcf912e0bb62086c76cb0bbe4a4e5b41cecdb92d9dc36b3d6996832753943725b9f694512ca5afce209d3cdda0a599e05584a35eb56ec9384147

Download Submit
/data/data/oogle.chrome.web/databases/appnext_dbs472-wal

Filesize
4KB

MD5
35a94297111f4a9f15a2496940759200

SHA1
b11d7d42f60fc56d3e475ea8faf7ea21413c9a5c

SHA256
9fd002311d482515891e4fcc7150dd6c4a0f9af4401edb4f69b39f58ee598785

SHA512
d4f559607ee4007c9f23d034f7dcce3d96bb04ec761cfc91113c67310d04c9f5a687197ff2e526b6f0dc56af4ed4aa4fc3df3a4ffaf41f7a80511c967ddf0631

Download Submit
/data/data/oogle.chrome.web/databases/appnext_dbs472-wal

Filesize
4KB

MD5
8009092da80a4f58b0e79eec07bc56e5

SHA1
a7133e9fb96565af01c18bb685bf304682ba55a5

SHA256
b0cd29530263253649ac7bdbf2eacbc2cb1e4ab43da5ee49ea86b932ba385727

SHA512
98a116da1a258264cf10cee81cc2331ac70b50f72547d2e411a34321a5bdc49ee32a9c5b22d3ae22b0e65e8fcfabfcfbd213e4a4522213756e8def83c0b22041

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1954adde6379241c1f9312f2863144fd

SHA1
2e758ca5624a53303495d46584a3589561dd0366

SHA256
57e925d0992924ae44981f027a446106de4a6d755fe87dea40f724d3b9869ea9

SHA512
0801655b3555300ca7fdf9f671e80a0b33342517a06f14dd4d952f86e91925d7034098f590fff5a9c75ff0440c5f490d02ae65962cbe7e9bae80ea58add42cd2

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db

Filesize
16KB

MD5
69a7d129263fc9b8343546e4ccd399a3

SHA1
ba023435f11f560224cae45c4223da65fc3be64b

SHA256
93be47df35f9edb63761c52f96a7d5eb4d919bfacf4c06dd1d206b4d2f978cce

SHA512
46a3e36a543a48c08c2aa2d733116df8302201cc861134d6991787db74e3c899cabe30b7e75bbfd7e12af7263c8d8d4602ebdefb227bc604fd7bcd25a443bf56

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
a2da67f8d8efa4a321501a77b07455ae

SHA1
5de9fc53e5c553710cf75b0cf9e4289ce14546cb

SHA256
a77dd41f48d392fdeaebdde91876369527627d09dd8b195b052272afa95570f8

SHA512
a7bea19385d20ac5cb9412da693424ebc2baa2a4ffce2c7027384384a04a82d625e4e64a51d4c9608adc1c8f00b7494e711d250cfbf8c885b7d44e9701ddd4db

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
aea3bbf1b739ed448c1de4f0fcb9778f

SHA1
48edc2533f269bedf82f09c4435b8243aa1d17b5

SHA256
79aec3b8cf9cea9893c1e3f44d1a17bc704d2325b3788ec7b167af875a99e3d1

SHA512
4ff74e87a1044041d34147697c84a3df65b31684cb1007e79bbceb4bc35b58c153fe800a318afe261331753cbf4e07a4716ef20f5cd51bbab2bb5a5e1878f75a

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
d4faedb6280f9c410a6c56cdf35c2c17

SHA1
9f75c9cc6fb7f4e110801918cad331e9be1eb880

SHA256
5c18b3bc05a92bd515607dc727101320d0a0952208aac198cc85f115720eb472

SHA512
fe2a97da4cf06e5fd26bf106327a6b3d653a875e3ca72409b4d66af8e789b7b3e1f3984d6b07d5a8cb3ed813984d60b3a6f1bc6a41fa9061699da66ac97f137f

Download Submit
/data/data/oogle.chrome.web/files/StartappAdInfoMetadata

Filesize
1KB

MD5
1e09f6efb02c12654308a78d6d4a8354

SHA1
ff65597ee9bad2a00f7e7bc54f361dbd375c17b2

SHA256
8fc5efe1f9f6e8d716c3bf86dbd405f24801d5144d78689dc3515b75f864c686

SHA512
07a39dd75cb7058a68ecfcebf82f91db546bde0930edda792d1b38513721e0ea5e51b88e2922dc0a1ead22e4c12c72bf8f1f52b79b1b01ed6bd82c9db0e19684

Download Submit
/data/data/oogle.chrome.web/files/StartappAdsMetadata

Filesize
2KB

MD5
02d28ac2d17fe30a954942fb6fa47657

SHA1
a738a7d3a1fbb396a5387819b8106011bfbd35a0

SHA256
75e40d68562700c230e7c6ad2bd89d8304d6baaf1a37eb82bcfa8f05439c4a91

SHA512
a061b0074781ae0d97f1351fd955342a852b7fe893a9fe992461c044be73fec04336d8508704801573aef6afdf7d356f6e4274f15d7642db8d3103467f884420

Download Submit
/data/data/oogle.chrome.web/files/StartappBannerMetadata

Filesize
719B

MD5
008ad37c8d89f1f02004d2b63a20fdbb

SHA1
62536b74feba7abaa70b7b0c7d304abcdf623308

SHA256
248c48a58bcd53389c33ef11839900915e7a50deb9747c1ed258b2a8e2a415fc

SHA512
3782948b8c629005d360bb1170d157ef09d0d1b0fe64eb067144f20673e37e619074f880b07dd3ffed023c80176b9f99328ded0b7a6b61a1479d32d124e717a8

Download Submit
/data/data/oogle.chrome.web/files/StartappCacheMetadata

Filesize
785B

MD5
1cc961a176032fc935e671957856ddcb

SHA1
818562479af03f2cc3c1936bff5c7b13f5a6ca6f

SHA256
e6e9d42a25a60b9a933ac266abcad0f2575f3b7e7ff39f880b0845b7e4e4b0df

SHA512
c6761d342ce60ec7d7f8fe47f51503dd4ef7cce2d3dd399de9a9683477e70f17659edf35516f33ba107f8fe8088f8a1424e02a377bfe2909f590074aa7e6391c

Download Submit
/data/data/oogle.chrome.web/files/StartappSplashMetadata

Filesize
1KB

MD5
203a342363f3c8ccd4061caa2ac216e4

SHA1
cb71e91b8bec2d09609f607dcd04c7b8b38d4d38

SHA256
19bc60ff318b14608531a652b324455be016e710f24ceb4c3ece24f5d2f6e0cd

SHA512
72663d37343139c54b34c057975bcce95e8f8998d470771b5ac3ee4fd3c47779630007f05b36eae28ccdb98ff2915a5f740b12828baaecd596cbdc2d36c7d074

Download Submit
/data/data/oogle.chrome.web/files/audience_network.dex

Filesize
3.2MB

MD5
69cf159b893eefff9a8106cc3ee37e03

SHA1
165207adfe8c6047ce9f3dd38aed50796c1660d1

SHA256
26fb1a790377e11135bf8bfa7552cc2797d351df60154ea032ceeb4463776fdf

SHA512
379960366739517c1c856834227aaa1a30a20a9bab730d4229f200192f2c643b69a3e2e114dbdd743a69577e0b7b477c0d14e71c31ee491e137ec405f79e71aa

Download Submit
/data/data/oogle.chrome.web/files/shared_prefs_sdk_ad_prefs

Filesize
153B

MD5
65026ee778e1372d9f4aed742772e893

SHA1
5a5f1c821d7639424f3c75a44468ab5f7dd4e8cc

SHA256
15070f52136d5a8332f8d70f790bd7bb04cd6a99b386d40e0abedc40c42caa3c

SHA512
589c4a12c6b6ec1a1cca957da758aaa900e68a23b4bc2f42524b0e8dd34f6c5378541d9293eae1ae8d478bf5b5229ce4218c058fc3b399eb5756afeb05c68616

Download Submit
/data/data/oogle.chrome.web/files/vinebre_ac.txt

Filesize
19B

MD5
52abed348ac4b936d5f7e310b9293d01

SHA1
b56c27b8782a98d5ef55e58b57fdde8dcc38696c

SHA256
a72aeb64a3c5d79e4923675280c93705abc6a15ae0f1c8cbb067ae93141512e1

SHA512
391e23e35ab62196db0478ac979377d208a79db9b61a8f83808d64c0e3df10b91cf5694292a33e15614c39ae0c713f23e583b8e22355fe7f5d0ab80ad9a471dd

Download Submit
/data/data/oogle.chrome.web/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
8723ea54000c1c65efe143feaac91ba8

SHA1
4abf5128cfdbd9dd150dccdf9d426a73114d77da

SHA256
5a5f008517904d019e28d5dfd69369050291dbb5364498d3ab16d870e7db3eb4

SHA512
f964f4b0d20ad7be23b918c1236fa09bbcdbdedd1814adf9a19fc1e8cc6c3ac6c74cb7ca25b4998c93e12c382cb734463da3399795587a3161486519f927c614

Download Submit