e6746d0069dea77ecd1d7a611c45e5af220643c23f7b473e1bc2ed8aa2923475

Analysis

max time kernel
14s
max time network
35s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
12-10-2024 14:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2936207e-6d88-4986-881a-549cfb937563_oogleWebBrowserAndroid.apk
Size

12.1MB
MD5

d0d130c855a790da28fdd744535ef07f
SHA1

e9760321509f198ffd80667cc8fa34c4c76f4cc7
SHA256

e6746d0069dea77ecd1d7a611c45e5af220643c23f7b473e1bc2ed8aa2923475
SHA512

e6a08e435d5ea53de01c765c7747e2bcfea9dc99e67ac4e8b5d5cdfd7f07894e9554b04aca9d0310a7cc09b180bfa84f7e9192c03e79ae8f664a230a740a2a5f
SSDEEP

196608:wvyd7pyOZgwi70nk6zLxs1yuyc3u4Ly3UUnKEO++lUU4tjBZPqECEtZWk:wvi7E4gh0k6z2UHc3u4GnKA+lUx

Score

8^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 8 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	oogle.chrome.web
/system/bin/failsafe/su	oogle.chrome.web
/system/sd/xbin/su	oogle.chrome.web
/system/xbin/su	oogle.chrome.web
/data/local/su	oogle.chrome.web
/data/local/bin/su	oogle.chrome.web
/data/local/xbin/su	oogle.chrome.web
/sbin/su	oogle.chrome.web

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	oogle.chrome.web
/dev/qemu_pipe	oogle.chrome.web

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/product/framework/com.google.android.maps.jar	4979	oogle.chrome.web
/product/framework/com.google.android.maps.jar	4979	oogle.chrome.web
/data/user/0/oogle.chrome.web/files/audience_network.dex	4979	oogle.chrome.web
/data/user/0/oogle.chrome.web/files/audience_network.dex	4979	oogle.chrome.web

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	oogle.chrome.web

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	oogle.chrome.web

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	oogle.chrome.web

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	oogle.chrome.web

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	oogle.chrome.web

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	oogle.chrome.web

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	oogle.chrome.web

oogle.chrome.web
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4979

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/oogle.chrome.web/databases/StartApp-d6864f2502af7851

Filesize
16KB

MD5
74c9016eed546f7e358eb8ed3d42c416

SHA1
197d5ad9a21f7fa0788de725cddb3808a0626ce1

SHA256
69ce344e14f34d7c89dc30b22a118f4aeaf33ae3e13716f0cd9ab6d8d69b5c35

SHA512
d9710d35faf4cb784775da35b25b26bb7ae1ef5b4c6c84b8642f6b70cd7e622b647cb9aaf7f2732ceeb7e572377b93e1f7eea124699411d693b780eb982e3d5d

Download Submit
/data/data/oogle.chrome.web/databases/StartApp-d6864f2502af7851-journal

Filesize
512B

MD5
1ddb4453efbb560d626118ed5110eb18

SHA1
1ab66135534290a023ec2cc7a481ae5b9119313d

SHA256
eb4e47ddd664dd8be1cf2eff43d3679416e5b08f7a304d219f81706de7deb5bb

SHA512
815a1cd69e5ebae03d5ecf449f34f4294cadc07ce904f32c1a36b4ac8166d4d0396388bc9c6d2a36707a8a564609d26f1ec5cb31207a1a47fb418a1f75ccea49

Download Submit
/data/data/oogle.chrome.web/databases/StartApp-d6864f2502af7851-journal

Filesize
8KB

MD5
cc2f3a5bf51c5fc4f68406e848f8a383

SHA1
e84642dc47f5802e622600dda1f79d84be33c809

SHA256
f20ff6b55abb2651394681e42a4fe79067b033dcf1534c3974391c31d2e68ef0

SHA512
72b5948474464a155b88e6d2821cf80d4390adf510204fc530bc6f733b47cc8761211ff1e7160abadb88a4d854fd7543eb27cb0f608a3787c6013edfddb4d846

Download Submit
/data/data/oogle.chrome.web/databases/StartApp-d6864f2502af7851-journal

Filesize
8KB

MD5
2f1be083c81a8ac34469579a7d20acab

SHA1
a77efba14baa5b347c83ee8aea7645528585a5fa

SHA256
01da7f9c1c669d604a06ebe2e5bc32b665d8ad7c15f3a0da25ad11a8b2880e50

SHA512
0f91949a42934a035363f6272f7284d370320c5d8aae0d34f6792bb4530765055e1e31224aaf068c626efa4f1dcf53ee4d93fcbd85dcbe000f71bd1ead784b3c

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3b426844711115a89d562c02265be054

SHA1
c509a433cd79ef6618963d753ba7beda60e051c4

SHA256
aa5fa19d2e9629323c9ecddf657b93f2a3015e19c7f8f2f2a3e41546e8e8e74d

SHA512
ea777e6fee97d0713df7fa61bcb30de03e6e9c224bc4b3550a51e015bdcde30913de884a54fa70f7d9fea91dcf5166451175c298bb6cd5bba4b06fdecacb397f

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ea5c88198d8a8df31cd036eceab9defb

SHA1
d4d15ebec0fa1a5811b80afe509bb65376bd728a

SHA256
0c679914f08c1b670f2c3e80d6d9b6c1329c7f7e1a07f35af9188ccc87e5ad6f

SHA512
d19be95cb28bd1fc48d5e76e9e71bd3426463711eb39bf76dcebc3c546948b0a62be31e52167dc92e37983b7f7093715030bdca91e27caf0df2b6ded51ad37f6

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b6c4c1237c2cb900107e9d4075db0c06

SHA1
468f725c5f7599fa02a8fc50a9891d71653d4a50

SHA256
952ed99a32efe29d7b7b7e3c8fda90c1a108301553d9b01ed6bbe747db391e67

SHA512
702c56f50c416c2ee903ba8e88b3fdb627e7f8e1f342720c90f48300546b31475c27715f899152a73ee6dc12dbcbe9337e07852eabc81ab0c29e4ef9a512521a

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ea94ccdd9d71e01e728cc385872b56dd

SHA1
1e8382bca5cf7f2a6c997ee823ca73303bfd672e

SHA256
1c8d396b781815579b6a7b4210547ade75645f685b3ab5d1a486e55fc8202b78

SHA512
ecffd5cfca725dd7b61f62ed99fea40a8db35fd8bf72037b838e69f9b7b44695be43394ba95a41180fde02b742ccbedc4bc3d8303aeaade79c00691775a804af

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
ae173e7cfd258f4036d1b36cda9ac17b

SHA1
4f2dc37ef8e1170b2fd882a55fdde21f3d1b7f40

SHA256
548c6a765e431734717461d1b27cca96be84c97bfff7cf1bb6383c93b1719841

SHA512
be2ad858d750c7913289292541e1e25ab494b5383b43c2ab376c8ddb0873ebd6da9ce3649c2842bbc59158a213c84ceedd38df28ecd76769678599750e693602

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
416c252ebf6b2ddf9e3b3ffe62df72ec

SHA1
0280afaebae97fb3474e8d39f4217766aaca1d4e

SHA256
d08558ab255811f0f2c85c79e152035ebc5ab0bb8248580cafc5cc5f2e6a11fc

SHA512
dbc7623f2c517783e19a805bd3fb8289651bf41676dbe7e65d61ab6d1f5586e5a2c9af3aba65d48c10de08243a39440775f9348201085cc9a69e352026c7b44a

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
315c8350b8087cd2060401508ad14214

SHA1
a8836f1f4c8893f0964e4dc50bdad12014f7a9d0

SHA256
7104eb205c0e5c07c2ae855c078993d6380dd593e00f593472e566a110bc1726

SHA512
54780912649ed1b02834065c384123b53d33d974696ccf6681f804e8078466a3b6f3460c64ba1171de62d54b835ed8870b979859d449a65fea204dddb357d253

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c8e80f754f0e36fd40a8521c236d9da1

SHA1
143e1729a40c9c6bada6fe0d3450009adb351dd4

SHA256
8f94a020696db53c21c46e5b3627419f5e16917f72c4aefa814002250e7972c0

SHA512
33bdd3bd45d64025f8d321e31f097691a404658617350d488d25d82133ef527f53b7852388370c7345fbbd14052f7aa4a9398ec324cbe15e77c5a68a9b998fd2

Download Submit
/data/data/oogle.chrome.web/files/audience_network.dex

Filesize
3.2MB

MD5
69cf159b893eefff9a8106cc3ee37e03

SHA1
165207adfe8c6047ce9f3dd38aed50796c1660d1

SHA256
26fb1a790377e11135bf8bfa7552cc2797d351df60154ea032ceeb4463776fdf

SHA512
379960366739517c1c856834227aaa1a30a20a9bab730d4229f200192f2c643b69a3e2e114dbdd743a69577e0b7b477c0d14e71c31ee491e137ec405f79e71aa

Download Submit
/data/data/oogle.chrome.web/files/shared_prefs_sdk_ad_prefs

Filesize
153B

MD5
65026ee778e1372d9f4aed742772e893

SHA1
5a5f1c821d7639424f3c75a44468ab5f7dd4e8cc

SHA256
15070f52136d5a8332f8d70f790bd7bb04cd6a99b386d40e0abedc40c42caa3c

SHA512
589c4a12c6b6ec1a1cca957da758aaa900e68a23b4bc2f42524b0e8dd34f6c5378541d9293eae1ae8d478bf5b5229ce4218c058fc3b399eb5756afeb05c68616

Download Submit
/data/data/oogle.chrome.web/files/vinebre_ac.txt

Filesize
19B

MD5
9865ea1cff2b9bc0436843b7c7a9d1e2

SHA1
2d26cc98ee50f42e16587dfb3c863bf3605d0d00

SHA256
53fd7d3a4be4a3b86636d6061e19dbd551be787c35e595565a737f2175ff10ab

SHA512
ebc8c8b15e4073e766822d132a76411031907762cb5cf61564a6fa7ca8848fec5d2a2bf7abb7de3dce61fb717ffd0d5b7be11916aef9ddc4ac04d72893992287

Download Submit
/data/data/oogle.chrome.web/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
bc3d56c024667b77cf0695de0e4fe22b

SHA1
787270a2dc94c5e73e4c318f1db490b16b428fa5

SHA256
2ea4c9d47a9a2168be9b058a9b51cfa99c5c8d07763acfd865d4b0ab1f5bd33a

SHA512
e73e8168e7451dc19917aad045565a3a68f9d2792b03367720d8d1aa87691f13b7383a37ba1c83362079124a633f374c383d0234ad5a745fe89e7489d156f801

Download Submit
/product/framework/com.google.android.maps.jar

Filesize
315KB

MD5
4899aca36d1ed747a447dcac0d101a62

SHA1
32e43edc0bf3e036683ea8639472e6cd31ab9929

SHA256
67a651acd867e046fb4463b31ea584c1468f7243a9d1e2efd34059e8ee2f130f

SHA512
50b23dd279a9efba566c6a6523c7537723c0cd6dd3e4871f1cbdb8d5bc355caa3ddea99452b1c8e5356802f812b3768066a9848b93d715bb8bdfa455b704285f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads