e6746d0069dea77ecd1d7a611c45e5af220643c23f7b473e1bc2ed8aa2923475

Analysis

max time kernel
19s
max time network
121s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
12-10-2024 14:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2936207e-6d88-4986-881a-549cfb937563_oogleWebBrowserAndroid.apk
Size

12.1MB
MD5

d0d130c855a790da28fdd744535ef07f
SHA1

e9760321509f198ffd80667cc8fa34c4c76f4cc7
SHA256

e6746d0069dea77ecd1d7a611c45e5af220643c23f7b473e1bc2ed8aa2923475
SHA512

e6a08e435d5ea53de01c765c7747e2bcfea9dc99e67ac4e8b5d5cdfd7f07894e9554b04aca9d0310a7cc09b180bfa84f7e9192c03e79ae8f664a230a740a2a5f
SSDEEP

196608:wvyd7pyOZgwi70nk6zLxs1yuyc3u4Ly3UUnKEO++lUU4tjBZPqECEtZWk:wvi7E4gh0k6z2UHc3u4GnKA+lUx

Score

8^/10

collection discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 8 IoCs

evasion

System Information Discovery

T1426

Processes:

oogle.chrome.web

ioc	Process
/data/local/xbin/su	oogle.chrome.web
/sbin/su	oogle.chrome.web
/system/bin/su	oogle.chrome.web
/system/bin/failsafe/su	oogle.chrome.web
/system/sd/xbin/su	oogle.chrome.web
/system/xbin/su	oogle.chrome.web
/data/local/su	oogle.chrome.web
/data/local/bin/su	oogle.chrome.web

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

Processes:

oogle.chrome.web

ioc	Process
/dev/socket/qemud	oogle.chrome.web
/dev/qemu_pipe	oogle.chrome.web

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

oogle.chrome.web

ioc	pid	Process
/data/user/0/oogle.chrome.web/files/audience_network.dex	4252	oogle.chrome.web

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

oogle.chrome.web

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	oogle.chrome.web

Acquires the wake lock 1 IoCs

Processes:

oogle.chrome.web

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	oogle.chrome.web

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

oogle.chrome.web

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	oogle.chrome.web

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

oogle.chrome.web

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	oogle.chrome.web

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

Processes:

oogle.chrome.web

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	oogle.chrome.web

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

oogle.chrome.web

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	oogle.chrome.web

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

oogle.chrome.web

description	ioc	Process
File opened for read	/proc/cpuinfo	oogle.chrome.web

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

oogle.chrome.web

description	ioc	Process
File opened for read	/proc/meminfo	oogle.chrome.web

oogle.chrome.web
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Requests cell location
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4252

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/oogle.chrome.web/databases/StartApp-d6864f2502af7851

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/oogle.chrome.web/databases/StartApp-d6864f2502af7851-journal

Filesize
512B

MD5
cd09e0d6d8a919df1a37de9c2b59aef4

SHA1
50681f272d35253e0f4f2fc0ad225c17123ce221

SHA256
08ece1ba4003c8cc4ebe31c4862bc7924e2d23f36bf97fb471430bea1e92b6d6

SHA512
c94a2d94cd5ff49cd4a9d4355ad377ffe7cd63e1bd6728f96d2b6a6ee8ce4b38f097357025e053bc2a2ac1dc0746cfc7aa8105d351630a2c3123f543b0785911

Download Submit
/data/data/oogle.chrome.web/databases/StartApp-d6864f2502af7851-wal

Filesize
40KB

MD5
5f6def51aa2481147a233e102e5e8ba4

SHA1
e51a3957e832d7989e15a484cc11575c976665f7

SHA256
90bdf6cc3a822e7e7573f5f840288f5bc11bdb3246133c21cf1330b32697f87e

SHA512
70d76a9e3c9adaad7a3f56c071e7107ffeb9335931827e8445bfa425d06f4cb20f1831bf645f91f7f30a81b512a15f6750b85fe74f705759a43ca0e233352836

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1954adde6379241c1f9312f2863144fd

SHA1
2e758ca5624a53303495d46584a3589561dd0366

SHA256
57e925d0992924ae44981f027a446106de4a6d755fe87dea40f724d3b9869ea9

SHA512
0801655b3555300ca7fdf9f671e80a0b33342517a06f14dd4d952f86e91925d7034098f590fff5a9c75ff0440c5f490d02ae65962cbe7e9bae80ea58add42cd2

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b5affe781e363019d4f77af255573053

SHA1
6aa9ee03aa81573cc3df40f9f3f7719e1b27edeb

SHA256
306262dd59dfece52468d3b53baa5c02d6d4ccf602971dec54563525c439f2df

SHA512
24b5f8fcf0089c9bbe21663dc500950361897e5978e2a9219c0d057ea281fb9b7b1043543744875aa3922076f1305c62d124bcb8d785e15150d0e7c3ae612daf

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
588fcd0544b1eab9dfc7a233c3df805e

SHA1
15214d2f7cf895f6202783bcd4d4299b8e84b6bc

SHA256
ac01be6d2abb25eed82cbc62d50c2f413352938e2cb6064c61ede5f852fbee66

SHA512
a5459d84b321a44bdda0b83a56459410caeb04ce98a3aeb6fec2398358589ab527e6dd8987ec23dd7213558baf863e3ff6139bd54dbf58582e7a2ab8aaa688de

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
ebe5a181b12dae3fbbeb2184b7fe7032

SHA1
ad6c933a1992d41b9311b333791f1ac591a6bf85

SHA256
366c5ef46ed80943e91c1f329784aa42026a2fba96a599f5c002947cbc59819b

SHA512
7fd2d5c30720e47d7147cac7b67235e6a95edd6191e2e04397ca01a43e4d3c01074622f496ee3557caef05624a61520275763859841cb8f019bee5ce460f367f

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
4c2ac4cd0707a2a7fdcd9a3e85e3aede

SHA1
806337fd1005c50de20711333325958d25b78ca4

SHA256
1adc47b96a7c3c861e2831df1502082e1fd8f44cb7760b3a88298bf0e41d1fee

SHA512
f02ed32f2c3c03e22a91ad6e819bce9656a89006ce92f0f1b36ee7ad9f230364dedc350c5a908127f42c6cc69cd788fa16c77c20dc3b6b9e395705226bbab78f

Download Submit
/data/data/oogle.chrome.web/files/StartappAdInfoMetadata

Filesize
1KB

MD5
daabdb84a8ff8fe1d01d12b3d5d80832

SHA1
7ddd5cc4484f4897524078ed134c60a765392a2c

SHA256
6f9a3cbf177ad0d35b101ae4f4a33a9f16f99f79bed5d87a6f2e7907490a95d0

SHA512
da7b32003b25c5c70bba06b59623ce3612270174339c98e7f728c4f47e60756b274e1c3c290723a9d5206e11d23bfd373bbeb6898c14386de861b63d80ce84b3

Download Submit
/data/data/oogle.chrome.web/files/StartappAdsMetadata

Filesize
2KB

MD5
02d28ac2d17fe30a954942fb6fa47657

SHA1
a738a7d3a1fbb396a5387819b8106011bfbd35a0

SHA256
75e40d68562700c230e7c6ad2bd89d8304d6baaf1a37eb82bcfa8f05439c4a91

SHA512
a061b0074781ae0d97f1351fd955342a852b7fe893a9fe992461c044be73fec04336d8508704801573aef6afdf7d356f6e4274f15d7642db8d3103467f884420

Download Submit
/data/data/oogle.chrome.web/files/StartappBannerMetadata

Filesize
719B

MD5
008ad37c8d89f1f02004d2b63a20fdbb

SHA1
62536b74feba7abaa70b7b0c7d304abcdf623308

SHA256
248c48a58bcd53389c33ef11839900915e7a50deb9747c1ed258b2a8e2a415fc

SHA512
3782948b8c629005d360bb1170d157ef09d0d1b0fe64eb067144f20673e37e619074f880b07dd3ffed023c80176b9f99328ded0b7a6b61a1479d32d124e717a8

Download Submit
/data/data/oogle.chrome.web/files/StartappCacheMetadata

Filesize
785B

MD5
1cc961a176032fc935e671957856ddcb

SHA1
818562479af03f2cc3c1936bff5c7b13f5a6ca6f

SHA256
e6e9d42a25a60b9a933ac266abcad0f2575f3b7e7ff39f880b0845b7e4e4b0df

SHA512
c6761d342ce60ec7d7f8fe47f51503dd4ef7cce2d3dd399de9a9683477e70f17659edf35516f33ba107f8fe8088f8a1424e02a377bfe2909f590074aa7e6391c

Download Submit
/data/data/oogle.chrome.web/files/StartappSplashMetadata

Filesize
1KB

MD5
203a342363f3c8ccd4061caa2ac216e4

SHA1
cb71e91b8bec2d09609f607dcd04c7b8b38d4d38

SHA256
19bc60ff318b14608531a652b324455be016e710f24ceb4c3ece24f5d2f6e0cd

SHA512
72663d37343139c54b34c057975bcce95e8f8998d470771b5ac3ee4fd3c47779630007f05b36eae28ccdb98ff2915a5f740b12828baaecd596cbdc2d36c7d074

Download Submit
/data/data/oogle.chrome.web/files/audience_network.dex

Filesize
3.2MB

MD5
69cf159b893eefff9a8106cc3ee37e03

SHA1
165207adfe8c6047ce9f3dd38aed50796c1660d1

SHA256
26fb1a790377e11135bf8bfa7552cc2797d351df60154ea032ceeb4463776fdf

SHA512
379960366739517c1c856834227aaa1a30a20a9bab730d4229f200192f2c643b69a3e2e114dbdd743a69577e0b7b477c0d14e71c31ee491e137ec405f79e71aa

Download Submit
/data/data/oogle.chrome.web/files/shared_prefs_sdk_ad_prefs

Filesize
153B

MD5
65026ee778e1372d9f4aed742772e893

SHA1
5a5f1c821d7639424f3c75a44468ab5f7dd4e8cc

SHA256
15070f52136d5a8332f8d70f790bd7bb04cd6a99b386d40e0abedc40c42caa3c

SHA512
589c4a12c6b6ec1a1cca957da758aaa900e68a23b4bc2f42524b0e8dd34f6c5378541d9293eae1ae8d478bf5b5229ce4218c058fc3b399eb5756afeb05c68616

Download Submit
/data/data/oogle.chrome.web/files/vinebre_ac.txt

Filesize
19B

MD5
32c98404fdc620132b3de4d55ac498d7

SHA1
7645b3023e8ed01a5137ff7e0157affa5de7852b

SHA256
cc33609495a860daa0e28042774a86e55368823462aefe39cc91ebb6a9a14205

SHA512
d0d167a9b28dd301b4b13a8089dd368208cb04a927d2b13f750c5a66f7693a066fd2207de6907705fe223adfdce729f801f119694e261f472c940273263cb4a4

Download Submit
/data/data/oogle.chrome.web/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
f104ba152e652a3243c93a36bfeece93

SHA1
b587b18b5e58523c6e484ef474cd59c3ea9dfe3e

SHA256
5f2b38fbc70cd60f68ab6e84665879e7b8c8ed519a667f6a485ad01f874296ab

SHA512
723f39875fc417ed89eb20f8c30a14d039f4e9c8e84dd8f27df0768f8b9affe5e44c35e78f4401dd64e3f63330b37a0f7a91733d18d442a4f5d76d18588d1acf

Download Submit