e6746d0069dea77ecd1d7a611c45e5af220643c23f7b473e1bc2ed8aa2923475

Analysis

max time kernel
11s
max time network
146s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
12/10/2024, 14:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2936207e-6d88-4986-881a-549cfb937563_oogleWebBrowserAndroid.apk
Size

12.1MB
MD5

d0d130c855a790da28fdd744535ef07f
SHA1

e9760321509f198ffd80667cc8fa34c4c76f4cc7
SHA256

e6746d0069dea77ecd1d7a611c45e5af220643c23f7b473e1bc2ed8aa2923475
SHA512

e6a08e435d5ea53de01c765c7747e2bcfea9dc99e67ac4e8b5d5cdfd7f07894e9554b04aca9d0310a7cc09b180bfa84f7e9192c03e79ae8f664a230a740a2a5f
SSDEEP

196608:wvyd7pyOZgwi70nk6zLxs1yuyc3u4Ly3UUnKEO++lUU4tjBZPqECEtZWk:wvi7E4gh0k6z2UHc3u4GnKA+lUx

Score

8^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 8 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/xbin/su	oogle.chrome.web
/data/local/su	oogle.chrome.web
/data/local/bin/su	oogle.chrome.web
/data/local/xbin/su	oogle.chrome.web
/sbin/su	oogle.chrome.web
/system/bin/su	oogle.chrome.web
/system/bin/failsafe/su	oogle.chrome.web
/system/sd/xbin/su	oogle.chrome.web

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	oogle.chrome.web
/dev/qemu_pipe	oogle.chrome.web

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/product/framework/com.google.android.maps.jar	5054	oogle.chrome.web
/product/framework/com.google.android.maps.jar	5054	oogle.chrome.web
/data/user/0/oogle.chrome.web/files/audience_network.dex	5054	oogle.chrome.web
/data/user/0/oogle.chrome.web/files/audience_network.dex	5054	oogle.chrome.web

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	oogle.chrome.web

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	oogle.chrome.web

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	oogle.chrome.web

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	oogle.chrome.web

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	oogle.chrome.web

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	oogle.chrome.web

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	oogle.chrome.web

oogle.chrome.web
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:5054

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/oogle.chrome.web/databases/StartApp-d6864f2502af7851

Filesize
16KB

MD5
74c9016eed546f7e358eb8ed3d42c416

SHA1
197d5ad9a21f7fa0788de725cddb3808a0626ce1

SHA256
69ce344e14f34d7c89dc30b22a118f4aeaf33ae3e13716f0cd9ab6d8d69b5c35

SHA512
d9710d35faf4cb784775da35b25b26bb7ae1ef5b4c6c84b8642f6b70cd7e622b647cb9aaf7f2732ceeb7e572377b93e1f7eea124699411d693b780eb982e3d5d

Download Submit
/data/data/oogle.chrome.web/databases/StartApp-d6864f2502af7851-journal

Filesize
512B

MD5
2d4e52c146df5bfa60e60c0849e7379c

SHA1
a22e9917df24f2cf465135b22ac51f796c7d8ec5

SHA256
2180e91c14d2f2a9539fa6b999f8bc051bc5aef73c738acbc81336ac65399b54

SHA512
2ff888cd0d08815942e3f6aba78232a2581a27b063d3a3fb34f5838a0f5423196139141bc46433a8089fdf7d737a3ce431dcc7498d3a6a6faa8ac1daca155ce3

Download Submit
/data/data/oogle.chrome.web/databases/StartApp-d6864f2502af7851-journal

Filesize
8KB

MD5
4bc684bac2c8f34476bbc63d1564f4e3

SHA1
530f742b82ba184bf7d9bd61b72bf0799f900cf4

SHA256
d93d0daa0688a52af7311b67ed12666084aa53a66628d1bd169d158308890d67

SHA512
bb946d49da9710573f2ed6c92854cfb403dcecb3888408544d4cd6f9aa92e2afdfc328d79b296ec9703340d04a58cce73021d0fb45e60faf8c422e2c96393fc6

Download Submit
/data/data/oogle.chrome.web/databases/StartApp-d6864f2502af7851-journal

Filesize
8KB

MD5
ff7d0db14518b2fca7a39b00c32cc92e

SHA1
a398ddd2d8cc62cab93b7a0b462850514e49c05e

SHA256
a03cfc8ed41d4fc4b4bf758384e29b612efdc0e68b71fe914c3c94ac0e29bb19

SHA512
000ee80199e6c1adeb606001bcd670bc99be47c49c2a1e9d71331ad3cea31bfd0adea557b15c1776941ad4758de2e4df4887bb2eb45044326881d1144f6f4779

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3b426844711115a89d562c02265be054

SHA1
c509a433cd79ef6618963d753ba7beda60e051c4

SHA256
aa5fa19d2e9629323c9ecddf657b93f2a3015e19c7f8f2f2a3e41546e8e8e74d

SHA512
ea777e6fee97d0713df7fa61bcb30de03e6e9c224bc4b3550a51e015bdcde30913de884a54fa70f7d9fea91dcf5166451175c298bb6cd5bba4b06fdecacb397f

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db

Filesize
16KB

MD5
239c57d68fa344e8770592a5808e5297

SHA1
94e67249b8abccd69f64c549088c149bf2467ec0

SHA256
80578c88d784f6334f42567839f2b4304924d55c337f4268837992218657c389

SHA512
fbc5299706aefb3109a1e6c43dc1bafd5b7482c7c4add997dbc063d1fc25fd45f54b65f737749773c160e82977afe26437aae025e7d62406f8a90e71c2a25a11

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
bda5449c4eb460b7a62aaed3210b6b1b

SHA1
dee6f0c9e68f0c0df1f496bf4ffef0e0672fcbfc

SHA256
be295051cbf0663fec86968e794bfa2f8d3f315966ab67fb4d7a3025f4b5c160

SHA512
8baf9400aa79365e7d75af4f84c0eeb34bffa7448710fee113bda38fccb46fe1ca778b7d34b55f3e75df33152a124b251f123daf4887e3969f5826ba6b564e13

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a38e47e6b324760b26bce72db3b579f4

SHA1
acd755376373f7b69e96a96c02bd904a77a00502

SHA256
565ef9b75463886a4780907364172c491d2da170c6fae0a75fc803442c553e7c

SHA512
96c91daaf73c1eb8133e264e3f903629cd0d256c9ab0fd105d7025582d780cc4b30816991e32263c4d9148f7a56ffc8219a6487c574b2024f27e40d0a3868ec8

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
b5f54b66e2a16fb15476a2f126bb3894

SHA1
01700abf7f955165d7cfa5a263b4dc3cde8d0012

SHA256
0e13130aa360b5ede1d3e03d6e88c4ea289169e5c280818ffcbf1a2ffa57751b

SHA512
37b4a84bdee666698cf279fbbfb76e7df9c08dcf26f7df088eb1780f40b79d775f3b721c58dde9286f1d1b05e6753282ee7cc3dd2b2ee3c464f8ef3aea2fb158

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7b777220e492de51c3aaf59a5d42e485

SHA1
522d426b5f7a9f5bb74cf865494b509be0e7087e

SHA256
2a296ce0ade7ed82a3554549616d63270badb51b46c98091790182aff3847f35

SHA512
8ffbf501fa9d07c1998cab8555a0e64c5724d4b75eef698897b6ce43b0dddab927397a15b67e08e56f75f7e279f885aa13f5917a4e8d875377311693535d7a7c

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
758f520ceed2801ca2ade287c423332a

SHA1
f392caacf2f6a1a6146a60138bbfe58d9b85f7d2

SHA256
8a82f6547959e3a4ac459ce3ba74b8e969c27923617776dba203a6f0125bfa55

SHA512
ce99b21e3e72994391ae753e5468df4d9d0bd4088d79d073017c4d48e852b1383e5d5482eaa2c48fdea22a75e1e585036e7a983fcb9c9f63c86488f7a39a87ca

Download Submit
/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
1155ddf0f9ddd7ec57387ce01f9d3ca1

SHA1
234d39fa45fd0749103bf9ea5865024c1d52dfbb

SHA256
1d463332bfadd4d1212f6a568df478f69771c85e817ddd799e556a2d725e1462

SHA512
4bdeb756c1a9850495232232be9ebfe02fa023e21ec66d1b87bb32af52029df2dcb8e82d1392d555afad0778ce98dd4d1df25d2e1cd566a8e5bc97b480046f56

Download Submit
/data/data/oogle.chrome.web/files/audience_network.dex

Filesize
3.2MB

MD5
69cf159b893eefff9a8106cc3ee37e03

SHA1
165207adfe8c6047ce9f3dd38aed50796c1660d1

SHA256
26fb1a790377e11135bf8bfa7552cc2797d351df60154ea032ceeb4463776fdf

SHA512
379960366739517c1c856834227aaa1a30a20a9bab730d4229f200192f2c643b69a3e2e114dbdd743a69577e0b7b477c0d14e71c31ee491e137ec405f79e71aa

Download Submit
/data/data/oogle.chrome.web/files/shared_prefs_sdk_ad_prefs

Filesize
153B

MD5
65026ee778e1372d9f4aed742772e893

SHA1
5a5f1c821d7639424f3c75a44468ab5f7dd4e8cc

SHA256
15070f52136d5a8332f8d70f790bd7bb04cd6a99b386d40e0abedc40c42caa3c

SHA512
589c4a12c6b6ec1a1cca957da758aaa900e68a23b4bc2f42524b0e8dd34f6c5378541d9293eae1ae8d478bf5b5229ce4218c058fc3b399eb5756afeb05c68616

Download Submit
/data/data/oogle.chrome.web/files/vinebre_ac.txt

Filesize
19B

MD5
b6a0b6340561b43f303aac327d77e947

SHA1
bc832872f1e2c4680c85967db0869af9520dcd41

SHA256
50600b2f4a6c8f45b80bd98ef0ad1632bd7e061574bbf681b598e565645b60d1

SHA512
7b32f04bf64b0e4960683ee2732a3ffedd9293cf78d957c99e8c243aa8aa6e1ec5ee58d155e567a0c00afaeed528b6add496c13f295c81b02ecf35ebe3b8d74a

Download Submit
/data/data/oogle.chrome.web/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
b9f0be5eefd0e3ce7414049705e0aa38

SHA1
78496ad370d8f58fccaf2a59311efcf9682a4de6

SHA256
08972aefb9f50980a86fda410255b29ff33da9746370bef77fd195512a4b60fa

SHA512
3afbd20b4f59b4ebe755abf87c15fba3c36c83e331ac065d457e7b903d273185108cf75fb1a05acd1944c86469f9feae6de93b1eb12ba215161d2f4df095971c

Download Submit
/product/framework/com.google.android.maps.jar

Filesize
315KB

MD5
4899aca36d1ed747a447dcac0d101a62

SHA1
32e43edc0bf3e036683ea8639472e6cd31ab9929

SHA256
67a651acd867e046fb4463b31ea584c1468f7243a9d1e2efd34059e8ee2f130f

SHA512
50b23dd279a9efba566c6a6523c7537723c0cd6dd3e4871f1cbdb8d5bc355caa3ddea99452b1c8e5356802f812b3768066a9848b93d715bb8bdfa455b704285f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads