d7d834ce199e3ac7889f18e83b32e5a2aec5b043619fc471bc92a50005f58c41

Analysis

max time kernel
3s
max time network
133s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
18-11-2024 23:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EdalateMan-v7.apk
Size

3.6MB
MD5

c55d4bf5a53f4b977e4e063e73b3a7a4
SHA1

1157ce9bb56cd770e0bce97c9b8d88ea0a191ff9
SHA256

d7d834ce199e3ac7889f18e83b32e5a2aec5b043619fc471bc92a50005f58c41
SHA512

634d59d4f1cb0f3ec93a4bfe20c07368157d02f0487aebcc6e535198c11bf9ed6320f34fdde1db9d76b70d1943bd61d8ca99a48e75a16c91236b0a404a188f75
SSDEEP

49152:Y0uwlP1CEhlH5bkjWadNvjvFYKSNG9QZ1j4Q0PIldSFrU/f6QzlJZsreXDj8Jy:bRUM5bkjW4hjMNkQZeSvJGreXsA

Score

6^/10

discovery

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.ghost.app

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ghost.app

com.ghost.app
1⤵
- Acquires the wake lock
- Queries information about active data network
PID:4464

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ghost.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.ghost.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
bae87e990675fa441cf1d19b5e98f11e

SHA1
e82dd60b33259e5c38f4450b31e11d1683ca41f4

SHA256
6dd84f0d734b0ff08224a1049adcaad1326ec3faf8c542ad3736666f02ba9dc9

SHA512
ff8f3e22c5e35b95d9e60586eed29e2fb40736c4a8b743ae06d6941c8f2268ee8653943f86641cc7a4da7e26637581d6ed3056b79bde3b10e65e6974a76fc4fa

Download Submit
/data/data/com.ghost.app/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
b63880e14ff54981672db360826c83fb

SHA1
d318e3da24fdab20e546ebfdde479d068b421fd5

SHA256
3804ef2ea18cc0647afd8a8d1e053a81e425a15680427d27ea3123fc524d1d27

SHA512
6bb04c48f7fb236fc3b2cbc0f82556f3436e049c395a504579e1c67cd94f48e7c21d613cb4da0a633bde78fa6bf82241ed79d1c216293c03bfe4eb6a52e44bb4

Download Submit
/data/data/com.ghost.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
fb0d0f502f49eb3b6a912dca0f0a3c5a

SHA1
810ee0ebd42f7a77acdf2f7d79e0bdcbccc8b2a3

SHA256
dd62d61e4a816950964f6d74894a786dcdf17c74917aa22506f971c5140e7501

SHA512
1457c85499bdb88cc82b389abefc8f0993356184ff6f1b0395560d7597f807222a051f45913952f2191b7619bad809bdfd08bd148ac7a952c41598c3d4617884

Download Submit
/data/data/com.ghost.app/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
e79d81b28630b3db2929cab86d73466d

SHA1
75ead8f0271b5e0e8770118e2affc03d6628fbae

SHA256
1bce7a0575f91e67a90907093fdea3421b879590e0091d7d13faa323974c1d83

SHA512
2b37c50e09ce750726397f8a2c9af564708e4334186a38d7002748f2e346cdf2f044001efafa97b535bdbebf38067f3d694bd75bd45dc6a9db31077b37089956

Download Submit
/data/data/com.ghost.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
02e0132f584a9bd4e7e30aa38647ad6c

SHA1
533e68b7b02fe278b282b8134de61944dc657a14

SHA256
5bcb5cfb0f68ae55b0941741ed43d0b65b9edbbb068e77825028326165ada8c5

SHA512
2b94e6ab14a6bcafa156a6db877a590c2ef21e2037dbdcc70e84d885ebda57aabb3755f153331ac46ab431d216b0e35484ee64e473dde57a4447934d36cc5edf

Download Submit
/data/data/com.ghost.app/files/PersistedInstallation4422962235109711749tmp

Filesize
90B

MD5
fb5e32f792be6750398d8caa542e345f

SHA1
c1788619978feda991600d9756f077185b4c0336

SHA256
9fb779b5b7dd8a373a29906b1948ee2d1a10e16669a4c2f196756fbe88e824c3

SHA512
545eb201c285ad3d21987258888a0603c27834e0877b3af4fde9320f63bc073168b08d3b537d89789dc9a7523ce08769d92c43e6e5054e3fb1693df3892529f7

Download Submit