e38a6c567605027ce14810313cbfd363b9baa53d554e58d84fd7d936b2f53775

Analysis

max time kernel
25s
max time network
135s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
30-06-2024 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e38a6c567605027ce14810313cbfd363b9baa53d554e58d84fd7d936b2f53775.apk
Size

2.5MB
MD5

c50db87c26a020410ac4ee35bef6ae68
SHA1

00d31e21aa8b1b65f80e464ed01567ce0528bf6c
SHA256

e38a6c567605027ce14810313cbfd363b9baa53d554e58d84fd7d936b2f53775
SHA512

1866d019b17fb302ad083e8e1d54c6dc88956b96907b7326089f914e388fb4c3fcbab22ca058bd9f29d8b8f14d93a6faf9375618858d9a4fc3a49563872b1c50
SSDEEP

49152:MoGIErz29ASurd17S+mWuZYxlFHyJVQ2QbpzcqvganpqMIoTwrswYFpv:UIU2+SurjjugHbvOiwoTwrswY7

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

T1426

Processes:

com.god.salvation

ioc process

/sbin/su com.god.salvation
Acquires the wake lock 1 IoCs

Processes:

com.god.salvation

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.god.salvation
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.god.salvation

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.god.salvation
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.god.salvation

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.god.salvation
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.god.salvation

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.god.salvation
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.god.salvation

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.god.salvation
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.god.salvation

description ioc process

File opened for read /proc/cpuinfo com.god.salvation
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.god.salvation

description ioc process

File opened for read /proc/meminfo com.god.salvation

ioc	process
/sbin/su	com.god.salvation

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.god.salvation

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.god.salvation

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.god.salvation

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.god.salvation

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.god.salvation

description	ioc	process
File opened for read	/proc/cpuinfo	com.god.salvation

description	ioc	process
File opened for read	/proc/meminfo	com.god.salvation

com.god.salvation
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.god.salvation/databases/com.google.android.datatransport.events
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.god.salvation/databases/com.google.android.datatransport.events-journal
Filesize
512B

MD5
54c030e84cfb5a73df0d418bba0e7381

SHA1
d15af0ab673bf8e02b047e806758154b1e370011

SHA256
489ce8a2c2504d28f8249df828f63167611bd47a25ffd860c7e2ec05e926a404

SHA512
e0af4619949f0b0287c1d3211b45e34976c00cbb0d31d3061166ae18a06ddefa23b6dc83a321f015d6898924957e166299e3bcad4cc419febece5fc3b765517b

Download Submit
/data/data/com.god.salvation/databases/com.google.android.datatransport.events-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.god.salvation/databases/com.google.android.datatransport.events-wal
Filesize
68KB

MD5
0422d222711f497c83f84748e555f694

SHA1
f3dd46230fa84962a14b599f51a968cbf77b99bf

SHA256
c1452e7dcd2fec1edeab56235d2e04abf38b8340cff75f08006e92054696e1e8

SHA512
b65f4daa6f088f1c5f8eee2021ebc697a975ba9212f11a13b76c9f34df13f00a223524072fe467cd066794446ee23fa304d1c8ef2ed476befeb9d1becff678b0

Download Submit
/data/data/com.god.salvation/files/PersistedInstallation595534722937594473tmp
Filesize
90B

MD5
1d464a7c29d1576884f36de6fa91c9a0

SHA1
fa205d42b67b34b6ab77d808d28a3fe1f1e39340

SHA256
49b10c64c703664fc5607692ff5be5c74967244d1540d7093021346e1b63de04

SHA512
a9127f8a8234f4583235ca17e8390032ee45783dc6dbf479f856696f4402a984b9f248afed7f04249076cc88bb70fe4d599aad2180102a786f70239cba81f484

Download Submit
/data/data/com.god.salvation/files/PersistedInstallation7584313060244983711tmp
Filesize
568B

MD5
b23fd49f18f3986f3509c6bb87446f16

SHA1
64caa42422980b08eb26290e6b9c9234cc29e337

SHA256
59f30664827dd077acda3d3c4854b4b5609e446dff92e0fdd3a253ef20d2d02c

SHA512
ae7def31bffb62d76b4354e4158cf62894d04c32a3efed813ae5e97c2aee09497301ca0e129b2270c9b3e743cdc08c1bd81afe7a37ed5bbbbc9dfbae1c1aa2a8

Download Submit
/data/data/com.god.salvation/files/profileInstalled
Filesize
24B

MD5
c3a448e1c93c71eeeed4ff9e04632376

SHA1
91af8c1fbbe33a0a251f809cf3f53b096aa47e6d

SHA256
a79300ed5748be518cd29033fb90bf61de0808355c6efb001275068dad939fd3

SHA512
c86fad7c2b6bce8553ba27a4524b7767addf41a6b766d295733fcec119f679553eaf605bf54d741f93e7b19fc0e3774f1581e52fae958222c004be967bfee997

Download Submit
/data/data/com.god.salvation/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
Filesize
8B

MD5
46d8a0fc5a0a4f5b363e8bc4e83ee891

SHA1
efbb70c711d5e1592d75adefbf825f4d5b853fec

SHA256
03b98a85787edf2867ba36c7b7bbb1e5c63215dabdd1c1ac920d0159ae19732f

SHA512
7523455afd40125eb41af13b424055dfbad1a399c70d8b2790db8b2d9863d077ed47015333fee24c429c5e1b55fb6241e2256b81ab133927722b8a25f84d6dce

Download Submit
/data/misc/profiles/cur/0/com.god.salvation/primary.prof
Filesize
1KB

MD5
34ec33ec0f6f887939b6a5f6eb1ea4ac

SHA1
fd7366242cdbc859ed0f8741ec0d5c99909be999

SHA256
74a980e04c82f53bd39109989c26653aade43edb37181d139c944969c6339bb3

SHA512
2d07a72aeb64780a6848cc491c20d5831d930b191fec70b40053d2c6e40327bcf4603d454517c21a8f6765e1bff458c7190e8c540454f3b3ea80d81318f00467

Download Submit
/storage/emulated/0/Android/data/com.god.salvation/files/Domain
Filesize
4B

MD5
334c4a4c42fdb79d7ebc3e73b517e6f8

SHA1
71f8e7976e4cbc4561c9d62fb283e7f788202acb

SHA256
140bedbf9c3f6d56a9846d2ba7088798683f4da0c248231336e6a05679e4fdfe

SHA512
ab93a9e95d70edb06025511cea4e2b8047fb7e1deaf7244fc0d3edf5e7cb57d8fb7b951bdeb3c6b552714878749eb19b9103e64a83635e8885c7d3e1d0fc5649

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads