Overview

overview

8

Static

static

6

e38a6c5676...75.apk

android-9-x86

8

e38a6c5676...75.apk

android-10-x64

8

e38a6c5676...75.apk

android-11-x64

8

Analysis

  • max time kernel
    48s
  • max time network
    151s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    30-06-2024 22:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e38a6c567605027ce14810313cbfd363b9baa53d554e58d84fd7d936b2f53775.apk

  • Size

    2.5MB

  • MD5

    c50db87c26a020410ac4ee35bef6ae68

  • SHA1

    00d31e21aa8b1b65f80e464ed01567ce0528bf6c

  • SHA256

    e38a6c567605027ce14810313cbfd363b9baa53d554e58d84fd7d936b2f53775

  • SHA512

    1866d019b17fb302ad083e8e1d54c6dc88956b96907b7326089f914e388fb4c3fcbab22ca058bd9f29d8b8f14d93a6faf9375618858d9a4fc3a49563872b1c50

  • SSDEEP

    49152:MoGIErz29ASurd17S+mWuZYxlFHyJVQ2QbpzcqvganpqMIoTwrswYFpv:UIU2+SurjjugHbvOiwoTwrswY7

Score
8/10
collectioncredential_accessdiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
    evasion
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.god.salvation
    1⤵
    • Checks if the Android device is rooted.
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5062

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.god.salvation/databases/com.google.android.datatransport.events
    Filesize

    56KB

    MD5

    0775d2f26b2103319771dff25fbaa958

    SHA1

    a3d16f80fca79e6d4645377f498ed1cdbb731e05

    SHA256

    67253c70812936ddabdfe35d645c6a1d46578a6e37ec71640359873e75e3de52

    SHA512

    b41fb17623f263bf23d628f2a85ec9bdd1e5de2842368c154387eb3a61199cb14227e8eb0e11bee7ea5e00af403317a0ad5fb566245beb83fc96220f6ab0315f

    Download Submit
  • /data/data/com.god.salvation/databases/com.google.android.datatransport.events-journal
    Filesize

    512B

    MD5

    25dc0b216312a6682936cc62ec28b8a9

    SHA1

    d4f7fb05c0566c1186b91448be171ed9c3f3f3be

    SHA256

    5fb5e85a22236822e0bb8f50b805699581348aa3552c2355a153e96131de92ad

    SHA512

    f542e5d40058da2180ebaea08a3d1582a3ef0b1f05aa5585f62636faa15701d0b3afcfc11d1230e5aae3f4da37575e9a85d3154888ae08eed6b1ac32355d2a5b

    Download Submit
  • /data/data/com.god.salvation/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    97ab9e906f4d74879a9d529caceec402

    SHA1

    22fe9eb5ee165cd2c946c68e72a73463672a2b62

    SHA256

    b7c36ed11d71eb42fb6ed78805671c900de6e03c86b7a2c3bb1e599c1f45ae81

    SHA512

    9193cca23d689a36baa2f94b7bed7990b78f5e9e366fdc478cb30f7b4b2030689756b3656a3f7fa5cae9f6fb388e17fad8ea8b73dad065ddd576444d1c75f8af

    Download Submit
  • /data/data/com.god.salvation/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    b0fd643d733930eb2a16e1c485637c03

    SHA1

    3ba351836a9461e7e3c427812e8cb31fdd938dff

    SHA256

    ac8c178ce2fceb96e67aeffd5745a0c162427eae1d1ae1b987c5368842677503

    SHA512

    c6cf3eb15e02210f1f59547c319c565c57d2757233f3bafc9172a75517736e06cb9de322524e68d679f171803f5c293cfb1c4cca1e710c7a9ff8c0ad65ef18d8

    Download Submit
  • /data/data/com.god.salvation/files/PersistedInstallation2223668698642484662tmp
    Filesize

    90B

    MD5

    69d4b0f6351a96da81cf186826527f2f

    SHA1

    70c3fbb3936e6e81048bceccdf65437ac9a34702

    SHA256

    1f04a7dac0dafef7d8ad641dae374c3e78646df65051928ba632e7c336e0c122

    SHA512

    64dd0f5f89e51e635a94a7d5074b555c20f5494be7f7f6f3bf4364a4545e350aa423ed6646eecf7ed673c8905562566829fc891ded03e0b3bc737854d3834eff

    Download Submit
  • /data/data/com.god.salvation/files/PersistedInstallation3827661941630525061tmp
    Filesize

    567B

    MD5

    058d244ed3b1b46f49b469057b47efa9

    SHA1

    50034e9edfa272409761613d295a8caa4475e0ff

    SHA256

    af038abb9da486f60a56a342f19cd0b84a2cb8eb8fb45cc9aad8eea9c23d68d1

    SHA512

    d25d94b3c80f1c74f60ebd850af15cb5ff3b7d567ee136bb77491839d6688f33c202edde098046dffa77e8c174d1557ed02eaafb2a54c69f0394474a7bbeb2d0

    Download Submit
  • /data/data/com.god.salvation/files/profileInstalled
    Filesize

    24B

    MD5

    45554acd5eaf9646f7a44ad92602dea4

    SHA1

    ba949fe656c8753b063b7c919995bb5aa64b86ec

    SHA256

    76d5473ca23965929e4ba1109dd84ef0e2771073f70a9d637fa7391de48b800f

    SHA512

    e23e905475f857dc72ed652fb2d62a7f9ef387fd496822171e76a492cabe18fc4d78d037e04b5212ef6317c80f94847601625058785bf21f913b844b61af1e2b

    Download Submit
  • /data/data/com.god.salvation/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    24eff4cccefe3ba2125dcfb33b770057

    SHA1

    e58db9faa2655891d650e04b71e152594b2553b2

    SHA256

    04e35c3b9f0f74e296923d8fa98f06cdefa102fdc5a75b2bd380e84ef7f5ca0e

    SHA512

    341955d27adb47168283a666af34c271f1c723ebb6369f176ffc8e06cacb3ee419c02591b8ea45c71b8cb981d911345626533dd64591b391da8f016b6dac66d2

    Download Submit
  • /data/misc/profiles/cur/0/com.god.salvation/primary.prof
    Filesize

    1KB

    MD5

    34ec33ec0f6f887939b6a5f6eb1ea4ac

    SHA1

    fd7366242cdbc859ed0f8741ec0d5c99909be999

    SHA256

    74a980e04c82f53bd39109989c26653aade43edb37181d139c944969c6339bb3

    SHA512

    2d07a72aeb64780a6848cc491c20d5831d930b191fec70b40053d2c6e40327bcf4603d454517c21a8f6765e1bff458c7190e8c540454f3b3ea80d81318f00467

    Download Submit
  • /data/misc/profiles/cur/0/com.god.salvation/primary.prof
    Filesize

    2KB

    MD5

    6dced58aa94d2c10175a0bfa40f30e81

    SHA1

    1a89574f4fa54a0681a6f0a08ca4cfc15f283603

    SHA256

    a2465768e5b2dce277423d24b5edb77def433efaecc38162735f9a82943d80ee

    SHA512

    3b9393753155b8ab0267a5eb5df5c3f02ae0aa470c67cb126519529d6da8533c00e483ae38aa4e7c66ce9bfb6130db739ea999231525a43725bfc2aa92368520

    Download Submit
  • /storage/emulated/0/Android/data/com.god.salvation/files/Domain
    Filesize

    4B

    MD5

    334c4a4c42fdb79d7ebc3e73b517e6f8

    SHA1

    71f8e7976e4cbc4561c9d62fb283e7f788202acb

    SHA256

    140bedbf9c3f6d56a9846d2ba7088798683f4da0c248231336e6a05679e4fdfe

    SHA512

    ab93a9e95d70edb06025511cea4e2b8047fb7e1deaf7244fc0d3edf5e7cb57d8fb7b951bdeb3c6b552714878749eb19b9103e64a83635e8885c7d3e1d0fc5649

    Download Submit