e38a6c567605027ce14810313cbfd363b9baa53d554e58d84fd7d936b2f53775

Analysis

max time kernel
139s
max time network
168s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
30-06-2024 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e38a6c567605027ce14810313cbfd363b9baa53d554e58d84fd7d936b2f53775.apk
Size

2.5MB
MD5

c50db87c26a020410ac4ee35bef6ae68
SHA1

00d31e21aa8b1b65f80e464ed01567ce0528bf6c
SHA256

e38a6c567605027ce14810313cbfd363b9baa53d554e58d84fd7d936b2f53775
SHA512

1866d019b17fb302ad083e8e1d54c6dc88956b96907b7326089f914e388fb4c3fcbab22ca058bd9f29d8b8f14d93a6faf9375618858d9a4fc3a49563872b1c50
SSDEEP

49152:MoGIErz29ASurd17S+mWuZYxlFHyJVQ2QbpzcqvganpqMIoTwrswYFpv:UIU2+SurjjugHbvOiwoTwrswY7

Score

8^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

com.god.salvation

ioc process

/sbin/su com.god.salvation
/system/bin/su com.god.salvation
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.god.salvation

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.god.salvation
Acquires the wake lock 1 IoCs

Processes:

com.god.salvation

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.god.salvation
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.god.salvation

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.god.salvation
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.god.salvation

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.god.salvation
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.god.salvation

description ioc process

File opened for read /proc/cpuinfo com.god.salvation
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.god.salvation

description ioc process

File opened for read /proc/meminfo com.god.salvation

ioc	process
/sbin/su	com.god.salvation
/system/bin/su	com.god.salvation

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.god.salvation

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.god.salvation

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.god.salvation

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.god.salvation

description	ioc	process
File opened for read	/proc/cpuinfo	com.god.salvation

description	ioc	process
File opened for read	/proc/meminfo	com.god.salvation

com.god.salvation
1⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4490

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.god.salvation/databases/com.google.android.datatransport.events
Filesize
56KB

MD5
1bd44c90b565b304158e806695b9f342

SHA1
a16590f6b64a5035ad8939601f6cd9ff152c35b2

SHA256
cff9b007bdbf006d185c76827b51807d54d05f4567ff11cba600008d5145f24b

SHA512
175ecd13f98054b131a2a16237c38e6db077a5bdd5d06d7b69e0c5b02ecf83c4df071ed6af820b438f98227f5a07fbe037f6ae923c30c66d1e3eb91c8724cdc0

Download Submit
/data/data/com.god.salvation/databases/com.google.android.datatransport.events-journal
Filesize
512B

MD5
41bbfe8ada9f21231d01ad3a5af15d93

SHA1
0b9108896e1c49f23749055f10d1ac90d4253b87

SHA256
561b92ddbd683c595ac38d6313afccc74d4761cf1460b1c6cdafdd6611257be9

SHA512
d4fd52d89efc31775f5580ee44c406e4ba3da826fb8e7243fe7c5ad763c6b36114422de609735f50575d2de30b131acf79325b114723b5058cee79f56596f958

Download Submit
/data/data/com.god.salvation/databases/com.google.android.datatransport.events-journal
Filesize
8KB

MD5
7705fee8d48731a49e137748147926f6

SHA1
93a28d48c59f847db0f916a9c8e01ee0b252e575

SHA256
f693454d3130e71b1852daa8a35aab5196b5ff5d6099f05d8f7ab533ba9aac2f

SHA512
f17fa37bc432bfe8823b883915174c16b636a668870a1045d16ec1f706f90a94ffc13179c4b7f15c4200f2f96aa89b09ade4250d67d60db7ce35f37a6f792f98

Download Submit
/data/data/com.god.salvation/databases/com.google.android.datatransport.events-journal
Filesize
8KB

MD5
88ba63f8283dc71d53e14795d3e5d358

SHA1
a04e7798675c4db03eb059efe631c60034af1e44

SHA256
a6a0e14d177ec5e81f4d68df393efa0a01e9b85cd30f5e3f1dac918e2ff6bb84

SHA512
1d87c0f12b647b07b43e2fc8556f183be6fc29348a4c5cd2d167e0aa93b9fc3b9e9cb35f99664a3988125f1d953037a9bd7d546c4a51899dce7e8ae382fc37bd

Download Submit
/data/data/com.god.salvation/files/PersistedInstallation2150522112737159024tmp
Filesize
90B

MD5
3e31c29e111565c3a5b436dcbab5242d

SHA1
83e189db6d683cbff0b40b609cd0c9eb812984ff

SHA256
b0f6ddbb905b2aee86388eb2f89cca1c104c52254f3f45fdbd98f2aa6d7f493e

SHA512
dd6687846ac0585763f045d55a2d5b0ebf968d4e8e9b32ff4f362970873dd0e209e40607b1b6eb72c2ddf31ffe42480f0e3f0c010f03cff09e93626a1cc8dfbf

Download Submit
/data/data/com.god.salvation/files/PersistedInstallation877634620915646075tmp
Filesize
570B

MD5
3f99f849d8c71624e2316a2677d1e4df

SHA1
a6979e55589bb848fa9872bd929fee694633cdb4

SHA256
1b084769d0fe5c42b5baae1924f97fdb21f6d529cadee775ff893f3cd9a4837f

SHA512
071e889fac8d008abc14f6cb9fc1ac4f0336c8cae596ecd58a74ab9f68f72ec66a2a11176268918348bb96374ad7a17a4c9cbf2d96e64b92af095e221bb6d5aa

Download Submit
/data/data/com.god.salvation/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
Filesize
8B

MD5
604e5eb2c1c5115dbdda93ec8c109b1e

SHA1
c7e4e013785af30cbfbf49128b7008610eefa23d

SHA256
256662b9de9212317a73f02aecb51822f266b02d441cff74dee0423a369af31f

SHA512
6a5b3e52d8b1280c88281d533bc05ef3bb4457bcd9921479bfec2020ad1b6df9ed3409ed09b71313e08d19eda62c10ffa4826095db92374000422d2a5f483fa2

Download Submit
/data/misc/profiles/cur/0/com.god.salvation/primary.prof
Filesize
1KB

MD5
34ec33ec0f6f887939b6a5f6eb1ea4ac

SHA1
fd7366242cdbc859ed0f8741ec0d5c99909be999

SHA256
74a980e04c82f53bd39109989c26653aade43edb37181d139c944969c6339bb3

SHA512
2d07a72aeb64780a6848cc491c20d5831d930b191fec70b40053d2c6e40327bcf4603d454517c21a8f6765e1bff458c7190e8c540454f3b3ea80d81318f00467

Download Submit
/storage/emulated/0/Android/data/com.god.salvation/files/Domain (deleted)
Filesize
4B

MD5
334c4a4c42fdb79d7ebc3e73b517e6f8

SHA1
71f8e7976e4cbc4561c9d62fb283e7f788202acb

SHA256
140bedbf9c3f6d56a9846d2ba7088798683f4da0c248231336e6a05679e4fdfe

SHA512
ab93a9e95d70edb06025511cea4e2b8047fb7e1deaf7244fc0d3edf5e7cb57d8fb7b951bdeb3c6b552714878749eb19b9103e64a83635e8885c7d3e1d0fc5649

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads