Analysis
-
max time kernel
139s -
max time network
168s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
30-06-2024 22:09
Static task
static1
Behavioral task
behavioral1
Sample
e38a6c567605027ce14810313cbfd363b9baa53d554e58d84fd7d936b2f53775.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
e38a6c567605027ce14810313cbfd363b9baa53d554e58d84fd7d936b2f53775.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
e38a6c567605027ce14810313cbfd363b9baa53d554e58d84fd7d936b2f53775.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
e38a6c567605027ce14810313cbfd363b9baa53d554e58d84fd7d936b2f53775.apk
-
Size
2.5MB
-
MD5
c50db87c26a020410ac4ee35bef6ae68
-
SHA1
00d31e21aa8b1b65f80e464ed01567ce0528bf6c
-
SHA256
e38a6c567605027ce14810313cbfd363b9baa53d554e58d84fd7d936b2f53775
-
SHA512
1866d019b17fb302ad083e8e1d54c6dc88956b96907b7326089f914e388fb4c3fcbab22ca058bd9f29d8b8f14d93a6faf9375618858d9a4fc3a49563872b1c50
-
SSDEEP
49152:MoGIErz29ASurd17S+mWuZYxlFHyJVQ2QbpzcqvganpqMIoTwrswYFpv:UIU2+SurjjugHbvOiwoTwrswY7
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.god.salvationioc process /sbin/su com.god.salvation /system/bin/su com.god.salvation -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Acquires the wake lock 1 IoCs
Processes:
com.god.salvationdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.god.salvation -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.god.salvationdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.god.salvation -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.god.salvationdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.god.salvation -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.god.salvation1⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.god.salvation/databases/com.google.android.datatransport.eventsFilesize
56KB
MD51bd44c90b565b304158e806695b9f342
SHA1a16590f6b64a5035ad8939601f6cd9ff152c35b2
SHA256cff9b007bdbf006d185c76827b51807d54d05f4567ff11cba600008d5145f24b
SHA512175ecd13f98054b131a2a16237c38e6db077a5bdd5d06d7b69e0c5b02ecf83c4df071ed6af820b438f98227f5a07fbe037f6ae923c30c66d1e3eb91c8724cdc0
-
/data/data/com.god.salvation/databases/com.google.android.datatransport.events-journalFilesize
512B
MD541bbfe8ada9f21231d01ad3a5af15d93
SHA10b9108896e1c49f23749055f10d1ac90d4253b87
SHA256561b92ddbd683c595ac38d6313afccc74d4761cf1460b1c6cdafdd6611257be9
SHA512d4fd52d89efc31775f5580ee44c406e4ba3da826fb8e7243fe7c5ad763c6b36114422de609735f50575d2de30b131acf79325b114723b5058cee79f56596f958
-
/data/data/com.god.salvation/databases/com.google.android.datatransport.events-journalFilesize
8KB
MD57705fee8d48731a49e137748147926f6
SHA193a28d48c59f847db0f916a9c8e01ee0b252e575
SHA256f693454d3130e71b1852daa8a35aab5196b5ff5d6099f05d8f7ab533ba9aac2f
SHA512f17fa37bc432bfe8823b883915174c16b636a668870a1045d16ec1f706f90a94ffc13179c4b7f15c4200f2f96aa89b09ade4250d67d60db7ce35f37a6f792f98
-
/data/data/com.god.salvation/databases/com.google.android.datatransport.events-journalFilesize
8KB
MD588ba63f8283dc71d53e14795d3e5d358
SHA1a04e7798675c4db03eb059efe631c60034af1e44
SHA256a6a0e14d177ec5e81f4d68df393efa0a01e9b85cd30f5e3f1dac918e2ff6bb84
SHA5121d87c0f12b647b07b43e2fc8556f183be6fc29348a4c5cd2d167e0aa93b9fc3b9e9cb35f99664a3988125f1d953037a9bd7d546c4a51899dce7e8ae382fc37bd
-
/data/data/com.god.salvation/files/PersistedInstallation2150522112737159024tmpFilesize
90B
MD53e31c29e111565c3a5b436dcbab5242d
SHA183e189db6d683cbff0b40b609cd0c9eb812984ff
SHA256b0f6ddbb905b2aee86388eb2f89cca1c104c52254f3f45fdbd98f2aa6d7f493e
SHA512dd6687846ac0585763f045d55a2d5b0ebf968d4e8e9b32ff4f362970873dd0e209e40607b1b6eb72c2ddf31ffe42480f0e3f0c010f03cff09e93626a1cc8dfbf
-
/data/data/com.god.salvation/files/PersistedInstallation877634620915646075tmpFilesize
570B
MD53f99f849d8c71624e2316a2677d1e4df
SHA1a6979e55589bb848fa9872bd929fee694633cdb4
SHA2561b084769d0fe5c42b5baae1924f97fdb21f6d529cadee775ff893f3cd9a4837f
SHA512071e889fac8d008abc14f6cb9fc1ac4f0336c8cae596ecd58a74ab9f68f72ec66a2a11176268918348bb96374ad7a17a4c9cbf2d96e64b92af095e221bb6d5aa
-
/data/data/com.god.salvation/files/profileinstaller_profileWrittenFor_lastUpdateTime.datFilesize
8B
MD5604e5eb2c1c5115dbdda93ec8c109b1e
SHA1c7e4e013785af30cbfbf49128b7008610eefa23d
SHA256256662b9de9212317a73f02aecb51822f266b02d441cff74dee0423a369af31f
SHA5126a5b3e52d8b1280c88281d533bc05ef3bb4457bcd9921479bfec2020ad1b6df9ed3409ed09b71313e08d19eda62c10ffa4826095db92374000422d2a5f483fa2
-
/data/misc/profiles/cur/0/com.god.salvation/primary.profFilesize
1KB
MD534ec33ec0f6f887939b6a5f6eb1ea4ac
SHA1fd7366242cdbc859ed0f8741ec0d5c99909be999
SHA25674a980e04c82f53bd39109989c26653aade43edb37181d139c944969c6339bb3
SHA5122d07a72aeb64780a6848cc491c20d5831d930b191fec70b40053d2c6e40327bcf4603d454517c21a8f6765e1bff458c7190e8c540454f3b3ea80d81318f00467
-
/storage/emulated/0/Android/data/com.god.salvation/files/Domain (deleted)Filesize
4B
MD5334c4a4c42fdb79d7ebc3e73b517e6f8
SHA171f8e7976e4cbc4561c9d62fb283e7f788202acb
SHA256140bedbf9c3f6d56a9846d2ba7088798683f4da0c248231336e6a05679e4fdfe
SHA512ab93a9e95d70edb06025511cea4e2b8047fb7e1deaf7244fc0d3edf5e7cb57d8fb7b951bdeb3c6b552714878749eb19b9103e64a83635e8885c7d3e1d0fc5649