26c66da28ce0ed61a696886af8fcf510a0cf40d14287716467610e21c3645e1e

Analysis

max time kernel
35s
max time network
154s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
27-06-2024 00:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app.apk
Size

2.8MB
MD5

f808f8871b6360e6a1a28e641adbbc27
SHA1

f8ac7955bfdf8f3303cea5a46fdcb359e7a36047
SHA256

26c66da28ce0ed61a696886af8fcf510a0cf40d14287716467610e21c3645e1e
SHA512

07f99ca702e7c8e4db6aeac14dd440bfa30d32a62a8665a527a8feee71bd3ea4868997e875a13b626985f9e84962898d7f0ada412470df8a13050542604acef7
SSDEEP

49152:sfngviGN7xmC8LQqVDVmRErDKv+NH/W1xvidHS+xLMwOMqFO3ue1B0BQHff5JxvA:sfng6C0C8LQq/rDKvgHMOHZxLC/83TA/

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	X.God.X

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4993

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7200500451bf57aa3aaa1857a187f6ec

SHA1
169d3d968070fcf7ab56defba3f581dcdbb7e464

SHA256
61906d2d2a12d46c1deecf97b8364a0b1d8c261e3885b34fb543d61bc8f3c15b

SHA512
a8fc380a1851c62842f4e41db64de888be1191a7f0c91fba080b2bd2bd85942ec5f2801169e3ba0ea259745864d012c8269a02712b1a52e35eca6f6ed9738085

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ffd77de2eeba81de2ffc5dd89e3d190a

SHA1
239a69fb7a5e1ec02f4e4f1230ee25f9ef76ea7c

SHA256
dd3e3832ac83604a4982a4ac33874fc4e5c224dca26ef773537e0175b76de5a3

SHA512
d47f7a9711beefceaa44d81abf10b0ca9396a1c702ed3ec19fc91612b0978369a5fd646e84dcbe4d373a6e54710bf383f76bf270307d26dc03cb242e28aecd0f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
121a638e6e357a712247ebfab18996e4

SHA1
28e029d8de3dd01f8bc1b9787bc79ba466257a39

SHA256
63233dd5c955f0c9bd3b16d658e50563f5e10d31d8645eb78fe074e1088c4b5d

SHA512
4473a44ac597bd91933336674d20a8fdebb4724835f34686a5fa2af3f8cf971945c16b9bf56f9e6eeecf39da518a8bf828278b7f7748ef0ec9118c2def81b216

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
799a00d3da1c2e562f8b4e23e35f53e7

SHA1
c48c8f56bdc76943088c88cc4f5be26fdbba42b6

SHA256
af37632cedf1d679894e151b1ed053d0ad8a2d27b0464d87178394590d5763dd

SHA512
c52faa800f79cf41faeb298466d08bc055f6ecee35b7ad907edb46b27e04bd106e0760f5727eb192c0a935e34afeb487e6c889eea669e9f611251bacda3bd4e4

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
33df5be87f38c9215f75f7ae5a556b4f

SHA1
7b7f25c5e566b10af3d6abf38fc43a279b6d98db

SHA256
b54cc8c9d554526f73e370862c6df033cdefe5fd7289e5721572526c7e8f5509

SHA512
02bc4639c8d7aa2b8c53bd2e9c4c617454b63990a4ad759616a5e64f411066ca49361a8e5c7623a6e4f0cae5e3418c5a5c98b4d2b5f8e70267e06ae8b28977ed

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ae8efca4437b743443833c1f3329cde9

SHA1
1352e5ed4c759b06ce0de2ed1d9c97226844cb1d

SHA256
e0e5a99ba744de0446eb776aa28bd2c4264a3861cbcf2643cdfc8e3638f946b5

SHA512
8eca6a8c6a085fa82789b17dd9365f5024d6daa88b0ede20c4803adea2576f9e3782a3fac7bba2c04a66512701272839d6d3cd5fbea172d9de97f82afeda4b90

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
06463080a85fe90218cd7a4dd67fe71a

SHA1
dc20ccd4a445428fdc9b55a3cf12357f8862c764

SHA256
d81dec148f3a986db241155f70d2288512ff480eeb5e476dee139a1fc8842d32

SHA512
dc6db6a46d492f1879c4a124777362fbc2da077b1e14c6010bd46f8e8965211f6894fcff95eebbc104b313637582dfae51764841e5d5f043bc5b7b995ffd3b66

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
8fe8f3114e169cba351c371a4df47f73

SHA1
53fa4f5bc5a1a6607ca181bf5bb9ffc3e58e9e2c

SHA256
998d28af9ae0b4470f257fc2725b6784dd9269741a53541594aa8e7ef73edefc

SHA512
8ff3e277d9e69339a47e737c0b140dd5428d6b927ddf78aa1cb8ed98cf5e8c793b3876e00683da594e7f8659c57cfa38ddd5ba3ef152510d75ca6619a27e2499

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
552e695e6bd895c01ed128f8026354a1

SHA1
5864c450520827b8a8383bf942fa6590041f7ac0

SHA256
63982f65c10ee4503b74614876c86159bde41cd45731b6ff93a7125cd304927e

SHA512
9eca3f8cadc8e6d27691392941657db2a8ba1fbcd534ae38797976f831e8e85172e0d7b0f397193d17d42088a08ca94107b9ec0f64ba4852cdae16aec708b165

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ca809581f19a6895550586645c7cd204

SHA1
dcb471a0949492556ea6a06ce1b714f736b2bf4b

SHA256
4680ff1adcad63dc63ac61608e7104bd3b7c3d2d068a31dbc5c6cb08c2b8a6aa

SHA512
5f2e548ddefdeeb74c0ddf445e307010ec536a401b934374539ec359436302aa9fe57d136f362ff85f4d5f75a27afc646a0510d676b264227a45b0329391e928

Download Submit
/data/data/X.God.X/files/PersistedInstallation7644569037934007562tmp

Filesize
90B

MD5
e66115be738875eb336cec1e6eb66cd3

SHA1
ba5833e46c6acd20c9d8f8e84547347c2f878346

SHA256
4586230e3b281e599efb6fb7e714fe75f8e793694141ea61ee3053ae69e72562

SHA512
428126d1df5e7af34f38a34ca5312a93f3960af240453e118eafcb09502230c7773e8e794fc6a3078d4f24e4d5c492c73b72cf258bfdc5bbfdfe0a8684ff1d07

Download Submit
/data/data/X.God.X/files/PersistedInstallation7649755739544170235tmp

Filesize
569B

MD5
144afcbc28ecd192679b8aa1e88d1c78

SHA1
9aa63f9b048b9623c3624cc4826abbaf8cafd130

SHA256
480e956a8e25d645ad46333a9dd618a4ae3afcb79f0f7e282253f3260169212b

SHA512
ab819c7fa08abb7b6d6cf3e1b15480107c3c33fe1a43573973807d2cdc35cc5e2245743eefe7fed0cf6afe5b9fa2a3f598b08f58830ea1f16bb3dea86075cb3c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads