26c66da28ce0ed61a696886af8fcf510a0cf40d14287716467610e21c3645e1e

Analysis

max time kernel
39s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
27/06/2024, 00:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app.apk
Size

2.8MB
MD5

f808f8871b6360e6a1a28e641adbbc27
SHA1

f8ac7955bfdf8f3303cea5a46fdcb359e7a36047
SHA256

26c66da28ce0ed61a696886af8fcf510a0cf40d14287716467610e21c3645e1e
SHA512

07f99ca702e7c8e4db6aeac14dd440bfa30d32a62a8665a527a8feee71bd3ea4868997e875a13b626985f9e84962898d7f0ada412470df8a13050542604acef7
SSDEEP

49152:sfngviGN7xmC8LQqVDVmRErDKv+NH/W1xvidHS+xLMwOMqFO3ue1B0BQHff5JxvA:sfng6C0C8LQq/rDKvgHMOHZxLC/83TA/

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	X.God.X

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:5049

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a75fe412f9eae979c6b3a6e9f4bef7d4

SHA1
730e477af7ae5206ffb85ed208f831bc676dc880

SHA256
7d6e7a38d86f919ab8bf60ab2aa306140b2fb88537e922e6e93362857e33adba

SHA512
f714e1ee906609c8efdfe728b6c72e6f9b31441a3312e9c4bd66f801a883b81075e0f6ef349643dd1bae7c3c416d5338d8e09eaba202c65990f133dbcfacfb08

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c31c18795aea359a11fe9e53982cad9f

SHA1
5c1d6f889a7a6b702a9a6a9360df02937ec935b0

SHA256
437e9906c067b9339660bc3eef2fe62d4fd8ea735a8fc895c31a96f7aaeab3f3

SHA512
bdc89d83d65d0bcc7d43d68d186851209b7e07d661ceb740ae831d74cadf426506a8be5f4db18fbfff49274c23df1212c4d35d40b75bc06f865cd0ac787ce7dd

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
31f64776f152e6f876440ed47dd7ad2f

SHA1
a5547915e7914c394761548442e7eb7dd9ac1d97

SHA256
9bac55deb047a9d722fe41a11a8ab92562bd5e1070f6a8ca493acae1649539b3

SHA512
0e07f0a722a7aad0684d99e9833b3d82ac6cc3354fa240253dfd07d796c90fd4de198939bc299178c154cd46b51b005c7f3559f5f2afc0a8f05f723f432e55ed

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1849618589b14698a0fe46567eea2369

SHA1
e1dc88d6107bc49d78be8da7ad6abf2b23344bb5

SHA256
7af5d1ad2f10e1b70d54fff69637d5955ce7f4bea3a0477ff8067d77daa34b97

SHA512
f2a86fbfe5435c45ce5a9e7183e49cf2ec38c05e67511f576f1f9efb5d63a50f0393883362df55d2eec07d3c3deac5f825413ddcf2bce9bc9584eb084dec87d4

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b41054509166dc7ce4cf60905b01a5c8

SHA1
5eab4b4974346a26d3ad52f49fb1dd8f397ad2d3

SHA256
5dde2ba061b934aa15c3ad249f021854b1dfcf7406586e91d68a7f88eeb251b7

SHA512
525fdd93ea983c56c1df52df023b7eba042d312873bb918465224c3960f19b5d3f9e5d2fb0751b9e6470ab16dd90dcf5d30d522bae2b8e6b1abf80a5e3ae305b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
24b08ae388ea0243478bb7789c27b550

SHA1
935d349bbf984d4c95aabb57cc562f19d5326759

SHA256
e608fb7cb46ff3691a188a3ed17ba2948c6fa33e76d1677f62153d152f451e92

SHA512
4357e8f953b8d891bd65f120fb1b59ca887b8666e7fa09bd887ed21e4c23b0cbecc7f638f04b543937038b9b03b325814cc6b439cfa4b9ba2a8ea0d47b2e37b9

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
c91b23436b6df31811c969d338be87a9

SHA1
185d811e8cc6863229e539beeecdfc6c9c0d4d8e

SHA256
3426134adf517c243bdcaaa5d32acf56d46b854ba12a941a983c742a4497effa

SHA512
bf682253f23e0334e58f996112cf960e1ff8241081a37483252eeb2b7c412ce67b9833f2fd61e6701a342a6fb841663ad666e948188ccf7bff8e1a792a72ace0

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5fd1dbc2c3e183ffaa16250389db9359

SHA1
ca0bcd5a4cc38f4e2f058d14fbe120d2bde2bf5e

SHA256
a16aa89b81f89688a60b2cdf77f89c4cca581a225a1fe00de5063a117da0614b

SHA512
3e0d101b7d21faf84b3fd249e80f5eafe6cff48c68d53cffc0ea1336ea028affcee4c96c446d71bfed8774cf53d3985c34e292aa5b6d49171936b54027a768a9

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
ba0248bd0a57ed56ab6c899b5b07e99e

SHA1
955db51fe7ac5435d759a60759d4d6a6e4a00c9d

SHA256
234f1c61fb71e7b87f60d912cc63a92347efa005cfe9a05e549cccfe9469a8f6

SHA512
00ec40b8349188ef747a966935f754ce74e8d1bc5f63a883ededa085c9ac344629b969c7bdb76463e1b95e7b6a95f4b28b0dd1f90b3230e87b31323ab9015b9f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6f16b2f5621d284085510e53b85773f2

SHA1
d43703a9a0992bdc6aeb0cf7162129545b4d03f7

SHA256
c67cdb951f3b45ffca0493f97b40a92863a08c723bf5a60662ff2c21a95a5ac7

SHA512
50157e8e243b5381ddbf8ed86c68f633ae01f0bdada5ce7c45e56f6b097f433ec63b756340dd9976d80e2a025c6f17e3cf69a62d1f8952162bb555ab45a4447a

Download Submit
/data/data/X.God.X/files/PersistedInstallation6228239380792823327tmp

Filesize
567B

MD5
a78ac95e82bb832ee05333a58d5e3cbb

SHA1
c453618b78d69c69fdc96d26feeb09cec340a828

SHA256
a13c4daee0e0a5c534b1802da1b294c7a740284a5c5029614895d04b140512d3

SHA512
2c8665074c47c7670bff8e71d585e6926c271264212e0079ddb5e8a4e17f39e13e1e898f1e1f724a9a4b1b357f93b78e0b550c2f8a5c0fa9ffe3a20c8559cd69

Download Submit
/data/data/X.God.X/files/PersistedInstallation9036038213142316302tmp

Filesize
90B

MD5
b60a511e5a578eec7a76f7708955283a

SHA1
437fc6f1119b0185c05308e780b572614a94c7b9

SHA256
f8ab3c36a2fa9641e1edcb9b2e0b039c024ef410bfbf83560e06bf28c163ef79

SHA512
3e1b8239ece8b1aff73767682fe454f8b36a7d36a9b92bcb1d05db8636600c61f4f8414f393d7b41e525ad4219773b111400ebeb6355d86567c5799d6daa339a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads