b89ecafde09182f1b0eaef752d5a146c465e49d51840a9b571a63d359fd5efdd

Analysis

max time kernel
20s
max time network
130s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
08-07-2024 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

base.apk
Size

2.8MB
MD5

ff04ad3b47d9b71753545bc02dc8c33e
SHA1

184b7979dc29ce42fcbbb033671fb928e695331d
SHA256

b89ecafde09182f1b0eaef752d5a146c465e49d51840a9b571a63d359fd5efdd
SHA512

6937975030162551b38e8d91a35b175009be470d66eb30992a460c3c9275f16e8d58295a7a20cc5e544cfb3455ea247d3c22dc6212d791de06c4ea6758dd9d6f
SSDEEP

49152:mPSe9096pV6rX+Q1VpBaHoIkoo59X9SABZ+nm98mFBXAwtWk0ESkbUxpP:mqe9b2rX+QFMIIkh9tSABAngW6qP

Score

7^/10

collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

X.God.X

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener X.God.X
Acquires the wake lock 1 IoCs

Processes:

X.God.X

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock X.God.X
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

X.God.X

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo X.God.X
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

X.God.X

description ioc process

File opened for read /proc/meminfo X.God.X

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	X.God.X

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

description	ioc	process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4631

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7f8568b6feb71806f4e4d0a7b5f7e015

SHA1
58b79440c1e2faa655d52375cf1865269ae92a7e

SHA256
7dada73196822c8e9fcf50d5f4ba3d29b2666014adcac23683484df46ebe3acc

SHA512
93761201ccc3f65602eae615113db50c275d7dcc90d2334e7259cb648db72d766fd7f00be6de804aa9e332de1ec5dbe3abe258d16558056f5c67631f733a19ad

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
93370daed61e14a6b463b9faa7de331d

SHA1
d1533e6998f69a112af4d00853f919592de98a6a

SHA256
fbeb3f0e9c79de867d44100fb965ab79d0c762308589ad3910270dc90ed7be0d

SHA512
f136b69d067cf81c3785bbfbf4c8be7ba0f82786ba10fdf3bf6068b23fa972ddceda90906432adca44283917feaa31401ee3556666c65c5cce6749e9840a4df1

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
34e3967cbb8d55387ea69f8d4e7685fa

SHA1
445e796d72650082a838a7c0aef1fb6983e3b257

SHA256
45c5a58e13663c5fc05d8dbbce9941d5f01a6d42e973d20bbf41084a8f9fc734

SHA512
0c7b892dab8fe0af4c2d869100d08c2348b950f24655882610414a1bc8c5061a4c0ff8fd77b2de114dac60491c082e50524719eb68599901f402bf36aaf5d640

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5501f310620f1d244d2eedf099ceba79

SHA1
4963939bd34281fd2f2e257b6c5f0010b61112e3

SHA256
7bb0f5b0c23b8ce0072fc02c647ece3b575041aaca5f4cb5e937fa608ff4b9df

SHA512
c2c52d388738d5d030516533d90b7e1000298b7e4673ff44f8714af9f93678a5501ea825a82627be3f38e68c1411c16dd96ca58ea57fecdf7a3567b3034cb0e6

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
de82e2c94d2718988804b035a46d17b1

SHA1
705f5ff19093ad209f2a666085d6ccaed3bf58a4

SHA256
29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39

SHA512
68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
14938850e89d496912c69d32454b3f41

SHA1
88927462e3a516468d61d53854733bbab30f7866

SHA256
5b50da1e909db6923fd96947effadb1d76d8d2a2d4c4f35ff552792cf8e1afc2

SHA512
f553d10cdf083a61fead095c233612f91a4e95cc44f521e2d04ffb9588e8598441d5942b6e0bd882e36afb53eb6780f756902df1796c5c992309c582811389b6

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
8f1561e7d53162deb727a6afdcbde97d

SHA1
226166733db662173e09f08a17afb6c15eff5833

SHA256
b123f8179f86a76cc89998a60e5b42622954448994203bb9c7e9d32f8aa54d7d

SHA512
01d4c18f4c9547ffb628aefdff0862da84017b66d0f1a4a1308d506775415aeb347d64db9f0bc6ec9b668f6269d0d7fb4800e3aeec04f11d7f59e91f7ddb589e

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
65e75385b6568125058b00cc40c929ce

SHA1
7744f770179f5c97bdcfb6df45457506792f439e

SHA256
082d34b2f75235b89a5f1cd579caed27a957e42bbbb7b9cacb25cbe9da3beb79

SHA512
d1a1d44965be11283e1925a8bb88a08fd04cc91a69dc29e306df4ddf8c4b30e8a2ce86b85488dd66006b2711586fc492ce0f344d83252fddbdb94e9a75a00125

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
08bae59ed48c9bd8092a01a08451549f

SHA1
9957440155a12f292747a07aebbbdc375f1d22ae

SHA256
97c005311226440071147f65467525d7c68061120ebb0699799b5e5e323e8af0

SHA512
52f508c8ca1e10c1965f3cab6d5aa21b605bab7c0482e0ba2c20564f1a9b67e8c470b97560af8490bdce5403af5b6b8b6f19f3239596bcb2f24a25c9329537bc

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
a7700ec82092d8fa8f61cca639ca41e6

SHA1
be4ee97db18443e4a08e94264bde73acb1cd5d02

SHA256
7e38e06f88a7534906fd5bf0294501fb97295c001485f9e21bf35a8006646241

SHA512
155e995aa4156c6758e12a135ac4cd6314fc725fb0c0ca4b4bb4923c0d56c909ddc8de32f003c127d31ebbd64970f172fbe48420008aa0e702af8c20c0792fc0

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
75880af168d9d1b7d4966cdd81ef37ec

SHA1
9a0dc5a1d9ca3ddbada4a978a298bfa7b4e12342

SHA256
e92199e427c59b84b057820cf1f8503dd51395cd0fddc5fbc97c2b2512ad113c

SHA512
adb3fa49434a03d20a0b45274ee8e16d3c9a3e570a783c763cb27bb544802860e57d6f807392c20225ff20e708ffb1092efc6c2730fe56c8943795f86f9390c5

Download Submit
/data/data/X.God.X/files/PersistedInstallation3363361884063225117tmp

Filesize
568B

MD5
6e171b823d6df529e0a373c4ab7daee6

SHA1
8a37ef37401a6123e894e9545cd4af02c1629b18

SHA256
45365ebbc2c79bef8a7a828be86afb64d3b69db898b1abc93bb5e305f90f7a6c

SHA512
041380a5db46335d14830fd160e064d86f79bbfe637436d6a93346205d5887c1485a6c97ad9f2015c96c5a9002d2dac8914b5299b0578dc00a9ddd6c6b3b00aa

Download Submit
/data/data/X.God.X/files/PersistedInstallation4081006787513859241tmp

Filesize
90B

MD5
d7954efca6f16e4ebbbf8f6d76bd1ad0

SHA1
ce826d2e6aeebb6659b4d415dce9312fd447e04c

SHA256
4045ddea618cc8fa04297a30f85622877f4c950d9582b554ac95c63b625f7093

SHA512
f486e81a15be945546fa3f26a4a37bfc22dc621edca7097afcd9eb62dd02e66f01c3268ca5f79e5866c0bccbb3920b40f8e6c004e78e71d04ee1e3eae93856ea

Download Submit