b0b006464c4eb6ecc09ebbcea91f56822f97bab9d8e4341d362ed94257c76aa2

Analysis

max time kernel
47s
max time network
163s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
08-07-2024 00:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Edalathamrah.apk
Size

3.6MB
MD5

137051f21856123cb25530994883e1cc
SHA1

024bdee3a7bec368a8a460ac09e07e361776451a
SHA256

b0b006464c4eb6ecc09ebbcea91f56822f97bab9d8e4341d362ed94257c76aa2
SHA512

4579cbe55dad6ad44a14b166124fd047aca37aed136258dfe5d976a27e955239568c3091f502fa4d7b11b3136a99e453b99508385812c373f6a74cdc6e2b8c0b
SSDEEP

98304:OAyaNOBvwbNZapFvjvyjJUy1lDB3uQ5ZWqyOSvNb:8aNOFwbupFbvyjJlfeQHWqy3b

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	X.God.X

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4971

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7c8015a85ba5f9be7fde2c20e62b6351

SHA1
9f8052ae3c9300d67422270960414f540612257d

SHA256
6f74520aded2a654743e3fde1436cebb90eea64b4c5e32f667fd325ad70a3295

SHA512
8157c4679050723d366bbc59fc66bd49573251ef0652c4c3528d95268cb05a8c430e26b3440379d476a1f99314260160e181484d2a3de908fd72d092410c3517

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5af69098f801cf72b065e9099d24e0f6

SHA1
7202dab86459328aceb8b3e27fbdbcefd9ec6eed

SHA256
6e81d94d8e42a04f0f2f1938eabbf44956f7bfd19b84d01d1435badd393034be

SHA512
4b2b1451da2f32f6602c56169ec7c1517a2df00af4fe705dfc39783e456ccbfdcc60476bca9dd27472af55c2567be52ce6113e65c6093c4ada27ca9cb781add7

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
987f08b9447265551796e15f957e4cc7

SHA1
536f2d3b70f80de495ab4a4c859cdbd8489acbfc

SHA256
8c090f70afab0b172df1909a1794592d329dd3851795446b7b8e3866164d1a83

SHA512
a190cbaa211c897c2d7f649dc4e782768e5b70d8d9f1b8845e212bf5369e656fb4b8dc466bf024439ac52ebdb6c0716223bec70531f2e57e6845f85b313478e5

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2a8de302b0e97cde533ec334203b0b4d

SHA1
6b8741fcdc0d64e190f85869037ff5023b88616c

SHA256
738dc4788febdd7f8023448735319b1d5aeb22680da5fd2bbdfeddfa8383bba8

SHA512
1809daf5e9ca4331dc0893046f45d230e1f9945c08a7f8d89d86a94d28b52ce9ddcafff6bf0f315704d67f3b1ef55bf33570f49fe36fc03f575aa19855c24982

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
d7d47e84ef25f17ae399ab2faca20d23

SHA1
d07809fa49ccb7227468845b96713f10821b8889

SHA256
69a69f3240693bbc0ee9479a5589a1ee6fccdc6b948095d79cf97ec24d2d9414

SHA512
280119075018dd94bb4b9db9558e728ba786378280dd51f3042270a6b0b5af92b4f5a0e7c2a574b04f0944f770881b82b5fbf64faef479eb4bf2f363b1cad856

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f71e4f0f76bedb769fe14c995470da6e

SHA1
9bf7ceaa9243903f188ad486822a741b13c4bfbd

SHA256
0bd44d124bf66b702d305e4fb445c97b6d3462e3d5cbab0a63cdfbc66704a624

SHA512
488e8fadb07898501da0ebcacf3695aa7b724c6a7b599b0b35d9f97525adb56a1c51f1aef69f2b134c107cc6796a7c39dd519ca76cc90f1e0302771d3bd1f1fe

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
da8aac3d46c5aa8e30d58c56c435f8c4

SHA1
6e0107eeeefab6664b0a2a199d7ceaee4d2519ce

SHA256
b9ae5e1b486e1b7b691a8cba4239ec25b9ef68038fd550bf880d465a59ab9e47

SHA512
feaea2aea60737fdceed40fcb607ef404f384b787d93dccb7498440c2d826e2f586eab3b36a68d9c483912f84127579bdaf74238881ff706040ad57397a278ec

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
e7f7bb8b6a3e69b1758e9c05100903ac

SHA1
1d1e56581c624186a22c4ad1d1d0bb703b811c19

SHA256
61f9722fc6a64726db5825f49577cf9dc5705be8347a0e8b735deb2463ff1054

SHA512
35daa350d89296a9f4867eab9529a2f12e8f833a362b559c7653a6646d4631b9c1ae47b2dc5540de8304c25cacc01a6c7643b9e0fef3611e77d2a793e5e85dcc

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
69d64d001c1db59fc8ddfd53b109e65f

SHA1
2f00b6a38074aa4a8e190ded365b47e7399e4718

SHA256
5a69b315472524582818c3fda70a95be8569f4d30e047af9b9007b877644d897

SHA512
65ace9fd96a23c27dfa3c99089f8f75d5bb32c7e960b9f67538a7e4de720ca2c8c7710a139adac9c6760c8abf3504447f359751c48466b986e042da7aa07b58b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
d7f24decb6628dc82c7318cf6e871b1f

SHA1
264328e7d82bfb4f90a947042a2c11746a6da155

SHA256
96412e3940cfa4533871a06834b9f865623d07b9972baf3ecf42eabc56af17b3

SHA512
f1b19d796561b6aa0e16928f95a6f510ebf6994e07aeb007c31b1fd1b358c5f50504ef01ee8730ef92824e83cdbeb569726f71b1899cb15fa46de59ed0eedf1b

Download Submit
/data/data/X.God.X/files/PersistedInstallation3938974881487511549tmp

Filesize
90B

MD5
b83359d2862a2d666d405e92701ce9d1

SHA1
c587d4e87552dcc11e7a53cd2098ae0417a2a802

SHA256
be5477307cc7270445f83bdf4ba335bdeb6769b302542f46fea30cfa1d96ba73

SHA512
8685c1ab50ce9a6e3f0b4c9f4c262dfb61f96eda111b7250bf39e84234dd9bec4c0e4cc500fa1e48256311e92701b0a2b5e8333d5545c6ff870d9ba0d5f0acbc

Download Submit
/data/data/X.God.X/files/PersistedInstallation7655960430538010435tmp

Filesize
566B

MD5
4b5d31897c4e79c5924cf6fe06b8a3d1

SHA1
755b2b0c13e7fa144e573def1e7a91e806dd0ab5

SHA256
55d95e62d0b071f306ca1b3503ba5a0381034cac882e56f403dc6579bfe9495e

SHA512
668b10f4e12f1671566e2cedf50efad6efbd5da5ab3c867964d94f2687e6756269f1ed9ec90c858b5b2e4a0123f1ce512e825915871f2a8481ff2647f988fcad

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads