42557a21a58510a23268509e4457921f81b507b9d407e42f3365a6514de1baa6

Analysis

max time kernel
20s
max time network
185s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
08-07-2024 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

base.apk
Size

2.8MB
MD5

6bac095ca7c3546e1764695f9c09474f
SHA1

5d729d4f4fcbc98681ba7b1478ca89b1131a0d8b
SHA256

42557a21a58510a23268509e4457921f81b507b9d407e42f3365a6514de1baa6
SHA512

0bade827030293dea806ef2a5dbd31e37969759898d6541c82116281f7b8f81f92155618df1fc4743885359b487937381f225274cee60c7ba6e8cca5f2aa2ed6
SSDEEP

49152:Eiu3F1J72GkfbDVJZYhXnT9/gHKPE7Zi/cNzgLNNGjCYrHPgDf79:XYFvaGszZYhCX7McBITk9I39

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

X.God.X

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	X.God.X

Acquires the wake lock 1 IoCs

Processes:

X.God.X

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

X.God.X

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

X.God.X

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

X.God.X

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

X.God.X

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4971

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c10c518a06501c416489487fd35eceda

SHA1
7d401dcd9ae141a17cf5d397e193f345d23ba99b

SHA256
08a722069953974112da73ddab6329ef82940f1d4ee4db57dc5c54824761bbbe

SHA512
0f03deae5e42c6723c1932cf8de1af218a7d475e6fb72d8cf2c3bcdba735e3ec721af5f51af3807b60663024ef47125d29e1bd36d986b81e14459188d31a0109

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6d8ab2e6cb80a96d8a36e2c7e0cff6e5

SHA1
d65219be144737bd43b895ff96df6e6c145892e4

SHA256
beab3bb73c276cc9b4c4e212355bf6da99e749ec3077268edacd1cae2abb1558

SHA512
1c3e711e7f34d076e582ad348855a8ba512d7fec67f53e87ba9b0514f581e27865c32d319cedd447d169754825d587f73872710c07e07710b5ed81f3cfdfc282

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
317bb28343a095925e8f2d6380a086b7

SHA1
5c301f94607a2f94057334288449153d35181647

SHA256
00cb025c1f62d61710c9268eb6a24243b64879d2d54346355d6aaed5b145c360

SHA512
ba66c7873f7e1f8669701a8f79218876eaa56ee90bbf20205e11a35a8e04824d7707b59941a1a62e33565abf6345a8db124f4d8dbd7fdc48ed5eae414ff27f07

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2062bb625fd88bf1f28b4d0a76c108f0

SHA1
fa0f86bbbc69d516b575d7029ccec98fabf2bea5

SHA256
2a22665e3328c4725fd8700000f5aef8a1d2d5de8f12c1dd29e7252ce66740a4

SHA512
ecb1b822dad060365d6ed9c242b3e5327408467a06b1ee2816e168108173b1bbacc82aa47a326dc4b9902a5499b0bbc63c9590dda4cb08081d4a57465fe42695

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
4d4c502c8ac36905614e687279f1e724

SHA1
ccf6ee4f0318517e113c758dd207345c30384d31

SHA256
081d798ee49a3d12419ab09d7a224c6c0b85fd5f3fb9737b2d407e985aae4f9e

SHA512
27cf2cf8706362aaa35087103be78768f9466c92cc4c7b17e7a12282b175d85d6f035b455f1002638b255204f0223445692507f3457771bba964d73597400742

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a78002e88faef956feea76be8ab1c091

SHA1
0e2112eced8de256f3b0ac2a8bf66b71618652b7

SHA256
5d0f65ed99e38196bd412a1d7bf03565355e817a56bd8cac62fa9ed2d7e0c6b7

SHA512
1832b4f3ff051ced0025348b96da8f6efd4c46ad0c3ea633281ad9742e3b13ad010aa2f2d6bf78741b0ec1c76066448a15782d6a8576031fed1fb4bfb2d6f6fc

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
c158000c37e87c40aabfe1812d90e3b2

SHA1
16a793395c9daa5d8ca54bfbaf172e66b514611e

SHA256
a52901c40e66d1a4eaad01bdfc3aa2c91927be6d56b6894ac0b3bc6cd4a20e4b

SHA512
5aa254fc814d067a1b9326514cd8f27e2046a39ed7f501b64e87c659ca35020fc164d9f7e0a0a9213a702daca5f3e423eaeb16c679fc76abcfb5663449cfc447

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f3f89f622bb0e51872bdc7f0439468a6

SHA1
29c1abb2df57023a50d959180647b4bc88212c07

SHA256
383c63719f2ccb26e32137b296c68d5f1289642a0a47442abcc3e0ffa3534df9

SHA512
b74e1c651c6908a8cc5be504cf11d5a767e9e8d0247760a812d50c4be55762206b4397d38004489fb16c515873d97bfa47031b4a3b4c7619e0dab5da81b9ccbb

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
5eb2b70a0dd3bfd60c747f5316bb169b

SHA1
f1f95a2b8691e3814f49280500f80d534f4c934f

SHA256
61f0050fae5fc493ded25953323709e6a397eb340f170673bbf5f8be7a890996

SHA512
57bf794c826d558f3e37e4546a95126da4e7bfe8ed48145c537fa095d25a3233218a9fe25d16ec24f6929d352cdedb0f5c450fb4ce11775689f9cc2f3840198a

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
9b8527f04a34cc826829a064951e0785

SHA1
5a9a560574e1cd8508b1ed25a4739428ca854a77

SHA256
8e7404723fc4414691a3c8504d4c25fc49fc3444900543d2b90ae6001826084e

SHA512
cf80882cac6827ded61416935043c18865d03b16306976163249ad0ad2ea5347eacf6105a002b961630f4f3dc3ef8099987d81af007c331af8e931943cb0b134

Download Submit
/data/data/X.God.X/files/PersistedInstallation2388754558086105502tmp

Filesize
90B

MD5
aa26e4c908ccb5b1d8958af2b0d84458

SHA1
9353ea7a15ae775ee80b3888b1d874e124131735

SHA256
1cb09ff31fd58aa636c10f44a40006e178eaadc659a99225d1d4d256a0a544e0

SHA512
28e4e9540e466772d776599357193c946099c42b10645eb81854fe26f1e44c1b71d34faef5f6dc990a1093bb2efbca03d54e759131ba0ae89709c2e0ec565e9f

Download Submit
/data/data/X.God.X/files/PersistedInstallation3625676172271023821tmp

Filesize
569B

MD5
dc881d6483055332e6692147ec8d683e

SHA1
fcdb2251d59691dfeea37e4d1cd84235c940acd3

SHA256
33d174f537f8fe06b7fc68d510ac5815655f7be8c98fd832ad4283ffc7204053

SHA512
e74bb62587e842c167431eec3a5c83ce0989ff07b68ec76eee73c9580afa284ecfcc5196c1b457250103b21dcf09d75f282f1fc11b70c4b53a1a0b87173a685f

Download Submit