b0b006464c4eb6ecc09ebbcea91f56822f97bab9d8e4341d362ed94257c76aa2

Analysis

max time kernel
50s
max time network
151s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
08-07-2024 00:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Edalathamrah.apk
Size

3.6MB
MD5

137051f21856123cb25530994883e1cc
SHA1

024bdee3a7bec368a8a460ac09e07e361776451a
SHA256

b0b006464c4eb6ecc09ebbcea91f56822f97bab9d8e4341d362ed94257c76aa2
SHA512

4579cbe55dad6ad44a14b166124fd047aca37aed136258dfe5d976a27e955239568c3091f502fa4d7b11b3136a99e453b99508385812c373f6a74cdc6e2b8c0b
SSDEEP

98304:OAyaNOBvwbNZapFvjvyjJUy1lDB3uQ5ZWqyOSvNb:8aNOFwbupFbvyjJlfeQHWqy3b

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	X.God.X

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4929

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ed4d089a7df9bfd7adabddcb9286c0bb

SHA1
12ecae4b038d4dd2ca5defb6c378ba87eeace775

SHA256
2f5a84821bc1a0de9517ae5728d6bfd6578d169a3b5c685e33a8cc43f5f29821

SHA512
c145a6e4c2f4e525f0bbd5966d39450927fe6774a638ffc5797090041f35617a591beb966f22867056d44be1007882bb3dacc56f35b909ff364a0c7af5695116

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a1eefff1910d4ec00e626d56d63a5be0

SHA1
dd61a14798d137b7030fe855c3f16ad68b96a2a2

SHA256
f8ecd191471a4d439250d054e153bbd32678796180e56ef224bea849891c7e6d

SHA512
1c7146683b02a9eeee8e84866f0b072f691e3f61bcf8f3418a17bb9fea8d93c4230e60a3f0ff3aa00ae4e27e110ad38c01aae02dded6836070ac051bacac902c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1fe02d608a1b94750eff0ae8004b8354

SHA1
d898b4dc5cdede20d0817d087e6e82f4fc2e7dd8

SHA256
557e6b56c919dd06c5d035e17c16571e6922acb0375d25dcc4f905fee3e37faf

SHA512
3c8e9db67ca5d51c2e2d2642cac9f486688a5395b5bcf5ee986f6e4ab5ac0514e33a4fd8b69ec6116695ad034580e739f23d9aa360f7fc52bf5fe830b5704bf4

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
975c0561891e34b9c0c0dd852baaf318

SHA1
eb3a95a8d1eef0c26da446ce1d8c7ae0827328a8

SHA256
92b6946bd549a2ea1f45174a6d1bee43989468ba5569d5e81cab517c339fc2a1

SHA512
8a98db74fd5338d8802c70a64e078a31aec5637b6117c1d94c6273aee6ce4833c281abc6a48f11c456e9b5bc3b7e2872ae75b238575c8b97f9c7185e72dd21c2

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
6320b1b1062a48e5c5d1febf52c2d89d

SHA1
90494a2d37e338fd46a803737944ba0f58d4c56a

SHA256
46f3edbbb89238758b3d3c86a649c73dc5364c2efce1bb7ed59cab25b2c21a60

SHA512
1394d53044cae9ae1c6f960f8b383afd6f6670766003435793ae8a03abcc9d71576e814b8056dce1d10e8fb2f3da673d303346a4d70ce95f41f1b413462f7275

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
07ac89b023d3fe160eaaefb4b7d350b1

SHA1
e5fedb4c0e761e5ee11b5feeda4a0daf03b39ff7

SHA256
4fd776927c03d9c27628c42f0e8c8c9ff6a70864dcd71137f303ca2233b2c6dd

SHA512
5f491d2ca1b976ba196d422237a332fa78c2d37d638d1498089a02f1cffbe9b330b57c6336e5cee40d0488c71ea890102da0f8874475ddff1fb7a1709b209d41

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
96ff36cbfd944a3123fb37413545c2f7

SHA1
e36820233f12d3087c2adf12163175a24c0cd7ec

SHA256
74891880bc2073230e3e252e6c22619e84b63240f0d3499c6ced150da288f6dc

SHA512
6f978aad6315b7d0f6e0f636e8fd18b2b3bd5aee3ef06c3890caace52859b1aff4e0c9cb56732213ef6a0e1b5d7c7c5710f7e3e669f93097557f8002a410bd2c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
3c7ddf4a9c899273e1961ba036d54ac0

SHA1
840c30ebb77e9a82cbe90da23de1ad21bb554a6c

SHA256
64423b73ef80eefa000fd8ea11620dbe92942d6c8df2161b6dc50dc997c05fa5

SHA512
f5f038fbadd0e0c691275afa5806dee04e2f037380996a1146426b7e4a74669dc25a5fe41ba0f6fc580ae9d6d1f813eb82e27216030fbf1e362db88cb9a8f12a

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
e677022604f5f3154a4a7beaad7268f1

SHA1
b1f35cbef897379338b44e758ea8f457bc9a04e3

SHA256
71bf08031909fd6db59d629e7a70e6b71811561d8fbf9708ed58dd3eee5281cb

SHA512
a476abb5d47a797a76376d72cc4861043c74f09f2b1d86e15939d0bbc56f1022425cf4a4ce6425c252c06ba8078f48995383fbb7fff705d0506cf6dd1d49b6fb

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7632f52e114a59bd5ffd1a903c9c4205

SHA1
e385ac8de7ee288a1e29b7758f103cd4e200e3c0

SHA256
0a0457c5a54e8ee688b64472f1e4b9e0be905843d4a9d45d72d658d2a1f896c7

SHA512
6b62e13fd924a0b22faae434603e7d4e77b0641642d5ee86b665ecb8374349ec15e97de963318076776bdf0817975035265994c0b984ae135652e6cb98f2435b

Download Submit
/data/data/X.God.X/files/PersistedInstallation5441162730549253318tmp

Filesize
90B

MD5
3a7bede85db0b17b8bfd7c2545c65ff6

SHA1
f711da3cedcd5af6ea9cac0a42c05404cba769f2

SHA256
7ee5066ef810792c7051ebbcd6bdb7dfb425723833937796300569caca80a8fe

SHA512
dd295cdea24a61fbfed286ad7bc4f983d0736beba875aee3ba186ec93a46b491f3381f5371ea551b23bcced97cb5be363d89aee66993384d78194bf855393676

Download Submit
/data/data/X.God.X/files/PersistedInstallation6998673242231282179tmp

Filesize
569B

MD5
7d585c69a45096416c8fc0edbb075048

SHA1
de1bd2e4d8463f060026bfd58f0a10d9aebc47f4

SHA256
a8e7f8ed0990f573a8dea1ba398a0f800af1affec9962906f66e772dd862d860

SHA512
c4a62003be485eeb231b766b308677eee9c6b501443d4c2597b01f946373736723ff618c6d9a3988418f2ac4271f166d18e81d6e0a12bfe8c128047ad8026218

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads