b0b006464c4eb6ecc09ebbcea91f56822f97bab9d8e4341d362ed94257c76aa2

Analysis

max time kernel
160s
max time network
130s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
08-07-2024 00:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Edalathamrah.apk
Size

3.6MB
MD5

137051f21856123cb25530994883e1cc
SHA1

024bdee3a7bec368a8a460ac09e07e361776451a
SHA256

b0b006464c4eb6ecc09ebbcea91f56822f97bab9d8e4341d362ed94257c76aa2
SHA512

4579cbe55dad6ad44a14b166124fd047aca37aed136258dfe5d976a27e955239568c3091f502fa4d7b11b3136a99e453b99508385812c373f6a74cdc6e2b8c0b
SSDEEP

98304:OAyaNOBvwbNZapFvjvyjJUy1lDB3uQ5ZWqyOSvNb:8aNOFwbupFbvyjJlfeQHWqy3b

Score

7^/10

collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

X.God.X

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	X.God.X

Acquires the wake lock 1 IoCs

Processes:

X.God.X

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

X.God.X

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

X.God.X

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

X.God.X

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4464

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a8a7b036ce20343535138298ef125086

SHA1
a1680d12cbc4563253a5b60fc7994c120a98f5f7

SHA256
8702c047c06962c5b67749f5acfaa8f891ec2c2a0bf2f0c17c5b71d60868a475

SHA512
83c8cc542a9567d0fc7cad1ad39aeab88666ba0642d5b9758ebd7e1b76303bfd621217bb5c889a1d4a256fd6250205498bfa6733c842dd9efdfee3acd7be610b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
511d31c5a074143f032339f62ea528d8

SHA1
16431aec90d669b7efd7765f6bf49f17565e70a9

SHA256
18b6b07c7487c1c3bd603d0244f49f37cab3b94de9fb8dcc93bfb44963851753

SHA512
ef2702246e44bd23f39f40be61ebbd725ab60c33ace3d9c09aef4612612102df5935119dc5500e5080ef4f5a1cc69d95a0e736e0839c8170b2ab8956715da6df

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
878f9b652569b97977a797cb5f023f8b

SHA1
a98331a578cddfe11a51a2c119f8115cd3caf0f4

SHA256
fe446c650f332ae65e679f867f46b379d9dc65ccb4cce154ddabe047abc24aba

SHA512
829ae5bbfd63961ec432e87d422b1a395aa354a98f87c8b5776a69ea08e7130c22b1a1c82ea6a939b28a55e4187ae101ab6a84a5c5778d5500bf7faa876f89fa

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c5eeacce7317ed497c6de5333670df32

SHA1
20013fe7893cd5d17c3b539135828706885d1831

SHA256
cb4833a0c5810e4cb2f9699842bd347b75c6a066e76df3254de15b4252bcaa38

SHA512
019e4f7468fb704bdf3570e2f5d55f53917919fb89ae044dc2931083723412a1a37fd4a893b50fc5e97f8dfe72eeeb9454054a38107806a45d61a4219e74dd82

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
de82e2c94d2718988804b035a46d17b1

SHA1
705f5ff19093ad209f2a666085d6ccaed3bf58a4

SHA256
29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39

SHA512
68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
e37be9597dde2985f69616cef198b6dc

SHA1
b7288e23d425ab032d0c33d7acca5abeca655229

SHA256
9a6f5b9506cccf1ee15436e890b08a9526f75090222e3d14f2107892a9f7f8fb

SHA512
e3bf757ff7f3d774193757722639330f12ac58c071621fa0a3d5f0a12842eead59291801ad3b8a8df1aa8fee55401fbeaa0c06580af5505b80d844221b1ec393

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
4508a49ffcbdc3bb4be65e5e9d4fb402

SHA1
85f3ae8c51b687a41a67fb08703af92e2728b6bb

SHA256
378a2116d3a8786c9767350026ec2dbcdd2195fc02223c3d059a0d0a2cad4322

SHA512
663e502c41076e9974b8b9c5f8b8ae0e6ef06d58e90d7d49f57c7cdc16079d614ff9a752d3f30544b1061b32d36a6272eb0fbc678c0f5be09907dbc80b00ec87

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a39f6e67466cb3adfa4b2eeefcb750b1

SHA1
6b3f5c581a3d10f04b58b70e665f96d1f193c1bb

SHA256
4c401b7bb029383dd4107c392446fb9ea3a0ec37ba78022daaaef278b5ac6fd3

SHA512
c7c5a98e10b8370ded1cf18efea4d0e84832b707600222b719f8d69aa1be41e7ae41b3c3156844695a03ae931b74a438f263a6bcb7998e57d8471420f1eb73f4

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f44a01aeb8e1ba84d03348b83ba5a348

SHA1
16dc40c4afdc3f7b5ec20237ef4b6885714e59f2

SHA256
969b7060ea332bf8c016017456fb7e7cc37a4ca3ac480138dfe324030f9d53d5

SHA512
1e7a2f7cc40044e4a7492726a69570b3c0f5706ccad5cf2a121ca63e3963cc5940dee7a8f32f3305314e36fa4e7ea93a17680bacca8e74b1f6da813fdb73f4d1

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
1c5fef270ad26dea4e691bdb23bf6e2f

SHA1
adcde0dbf04886059d087464431b0056251c8eff

SHA256
5a1a3606a35928d0f5a8cf5e53a49af05dd0213d67a8c9b6d75c479f615ad6a6

SHA512
f0e7d49907647bc35db89725d229953e4b14465bf5c834161258f4d090372c51b0ea77c54da505319ae88ecb2488122733b2601fb1a2a740512e952c2b977abb

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
27df6b0c5ed96b65fef7a22a36a5ed0d

SHA1
e252dcce4448831e659833f1c05d3c2da9f90ad1

SHA256
457fcfd1dac27fa3fd61dddcddc8aa983c1c550e33b67c18efeb4344c2f9f0d9

SHA512
eb5a8dfc1bce4b5a7bac4ba6eb844a2b859058906dcf0027560cc2b6d3a0da7593b020f9fe50bb9e9e3cb6d1e66ddaa414a038071e5e3200f77263f14b8c85b8

Download Submit
/data/data/X.God.X/files/PersistedInstallation7130013921457558696tmp

Filesize
569B

MD5
150d2286dd090354d3019175df837b1d

SHA1
18d502e64c6e64f3899f512cb955d8ab8c83af68

SHA256
2bb3da8f3473ae636da3bad37db41952d6dac34091568505afe6a3c77b229946

SHA512
732c10a72ff1bc0c7108fc11a717c84d7d4d54a9ca36049e7f379e9e8d7fb8ce9b10939b711ef5fd1e289844d251371aaa5b52d6db2e61a9b2f105fa0a9b0d7a

Download Submit
/data/data/X.God.X/files/PersistedInstallation8043237882875818170tmp

Filesize
90B

MD5
bbe9d3ef991110351c31a9881ca0e9f1

SHA1
fd62774042e6f0311679729979ded905af483983

SHA256
ba160e679ae074bc2c7f5e381b3095db976fadfc7f4f79f48db18f0f529441ba

SHA512
65ed3fe9911b9df64376d8ce00a2f12a04a392a9b3ab2a2326f505522f5446ce9295bc8013c611cd7c70a4ccf0f8f82234feddfea415f7645b384ad7c519fc38

Download Submit