b0b006464c4eb6ecc09ebbcea91f56822f97bab9d8e4341d362ed94257c76aa2

Analysis

max time kernel
30s
max time network
130s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
09-07-2024 02:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0b006464c4eb6ecc09ebbcea91f56822f97bab9d8e4341d362ed94257c76aa2.apk
Size

3.6MB
MD5

137051f21856123cb25530994883e1cc
SHA1

024bdee3a7bec368a8a460ac09e07e361776451a
SHA256

b0b006464c4eb6ecc09ebbcea91f56822f97bab9d8e4341d362ed94257c76aa2
SHA512

4579cbe55dad6ad44a14b166124fd047aca37aed136258dfe5d976a27e955239568c3091f502fa4d7b11b3136a99e453b99508385812c373f6a74cdc6e2b8c0b
SSDEEP

98304:OAyaNOBvwbNZapFvjvyjJUy1lDB3uQ5ZWqyOSvNb:8aNOFwbupFbvyjJlfeQHWqy3b

Score

7^/10

collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

X.God.X

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	X.God.X

Acquires the wake lock 1 IoCs

Processes:

X.God.X

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

X.God.X

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

X.God.X

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

X.God.X

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4482

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f5064cce78de9ac14260ca0461f83334

SHA1
b2784262795176a767b91d2626cf089e9f4f5d16

SHA256
085607df02a45e765b20cdec7a34066f2eef8c0e7d6aadd3601a6adc2b6c56bd

SHA512
a4d5acdf153bc2fee29f67b93ecf059cd737445002df3f2932fe0df5ef60763ae36f58a94ed26ca3d14fc4a174875aa96dc1c3691158022c4ea1b045a9ed3286

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3c19365fdb19e92d6cd8257341759944

SHA1
fa0dfaf3add7ddaded88123b454ecb65f528292e

SHA256
2945451fe788ad16ca99c82fbfb536f494d04d11ddbfeb20ee99ea7df6d68862

SHA512
58591e48d8a0c796b8ce40bd1bca86f4a825a01b0426ec673fc497b751827bd74f0d9efc34cdd8984b055360590a8e89a9e5d1d3b61c1fcf8aa0b44d285d62d1

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2b03d3ef9f6a3025d51c76480da9572a

SHA1
b17e9b52a053c10aed443a0d890e8fdc0c73ec5c

SHA256
371166c6b79d755f569b6a1a86cbd5e8b8a8ed320b95855b4ac26de9339eb76a

SHA512
f2ed3ebab891c50c54a455990e31e62be51cb9a97e35d5c41a2560dbb33f969f3c93888c7a5fc8b82a4874f363e3fae8db15ab818421f851067034a8386b983f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1f988cb2ee0332a3f5ede790bd2ca3b0

SHA1
7444b10505c63c022c913d19dc6d7358949a2d17

SHA256
462fc60fb1ea695bf67f6c9a1c1c09be961c1cb30e036d7ed6e03f1b88518f9b

SHA512
8ea3d550df86d1e6253bcf17f8bd8f876b43dd72fad8553bf3b447de4af5e6cfcd90983518a81d9bb1c7b3ee10c48e4ff06bfa5848b856dd8338a7f422b65f1b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
de82e2c94d2718988804b035a46d17b1

SHA1
705f5ff19093ad209f2a666085d6ccaed3bf58a4

SHA256
29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39

SHA512
68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
6b5c471c8020daf34f19ccfc9a867c86

SHA1
bc8b0c95a9d17662c3021da7405bc03887e8b15c

SHA256
d6f9f1bd6869aead9b8dd7ffe95f0e86f72066b61538bf9a74a547626ae595d7

SHA512
3e9858a6960f36b91e39137deb0d6b332b5ddf25831396d15bf2d701574e9323bb72f373f1e2b427e1d2d9eda1dd06cf65a285e63c52cc49a9b7b9ef6a79f2b1

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
3e3909ccac89bf56eca09ebff8f4634b

SHA1
e4a89dcd9aa231205e88d2aa43ee85d6222a1dd7

SHA256
34f1ee9b212ba79d16a9e9995a2f8502ade010ca37a11be9eed9a13e674f55d6

SHA512
81a30561206dda9cfc7e3104adc7eaa5a708db1532c534ed2184ae1251eec7532fb047cd25365af0e57306bf9f233ea4fb488da8fa005b40d0d77acf5b7f1e1a

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f360333cea36f6a143f7914bf7815777

SHA1
f7f141ed79b563654a42fc284c0349e2582687ba

SHA256
3946d3b80592b24b4336d231e3ba8b96c3b8feea02390639ec104c9dcb6f8ef8

SHA512
b7e77b16ede4cd99505ac7eb501b84e93865005e4caa6253e7e5e2ffde05834c7c1d15776025d3224a2f6fa58d1f77c5c03f3068fe85bbf33e9d3ca411298e16

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6e42f4b8220e6da67439cda872fc2153

SHA1
8c3b55560367bff47c1065076b023d7c3d44329b

SHA256
1ad34cd48fead0e3f913bfe7cc49937e584e0a88a1654c736bcaab7c85339286

SHA512
6c95000c1a7492d28faf6cef5cadbe6b936684f0e43eb140c4d0dbbaacf90cc74164ba40dcdcb5c09252b0dacb91820c0eb5afc6bfd4e9cc5113c3819d33749a

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
0053e1a41f3d3fe8969b5eb6f4cce306

SHA1
5828a9d64cf8b24d8074e9023d2c96d2d57a9b9c

SHA256
968c5837a9f420394629fe884fbfb0d56906a37c531b7d1e9b16e1a2f2b86af3

SHA512
4dfbebbb173f846d97eac789a47a5d7b518202e2d646e30441bc0c268356e9802018999f3af6a4c803273bdf94bc874f75192f0817536fae2ea2ecf967c069ee

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b9de4038358f01502256c9c4037ac87e

SHA1
68c01393236ea1066aba1d529b9835f134733e06

SHA256
49b880fd2a86c30ad7f01507769fae4990763b57729447ce0130041412e886c6

SHA512
5e02d6166f34dfb69107c0a0b03f696af606c7a0f74c0aebabbe0a0bbaa945c71fb5fcac1334a5ac600a7399b3aa6d29698d96be12c352abba6520194cc27b89

Download Submit
/data/data/X.God.X/files/PersistedInstallation4930250526813311002tmp

Filesize
567B

MD5
7d398b7569c0ddae9e7f709acd48cd0f

SHA1
34d47663580c314fc0e0aa875fe621edfb9b2229

SHA256
b5c8072c9f35816a78741727110f1fefba82701c026d67953f6e726258596be2

SHA512
57dbbe340f855c11b792ab93a0695e32d12ea57998dbcb009e7db9ebad630434ad993af441bcd9dbdd703605525d21fc258ae7dba8d0617c30328386706b6cd1

Download Submit
/data/data/X.God.X/files/PersistedInstallation5949555599396607483tmp

Filesize
90B

MD5
d6e8b67cc7b450c857aa91a036f21147

SHA1
3c6e2f7d1433e72faf3951e435b64a572ad767f3

SHA256
e5821ee317489304b68ddeabb844198816bd5508af44c63b1e3bcb32bbae5e98

SHA512
e9237b8de8d4b5b59c9656b29a344203ad09fbc34242c51e44fe4de06342556a2886bd20b37164081d16d2b818a612e0d931f839c7ae92900789c281dd0eec69

Download Submit