8e00e43db6939f7aa53999cc8d8d687625c42a1c707ca74b9d540514cdc7d65a

Analysis

max time kernel
108s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
09-07-2024 09:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

base.apk
Size

2.8MB
MD5

4c307e6962c91e6ba9a7a85f662f5db5
SHA1

c76926b8d6af7f8718510c200f2083f842ba1ac7
SHA256

8e00e43db6939f7aa53999cc8d8d687625c42a1c707ca74b9d540514cdc7d65a
SHA512

17112c92ba8ad9a36ff8104b6102d33308effc4f520f3f430b2dc00ffd50b1efc4b9ed6b675597b57b9809e805ddaf99553069a7882e62f0c6191c85a4e52cc4
SSDEEP

49152:uPSe9096pV6rX+Q1VpBaHoIkoo59X9SABZ+nm98mFBXAwtWk0ESkbU6Yf:uqe9b2rX+QFMIIkh9tSABAngW6af

Score

7^/10

collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

X.God.X

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener X.God.X
Acquires the wake lock 1 IoCs

Processes:

X.God.X

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock X.God.X
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

X.God.X

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo X.God.X
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

X.God.X

description ioc process

File opened for read /proc/meminfo X.God.X

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	X.God.X

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

description	ioc	process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4616

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d5f4a41bf325f3e7528c842bfbb78bd4

SHA1
6c193efc1b2df94eefdd03932e3d0778621ea147

SHA256
0366fd4e0845c652c31611fe92c98350bf318ab3c7da9faed6d46f9d2e4c8129

SHA512
4e9ad47212b5bc0f877e3faa91ed0d9178e7996fff9d13d54001fcbbb102d324ee92c94fd7349116fd7f73bdee5c9ca577f4ac8df84b814027864c821aec0c09

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5628d0247a9249baacb85c9aaa328da5

SHA1
75e00e41ab917e0366f2ca2ce9d435f88abefc10

SHA256
12941be3ac9b2681145f309dc0452dc7efb3d9e2ccd011ff2201cf64cb9ef640

SHA512
cf9d81ca4f0ac76faeeae88864b6e1bac7b057bbf385182908aebcb761ae8b49f07db12b3424a889fd1c5ac0dffd86abd05588f4450a4f1f3184f7efd4ba96b1

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9f9631de21186d55e27eab42802a7420

SHA1
4520acc453d2168b9cf2e8f71545c3fc86330fcd

SHA256
f32770d6606c5d4f9bde41fdda6cf1a4cc77d94dc9ede346c64ab2fabc1b2e46

SHA512
e8a384c4144af6e7b77110fed154bd232538b786de54fd5bfc5e5759e28f48fef1bdc2a23bd8bc50934bbc1b6aac8ae3f1306d00a67f74d45ef3abf73677cce2

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fcf1b81e61ceef47a74a1094156977ee

SHA1
650bfcf6c042e44fd5f6235a70647fe62af248be

SHA256
9c4886b4a0badb759c47f3e3b484bcd36275e5990d83cf204f5bfc062f6fbe7d

SHA512
e7d11ca6f05d74f4f2a793cc7fdd6cdffc4253235fc3442059fa53796b200f2ebac66e6dd40d917687d80cc4c45bb16f8948c84966557bda73925860f17e9051

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
de82e2c94d2718988804b035a46d17b1

SHA1
705f5ff19093ad209f2a666085d6ccaed3bf58a4

SHA256
29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39

SHA512
68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
e5269d55f711d05c83930c25cad91927

SHA1
1d3a23d01fc80e549596a7dcfcaf01d409b1aeeb

SHA256
76e5af40b2362ceb13c5ef20eac50dd94cf3628cd680c32deb937062e0c349b6

SHA512
a2a7d6d3b5898a33bb839f7caa52a4eed7f8d028a9f2c8afed18b965b4bd57207de834ebea11fa38aa7d219cbdf495fd03cf4ea7a1b39ce4666ff132f45e061f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5f50bc771b1bff9cd8eaeb363881e296

SHA1
7a62a4d55055b0adead7bb22001cfe0c6cb4820e

SHA256
66df2260eb9b3a574bc70b50f8adf78939aa1dd245e5cc22a844143843f5f5d4

SHA512
759cac690bbc18fb69ef1aa1c8382cca619523be4c9541a6a5d06b17da4ff87a6f250dda5083e778634f92c6ad07d9aa9f798a68943c74cd6ba273ed5d28c8ef

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
f99edc65da7ff0070202c0f52a2d58bc

SHA1
e961df91b024aad2e0b00bdff392788864096e6f

SHA256
e05c8002f342617b95ed6d8f3ae099af9747f4306a4120a2f66264f335861841

SHA512
08b23ee4ec7547e4def850c7dd42f95824dce4e70b297573076cb41ad6f2bc04d649677ec086db79b4798cdf431f726747398efff5f72c8f9948f61c79b08a10

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
52032558eff853abc76515771bc7d9bd

SHA1
b22a68e9360562c777e34fe5903494865e9d757d

SHA256
306c1b2a920b51c74a61496ed3a8b163ae7fbed97f6736fc2275124d21c148c1

SHA512
f1e80d79c72923fd07bf70131d6d8e996705e0673f5b40fa5f2091dd0a6c71c075cbbd8415bfd6e473c8cbb347452dd6947d0cdb8d184a8b356df9b58b6e6e5f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
aebfb13ccb3f58457be253f722bda38a

SHA1
eb32ea20c3304f90583c3d3800d5a9aa71b70e1e

SHA256
1d5ec088ef837532dd38807673bb9b6ff5c1669e3e752ca9d1d0001f04cf6b9b

SHA512
cbfbbc8eb2d5ced3c956c3f11a9a4ad3b95d99e59aca61d3a30a416a612f587968bf9ccfa14d8797b38b6d5d580ce23cde27a9cf29126f5445c901bbf63dcd4c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
0020117d56c223cb6f803ade2bbe761b

SHA1
8861fdebd91762f3957db945b855679b337f8016

SHA256
3044ecceaf7c26471ae8cae719e486f6fbc15d24fb2108bf6320fc3cdae293c1

SHA512
c92d7faf3b08d0d66fe8da7aebf4ef54fb5b2051cefe7de505b0d216d5a8c4a2c2e60de731a5f4127d0805f7b7037fed315b35a19eb9315b894d19601b748049

Download Submit
/data/data/X.God.X/files/PersistedInstallation6856332963594507072tmp

Filesize
567B

MD5
d403d6cbff8fd201c096e1f0e55d7cf6

SHA1
ef9adb915b8566127eb601405afd7b7af88a3046

SHA256
d01eea75e3c660157529207ef1e0c217e4d14255041b78246d6cf4001af5ab77

SHA512
197d1a3f7379823aad3f7755978a269998fb260b8be94594088886d4f7518706ce6af705493c10212fa74eb55e8b2381b71fd9b3ea4f9825be7dd5cdf80fcd1c

Download Submit
/data/data/X.God.X/files/PersistedInstallation8325101263676581583tmp

Filesize
90B

MD5
9005348df6ab9e03ae825712ad50dbce

SHA1
7010d4efaba210bf075b2becbbc223dc3b6f0530

SHA256
b503330302bc5213bde392be0d522a1b62caf817353c5786786cfdb58570e031

SHA512
17a01f488d1d6533ee5ae2b1cdba06d0280977d3f84bb7a992495ae983f68998551c10d38dbd34674de6d651552c58c2a437e47b319d34278ffa442f3fb37c9e

Download Submit