af459e6d663d568fae940561b8aab0874a2e34fe22af3404ac3f425cfd1168ce

Analysis

max time kernel
27s
max time network
161s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
09-07-2024 09:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

base.apk
Size

2.8MB
MD5

0eeee3a9c3d0107ccbe577e99b3ac158
SHA1

3a7cd40aa40cfa58f9173c69edd6acc6f1b18e5d
SHA256

af459e6d663d568fae940561b8aab0874a2e34fe22af3404ac3f425cfd1168ce
SHA512

0530d303482cad04b3253e66a95b3312360609c98aee19d5bfc1a9991b5c45de0b49ff93183707f8921ef0ff85d89829fd97cc5a01fbb033085cd23fbaf44d17
SSDEEP

49152:bPSe9096pV6rX+Q1VpBaHoIkoo59X9SABZ+nm98mFBXAwtWk0ESkbU4Kp+7:bqe9b2rX+QFMIIkh9tSABAngW6F7

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

X.God.X

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	X.God.X

Acquires the wake lock 1 IoCs

Processes:

X.God.X

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

X.God.X

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

X.God.X

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

X.God.X

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

X.God.X

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:5061

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e56a3452c4b59060a4632a6adb2dae67

SHA1
6446ed36ccf9d3944aa84b15f1f9d34edf33908b

SHA256
f90a225769fc6134d5f6f847a48ab48181542a81a7645ecf20087eebef335557

SHA512
2be4f47f251503ed5bc87e94cae6815a74cbc305976a5c37e769733188abc14bf4f920e2da96228737b9220bd19b9f9420e98376390e48b163d2ab5020c76619

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
553ea332b5a467e6f10f1d1b2b05cc30

SHA1
013ec1d8adaa882cfa13b3cac70bee12ee140054

SHA256
f2830bfb94b739d39e6369627d174db9f3a4752a7afcb7c5d1d6a2ef983577bb

SHA512
721b1d1e1e288e3cae612abf98103c98df1c3cb33eb2e30e69eb64616ca1ea0ce636ed3c7323dd0da0ac6019923125e14c2fddf480b96153eb3cda5d7a9f89c3

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
665d279308d8866a7e85002554d6c240

SHA1
a3315daa72a8ed42231c09dbf99666c65ae396ac

SHA256
9ef689d6089b9ddb8f8ac37092aa30c2e4a3560f59bde95c0b4ee2eec05ffd7f

SHA512
29529b33eab885a95bdd0c8b242a18f0cf47b5110714e54479e260c94d8d6ce16fb0953886e4369173fed2b59cd54197d599bbf54eb52c91d8d0df7023ae1e26

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d5fda7172c96464b4d570f58a3be6e6c

SHA1
934bcaeea687069b9c9a57c8d9689d6b4be26e8d

SHA256
648db5788f39fdf61da3869b5199ee7e4055150d5cc783ab1fdb65bf70994c99

SHA512
fed3471aafa980087b0b2e5c654828558007ee9bdbe447f6ff06955d37946d5a904398dffb206e3827a6fbc5b2c247cd548b40b04918c9da5081a54c6cd326c2

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ee7022a88eb2ee1067ca4d17392548db

SHA1
9faac29b96ca0acdd0dde1a8ca719a9548275004

SHA256
aaadfd4d1f564b28e6c3694a7335b729e87faefe964472f0d09481c9413d3b17

SHA512
3022e24bcee3e178b511bdda3fa37ae214e0d5545f46cdefa5be6b5d39f3f1b9135843846e6471768bea349c4995be61ef487e6bb08e19d598c0b41a54be35e7

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
47304dce307ff0e23e4dfb80c38dd746

SHA1
7d49fd4f06b9f6a90c3985018854caa04f0df9ea

SHA256
82c603c2d4a65bcbde1b57d7c04db6aef00a14844afa07dd0c882e60c6134ce6

SHA512
2722eb4e1b2e3e3cbc43b10233b02f362b48ef192dfa57d9ec4a541c4b2de34dd164eaa6bdc6d72981e3f0b535e98e6c95846579e683102428218aad913fe8ca

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
053d465fb581de2f7357aecd6ce654e3

SHA1
82c9a27b15a23857c619e7c98c4e4ce642d5493e

SHA256
bae205cba32c533739381c72a6d572858a3484e77b153d8b48e8947e8d981e76

SHA512
a3e598a95cdb06bc3262be4e3ba7a6074afe895ea2affdc3c39664632e34fc0e25ca368e89b629563fb1dfd3a0a17211ac43ca5ac051943a3d89f61b76a988cc

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
041734648dcf20f15044e1e7357b605e

SHA1
9b99c14d208e007e327c77636eac289b4196d78f

SHA256
b28c6cde1b72e7bd018f07d253ff7ba340d503d908400bb017073eaae494d965

SHA512
708ea4341ce5c6a20e445f00eba9c36b0daeef441dc651c6c281144058e354f41b91be8b0a12e42cf1983e4c0e6fb7ab77704bf533f243c59147b354ab594fbf

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
5de87a542ab760f3bfc8e430cdd3b361

SHA1
96b7dba5ac7800135c0e83a8acfbab65f9be2685

SHA256
cfaf87d9b9fd41c5ea9d291db6ff12a8845d53d048829a7c8887a7a205dbf2d7

SHA512
596ee2334279a61abb054fe2f7f56b8f5517ab218a41688f906b52574dc064363aa77e6b4f47f8ea76e7b3121dd09206c88ec4cff9113587add4bb33365fb996

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
171237f60e2c08759ee23b5a0bd2fb81

SHA1
5873b53976126dbaa961317a4d2ebe8258098315

SHA256
2f8c0923e318c75b3f08ef1ad3ec1f16143c126337307139313d69b82e02ba7c

SHA512
46b36d3c0f7eb8ed2266c38f6b092488bcd06463d7c78d622df769a4909ae97d033603f200b21baf5b41c86d39722ec1b9f82dda9591b1a05d7cf574a561c494

Download Submit
/data/data/X.God.X/files/PersistedInstallation3558714700480250839tmp

Filesize
90B

MD5
ebe3de4e016c86867fa5f2bc1d204375

SHA1
782d1093f26c5f19e42803f17af5dfcd0231b685

SHA256
d5ab285f2a08457e146774b243e9fa929e31adcfd0fe10cf03b9f5904b3c4b00

SHA512
f761b3c59b5b755fa3589cbf4887c46252eb623dce340f710a043b257dc5883d434a14ef4074fe3d49de376029676746f0eef2340a8e6eb2ff175be7cc7fb684

Download Submit
/data/data/X.God.X/files/PersistedInstallation7006820767193271337tmp

Filesize
566B

MD5
12b9380806510e1cb9d1a66702178345

SHA1
64828253f17bd356fba16378321597d02020b674

SHA256
5b5d3d412af19c0e907b837a650a75112f5faf274658a7b87fbc1a38b099d276

SHA512
a728027d33071e115bac14c982756a77e154a9d20a5a2a581b0ca85e9054b2605d88a02462d744669d5bf30d3f85fb8b4f6265761fb8279817df171617a5e8b2

Download Submit