af459e6d663d568fae940561b8aab0874a2e34fe22af3404ac3f425cfd1168ce

Analysis

max time kernel
54s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
09-07-2024 09:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

base.apk
Size

2.8MB
MD5

0eeee3a9c3d0107ccbe577e99b3ac158
SHA1

3a7cd40aa40cfa58f9173c69edd6acc6f1b18e5d
SHA256

af459e6d663d568fae940561b8aab0874a2e34fe22af3404ac3f425cfd1168ce
SHA512

0530d303482cad04b3253e66a95b3312360609c98aee19d5bfc1a9991b5c45de0b49ff93183707f8921ef0ff85d89829fd97cc5a01fbb033085cd23fbaf44d17
SSDEEP

49152:bPSe9096pV6rX+Q1VpBaHoIkoo59X9SABZ+nm98mFBXAwtWk0ESkbU4Kp+7:bqe9b2rX+QFMIIkh9tSABAngW6F7

Score

7^/10

collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

X.God.X

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener X.God.X
Acquires the wake lock 1 IoCs

Processes:

X.God.X

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock X.God.X
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

X.God.X

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo X.God.X
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

X.God.X

description ioc process

File opened for read /proc/meminfo X.God.X

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	X.God.X

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

description	ioc	process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4466

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d211361fc69bcb8da651ded6b8fd843c

SHA1
1ebff823886e0bc2e6f9594c77a7c56e514343fc

SHA256
847faea85e9715c89ae71036c090b50d0aac0e6c129baf313b5d3b1b2d2363b3

SHA512
af619eeed2d4d366876cfb77ae1b7ebe4b74e9c1f0b334e94c95003a12dbb011cdf0c642cc00dbed61077a9a13cf0bbef344c8f99ea6c15c4d1681ed842b6e2c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
559baea88c1a5f05bb34823a909afdff

SHA1
a94b33d2be0df5ccd07534d2382c607421966e23

SHA256
c5d9870c450c9cca3a0b542831af2bc09240f037fea0b426e82d7b8a98f45f0f

SHA512
719470aaf9cbba807fdebf37e061a2318c7507445488c23a11b8a40f7ff253485089ae3eeec40d4d5d2beb0f147069e9f21a1a4ae776f14538d09852fbfce442

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3e15383ec52c229c9d2650706123e274

SHA1
24e7a4805065435db872e004d9601b00f209b5fd

SHA256
7795f7ff2fd10b9c91f74ab15a5dac562468e40e4b7583de7dea39a3a1463ac7

SHA512
08fd49c0d614b0137a08062d66b9323893af556688c8d16a6fd5c7e157044fe1fe13c513fd1d9ae62ccb9aff99da6360e3a3099d88bc3e2368758e0100c96d2f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3584cdf95ad7bb224d0584f930ae0d4a

SHA1
74e80313f9707b6a82b781838fd488ff0010f6b3

SHA256
5c07d44e063dbe7cdf8acecfdd7b3b1c2a0fbd62cdaf61b95167e3738b0861bf

SHA512
9476667c8a18baa0fbce7616d2a97d217393a841f44aa5ea7196b39c45e9443cd7c42e3b6bb3bdc3afdc29779ad1e867616a24bb8fedf370ba0f65fa282fd6e0

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
de82e2c94d2718988804b035a46d17b1

SHA1
705f5ff19093ad209f2a666085d6ccaed3bf58a4

SHA256
29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39

SHA512
68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
89e5b3b255808c51dd6a5f45c74411f6

SHA1
0d1294db3d575d79a94535eb1bffffba0d0813b4

SHA256
635d54921daaa5ec3e4781ef90d246418d66e0d852c0d84f8c03fb016fa89e85

SHA512
36a95cfd02f2bf50b5ec9ec50be9be998e083220cfbb15df4d958840337e54e0f6afd3d84f3b8cfb85b69215549db62f911dffadef950c195fd0955773389120

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
55f280afac442a3e58124ebbb6b86142

SHA1
2d8e74d17c57b68cc426d182267da1a053a8968b

SHA256
3bb21cc4bc0f4721a68cf04f00e76256f166ad1741b2044c4057c9846cc33dd0

SHA512
662c54036acfe4455b65f02fec8923db6a316c26409b07586e812262da43177a9847e19eccb2485bd98587dac669be8de5ea87316f49ee51ade6a8c1080b665e

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
8e738204f7ec2f9e15393771e258e5ea

SHA1
22fc810442bda3e258d74c42b8bf8b4c5331c43c

SHA256
96d2c30a861bb24998ddf395876e9c2c4cf9d77b99c97a9b1a1acd88e6e7651d

SHA512
5e0bf74304bb7c45e6d35b34d8b7328a8aa1a20780b6777235aa7dbfbabf80244905936390fb9fbfbd41b7c0e397cc3a90e4d85c0fa706993b8ea8ff87e524e8

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
cd0047e0f9122eaf791a2b46be88a457

SHA1
0dbf31db689cbe29fa4c5fca649a41ffa416f299

SHA256
1a016b40655de3c82028ee2104fc8ccaa5e9136379a9c2fb486545750ac48fac

SHA512
17878543dc1852bbbfc2af027caa4a66774766e31d716ad21a0c7210f033257cb1f0f988e89b7b2796d1d08794e5f5150f3c10edfe87e453aadc45e356bd179f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
0e2ea76be57d5bde864674b3846641db

SHA1
3c6ee2107926e9cb31fa187ab00f70b8b7c2084e

SHA256
cd498f47677fa3862358f7484ff43b783265b688b395890e4e97a6b45a0bb365

SHA512
941056f87f00bffb0a38338ce279afe2ea3f3c4444ca801803466baeb47523f475e25cfdb84bd5de72204db6fbc2e8a27133da889c734913e98d028a8249efe0

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5cc32ab64dd23383cf28a0d3098f37fe

SHA1
35b25b680b7e663d22bafa8909fb9285e72ba391

SHA256
f09e9380035890415d120e94d2e6fa25751183243ecd53b136e6b0be906576ab

SHA512
3b7dbb25c97e11c2c56b01b8780ce77e8e0c1b9a0f8c5f72ef99bafbbc406e0e81b49b2648dcba16dbbb56e89b5dafaf7544332f32284c5635120ef76b812076

Download Submit
/data/data/X.God.X/files/PersistedInstallation4267630309675387080tmp

Filesize
90B

MD5
c4a6e8ae9aebd6a26e859baf9af9cb1b

SHA1
cfa6b574f93aba38d2fa9aaffd58b068f4a7a271

SHA256
4ebb05db4b3941b6b9f2f9892e3d2959aaa81a57035f04bb5171eaa3e590ba4a

SHA512
abc0483f9fc2ceb60eb4c65532c83f883ad3c04608b2505a318d66980f59b9b537c19a6a400a486a84a82d4fbbe23dbe90e724ee52100c9f398f15a19c4c830f

Download Submit
/data/data/X.God.X/files/PersistedInstallation6543161366428434044tmp

Filesize
569B

MD5
0cc3352cddb3d5d904b661dc76bfa4bb

SHA1
a0ab1ac25e378164066640c67cee861f130b7e3b

SHA256
7ea594e4547e168e26a31698cc59f9f57c7a49bcd9d721eab15288716e324c83

SHA512
bdf33da7479b417d76251662172d0985fdde5070b5ce9168aae052001bf8d1a893f205787f5be9fb20ee4ecbc9518025a221c2cf5e0c6aa0ade5881e485c348b

Download Submit