8e00e43db6939f7aa53999cc8d8d687625c42a1c707ca74b9d540514cdc7d65a

Analysis

max time kernel
40s
max time network
185s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
09-07-2024 09:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

base.apk
Size

2.8MB
MD5

4c307e6962c91e6ba9a7a85f662f5db5
SHA1

c76926b8d6af7f8718510c200f2083f842ba1ac7
SHA256

8e00e43db6939f7aa53999cc8d8d687625c42a1c707ca74b9d540514cdc7d65a
SHA512

17112c92ba8ad9a36ff8104b6102d33308effc4f520f3f430b2dc00ffd50b1efc4b9ed6b675597b57b9809e805ddaf99553069a7882e62f0c6191c85a4e52cc4
SSDEEP

49152:uPSe9096pV6rX+Q1VpBaHoIkoo59X9SABZ+nm98mFBXAwtWk0ESkbU6Yf:uqe9b2rX+QFMIIkh9tSABAngW6af

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

X.God.X

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	X.God.X

Acquires the wake lock 1 IoCs

Processes:

X.God.X

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

X.God.X

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

X.God.X

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

X.God.X

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

X.God.X

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4963

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d8724c18278ac4045d26a6f0674b8625

SHA1
ae9e1274f65cffb60e45a699be5e8a3f97dbb2c1

SHA256
eca204ab6bf1533479a9dfd6ebd172a377e697d36f1daae9cf512bc11d58560e

SHA512
c2d86166e4d8d11c51c5cda905eafa43e6b368696a91341cabb5e8402e346426f52b65772dec947eadadd27c0180e664bc0199aca09fde9d31003a2be87d3f7e

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
abd43459d253b18e607fc90944c443c0

SHA1
be864e61c8688df50074b0e50558c2d8f3bdb967

SHA256
898bb37cf7dcbbfccd1004748b77654ee7600468956f84f68d08a6ce953fad2a

SHA512
51c86cd7367c22cd920031506010a9962ed3febb4b4a01c6a8fdd9d2275f7b9ec1d7912f15aab28144c923bcc5fd99c32a62faa45d94146c272bf06197198c4c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8198e8b90986ad0fc066071b42ddaf37

SHA1
f3192a636fe1b4acf0166663cbc7af932161a62f

SHA256
2c76aa49dbd315f16f8d430ae06280e1d14ea7e8353c09e649020edd80aa5eb5

SHA512
7a6fc736ab61fee9eca11ccc5bf194ff77c568e67825a88bd80b5a06280bcd5b8c49312d7d269daa0f1bf31939c6b94af79f983dbca317d65ecf2419fb5e49d6

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
bde0ad34eacdb67c617602766865bce1

SHA1
3d9e5ab3e84764a770dc0abdd5943700155f6aa0

SHA256
2cbca242e8fa0cab652607522a4d02fa51c7db5d220c8c0417a20a210b5e1943

SHA512
5c0874a8e14d65ae035a0f7b084097b4db0eeed5192fe30077ba089ba9094a0f1a9699970a77aed34465acb225c4c35c8a56e983b64effb79b2c8661a3cd6604

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
66d84f24eb3579a5cfb827975225142b

SHA1
4b9ee8eacede8fd57abd34ac39147a6071df5ef3

SHA256
dfc38437a32b4c39883c38d3b787a4cf5ccfd1332dd9c12b6c95fa607ed7a479

SHA512
b11d9fcbd9c409c14e447c787553da0d17273c4300e839201d4709f326a5244fede77cb5cd0b5ac3aed673d19deb3937cdf0675cde08c7a700f7be4c6df7720c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2269263f794e9c5c3ad97f1386a2d27a

SHA1
064ed2f0453a4cee72992d147ba721a017b8a4a1

SHA256
7fa3de12620754f0c81d2836a7894e220bd7d3e824d08c512321593a8c6b2625

SHA512
492c38e42c5017ecff6165fcf36a797579e8986c8a1185aa1290a03baf6ef703164fd2eb5ccf638ace5ee08a232297544c638090de3c63add65816b7d697bf0c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
0afd5b2dac57ec07366cd1d211603d0e

SHA1
1b261ac0c8df6bfe868fc289c9cd7c7a25aea624

SHA256
5025f8945b9bdab775f5e59c6f6e77046fa5e07ea4c840b0ab66d69d7ba1c9cd

SHA512
348731711139f68f14573dfcb71774b6a32848cc19b3e37b2ccf1f6b21f3f755603dd5476bc3b4c374f69dd69de7f515e96709eb74ec6667d25663b31c8bf68f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
e4311d012e84c5daf2e650b5351b9c67

SHA1
9fb5dfda8eedc4326b0a431bcd495619eca22b0a

SHA256
3d75372343fad0e13eabb7fffb9abe11f565b874e737dc1c84af2aba457eef04

SHA512
5b3b41ca3a1a0585f0984403e005ba831caf20e7ac0ac0398de2eb444e46a6cf6090781f4acbc9a7300d8ad152b6c4b6d499f9ff74bfc70eb395e02c50783ce0

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
204020bc25472e56872bd6c80755d51a

SHA1
cee32048306d520d50472e9c6e318e4d0166b5b3

SHA256
5e5d7dc3b9ddd892cd8605c1427bb0f4e2510fd508253124cf1028129133d81d

SHA512
60fc02041c52c9db5bfcd1af7390bc2cb373aaf9a6675b603277dfc9d7cc0cfb9e57c0f7e76696d8b30878befd86ee8c4349e8caafe6f114f3e5aab335005bbc

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ad363127baf4437218634d415a37cae8

SHA1
f6ba95f003b619362fb679833d48500640d0c746

SHA256
382a7895566bce5021b6ead453bdca44e93e525a1da2d72943f7745e336d19b1

SHA512
b08e3fcb7777a479f5f4d46fad9ec02f5db038e55cac1d2c3249d39293afba3c244123821091104245018cdf405bd98d8d46940d96b344e867dcca959fdf59bc

Download Submit
/data/data/X.God.X/files/PersistedInstallation2549337906916423154tmp

Filesize
569B

MD5
3202cc7cc8b988ba7ff2cd33be7355b9

SHA1
2966328c93981161918e589f78a4b2fea4dcfa65

SHA256
a6b96fa6afda2a5b70529d85a1aacd2df9a04697c4971fd5ff0d134e220811b6

SHA512
d1597a383798c93e641c7137bb970c3f107b4b9d7af3660c55c46e444a3c4e4b42531b3feeedd43de602fcf62e89e8c0464ac82fdb0fd629418139b4c421c74b

Download Submit
/data/data/X.God.X/files/PersistedInstallation7389727286954140349tmp

Filesize
90B

MD5
e3ec1c38001a4cb47f8c7665b7ce3237

SHA1
bdfef3bd19e7a327a2defbb862ee9f321c777301

SHA256
c3772b9f0bec960403ee4c2e9507d88ce2f2bef2e176522c823c2435d3547c38

SHA512
2e455a5a62ecbb02096fa44582e5c31cf1d92ac5ab2f880420a298096622039159c9393a42fc23bc016fadc5d7b50b208e842f21f3c0cff3901ce00aaf7b78cc

Download Submit