8e00e43db6939f7aa53999cc8d8d687625c42a1c707ca74b9d540514cdc7d65a

Analysis

max time kernel
165s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
09-07-2024 09:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

base.apk
Size

2.8MB
MD5

4c307e6962c91e6ba9a7a85f662f5db5
SHA1

c76926b8d6af7f8718510c200f2083f842ba1ac7
SHA256

8e00e43db6939f7aa53999cc8d8d687625c42a1c707ca74b9d540514cdc7d65a
SHA512

17112c92ba8ad9a36ff8104b6102d33308effc4f520f3f430b2dc00ffd50b1efc4b9ed6b675597b57b9809e805ddaf99553069a7882e62f0c6191c85a4e52cc4
SSDEEP

49152:uPSe9096pV6rX+Q1VpBaHoIkoo59X9SABZ+nm98mFBXAwtWk0ESkbU6Yf:uqe9b2rX+QFMIIkh9tSABAngW6af

Score

7^/10

collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

X.God.X

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener X.God.X
Acquires the wake lock 1 IoCs

Processes:

X.God.X

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock X.God.X
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

X.God.X

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo X.God.X
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

X.God.X

description ioc process

File opened for read /proc/meminfo X.God.X

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	X.God.X

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

description	ioc	process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4472

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c2fd8118591f9da753a05a7ee1b9564f

SHA1
b35e5ef53f5e733c2af9a7326c2f5016e45c5f89

SHA256
01ed0cedca7ffba725625b6c4365f0da4cf07519e3dd8da0c48f055bab38186b

SHA512
2f6c3cdb5d1f4302b9b5755bd833548a8b7c10d695f8a06dc978643efbadec35e6a6541e9d709d6593aac7bbe71f26ce854e5755cb826ce1af28ab1b034d3374

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
51b29ef23c5421f6e8f03b3fefed6255

SHA1
7477324a685239d7e797f9701ad4f6bd48e542e1

SHA256
db6c5ae671bace75246949f70461ce8dfc30bd54a4ad9f34240ffee5f71de680

SHA512
1eb94d34af8540a7f940fdbe28e7d558763d4447a7860da36cee94641821096ca835d5316338fe1deb60c110d74674f76c76b09009bce1a8a5160f3efb164956

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e1d38070fd849d3aa4fb1f35799c8eed

SHA1
672adaa653977629a535ac944516017dcbe74674

SHA256
e94785b2ec03a5a36b3cc3c3dba2eb71e7bea074f9308911f42a7426f8184be6

SHA512
03257f8ef0dc4f8453876816384305443af9ab2c51255f3313cd612da0e67380117bc1f619829f5bcca07098384d2fdb82b1ccd3e96f3964b47ce9cfda0d9756

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3e5edf5b4f9510dfdd2e2ef4fe3d0ad5

SHA1
0e7af84cbe857e13c03cf6858cd7f7b306bfda17

SHA256
c9fc1a182e9b15498f805c1d3f6c9880215ab60f3785f1d26f5c22ef4bc00589

SHA512
f656beb7c0858a7fdda7e04f6ef204f554569a735d26132c8730fac7e921a89e393670b892fb1372ba1d334911f56368bba75d25ec58043ea7dc2faec288ecb0

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
de82e2c94d2718988804b035a46d17b1

SHA1
705f5ff19093ad209f2a666085d6ccaed3bf58a4

SHA256
29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39

SHA512
68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ddf7c34521e4fa7829d5c45432d36a7a

SHA1
7858e516dd468994c4e0a93c29be572caa9087c8

SHA256
ab67ce4b97cd9b3e18e6dbe6e095a968758dd8a54c63ea17668310519c6be293

SHA512
5c0c40f4fd8ae0d161fcf3dadf41a2937e0dfa87d75e08486c537995a852fa6047538527f82f0558027ec7c5ced1d8a81be62a050758bbc294bca24d040565d8

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
53466c2c91107614e731e93b9e224835

SHA1
eb0888a77728ece6b2ada407d97fda6b631ed839

SHA256
0e9766c92a04c33d95a108e641dce082bdfbb9086fe943e9b73d62b20b6bad3c

SHA512
9375bdb8887892d81958a667ae7ba4fd6489b2ac868e200fa43d0dedd3d6f6b7da3f23a8cdfa15c305f0d9cf481c0a6d69dbcfd2422be5c63907fca6aecdba02

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
da68c50b64e9aa5812be3b4e3bdb424c

SHA1
7ab953ecce44eff78bb94eca6edf3f322109223c

SHA256
84755406b1aa30d51c51fa169e47d6b017ff029cd4898bdd736d678404a2ee7c

SHA512
64be06bcad2b3ab7264c01c67886368d12108aa811fc2f2f1c728607c951969f4f9089b325ddf8500ecb91966519f4702b23a6c1c2239b9d5f9e5f9652386152

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7dad1e6a3b1b9e45f75f1dfc22c0ff76

SHA1
99720b6de01b78515ce38c9d970995ab622d4dd4

SHA256
a056fe1eb0bf71d647b8febc0dfbbfa5f424be87c0ec1d6de3fc698309de750d

SHA512
03951478a8ec06661b8fb02495c366ed9629ef3a37a28fd7635de5596daba1a6b6bd64492aa31678112e861e751128a0c78a95e8c52f2f1738dd89aa32e106c4

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
a97c5cecd2ff32e1f7ab3ae3b1c099ca

SHA1
ee9e7102e931468b1cfae3561e174d2688f11710

SHA256
5c4a4ef680b530489b2a982b6a8b150cb5bd1b88c7a885e07f6b45217d3541d2

SHA512
45bfb1ea072911fa3e7e205267fb315698ae45ed88a3e171a50cf9ebd8546d1d16dc02766778549364160f8ebe88964233a0959f5508f457f479b2bc48fa25c7

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7eb9ff66089c5a838d26ebf2d379abff

SHA1
b1f787b1d4177b5c5276b1da2b7fe9dda29aa7ed

SHA256
b674805c697b0dd48268d7a02eb3adfdd93470fe1fa482ac569c528519ae49af

SHA512
5e168609b50c6aa46f6a4ab9cfc75a71799c653f96c50f32e374ba2ac372388e24edcc66f72ffd0f2428564d10ecc00999a05c0a845ea3a0121bc91b78b811b2

Download Submit
/data/data/X.God.X/files/PersistedInstallation6338102292649561048tmp

Filesize
570B

MD5
3892233833fadf872f0300b2557ae466

SHA1
28e1264c10e2f785007fd4a22453065024bd1247

SHA256
9432fe7cc29bf3311a758de1ee4f9cd077087b66b239118f99e44faf9b04db4a

SHA512
a6073c609ba27037753957efd1f2e9aed7c04cef1f27a5ec806646ff1d9b2378d59242f4be2c7f362df356206b48bfc52fa0a61f8b30afed5d6c912176ea6d26

Download Submit
/data/data/X.God.X/files/PersistedInstallation8144912447691268656tmp

Filesize
90B

MD5
75099bcc6fad7c2e4564107b844b2189

SHA1
ef83195c01ae0e5a63fb7c7592cdadce9f4bc80a

SHA256
1eaa5749e31cf58c9c764ad603ba4633f6def0f76d6cb30026e8a7b330a81fd3

SHA512
412f06235253e06eea80eb5cfc34e0d04eeac4c995f503381a5493b462af655a5d30048972f9ebf534726cdd2030e2819d98115c92a9ce2924e00354ce372e91

Download Submit