b0b006464c4eb6ecc09ebbcea91f56822f97bab9d8e4341d362ed94257c76aa2

Analysis

max time kernel
47s
max time network
162s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
09-07-2024 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0b006464c4eb6ecc09ebbcea91f56822f97bab9d8e4341d362ed94257c76aa2.apk
Size

3.6MB
MD5

137051f21856123cb25530994883e1cc
SHA1

024bdee3a7bec368a8a460ac09e07e361776451a
SHA256

b0b006464c4eb6ecc09ebbcea91f56822f97bab9d8e4341d362ed94257c76aa2
SHA512

4579cbe55dad6ad44a14b166124fd047aca37aed136258dfe5d976a27e955239568c3091f502fa4d7b11b3136a99e453b99508385812c373f6a74cdc6e2b8c0b
SSDEEP

98304:OAyaNOBvwbNZapFvjvyjJUy1lDB3uQ5ZWqyOSvNb:8aNOFwbupFbvyjJlfeQHWqy3b

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	X.God.X

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4969

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b867c1f47056cc5f426ce92138494128

SHA1
a907dd5631d09a47254b77c5ccb6caf13a37ecb3

SHA256
e26ca5e7503e1752542ac895c11ca43c621f8a005349e139a6aba3dc9db5f421

SHA512
4725860e14c532dafbab44a9965b59ed2046a6fc5c7911c11e0363c03d49ce62341324b04f58d9c0fb2ae3160e2655521daf458b644b1ae2f7246a6cd95c9629

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c96a5aecfbd6f2d1386a38a867a21834

SHA1
21adf54f6f328005ad5d42b6084eb278cf988605

SHA256
5aa8d828cc7e653071d988085966e449fad4f830ac10f5ae8eae1b9a281af7f6

SHA512
c717a4fd49fe1114905ced50499384d0ab59040765054453cf725219d218583fb7bc1532e64627d12f0979e950acc2cf1befca7ecea8cee4714b2cedb40c12e2

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
108054171bfaf8bb24724c944f729fc1

SHA1
5d443612ec2769c275fa1d32e651daeffed8acd5

SHA256
43fe9dc642705d2ac9e362715248a48ecf0d822c580eab059c46d8b4b3884cc2

SHA512
5789fb0c0ac2007b2f7aa0a423a48f7a2b720b64ee84ce5004b40389018e2bfd141937ef583c18141cb8fcc9e2c59741cfd78c305df5534d6fb27ebb46383aa6

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9e950465b80ef495ccc202853a2661fc

SHA1
18c5350d202c22cc4dac539d250f023a41c9ca3f

SHA256
f2e53e23f67ac3013231346772c8675c7aff945b94da7785e779b1e837f38b45

SHA512
6d5de9ef970bd1314c92cdafeea4e4bb3eec53a7faee3fc9fad72c48825aa0a6c89f4028cb76609a4e0fc309c5544e702b37cde9fde69558167d35f6c33cdcac

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
127a3c63bb4f206d8e6c19960ff86646

SHA1
887dccd39599035169712c988f9cb1ae1e23dcf2

SHA256
b11ace209421c16ee42c01357bfc04877cc9b83e2b20b94f13f8164cd8ebed4f

SHA512
eee3c7f81a2b69a28b0edd7c7ee6dbe0800ceb07e07b5bed03b8aea5373cce135685cd16b4dbe0a3a9411327345518a758590158e6a9ddb1dae73eaba4fd8cf2

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c04bc13c1bfc9116c3774a82482602ff

SHA1
776e9a3b92b1f27c232b8477f9eed2b9de11bf63

SHA256
d6dc1cfa809f0f49de27a86e980c32847b4dcf7a55ba9930f5a4bab6f29a17a9

SHA512
6f8eca0f8a0a050466d3fff3a324cff36f0c8ac2f7d4b04bd66dd3362642eccc5b77119d77c8c73da420536fa014e93b3c05d361fbb9d7024db55f382a623e9d

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
013c152693eccd0b36b5b9fd025e9250

SHA1
2f2a9f034e3b8fd8b736a2af56675b7c0991d16d

SHA256
0f082393afa6ffebe436031ee34531ccab60923fe2c41d26b30623637e7f8243

SHA512
a918b24a1954b81b6b3f6ef8704e4aed155127737e658707dc1a85516b6a59bd6ab20abdb7e8ec911823b215305a0cd77578ee3a6c84467b3a08978bb48aebec

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
11c4b3e972f087e076db58300bca0382

SHA1
708d2396c38a6abacaf3fdae0ecaafda03a507d5

SHA256
44d41e1d87fa398b54b4e52bb5ac264e050f5a88daaae85da6a4dad3b401d24e

SHA512
2b93a8834903b36fee937bdc6706f6408ac41c9dba385831e66e463fc485d4cc6b154803f800cf62fdf33d6d7e938bf7cd882e1a92f13aedf19addaee326f2a8

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
fa138baa4294e0641d74ae13aba6e720

SHA1
2d71fc8eb0f3765096515c8580462b7664d649ec

SHA256
9512c1a6f3055e5f02f7ad36f29a55010086bd290f15bc6556218bd310fbf651

SHA512
ef5fce8d6c4ebd11af685baef2166605b9a402d00a5cb6f44c98db2f03d8f93b64643525c46db7691442ee159b33cf6f94bb300cf61424cef55d8c6fee635b2a

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
640b386fb4006df37ee2c6a0ac73fefe

SHA1
745d758be63a826f09bee77958b3c87aed0f8532

SHA256
a102c0fff50cb15fb8421a341d1e3ce2bd9e691a4c369df19a78140771fd06fb

SHA512
6046a89397df151fa65439e14b2dca5755d78200f2413564d481c33b3fb61ad2c9125743c9224f3678a6a0819fe3fefbeeb8714543ae7682279109c41d685f2e

Download Submit
/data/data/X.God.X/files/PersistedInstallation222409377461661102tmp

Filesize
90B

MD5
3a6a768f5e80c078cd2aacfcd4ab49c8

SHA1
61f8c749aa86c066176d687df15ceeba62495a04

SHA256
acb9a1fe1e72d04bd5b153af71148c34761b06a735340a5632d1adeeb4a36ae2

SHA512
5de6a8b4ddd54bbda6e0fd177e64955ddcac7a70c2f61077424309b9d66f0f1f59689b78ddf326b7b425bfef7ef9d1a27588db3dfc2c576e83a321bf122aee96

Download Submit
/data/data/X.God.X/files/PersistedInstallation8498338100857615459tmp

Filesize
568B

MD5
b925d95084fef5285e4cd74f44aa2780

SHA1
a4cc93f7242d22621a6fa1ed59201d772ae370d3

SHA256
8fe06f5d6cc2702035b5e871c3f1b3b32ac48bc2b1b5c8e4ad874bfbe7549a08

SHA512
bf5aad02a52d1164b18abbbea97f4a94ed415762a890d045e0e0219200ec5af41d26aa9872ff3b4b07480c7f4c60e895a4ce6301c5c86f5a2392aa984b559fb7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads