b0b006464c4eb6ecc09ebbcea91f56822f97bab9d8e4341d362ed94257c76aa2

Analysis

max time kernel
30s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
09/07/2024, 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0b006464c4eb6ecc09ebbcea91f56822f97bab9d8e4341d362ed94257c76aa2.apk
Size

3.6MB
MD5

137051f21856123cb25530994883e1cc
SHA1

024bdee3a7bec368a8a460ac09e07e361776451a
SHA256

b0b006464c4eb6ecc09ebbcea91f56822f97bab9d8e4341d362ed94257c76aa2
SHA512

4579cbe55dad6ad44a14b166124fd047aca37aed136258dfe5d976a27e955239568c3091f502fa4d7b11b3136a99e453b99508385812c373f6a74cdc6e2b8c0b
SSDEEP

98304:OAyaNOBvwbNZapFvjvyjJUy1lDB3uQ5ZWqyOSvNb:8aNOFwbupFbvyjJlfeQHWqy3b

Score

7^/10

collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	X.God.X

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4610

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a2738ed10bdbb3f472eabb9483e6d178

SHA1
73b165c8e0c63784475df92c51759f65efe543f2

SHA256
2ed6e41598561853d1d6e79723dc2dafa4475317a0a68e23e4adbb10feffd29e

SHA512
684f5cd1b4090d611c5cf83e75888d76d7b426dd8b4f741206d473418cb73e5aa681f7a022daba4b34fbe2e948daea2c9a3efd6da37134d566c2675c8fd115e1

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
974ff704ece82ec12258ba61f955e810

SHA1
7e1886cab3e6331d074667eb4b0d906527645a03

SHA256
b7672dac35546fc387c0864e1456843b9469a172282b37789817995b259212a9

SHA512
76db66c8c6bb929725c5dacbbe4ced4cf609ed3005913133606d7e600a1d7427175c09f537d330d43efd8eb152e2b043b2096628c8dc05623af74e76365e30c5

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0277e06a8b6a7be0769be3f0e350205c

SHA1
0cf2a073d55576c298b17fb2942fd9eaebda2f47

SHA256
cafd351c3bab2a8e14428116db8a5d2c54797700e8841386c082015578f83808

SHA512
bb51ddda5643c0000486e0afc954b97940deab9ab3f439950de45c42a51263321a7833f313d3cb8fee2698f374ab585ccfff0ced87e08315d439d99c1b03f705

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e2fb7740b0f296000f1591ce711e7004

SHA1
1e6308ebfa80501719c902c3699a67ecebdff2ee

SHA256
e872af951eb26b555695897008773daaa897d533ed10de55787b527d00b4741d

SHA512
ea7d7f2f6837a0007335fc1a6f4e8db4f25c94678296385d8878ac5d3fcd0a2cd5e73331bced2f66e3a740675eefce3a3a4d351156659a7fb6fa032903fba545

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
de82e2c94d2718988804b035a46d17b1

SHA1
705f5ff19093ad209f2a666085d6ccaed3bf58a4

SHA256
29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39

SHA512
68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
35d5c2bae1f6186d47d1d24cd7de94a3

SHA1
7a1e60bccddd9220ce19a9dd8a997eaba43ad699

SHA256
cf0f379e155246f1b1d9510095572d3c5712eef9befc360ecda2e4bbaa35f756

SHA512
07339ae757d1eedb6a4c5329df5ddddae5eabd906ca9843e9ef3a84803823c2788496463d3f7ced4e5b76f6f020a63469cb5132c4fc57dc38768e46b995efefe

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
019ed33946ef98ef7268c6b2c9cbb3d3

SHA1
fb1d6e839f53df69f5ee22f1f92b1b9349b6be2f

SHA256
052988e8f472c941b53e54913c348e5997e949f362cc5e33ebfcd73a16696b83

SHA512
503ff705e2bf5b813b8cfa27a8f29c93e22b1592edd6c9a0511f284c88dfd44bfdbfa5c514079e5f9db1c364b21b392c970c63d2945fca6b2df12dcb4474c5e0

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f7e581b4083d6ad5fa3f2df716acdb9b

SHA1
ea6c8cdf30baa02fa07ab161e876dbbd915b73f2

SHA256
4ca2d0edb6b1b54d9af793296928d889ff62bc11867f0545be82ce91a96e7fe4

SHA512
d7913d8cfba287f20488539a60e593cab18afb8c727c726099c9b1b8662192cb3ead62e5abace3fc08cdba7d3ed142a0e4da0d4ccaa2a245c525c18050654708

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
52845641712a8a9171aefa12b8dd48f8

SHA1
ec6d68413476cf91062bc13ff0cc63c2d539f03f

SHA256
2643e9ae29002969a5ea234c5df08b05ce7478aa004774239494b920415d1b3d

SHA512
0303de674e72add88b90d058ae8c7554dc3b1cd41b177040315adbe84f16a8f2b2fc733ed749496b195d818c9d6df4b202bd06855e44ccf7476635e9e781331f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
b784cfbc10ffd60b7c4f61e6a3fd7636

SHA1
41d94230700ad8073fd2b21b45a1063aa64c792c

SHA256
e92eb682e1000864615dae33a4a85556a058ed853d3a58ded865a894d4c566de

SHA512
06e5fa33377fce5009e0894efa5cf21629f8548e773431100503ce957728ffa621c85223e9f1e6873926b56114b604502131ce5d0bb7d73faa42f0d86bde9107

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2b1bb06e3b84590f62dd583891c456a9

SHA1
f08313813cb90f7c654c8f9fd7f98753661ff8dc

SHA256
b056affa2b7e80b39aee0818b6e834325c24969b562e339cb91d5a28aa070a7b

SHA512
022b6635b4f3871c1b8f0c119b1afa9b95645ecbabff22422ea232249f9a46ce1e69497c5a7461255efdf97b69eb144fd0854b24425f3798a28ca503334eab41

Download Submit
/data/data/X.God.X/files/PersistedInstallation1068180581704325970tmp

Filesize
90B

MD5
848558418f9521c7aa1607db559e0375

SHA1
7f67e3c22cb1062aba7576889b2998e058a2caf1

SHA256
57490f8740af51802aeab04c4e16eb6ec636dab363ef610c458ec5b5c010f9d2

SHA512
7ed69aca30bbfa856b20aea5279b2ada357232cd43af5e12135aeeebec1724b6f24625888518084428f3ee5a20f324198fd11474356ac2b6c48901bc7654122f

Download Submit
/data/data/X.God.X/files/PersistedInstallation2308253552454229499tmp

Filesize
569B

MD5
0e083bd368854fceabdc54244fb3ef3a

SHA1
7e450fd8f1259f2f233f05118542268dde8a6e39

SHA256
ec2c3b714b97ef995c9ad5d103a237de781ee66aa4698a31f7fad6464edbcbe7

SHA512
46589ab872ee6adbaa50d34324283435b65de7b5672e194a46977ddd148c205441f4747d3b874dc9e5b41122d26bc70845e4a0cff536f3d52546a9395fe1d206

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads