b89ecafde09182f1b0eaef752d5a146c465e49d51840a9b571a63d359fd5efdd

Analysis

max time kernel
46s
max time network
155s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
09-07-2024 19:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b89ecafde09182f1b0eaef752d5a146c465e49d51840a9b571a63d359fd5efdd.apk
Size

2.8MB
MD5

ff04ad3b47d9b71753545bc02dc8c33e
SHA1

184b7979dc29ce42fcbbb033671fb928e695331d
SHA256

b89ecafde09182f1b0eaef752d5a146c465e49d51840a9b571a63d359fd5efdd
SHA512

6937975030162551b38e8d91a35b175009be470d66eb30992a460c3c9275f16e8d58295a7a20cc5e544cfb3455ea247d3c22dc6212d791de06c4ea6758dd9d6f
SSDEEP

49152:mPSe9096pV6rX+Q1VpBaHoIkoo59X9SABZ+nm98mFBXAwtWk0ESkbUxpP:mqe9b2rX+QFMIIkh9tSABAngW6qP

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

X.God.X

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener X.God.X
Acquires the wake lock 1 IoCs

Processes:

X.God.X

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock X.God.X
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

X.God.X

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo X.God.X
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

X.God.X

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone X.God.X
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

X.God.X

description ioc process

Framework service call android.app.IActivityManager.registerReceiver X.God.X
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

X.God.X

description ioc process

File opened for read /proc/meminfo X.God.X

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	X.God.X

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

description	ioc	process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:5063

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6d8dcfec3287ac131199926bd9b05d42

SHA1
40641ca50a3dc1a18c0fa2ea97222832b07a7801

SHA256
9f26d77c6f86dd8a5ace802a87111d2a34d0ce0037ccb3a511f3e2b587b00279

SHA512
d35e019385d6aa3b8b45aa1bccc066ce01c96179f1531f1b179f423891387dbf83bf05ab3315cf9101c8178aa69d0c2904c9a7d1300a83371adc3bf4359f515b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a7d1692f3add0ac420e0bf7348503f94

SHA1
b775b6c4ebfc796f750614d02489639b039b6183

SHA256
6406a2dfcd2805fedeb4b7ee55e1a0e8e50538ef3a504d2fa44f048eb02a0f2d

SHA512
b7738971de68f67167cf4bfa5c79779b479b1a2871a6fdec62fee9a15abe4c14b184516c71856813de274f601740aee13e6dfba1b28042ef49c5fd25a285a772

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7f1a04db013ca445eaef07061435507b

SHA1
a769d25f6430c6905a5b5ac5d86e16754db23518

SHA256
bf7e71c26e1a6689cd438b43f0856bb933385b3d0382206512d8e0dc535b6ce9

SHA512
cf9e555bc8461be993721b03e908180478c493387b459cd312d0f7862343e5d716489d103b184e7e3c35d0aa53416b5214ebd0386dd822015cad9976b9a77389

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
91b2be56e38e8adc1a81eda083c9cf96

SHA1
a1770240726248829a15e040549945056131f653

SHA256
3a24eb383366334fb35fa55b120997c80af63f0aea555112d2a336152ad38168

SHA512
8fdad45ea253b596ccac0adfb8b05386fab6a2d967678f7fca846606f95f856df0fbd4fdea1985902c31e085051410e007158e8cdc0a7cee5348cf8204e2b0c3

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
bb610dbb57f766f49bd950b4aabc1019

SHA1
e8e99e18d8ef10481e2d4187da960b2c230a2419

SHA256
8ba18e1c444170520d443034e26e533b1bef12ed2fc59e179fb3c752b65267c3

SHA512
d6abf5ae149ad8392dce94f557eb2238a133e43fbe3a309dae07d5db95ecb831e82ddb214a500e8bce943d9147801f1cbe4fd597c7a32b60f2dab54f5fc22f74

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
0781480539d14adf54abdae6ca6bc40b

SHA1
776c2a2c5bbf3d9e9526120ce7a8261f4e5b2915

SHA256
e6300ab0692f77a21b118ec8641859bce6e9e1a87a4f896d7478ddf5b1936387

SHA512
128c027f9f3a4146513d862e86654a1e6ad8c8e90e8c2e4f89e2c7ed4109cddc470f2122f12f332b59d0e0722c42ee3399d746fde21275299c71bf01f70a38a8

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
1b5d83221afbea28a433eeed558dd401

SHA1
52af0df763c6fb2b073383a4675e33216ec77ff7

SHA256
f76b8bb4b06662b928e8cab4b9d9902706b677b52af9ebcc956ec58370951d71

SHA512
66ae7125a3a4b7aeef0ee9e3c651248b098028562702ff3ff22a6fc59b3174c10bceece575bb815903fad97bf21d7dff8197e09318ab49e468344f3c4f29756a

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2e3788b6da948a21a454b2abbd29524a

SHA1
f3f14dcf79b26c5c91ec9bdeac77ab4b0fd27406

SHA256
932e2c4b92e643c87af3d459e8d072a5f56acf27d06a1a919490ae8956a18fd5

SHA512
64e1d35f18b57e38fc48a66ec45644099e45efaf53c037b04cf7b3d15f89252f391e4ed426cb6b6e05f65d72f32a22e1ba8a1fcde3e39e57266a6deb2a5f472e

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
551bc7b4b9ccdeb2de98fec6933108c8

SHA1
9a1c215c35a5813b49ab897525b47b1efb042479

SHA256
c93320030b46dd276cf7d9aa13fabda0bd7107f8761f65cfa91cfbd9bb178bd5

SHA512
0ad7d4f93e6b54b3682712fdc0adbf2ec808c9da2fc4b93f082d04ddd8d94388b9c96a08c5d2c4d2c3df2c9a3f1413abfa6bd3f9c0fee3048a62cbfe725df424

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ddbf38f96a0cabb002b509dcbed5be89

SHA1
346b8c82294bcb1dee6151a606ac085152b2338e

SHA256
3a2cc4a541c331fbe78da06d067ef81fbf62c7378bcb248b9db3cfb2367d6186

SHA512
f45344b978103fd1271cc4ee6841f01a6f8f62b314d42ac32cb84c7bf13644764c449381baa5f773dafaf7e8de55528bc1a8e89bb9471880ef67e5bf2626b098

Download Submit
/data/data/X.God.X/files/PersistedInstallation3769272656319995337tmp

Filesize
90B

MD5
c6a5d6f34e04f7630daf67b5fa82ed7e

SHA1
a7ab0b66dafcd544088bc224fc5bd031a5b7c323

SHA256
57e48deaa33d3c3d4b7b29b48b63cac6fe951abcf940b03312e11af8ef5b4719

SHA512
4320b15b1b22d2242570a41748f00c2fe37cfba0eeac7597e3b7a0127bf189eaf6422d16918336a9e31117af983b39b812329ca6303a1e91833d3fc1e401583f

Download Submit
/data/data/X.God.X/files/PersistedInstallation5321150911031303547tmp

Filesize
570B

MD5
9bb1eafb051fbdd0765d10d4f9912d56

SHA1
380b5c2aba25af9b6ceb89f8bb8de5c00f727406

SHA256
0ef06f3adcf1261c9fb71fad9f7ac888edee795a0456109d97c8085ff9e5f5a6

SHA512
8891a18d5913d326f91efb36ae59f3538bd0c5f2730be02bd9c2f61cd35e3e5de845921ff71bb1a951917ddb78685c74ddf64f5031a5d5814d0b801e0fb7c431

Download Submit