b89ecafde09182f1b0eaef752d5a146c465e49d51840a9b571a63d359fd5efdd

Analysis

max time kernel
65s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
09-07-2024 19:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b89ecafde09182f1b0eaef752d5a146c465e49d51840a9b571a63d359fd5efdd.apk
Size

2.8MB
MD5

ff04ad3b47d9b71753545bc02dc8c33e
SHA1

184b7979dc29ce42fcbbb033671fb928e695331d
SHA256

b89ecafde09182f1b0eaef752d5a146c465e49d51840a9b571a63d359fd5efdd
SHA512

6937975030162551b38e8d91a35b175009be470d66eb30992a460c3c9275f16e8d58295a7a20cc5e544cfb3455ea247d3c22dc6212d791de06c4ea6758dd9d6f
SSDEEP

49152:mPSe9096pV6rX+Q1VpBaHoIkoo59X9SABZ+nm98mFBXAwtWk0ESkbUxpP:mqe9b2rX+QFMIIkh9tSABAngW6qP

Score

7^/10

collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

X.God.X

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	X.God.X

Acquires the wake lock 1 IoCs

Processes:

X.God.X

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

X.God.X

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

X.God.X

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4478

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e16a3ceaf007bb1a436221208d70b0b9

SHA1
720a7fe738f4ad6b8987b366e6da59e37f1ae977

SHA256
cab9eccef9350e9a60b7a63164235d81e937e3554c905d27efdece10ff536695

SHA512
ab07fcee2d4e9bc5899614b661d7c69b790e611706dbe4154cb0ddc5e3a4a1b9e8eebbcffb49ae053521fda1fe2e922ebd123660e7c0e599c19d463b124d865b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
22736350173389f04c2094f521bf3d7b

SHA1
6ff022463930a6d0ac8e58d5054a7973ea43559c

SHA256
9934ae8513cc45706482eeddd47eed9f11bc6f24a208bcb81fc626b11b51b67b

SHA512
c627d9dd6531e03ad930e45bf8125a642ba391c3a1ba76aef3c783be179c66098b522c2ea4219ad70e917bca6eca761ab44b9463e384d347644387ab60caf207

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6e035843bccb6046b76c1f7006d18803

SHA1
81214d42bbf431da54c78d9f39b2469349da75fe

SHA256
3d9eac1f7728e9eb64aded8426409ccb647feb8d55921be941cf8a6d7c8ccfc7

SHA512
13c9303efaf55b6abf8f6d68f30c6525b7d727e8b94bd5d72ab623914be464598ea9bd40c9ed51eeed243348ce35e8ae86d52c0abbd4263bc5f5f73a20c90c7b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
42b040aa9c388f5064e1312fc23a1699

SHA1
8a8972fc552d12d1c90a88a9c07103aa389c6a40

SHA256
8979fe7a0324d17be37e1f2d3b6e273dfaad75ef6d1e73b110e05ccf75fb2aef

SHA512
4dec01ac78f4b72a62647f1f8119b6d819c2ca38798bf3821729bd562e7a3f578e005e8ca9fb1e9488382359f86430df3374998e12966eb6def4b326c038c828

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
de82e2c94d2718988804b035a46d17b1

SHA1
705f5ff19093ad209f2a666085d6ccaed3bf58a4

SHA256
29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39

SHA512
68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
d17f7d0bf73d85b595daaf780fbc737c

SHA1
1b48a8b38ac393675d422c32380395ee7652e20e

SHA256
0beb52702e218d0c50c1658fda7f40f938aa4c96376397ea3b82beab19d7b38c

SHA512
07b7a7edececfe8588c3fd177c0610c457b2bb65bdb9e346961b8f5d290f59ddd13589bd0262085e7642f525d257079067b5cbc473653253d6b7f4c717b2b8d1

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ec42db624e882a27b0961dc3761b5d5e

SHA1
57dcc8c267add9d24e80dea2de93cc4c5f139200

SHA256
7e3fbb052f89d96ea6ae4c0246a36f802360a30eb6683c4bedff1e87376b6fa0

SHA512
4aed2b5a259eb4807e612b530d73b845de22508fdde2899fe5ac59105e71001f3dae9e1aa7c8ee6899fbbbc9086046e1fb3f5b7caae1a8e662f3a6277bd7f27a

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
937098126d1aaed5487f4242b9a7e1e1

SHA1
768ae4c93e5bea0e6ad67553f6956ca318a8cd6f

SHA256
40046fa638fdd2b5fd2a5e3cee991071fb1eba9ce90c63edd0e0198466185135

SHA512
50b2dd62779074ebaef86bf5b73bda99cd35016ba464f6fa8c087a559ffaf8b5d18bcd9eb8dcc27572fa9216c29dea4ddcca15c86fc18a26ba4429766c8e41f9

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
90c01e48c7e2ffbd41bf053f34faf978

SHA1
6edd5a57e17892bad56d1c09b65371d2f012154c

SHA256
079238eeed27d142e009a22b05de4ee814d97e1634e806ef93e0a4ea4e59f5ff

SHA512
ba9848cc94536fd1821ada0766a3fb5e09a545a3386704172474653c06340dbf755fd4f8fddfe65b38a823580e769232dee7e37fb4278aeb59c73e724a1681d8

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
4aa4c143ec4cdb2be4cf233678173c6b

SHA1
e7c60144771c77e63ebfd6209a11be6c9dc242f5

SHA256
578c2401c58f6432feca476f65179fb79dc4d74c07fdfd03cbba5d1ed629466b

SHA512
c745bdbd7d108f7beb98113023d962d1b873f627d45cc446939a118f10885692d4ffb4456a1b12d74987cdaa35e420fc734167ee972f894e6f11a936637bd3cf

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
323b60cdb5857cefff6e563b9dfd4a48

SHA1
e3e2a7dcf4cf401bbe34a4abb6306e535b9e944f

SHA256
1bfee637b2e5bf378931f0276f847c04106d0c65021df5686c00343148047053

SHA512
2b13d39d95a8981b5d2a494f30a9d86d4f0aedf3b816cc7473848a5e6c3e0b865bfad2a236935335b99d68f447ada5bac36b3b1aa3a9b591f7f2ab9dd8ef027c

Download Submit
/data/data/X.God.X/files/PersistedInstallation2216067810241583828tmp

Filesize
570B

MD5
b954275142051ff2a3cad51f1e8e6053

SHA1
855a9fbf611fb52bc886fb34630fc30cdf136b1e

SHA256
bb7c98950f9d73374d75bc4ee8df1446c4197648b0c70a45bebb40afd2c50431

SHA512
486bf73478d7d60a49f144dcfc15da5c41849af0a2f731670a2ea4b6968afe49f0dcc776a2d1b9ce1d751c2f1c894d847181f5ea2a83ffb10046b1442ce19e9c

Download Submit
/data/data/X.God.X/files/PersistedInstallation5831572616979886588tmp

Filesize
90B

MD5
f813113182e0d51dc3454ffa52ce7f93

SHA1
824dba4cbea32fda96e924a531ce4bc7b247aeae

SHA256
d2c9484367aa94076f71258fb3dcc9c12687a9b84fc67580d1eb6e3b4e6d098a

SHA512
0a0005e1f008f01079ddb57797be59c3e54e8c40ff1852cce3929dc8ba9024bc591281f93cdedbe3acb354abfa8de9d24c0cc122a27581faef584282f8835fe4

Download Submit