8e00e43db6939f7aa53999cc8d8d687625c42a1c707ca74b9d540514cdc7d65a

Analysis

max time kernel
38s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
10-07-2024 17:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e00e43db6939f7aa53999cc8d8d687625c42a1c707ca74b9d540514cdc7d65a.apk
Size

2.8MB
MD5

4c307e6962c91e6ba9a7a85f662f5db5
SHA1

c76926b8d6af7f8718510c200f2083f842ba1ac7
SHA256

8e00e43db6939f7aa53999cc8d8d687625c42a1c707ca74b9d540514cdc7d65a
SHA512

17112c92ba8ad9a36ff8104b6102d33308effc4f520f3f430b2dc00ffd50b1efc4b9ed6b675597b57b9809e805ddaf99553069a7882e62f0c6191c85a4e52cc4
SSDEEP

49152:uPSe9096pV6rX+Q1VpBaHoIkoo59X9SABZ+nm98mFBXAwtWk0ESkbU6Yf:uqe9b2rX+QFMIIkh9tSABAngW6af

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

X.God.X

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener X.God.X
Acquires the wake lock 1 IoCs

Processes:

X.God.X

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock X.God.X
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

X.God.X

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo X.God.X
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

X.God.X

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone X.God.X
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

X.God.X

description ioc process

Framework service call android.app.IActivityManager.registerReceiver X.God.X
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

X.God.X

description ioc process

File opened for read /proc/meminfo X.God.X

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	X.God.X

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

description	ioc	process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4940

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a9f766fdaf0e39d1eca6a92a0f5ae847

SHA1
42fb9df1525b943033d0a72a989ce5af326283f1

SHA256
274f49f1a51310634dada0e15aa447159113683d81bbe7de266d497a43a9eeed

SHA512
e1d2cb16ded8d038ad2d9f266f85f4e38f173401ad9f9a0faa1b926cf2a23c1ed00637c35b0776b01bea6948c9d3a6d46c6e16df1600c16db14e52bd95c03ce5

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6ea04e8f34e8376a4471f88fc6705431

SHA1
351e99a0cea72d79cecb5cdecd6e01b385add67c

SHA256
7c9fe472308d4d7c4a7bc05dea9978324f8f0b297dfd31f313df374737fc1486

SHA512
f75f61528d9e618d413d41c7700a28383ee24b483e702dbe3bbeaa7f1fd1b04265089e84e90e9cbd2a779592b75c37664d9f603f8f74330a63d3a25c29f20f97

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5b310b657f4125e484f8538b6f579c17

SHA1
484fc003b3a2161011032cdfaaac7c7a03f63a2e

SHA256
d6e8e0dbc7b0a008b8925f41b9ceb90066b67793beb4b15cc978022ed78bc142

SHA512
c6d6f89c97eec4d83dfd61843b91e6b4bcab9fa6b4d176879f3fbdd8a392d4ebcfa2d834e80fe109cd37117e7e1c8c7482a0dd92c10516d1015f34ad120ad5ec

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8b114f21bcc206161f44aadbfcb12317

SHA1
c4f3ae2a801870cc0fb2388d137351ffe378a464

SHA256
917e51a26942fbefbb72b29f944dee8a7ffd804b0a2ad6b8252f7f906b0fd30d

SHA512
f6403b87268d147f6f0075198570511be101ae47b5322897986a292b89228b9373f196091cf1d38680e7d24b88573bd5d2ac6415ebc0d1d0ceefe4b8edec4e6d

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ab213cec24b65ec36b90e137cb953482

SHA1
11534cc253324e5c1f54645098011b5a590ac7f9

SHA256
4e7cfce62b39f8b5bbd1ff890a63ed5252b759c95b744cd80337a2e5996113a2

SHA512
2aaa134b0db0a46a47649309afed7c7aa00dca6c2240ee033666c7440b84f407af88116bf0a49c819a65e3b088b61512d8ac634851b1502ffa7372af9ab19f4c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
27f4a99bd0415e57285013dafee101dc

SHA1
42da66f1f160058091994305c4f20e01f53b7cfa

SHA256
cbf37491311d30a46ec9e687318ea5f8ac3c38f149a20c2faeb7fe10e96f6b0b

SHA512
2e529c8ecb8dd7052e85141d3e147ccf6624bc18990b2f129d04198548e7889d70542ddec75e5a137b08bd7bca7e0e0646551173a9d0f2feaf68afcb1633c391

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
dca9457d6a8ab34d996661cd5a4fc4f8

SHA1
82c46da72093615451e609df63b7c6f5c192f7f9

SHA256
26fe64fe7b0726374e49d8804af22298cf8c625ac3e6f0fe2a58b30e104c0102

SHA512
de9065f1648c9c064d04f38bb04f0b226d887346fec458273df01133a77d836dc2d3becf926fdc61c49fdfba3ff443dbbf60188d22bc1050ef52eafa52ef6a52

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b2a06a8a101caa7cd2d9bd750310b8cd

SHA1
8bb16fd8f3ceeb0fe9f49887a2bc49c72eecd6fb

SHA256
92d52e633b0c344c0fe896794cdfc360fc9c8c9f57e1e6fc13b05e1e9b1bb0bf

SHA512
54c387e30fbfcfd23f6b88666cd6b0e918b298edae2a3079598ae9390d4ae45b986708324faf0a53a0f899485ffed4312ede8c9eef3e916121a5f4912d05eef8

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
ecf0c54f87b28da8aa1b45b3e8256657

SHA1
570f737e5aec5213ec1c0be04e101de4ea1caa75

SHA256
acee86037480610e86d1e5785da4dd786c53c5056708f8ada2e5f94e88c6b395

SHA512
d73fcfae4597d141f7852faec0b95009cfd96e8e033827ab65f72395f5f6c4dfe4bed138a54f3c33934cab595b5006e65b0725c4fce05a92d19256cbbe744f93

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b1f5797930b175024fede94357b1e062

SHA1
b1e4a8d8a60bdaff5cd1e6c81c4f4e04e0a975ac

SHA256
bae583bcce63bc71ae384d8c77d3a58567f1de0533d4c5d79bcc9ca59179979c

SHA512
31b083739154e54c8fb35642807b98699bd20306cae5783b286c01cdd526300ea71260f385978bd6c810123cb9610623d48f21f5f4f504f0db4a45fe986c1ba9

Download Submit
/data/data/X.God.X/files/PersistedInstallation3416480118622617557tmp

Filesize
90B

MD5
67b5421cc829787942b4b893296d5c46

SHA1
72ad6e6487a9edc56a345bdc9f71fa930a1b4cc3

SHA256
b980e3df40818a0ad80699d88b7d440554ee2a8886a5421f7537783936841601

SHA512
19e446d1bcd53444d1987099d51b4f2d33707a7675ed1a075b7e30d54e4df33e13a0296bbc11473ef97db9bdf5ee97253611c4785bb7d63bbcd3f2b1fcf87e29

Download Submit
/data/data/X.God.X/files/PersistedInstallation6956992655805311630tmp

Filesize
566B

MD5
19f604faf109108f8fbc22a09779d287

SHA1
981c2a91d18872408159aefb3afc6b02f5cbe62a

SHA256
31b2c0069322aec95dd44765d8b6204b97af64030f93afb04cce2e3b44dc0dd8

SHA512
bd1c2efe33468c0a51fa5ce9ef1019b90e1471d83b5aed17e7d0c591ae36fa5aee668774f1e4eb326d17e3c800f4340b7571b658164b5425ebbfaec2b2087141

Download Submit