fe4e6dfd3608d3ca567558d2bc77685c3b8b3650b783dfb248e29ba3d0dcbac9

Resubmissions

10-08-2024 19:56

240810-yn7ppszbmh 10

10-08-2024 17:49

240810-wedn6azgnp 10

Analysis

max time kernel
20s
max time network
134s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
10-08-2024 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

base.apk
Size

2.8MB
MD5

7b39bf11b45453c54a771125af3787d3
SHA1

cb8ce2a7dab63d1de60f1216036644dba715b5eb
SHA256

fe4e6dfd3608d3ca567558d2bc77685c3b8b3650b783dfb248e29ba3d0dcbac9
SHA512

1f63f7a839d1ba506fc23ece9133afa02eb25a56fb0ae7af3dd9c0c628e320021f439469b514923d32e1fd7d66a8979eb304c3829fae4a069c0d761f75f65942
SSDEEP

49152:KTbdsl35rnglmqdJy2WTx8Xt8VaamfvXV+1tda1Mt54OLkf2fbFfNTeMvOefo:KHy0mqTy2UU8ViQv+Mt54CjRFTeMvlfo

Score

7^/10

collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

X.God.X

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener X.God.X
Acquires the wake lock 1 IoCs

Processes:

X.God.X

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock X.God.X
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

X.God.X

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo X.God.X
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

X.God.X

description ioc process

File opened for read /proc/meminfo X.God.X

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	X.God.X

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

description	ioc	process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4473

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
825b0038d0458380d8bbe7dc5f58559b

SHA1
5e1db9a4bfba11a7111bc02e63b0a771056f818f

SHA256
c59162885b5a9ef8592a43680b668e2804f6a2031ae65dd8e7feeebee57e1dbc

SHA512
a1142a81dd5d30fde119cffb9099516a772750fc99f7db93efb81d9fd630cee03516526e9a68ffb126f2a7c7af666c5c2bb769a00710878fad062b0a05bbe326

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c65a8dc72c314f8c2b66e443180b45db

SHA1
49fbe9e873274c3cf99ccd3ac35e7f90690b3a60

SHA256
9e3b261eeea693076137a4036d8a96c6236718da1d699563858a8e3927dad7a0

SHA512
6ba4119fa98b31446cffb120e31e6afb7230ce2e451a2a231981d1a762e026eb9e6fa777ddc6ff4d9c9d4789930447605d55631a1e6a6c745796b2ca3efbe264

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8c89598de9978159b9bc4ea9931008a0

SHA1
ccda2b533f1dd39e030990d16b93e12f1fdc32cd

SHA256
3d29cfb8995bd251c2f0ef36473ebbca0e9be16da9e146b3856ee29e1eb6f03d

SHA512
b3d51f308b6ea1baaf678599e0dd47ed37ccedfb69bb352d8989475c3631a3992ef27b563fe7f1263b4ab546b2abad42b7cd4eed35961011cc34bcd209ef1e12

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
33b3bf48b8ccefccb17f1d775744b592

SHA1
22bede2f164f4f1434df0033e2761b0e83fbe0b2

SHA256
85c6758f01fd57e766b0fc8596059d6d1a83368f87cd388cfe6da0c800463c8c

SHA512
166a0dd1d83006991a41ec8bdb564470e22e7e87034b5f738aaabf8f48a48a8a73d0ec5ec19c0d7d05fcce0b5974cbbc17cabc6583abe577deb6d2db80b9879e

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
de82e2c94d2718988804b035a46d17b1

SHA1
705f5ff19093ad209f2a666085d6ccaed3bf58a4

SHA256
29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39

SHA512
68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
de6b362028d168708312e19e1d85565c

SHA1
fce848d0c585187918d0e9441f598280038dd6a8

SHA256
2fd79cd01bd32a59011b570a6627bc258a39a15e2638698b2af70bb5cd380e30

SHA512
1b8c3e420e4ae2e13f00208db4f9fdf110d62e3770ec988d5ee6fb17c5d8a90a7e4e430ef07e83678eca2ddae3ac6a86fa3ed370cb3828337fae15576da1bc6c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
fb9828e4ed26a29220cff6c38a0f62e1

SHA1
0a632574ca38bec3d5564e84442a29b16b39fc56

SHA256
26218ea6dd7e7af9637bb9ee68702e665fc2006235c2c72cb0be699e8445914c

SHA512
ed8b2c91bace3e886c1893b1a91c5d938ac64d963b0f098e956cf43b62e54e2106e27674fff9f0d1391bee2e428e0f00078bf615a6cb019db4b8046f405a0f6e

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
85367d7107e4a220b5feba5b17766eec

SHA1
895f0fd0293533bb515b5196e29a33415a3aff79

SHA256
482699df891b690fd4617b6f9317e28633215f2bd77eca58241df73845cf2a5d

SHA512
9bfddc0996b4c5553db7d41a5330685b04e6142d42c6de4a0451d692144495dc8652b41e1738c3167bb380fc387673e46be7097d3ec95dfa4b20c53c16ec5080

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a6a33bc394e4e26fbac1428b1d186de8

SHA1
b345e9e26803e2bfa832746ae57a1e23837e5b50

SHA256
ca70324ea73ffad5be0916673dd7dd2783d29e075291f91b67ff14e88ab3a13f

SHA512
65be5c6de6aff8161e780719ce5e02931fb9eacf444e2974da537689306bd0b85d7d8801c7eaa840205a860269f4dfaa32bf3e805cc95924d9cf31dc6053bfe4

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
38b48982bc9137f47dfa08b0d296c6d0

SHA1
6a77e475a4270b48b36aede2165de06442aedb50

SHA256
4eb13b57c5ce918a9ec95f31f8065d9aa2994c8e34745696296b8d103b3e202c

SHA512
0df98b998564f71d5c0b1ff7886f308b0f394baefe5191d26bcf70d38e608647a2665f13fe124e236c723af889c94fb1d609a72cb437d645a3fe3971d1c1c23a

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
82fba476f9f512d0bbc304abdd506c78

SHA1
31ff2b6e7e659da13f18d08b63da9b25b8464030

SHA256
c698f566c9158513a0a5ec40cf2d1ae6be5b5d7e1dc191564dba5cbfcc3c0ead

SHA512
7381ce3f6f27ac60aa409e0c9663a4189c47dc48aa3e9e0e4569ece8794db3e3918ff624a0dccea6363b6b545dd696b600174f4f5a3a4f03088edfbd0541d3d0

Download Submit
/data/data/X.God.X/files/PersistedInstallation4014347607057091599tmp

Filesize
567B

MD5
2238f55453560aef19f237e1196ab0ba

SHA1
afcd17bebf445cb3d5aaade8ee43afacf3e7cfe9

SHA256
ca7455e0207459b693afd19adf0142144de3c5370b5e229c9f73ec96a82c8968

SHA512
955843017b99e4101b0fce0c45560011381a432896cf3e16e21be3fc0e422d1cc514f3911e889e05d718a0c46a3fa8847c4264cd2d13aba67d41b163c5d4ea13

Download Submit
/data/data/X.God.X/files/PersistedInstallation6349527227432865923tmp

Filesize
90B

MD5
607bf9c993d1aeb0e03a57794d9a25fa

SHA1
3adb773104135aa234e8a2dca66f8cf3f9983c1c

SHA256
e33c58f0ca8861f7b26d27729defcc761da6c7d4d2d7b956c29f9fb13ffb1de2

SHA512
399f38da29a59092509d5fd064b040cc6c2e497d533f5e9431ab588796fcd8993ea626aa8b87cb5b9100acef9b32b209f3799b4b478bd0218be13879ec5c0bd8

Download Submit