fe4e6dfd3608d3ca567558d2bc77685c3b8b3650b783dfb248e29ba3d0dcbac9

Analysis

max time kernel
19s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
11-08-2024 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe4e6dfd3608d3ca567558d2bc77685c3b8b3650b783dfb248e29ba3d0dcbac9.apk
Size

2.8MB
MD5

7b39bf11b45453c54a771125af3787d3
SHA1

cb8ce2a7dab63d1de60f1216036644dba715b5eb
SHA256

fe4e6dfd3608d3ca567558d2bc77685c3b8b3650b783dfb248e29ba3d0dcbac9
SHA512

1f63f7a839d1ba506fc23ece9133afa02eb25a56fb0ae7af3dd9c0c628e320021f439469b514923d32e1fd7d66a8979eb304c3829fae4a069c0d761f75f65942
SSDEEP

49152:KTbdsl35rnglmqdJy2WTx8Xt8VaamfvXV+1tda1Mt54OLkf2fbFfNTeMvOefo:KHy0mqTy2UU8ViQv+Mt54CjRFTeMvlfo

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

X.God.X

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener X.God.X
Acquires the wake lock 1 IoCs

Processes:

X.God.X

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock X.God.X
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

X.God.X

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo X.God.X
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

X.God.X

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone X.God.X
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

X.God.X

description ioc process

Framework service call android.app.IActivityManager.registerReceiver X.God.X
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

X.God.X

description ioc process

File opened for read /proc/meminfo X.God.X

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	X.God.X

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

description	ioc	process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4975

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b29e389306717548a96dc98e82a697f2

SHA1
da8bb3219ec44289c2247b5c10040c410da13374

SHA256
a43b95c2ca5470cc04e114a4356fed30668201945b9273d69f866e80f4523cb5

SHA512
03f3f55ba97e1c6f9c7c9e323eade3c8e87efc9ef51bf4d4a4f573eba2b0cdd8179c14eecc8f5854a79938ca64c357e0a725d671ad9f5803513ec1143eb99810

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3b7bcff3f02d59c033ead61b2567a95f

SHA1
798b974bad1a0ebfd0a7921631e070377ce01307

SHA256
58853c2275be297e9778a2b6a94532e49214ed51949b2760aa88eab7c2d8de00

SHA512
289dc746151d28da080b2bc8508537d7ac705d6a6a0464779ef4bf951b05a0732867be6e0608eb54fa5b1b4ef2f56493b1651e827530204730f983a336469fbc

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5ab2f756ea9727d62596a394ffd41f21

SHA1
b622f5f41802dcd29399bfb717b4d883b7c03193

SHA256
03612bb1108c806394889000e5e197dea13faad6614a3f672917fcc2359f368a

SHA512
f4b7cab524362b299cbed2dba6b080a5fcb95c5662d5b114687c27a882c76c286e89f85b3240bdf76021f465f784996e2173d412f9b364303a054e7e16953413

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e2dc0ee4045445410b64df669b9bcc6f

SHA1
d2714cd3adf97594f69271cb5f95269bd530e4d2

SHA256
adc878f60ea434bdd5a464fea7f46326aa98d50afb3a8813cf90572ee96aeb85

SHA512
448af7d89206479d81d99f35b44f1e5b19a7495d4e3d11b0e5ec1804c197a55ac8a47b67eab943680e2c0dd72e4dce911d10f62dc81919b2ab0a7f3def2898fe

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
71979e712530b651afc706b40e142374

SHA1
d6e8c429151d9fa4b4cd1391f0b7588b2cfb3f5d

SHA256
4b56802c7c914ad4f764df213181c23549e04772b786c2d30493196432953045

SHA512
e3558a7df1fcd55b7e2747ba7c7fdfba7139a2cd5c9e1eef0614b352526f4ee55aa247dfd18edb6f091d306a6a531b44e2f8dfbd36392cc3d03fb1af8825255d

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
682837b4a372c5b639c40ce7371535b3

SHA1
6d16de82221029394b90a111b8aedd3b37737d62

SHA256
c880e61250789c1ee7973583196514890bfc77ceeb74ce827a5e5280e4e20e31

SHA512
6fc5505377d05e3277eff9e6032dd50b8d3ff292dd9081c0c5aa832230aad688825a866095c8ff04be62f4fea2e8601cc7342311dc80da4413337bd3623180a0

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
1c9b6897028648961c59944c32db127c

SHA1
8f37b8365f2df5725dcb9e1d3fd02d24b5d5e260

SHA256
dc832bbbe09f7d67fd8920ad4d54453bb45a8ae3e96c6dc16091e3ae567d0534

SHA512
6b2c58e37628299db39e3a99b5c0df66d9a8abf738569abdcca8741e618f3a9c4a14a6536ec7d09d9797326a9e2dc9b98f94d36f1c57459d973577e562c7b0d0

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ae28a0a3574884aea418a49a52f5e223

SHA1
ee01e3e2936ab48978e03ac2d4c3bf80e37417de

SHA256
435e2b9164e7ef0c03b884cb7fdbb59beda4414450bef3eb45ed9e0d55ff4c83

SHA512
cec8349c4b67070af91ae3ba45f5ae396efd588487fcad6f220a0cf9cdf9c63d719291cb3c987905957589bc86de64dbb2c6673ff9839bf0b2823140a9f0ee58

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
e6bc0cea99bc40a6c49f37d06c1eb954

SHA1
7f5e7194f91d5c76c0fb21e5bf13d603d2e59cbf

SHA256
839d53714fad7c1ae745a0cf0195ac486a7f894761aee8348ab97cfdbdee69b7

SHA512
9a51b3094ef7253f208e4211d0c2abbc2ca32e9f90001082d200b7dc787e6dba46407c4bbec00843b820786f6d4c2fe7aa513b1462a9ff3871be1c2bb05855c2

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
bfb2f9fa6879400c3c3508730693d6af

SHA1
6d8c64d8763fda4bab1fae5f5b9084a7daa14bfe

SHA256
4701b06b35184b07db341245b7c824edb2f66c06d90979800fa34cd8b3d74640

SHA512
afdf29e20d0671eb71fd178d5f2e8d30f936490719ebb6699d7945078c8fd027e1281f0d7b32ed12e1d8244265edfbab7c9a086cf661e9f5d1acc869b304fa8a

Download Submit
/data/data/X.God.X/files/PersistedInstallation2435221105826861892tmp

Filesize
569B

MD5
b5396012ac698af27cbade8f884f5106

SHA1
52d4639ee5fce893baa980d415653c4c158667dd

SHA256
8e3c9095c168249c6a0f7a2304eaf669afba98727d1d292741cffe52ca3aa288

SHA512
b11ba9f7017662e62336f90777cedd60b4527ee436728638f238d295715ab5d9bd9f8cff5e1bbd4a65423d9a651f7f15655017990b717cf04c5a6414de8a100c

Download Submit
/data/data/X.God.X/files/PersistedInstallation3494435636349862878tmp

Filesize
90B

MD5
2531595a9b0ad9086caa22bcc3f77602

SHA1
ed7b42223ee79d9d2f99a844d1bb13f142b4dead

SHA256
53ff16b4cb1f46b28643e58a58a88ef220685c4cfcd497f110119f9df1f22da1

SHA512
218923c853f14c413cece68ca1d81fa6f3aa578c3e81996a27c4faefca8f3ff68fae5aca8d5b39aab9642ba6e047bfae5b057b399ae476910abb0b416e0ea586

Download Submit