93af370c16032f2b34ac2280d50651708249a5e4729d4cd8fac05d3af184a7d6

Analysis

max time kernel
19s
max time network
165s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
21/08/2024, 05:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app.apk
Size

2.8MB
MD5

ba4d33a8c94eb2d7964922cfcee82d3f
SHA1

5816ae891e89185f9d13f4592f3e39b5fa0ae009
SHA256

93af370c16032f2b34ac2280d50651708249a5e4729d4cd8fac05d3af184a7d6
SHA512

c6d82fbf055e7354a83d1d9a8aff9767e10a13c5ee43046da3a298f7581166ee286e64c8d211f8442bed8791b0c9154cc4e9dd1f6d8189d4a7e89bdd145b1724
SSDEEP

49152:TTbdsl35rnglmqdJy2WTx8Xt8VaamfvXV+1tda1Mt54OLkf2fbFfNTeMvtu/:THy0mqTy2UU8ViQv+Mt54CjRFTeMvo/

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	X.God.X

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4986

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
957286b38ed14fbe1234051c1e378e43

SHA1
573437c3ce67735a2a31a0428bf298fa1427c997

SHA256
814f29f9ad9479abfcf7c5b0c038afcf443fa9e60f97805560e5af5adb5109b9

SHA512
94b307a2b3150efd9b87ec56b479caa3053cb6081d980b62717d314315b2ef507f57fbafeaeca7f14de4b85ac94115f1e2ffc5719b533c91bdf13015aed126b7

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e2ce1363c53521adb31aee93d5647002

SHA1
06c2b512bdd7e210081fb27dddc6e2a883ee0c04

SHA256
6a651b36c2250c353de22477a26041d860bf74e2cd642b12c6e12a4aefffaedf

SHA512
aebcf7488c9534576d5998ea8d782edfd97ab927dae8c101db638162e738b64a5a1c04adc47e8387b82950e277d166edc5ffec9f1214d432281f43b606964164

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
170a195085122362e5fdcfac9f770b8b

SHA1
89dedaf123131abb0e5a4d4c8160438c91f4f98c

SHA256
ab4a3f003e0915fe08fc60265e58617e985bbda8c44051e0c5985fd0b7e6c9fc

SHA512
cd2fb563ac58daf423381754d0469a6a438c2aa3333a663dfe25458b8988498e76d4b8de59818b21edb558808e08fcdac569a037d1a815402046e4be2405c2bc

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
19d6c4d3f9840dcf00782789f5211560

SHA1
6246d995225f319f3c99744133d6b5f1369d4459

SHA256
94b1d97a0109f85fa67da19edcf739aa4b28aaf99d33ea60effc2a1d69a21ad4

SHA512
bdf258baf33a4662ddbe4ea7c61e090d86e747beb22f20def096123f41ae024b4ebbd12ecb89b5b2d57012671869730f35ed67b634d0beec77dfd44422fbf1f8

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
984472ae0a4203e51c5176581b6d66e1

SHA1
d85721a94e77cf2664d78dbec9825b81b28691b6

SHA256
69e99abb3cefc664a3e467b5ae276fa72a72e9d9045d520e131eb23a48ff6065

SHA512
7dc83c07b7dfc4feb1f3aa6d33bb7664d016a948b25b59c4bbf7194cc8dd0f770bb66c29aba7e76de7cf6047a30d102dce5aede3cd63e224d0d48c220470d278

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
99f2452434dfb02719b037a7279e9d62

SHA1
aa6e30b71100c1f2b7a60379b42e8300309124c8

SHA256
d9dab7590ac6751ffd13284e35059b94c23053c6358b3e18b4d13d7f420293c9

SHA512
29620b806bd3edf77ae308c867dfa5a827178146d65554ce25f97a9f60a9ec9d8fbdfa7a7aa2dbb0f349c44bf2e9c6aaf1dd0aad4b0850936788b6c80af492bd

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
31c84918ba3df48851039e2e3730741d

SHA1
b5cc0e71b86d6d1cedd058c528b79c52ed1a7a28

SHA256
f2dca90246dd23bd5730eae8d2205c38b153934be3408418cd2aa8c51854e2f3

SHA512
9ee45fdb9fbdd6e9f1bca0b0f81e7ab6649c37bf294eb5e17caaa70c9c3a607b49e8e41a2c843ad9909c57e43ef8dbadfef23582fea03607658d64c63bdf3418

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
0f579d810b6e88bbbbf09ec8d069853d

SHA1
5e6fd58ae01ffb3dd00fbbe6626452faf8b9e517

SHA256
b8ba685c861e473cb4ddeafd98c9e16d52b9699aede6be77455da59c2b969243

SHA512
11e3914ae5c193691b26d3e6c77427a068a1af143d62d9c90c4ad4175682501072616a9c1785c9d3c06f67ee1c2e352479e0295cc5f7c0fbc7d575691ee96d9e

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
50dedf00e96ab65b7cdadb43b0bda83c

SHA1
e3a227b8eeadc3af28b8d297fc4ea507c66ba492

SHA256
40d6deaa6f3175375be732a41451a3997cb2c17d118b399fee9ecfdec9770131

SHA512
340e4ca5fb6a5f77a0d42a7b922804285db06be8996438a98ea76836a77bbd6624fd491928be7791fd1f7a3aaf41da757db73af0f4d5fb342561d06e84ffc280

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7d63b9b85dd6e88be2b8afd14e4e7290

SHA1
35eb499e035868187f36d5cb947a883d9c406f77

SHA256
a36110a984471a0d07a4143d53cc2c0991ef73290f0a6c1f1b601c1f24e87f1f

SHA512
35c799c76a91992ce326047815a5f049d21bbb2c8adec536212742e67d894074af437464eab2cd20b8de0a2eb48b38ee35e3f68e67e04c384a45d501b0e98743

Download Submit
/data/data/X.God.X/files/PersistedInstallation4737907586089102095tmp

Filesize
90B

MD5
b7601c6b36621d911acfcf46d6ea46a2

SHA1
3edb35a116c18ef3eb012f7701e9a76270a8ab2b

SHA256
51e5010c44de4d7858779111941e6727498df60db727735ad9c18bd6d5ef5f85

SHA512
ebe53f45215954051fa9053a95f57cc8dc84beabce0eb71845f9e6088c0b837f9cf1c04428ae3c77915e13aa528b6e742f8704f3e0d406a2e993d9c6cf43314c

Download Submit
/data/data/X.God.X/files/PersistedInstallation854878784331431777tmp

Filesize
567B

MD5
9c6089f069753faee084116f99ca4804

SHA1
bc27b488b0f93861580cbbdc26485ba6ae892c95

SHA256
2f01ccd0200815c86efef97c040f16977651759922e0e70d6fd932a1aa19dcf7

SHA512
1979f6e6bc4dc1c5b2825c77dbc904119b61df6997956a3a1611072512c8911070332b2f0fb492fa5bc8a57204baae1545f985682e6146b9ae953a95de4ab140

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads