52bd9870e87357e66a416b9a8a374138048077e7fc1121025cf3790bd5efd244

Analysis

max time kernel
47s
max time network
146s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
24-08-2024 13:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Application.apk
Size

3.6MB
MD5

08878d839c3106967e9e0472bbdad562
SHA1

c727e854536485b12e064a1d523de236a705d790
SHA256

52bd9870e87357e66a416b9a8a374138048077e7fc1121025cf3790bd5efd244
SHA512

19830fccd9f8568393f1b7c697f485e7a45e20cd01a01470788915b942ec6f62c4464f5eae6a5eafc8fa1d4f71c05df2e01d15c0d737227b3ae4514207e38abb
SSDEEP

98304:fu9WkQ/jMdVWxfAatYZNKlEmmP41aHpxvPe3TyTHQs9W1:fu9WkQAdoxIaOrRP41aHXGjNsk1

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	X.God.X

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4984

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
cf8e9a0d807785893c168a2b8329732d

SHA1
60040e1bbb5c795705ee2bec4a181c3603fc83d0

SHA256
5a0fdae15c50ab30a20ae68f71dde92ae8140c39eb75c6e2d6ee6a2da275399e

SHA512
158283116bcb6d90b715a16077dbefd8484b8b569fcf747be6ac9898ff97c235082eaf06648a25ab6ad47baaecfa6b0b925467b92de4b6347c76f17b52f6f4ea

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
460f08eab565404bd01772f5c9e68d49

SHA1
5596168cf85a42f08d0e59580c50ac462bb3c992

SHA256
21f784c9673ff4d0b893ff65556d5bd184e01b1193625f0517852d47b421ed1e

SHA512
123bd7634bda294b428a4306e51d3f8540ab07813b9b4cae49881afb9843a1030ae9c17a9403bd6f52089bb6671c82fdcf2b11fca449fc125079655f7b64b98c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
329d2a1e8d1aabe95c7b957591952382

SHA1
56c3d935e498aeed6461f100444596763912ea32

SHA256
8a56b75887fb2c92445a4cc0e6ca744d13e312d45a909935f93233848cfc2baa

SHA512
d51b60de0c242c4195dba7aa29cce84cf59155d826ed58814ff82cc4841ca74b9a722f68fc919ac933047b0c53e0e81faa2885d22661e53e7d9b7f6055269660

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a3f8b59c5ba07f679e94bd767ac25b52

SHA1
67824747f9ee2e7e4a670347e17613e196acabaa

SHA256
d1a0fac61325f97cbb4e0c342952a5f015b2c97ea9389091777ffabc97bc80ae

SHA512
baf4cae04b01d7590548961159e12b568b9b9c57cc2f18ac891ac29a66872dfb965c73bee5cc77853d1a92e62e630ad4bac6801cbba1e479aa0dd8315ce45865

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
02e4b99db5420e7d7f78278a3cf57e20

SHA1
1bfd99806926494d3efd28fb7bbddb20d7ef0d18

SHA256
02d144129a98b96f832eee84192133f2bc2bf555fac56cdde68ebc6373f7fe8d

SHA512
997a03e83a1e246dc283796fa9b73f5625286aacda0c8fe663bbd652d38ec27f488c88c56f9d1951ef184429f43149c570c706c009c94befc113e5871b2723a6

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f3e48924bcd382726c4743fd6a69bf3b

SHA1
f5e1b95a365eb160cf438fadbc1d0b9ae92a7f65

SHA256
ebe4909288c1494064e034ede0c3658e45dd2e5c35973fb0157a2cbffd908a1c

SHA512
004195e29756485b058e3171a0bb42c9f4415c895bf482e26cb3ae020c4e52def8304a158a7da2cbff08640e3ceabb90bd21c16235de26af67e9cffedb1050bd

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
98c6837d1e402e5ce52ace4138c77923

SHA1
d810198504ccc0b2b2d5b382e280b58f52a3342f

SHA256
69dda16112928b3e0d431db85766f08c61aaac8d3f2aeb370044697720bae085

SHA512
3d42c126b1c3c73134c1eba61ec1a35fd09a5832b8f27148b173a4768f7790288dfbdacc8ed28778df63b63dcaafe0401b29e1d288d4401d7802f00bde906d78

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
4e4a7431d84a892f4a3ae26e4f3ab6c8

SHA1
1b9c9972928b4f0946a9bb208fe9fdc22561bbfd

SHA256
ea405f1710b9099a916430b06b108cc7ab1e705e60925447ca661dcb7bdb6882

SHA512
5d2f1075e6f2f683e42a00588919473d8bd971212924c609f69bfbe35f2a71a2c0e360db6a44d61262f2c5fb254fa0197a2b8a63f60a047f597412f313da5c92

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
0cd11f1d620fa1753707250ba3601628

SHA1
0bdaf88b2814b657f30d79eb598df4e97f77facf

SHA256
61baaee273e2308ba6dc474830297ca964ee360d61e48f80b9e9700bce4a54d5

SHA512
89d523094a48d5646ef66775ae485fd1e97c8e88f28c21bf4c6a552b86887530b4739f1957223535d1a6bbce20909740716b4ef899e3e9ea2a5a04fa9f984b9b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
9b3a1ec27044a8a8a315ceddc95f3f0d

SHA1
4a2e8f00415129ef0e0c25e6f3d40d9fb41974cd

SHA256
ae4f1c84f7355407e0a7cc6f38688de6882d1090d5f0f30fb92160fb3640402a

SHA512
c26ce20f2388e74057c1925f815fc49ea5346954170e9e23549f9f080191962e9e4f854f4b1b83ea5d88546a2ed4c3b4b9303b0c6a4b6c1df045ccae54d6c95c

Download Submit
/data/data/X.God.X/files/PersistedInstallation3236680367368298031tmp

Filesize
568B

MD5
b30e85bb506db60589f6343cd0ba01a2

SHA1
7500773e1c5794e7b643f4daeb045603af7ab053

SHA256
3413fb24176a4b62b7222d4ddd91428c801e02fac49d127bbd0e91fcb41789e1

SHA512
61bd05ddeef9bbaa0968bf3ad517c27239cc925db58aec801c922d6b9947119c258a375fd93d331f00a05f9be7d2f677b2b22f4b091e3f17899b3dda532ea7ca

Download Submit
/data/data/X.God.X/files/PersistedInstallation944110357993695015tmp

Filesize
90B

MD5
dfb11f9e6187942c34f4e563c3c9d3c7

SHA1
74a7f9b857d30a262cf22c0b81882cfb5a22b435

SHA256
6f93ae43150f887a576c7ce7aff1998968c916a828801269256128e2c54753d8

SHA512
7895292a91dfdfc54a231bf7183862b8f1053152aaafc6f7ef7a5c58f2b228f33064941f7f785c28f579010734755da9bf87c71fdb433f53079a48bcb69d8fb8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads