19390c5069814743cf75a979e733e54846b26c38fef6e6063d2127d8fcd6dc25

Analysis

max time kernel
19s
max time network
185s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
25-08-2024 00:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

adl.apk
Size

2.8MB
MD5

a9c325de4633252138fb2892717feffd
SHA1

c6e2cecf49e761cae125c8a7f1469535cc71d5a6
SHA256

19390c5069814743cf75a979e733e54846b26c38fef6e6063d2127d8fcd6dc25
SHA512

52a665c9016c4351bb59ef3a215895132d2e879b46cf4d3977bc6ae550a450f65d7860f7d99665d174ef54a5846f81d7ed2269a333290b1617d89b87c8d5e995
SSDEEP

49152:DTbdsl35rnglmqdJy2WTx8Xt8VaamfvXV+1tda1Mt54OLkf2fbFfNTeMv0HDHN:DHy0mqTy2UU8ViQv+Mt54CjRFTeMvWHN

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

X.God.X

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener X.God.X
Acquires the wake lock 1 IoCs

Processes:

X.God.X

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock X.God.X
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

X.God.X

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo X.God.X
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

X.God.X

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone X.God.X
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

X.God.X

description ioc process

Framework service call android.app.IActivityManager.registerReceiver X.God.X
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

X.God.X

description ioc process

File opened for read /proc/meminfo X.God.X

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	X.God.X

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

description	ioc	process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4964

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5017a1fc9a99e5ae1b9381e2e6c1663f

SHA1
e2d80642055aab833a30f8bdced9d57d4559d5ac

SHA256
d7f2041c455d4df4ede70195f755bbaf03d74f7fd049e101d51063076ed75dc1

SHA512
af1fb72b001eb8b61b138444a20c68e1af3560d61224cbbfc431d4570d4672b8e79fd37d7875898e0c5efd9bbcf442125d793ff74a2b9266a96c8c535d746bd2

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c2e45e04836b1113f431fdafc74af240

SHA1
dc4d11e1ad31ddde502f7d9a022b9c1ac2f55f60

SHA256
c29ca210445fe21c99c70a857507dd5be0f7b02ad05d03f17d3d75396bc29d0a

SHA512
702697d0c7db0bf2a3f705ab224b26f765b8c34cfff1f5b2fd7468e14e34bbcd5645bfa439b58a141058ec2e44beec261ff073b67278fc0682ce8aa05fc06f10

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a9e9371de46a584b396b04bcab0a1979

SHA1
f9ff5b2d37d27f19326dff5f15345fa9027b1c3e

SHA256
a7e2df4d92109147590a4a3ea5640b383cfedb004aa6157c22e6988f112ea244

SHA512
af0e4a0e0c8e81de9b7164e8f732d56619d561249312f6024797391fbb1ec3aa33cb780110e92682788f61772018b3fac5830366b1bab4f86b091a8148c4399a

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
706206aea0e3c8a92421847b70912163

SHA1
168028b462a7427656c2e31870eb2592f09de1c6

SHA256
43646df1fb9af0f23616b3d23fd6ca569beea04972891f0e0c749d99b803a7e5

SHA512
b151739e887d9fffbfa8a691d22c18f286721ece0b56b88128e9d817db6c501eb3dee904c542e8c6b9145259c4020a143da3846870711fed50076c4f0095b76b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ced95d956ba5f4a1d1ece0b4efdb9b46

SHA1
97e8d0c5c6417b2f05b4e715ce4cfe304d04e09e

SHA256
8d48565b111e1d3012a37ea4dc5acc51c7c860e264b7593af1a53cfba8bd130b

SHA512
831fb7ebd8335bf80a53a88d405fb2883b46dc3297b4e7bee2b0db7f89fb95c8e1e47511c45d0371f8a1f09a9221faab1eb6e95db05e61eddffb0e48a09fbbab

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
1b4d77d90ca0878271b1fb50cb4a4bcc

SHA1
8a64bb6f242339340f750c4044d94b18d1132e80

SHA256
f86052a38281063784688447224d8ba00c74d42d913d4df349867572c4677c8f

SHA512
814faaf5548bbebde8958ff0c88545e90fcc896baaea521ae57bd0af77a5afe05f76531642289bb1f9d9f44139396e6a7223ad4210280848108c4cbdb8e83eb3

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
55d89356270f0def18671d7392aa9908

SHA1
cccf7b0debbf58d1ebc78931c5f4e52296161770

SHA256
08d2f04d89e0dc2ca46046d711f0d5b93b7b20c3ec7eb9a76550ba3f1001591a

SHA512
a4e7cdd5364c2aec9193686b7f2eeae1deef0e3f1717cc1b846baac1cb8a3452d822f341f002a8365e863d207d4743dc9df1813d0be57ce3b6413da43a1b3452

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6ea848b1bc10973bf427a7d1643d52c2

SHA1
c3fdafd9e3f46eb540901d43d152b00f6d1bd447

SHA256
e45ad716e324ed9e3c340bd4a39d4eaf9cd86e4261519ebab686542d8e09c878

SHA512
b567431973a683a2a1d99016523e799a7eda415615c16d9eb11f29e790926aa2d3c5f6a5c8366d3ede2db085587b18112312123dbac454d303d9a40074a48c88

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
0fae675a2984ff9025db899df6bd52da

SHA1
9aade3b8ef8bedee41e2201116d8da65cb4d1adf

SHA256
17e59d0bc8fea9520c2fb7eab0a3515a455f18aef0098af259f87b07e85b9d08

SHA512
ba366cca7690a0da15ef9a41ab18d630b77e88bad8c3b9056da4e281c6e49e191786e2526a27d63ada7ea2ab8516ebe2a9f2645d6b40d6bfa1ee3861067d6e1d

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
95f88ba7fe8fa1629f56185b78116c31

SHA1
73251a591561b0a174b1ea48cc3b8156d5898354

SHA256
f31986a43384ec378172c2af55c4777762b7dcb1a8904ff2ac53c148b47e3775

SHA512
576808a33aa842041a6fd141fa70268fdc803c0e46fb3969782c8f87289ea090c14b8547e6dfb0d8be1b0ec1028e76abf9c60a4d5eb860fc559e29f255eb08d6

Download Submit
/data/data/X.God.X/files/PersistedInstallation3285918353083251543tmp

Filesize
90B

MD5
f226a949aea0251c1feba7452b2cbdd9

SHA1
4c1d0ca45e044fd16d710f17ef19a7e54c0ddddf

SHA256
90e163b31928fc0ee5ed68f619f00284bfd6504405ba9448f606786e6b56d9e2

SHA512
fe970716f1c6c0b7b2ba9efd0682ba1d90c7a710a6625763f5dfedabd920243a5efbe20e6639ac5a2a54ed923278d1a99cd11f5c606afdbcaba782cfa6e0ee78

Download Submit
/data/data/X.God.X/files/PersistedInstallation7302467324449918511tmp

Filesize
569B

MD5
35aba03e5ebf676f264a804d910d8545

SHA1
2d5aba910097271213ea229771a64d12f4ee3553

SHA256
a881bc1c0e2a57c691ce8b8e4788415949c7599cd6f740bb209518a182aa84db

SHA512
a4f9988822db954406aa0a12d6d7b8799b0051979b0057feb9c1b26cfecb20d0a189796b5d06fe3d8a221c744eba3bdcb515fc3ce0a0e8c3f9cdda8ebf90e6a2

Download Submit