19390c5069814743cf75a979e733e54846b26c38fef6e6063d2127d8fcd6dc25

Analysis

max time kernel
19s
max time network
157s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
25-08-2024 00:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

adl.apk
Size

2.8MB
MD5

a9c325de4633252138fb2892717feffd
SHA1

c6e2cecf49e761cae125c8a7f1469535cc71d5a6
SHA256

19390c5069814743cf75a979e733e54846b26c38fef6e6063d2127d8fcd6dc25
SHA512

52a665c9016c4351bb59ef3a215895132d2e879b46cf4d3977bc6ae550a450f65d7860f7d99665d174ef54a5846f81d7ed2269a333290b1617d89b87c8d5e995
SSDEEP

49152:DTbdsl35rnglmqdJy2WTx8Xt8VaamfvXV+1tda1Mt54OLkf2fbFfNTeMv0HDHN:DHy0mqTy2UU8ViQv+Mt54CjRFTeMvWHN

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	X.God.X

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4932

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1955b41e4532ffc59f2cdad3b3265d75

SHA1
8bfb60cc01b207ce0c8ecdc67c4cf5869ce92933

SHA256
deaffe0c51d90e89d8bc599caad3ba396e1f07b4174f313316d4e071bbbb18f1

SHA512
f42f3b96ae290a1e6aae54da5d2eb641526cf62a948bf4023f545d367516d2584c57114b271a57249ebb35b94b01a56a2c1da6257d45eb016d98996aa1be04c6

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8cb1249f7e02d90b1c68f4b61236c17a

SHA1
d8f6e45ff2cc698cfe300923bc046b0e170e1248

SHA256
3f5cab9d6d8e37f32b123eca7bb6f7ada5d36d32ff18a6584f15d4a62e681c6a

SHA512
73ea785917ff49416e8d005507d2e918f348daaf7d218e53649fe0e35f912c2c5e339d2ad143d9a9e66ea18d23193b92101e871d657207621682da4f8edef162

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c31a8bb6652e6bca0f14354c38c0a9ec

SHA1
3084839f39fc27dbb147e0a18a8986fa732effab

SHA256
44fc92fa5b61d4a88471f9a9e93048f672e18b74d376cc4fa94d90fe11db2645

SHA512
ce17f49eb7479f4c9be5f382eb2817f439aa3051daea3c37e5b70c94d646eaca6855b61fcaaaf160a817cb1041028978db6f71fd1be7c00f0db145d1c3d0cebf

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
03d9197b86562f1d12ba10915553fc88

SHA1
cf531661475f988644acbba1f96a3254336872e9

SHA256
02b8a4b3754084699bdce40a0473a306e402b7717079f1721ebbb14d45560646

SHA512
0496a7a75a23c042db09c4d7a19c0e7e24c0d69dfa50c07834145bb70b17f33f472a1f818d1f6562dc8eb924cf781e50fbbd9e85e3f909377593f77f2b2e4af5

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
add076fde2039cbced611562b0884518

SHA1
4d0c07f6c5bf724e55d0094f94c35092e6eb77be

SHA256
e5cf9daa68975a7a13806a6e1916599f2819d5026a235c7d8bee60fcc47b5ec8

SHA512
af6d3c53ce21eaf1cbeeb6e2f18f1a15c11b3ec435e94ae844064b9305fee907fd88c9c4b88a655adc22b79b0aeedfa704ccb4c5341a4c448e53ef92f70d731f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c33d04c8ade5b7e38608c5cfbe23b2bf

SHA1
8082f285ce11be64cf0a7c3b8abe3303e665bb62

SHA256
697de48f53e0cb4d00fd06e650e6d57e68dcb75c880e9f5dfff70a2bfb17d9d9

SHA512
0e11c2255dcde98259da568fb2fab4ce2b3f3de76494a506ba33308e4642bb9a4c05e7623fc507acfc54ebe4ee24d14dd361a2da3755b3e9a3e4849f8d07ca9e

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
36948f169df5f972e02f1aae030f7dcb

SHA1
38260b53b61483c81855dd4aa355220a8beae43a

SHA256
010b1c1f14f49e9471f1551847229759f8edf1e2ff2be5b56d6e517ad620b58e

SHA512
2c14985559a36565239e6cfeaec323caaa844caf43fa497cfbc82f99cdfea52d8f188b7e7f586fd39df5f4ad476093cd1e5556ebd03ffeeabc946670ce5be9cc

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
eac64be9dfb9a5a4d33971bc72dba006

SHA1
593a0de66966539d59b2a79537394e108059b56c

SHA256
47ee099396228beeb5457c23465b466fe1a77427e16ce12e8be0d0ca2ee16c0a

SHA512
79f3ff2fdfb7ac12863949fcb413672676a2bdddf7bcd121be238f8245be5d817b87b4df0ffe261cca80aeae72f037cb8c8bbb9d12694b741f7d2c9f04ea9f21

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
eb20800bb269411364a9bc6da5abfa14

SHA1
4e5bbd7a485d310a4b1c0f81a5c2cac17df30090

SHA256
aede2351e980df89f63c2cb5a7b5f4e142b875c58ca04c6fa431cfd9f2840d93

SHA512
96abf5163998927fe0fd69523399afccb39f67ec7718ddb10b46aeb5ba050c87a53ed923d5e43b67f018ff76c6fc9b15aaa20da53ee6f5f9b0d50d33453b8ad2

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
663b134a7a1ab6020372963e95027c41

SHA1
3c02d6103c29e0921f088846298af14665586382

SHA256
adbda178db1a1a0ca98f0ffff9556d4949f5b3c588d88dd9c7c26f40371f48d5

SHA512
ce5fe2dc5f59e52fb67165ff30fc4c42b61517a369a53b098da2d2ea2ec549b20747635cb3fdf26e303956a98335169c63aa4fd4359763443bbb8c9ae7e5faad

Download Submit
/data/data/X.God.X/files/PersistedInstallation1533364527902932914tmp

Filesize
569B

MD5
73daffeb4bc46192865427002a3904a1

SHA1
01de115b7b689bc537f79d1b5f63b3fff15bac01

SHA256
9cb9e479e9d6ee0fa74107a0ca9b12e799273fa17c4d6b1263651fc113113050

SHA512
fb4ca2c38386b22a6457f04a6666d80747a8ec24764260d880f6265abf2ee2950175f40f3720d29ae54664c30a853d4dcc71eaea34e5b1982f98c7edd7dece44

Download Submit
/data/data/X.God.X/files/PersistedInstallation9161629647232445524tmp

Filesize
90B

MD5
06d3abc0f7739403d91e326c093fa744

SHA1
58444f86430cc7bcb4d8cd7e818b28d8723a3345

SHA256
18500720ce487e0bb992771843bcff9ea8a92b8110e7ea6ede0a08e74b2232da

SHA512
b500e185dc602e308a248f27cd58b429d452e86e5510b5cfd20cb787ec0049c11108affc2277ba9c46ffe559f591b58cf5317b533f0c4e7c8c87ed1ce125c275

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads