1fbce5b59690066d83e98beb20913b1c8d130fafe8412367226dd20f046c68e3

General

Target

1fbce5b59690066d83e98beb20913b1c8d130fafe8412367226dd20f046c68e3.apk
Size

7.4MB
MD5

742704a96227b442e03546e94f0ce09f
SHA1

e14650a095753f28730c00f260200e6370c392bc
SHA256

1fbce5b59690066d83e98beb20913b1c8d130fafe8412367226dd20f046c68e3
SHA512

7521f8e75592cf738e500815c2618010c45b8aa32440c94e0ea0e0e82b45c41762e37e95f35b7d273326e038617ace18106c0ef895c993b0e5e0b6b16a71a4fa
SSDEEP

196608:/guEqex1Jc4+8f/0phFU9nCEv+FmB9SHGz0afpFWlWl:IuEqx41fMDOnCEv+FQGGYaRL

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/de.twokit.video.tv.cast.browser.lg/cache/hook/classes.dex	4260	de.twokit.video.tv.cast.browser.lg
/data/user/0/de.twokit.video.tv.cast.browser.lg/cache/hook/classes.dex	4284	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/de.twokit.video.tv.cast.browser.lg/cache/hook/classes.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/de.twokit.video.tv.cast.browser.lg/cache/hook/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/de.twokit.video.tv.cast.browser.lg/cache/hook/classes.dex	4260	de.twokit.video.tv.cast.browser.lg
Anonymous-DexFile@0xc1de4000-0xc1f1b348	4260	de.twokit.video.tv.cast.browser.lg

Reads information about phone network operator.

Requests dangerous framework permissions 1 IoCs

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	de.twokit.video.tv.cast.browser.lg

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	de.twokit.video.tv.cast.browser.lg

de.twokit.video.tv.cast.browser.lg
1⤵
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4260
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/de.twokit.video.tv.cast.browser.lg/cache/hook/classes.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/de.twokit.video.tv.cast.browser.lg/cache/hook/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4284
- logcat -c
  2⤵
  PID:4310

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/de.twokit.video.tv.cast.browser.lg/cache/hook/classes.dex

Filesize
118KB

MD5
4db6fd2bc106359d09fcd5fee1a53278

SHA1
1c46aa24c8709479e3d30af39794e1a0179f81e9

SHA256
438ac770ce5abff88d0edbf3dfb6661edb47c44cfdb07738b00f981457a1ee9d

SHA512
b0407f27906044ae7deb33134e8514d672fe1932b1163c18518b780d377b8261218a7462382307524fbd0939be76542c36f0a95d513f229a620f83e239951bf8

Download Submit
/data/data/de.twokit.video.tv.cast.browser.lg/databases/google_analytics_v4.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/de.twokit.video.tv.cast.browser.lg/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
1114712b27f3ab4180c998026f0fd476

SHA1
06a7111c25983b6db8f418b719c26e1116a084e2

SHA256
138d4ac57f5065f9948f47c97b0372df7614ac4a4e67a9253c58d04d16d9b369

SHA512
289b79e9c169c4a44141f4ef56464110d89204273485d9ccebb5b750233a5fbf97075e384aed47d9c910df52919d2f0c1839dd3aaf7153d71da5becdb71a96a7

Download Submit
/data/data/de.twokit.video.tv.cast.browser.lg/databases/google_analytics_v4.db-wal

Filesize
52KB

MD5
b36650f62cad53351bd9e01b8acc11be

SHA1
21a4038b63b76c2d0c6d086c5af84a61015d1e96

SHA256
4120f390e631e0bd28f58958c66486c59c79401c53c36f95085e32a661b9c475

SHA512
14a73a11c4cf1e72c24b88037fba3f291f8373729d51c7b03ce487a0139271da6073725cc0ba579b7107c8a153108b4749eeeecaef728e1cce6e79849733b05e

Download Submit
/data/data/de.twokit.video.tv.cast.browser.lg/files/68fb6f53/3407211280.apk

Filesize
7.2MB

MD5
19ed17994bedf53b90e7ae2453a67330

SHA1
2d479972d4d236d05ad54fc62445db455d9de79c

SHA256
461289f40adad44242ecfc67c61a798b9f628ea404102acb276ca8fb330f8a50

SHA512
da66a9d869a5f2d7355f945fc6c6fece52a8699421f894f0898d4c91f7b988c125a59788be18aa70c5f603eb1ec6dbd8a238a4543e3b14792f96ecfff6a10be4

Download Submit
/data/user/0/de.twokit.video.tv.cast.browser.lg/cache/hook/classes.dex

Filesize
118KB

MD5
970f18fca7747f7171c63ae5167d4ba2

SHA1
858928561187616aae90c33e53a2b34258f7d8f1

SHA256
f32a5db8ed5ecc2cde47fec26551daeb4403b3c40cba8604ecf6951a19c9cabb

SHA512
48683da90df0110f442619708c6d531316452920b7f4f0a808afe4787d429274021250ba09de39c06876a7db5ade6300a0710e4158c4ce9f08d7cb976984faac

Download Submit
Anonymous-DexFile@0xc1de4000-0xc1f1b348

Filesize
1.2MB

MD5
6dc2457694ba5b836a339638a991e299

SHA1
d8fb7a3ab512a74ebea391e1830f3307f4206394

SHA256
57968af8097410952a8eff11b90eff2c2bc879c2fb8f1be926a1e2cb8220c12d

SHA512
4e8dc9a1fdcf9335097c3aaa3d2c0f84e2fd647d459152caeb7f3cddacad527e053aae8ed5cbe0455ecb4e0e13c6037ca2c24fcfbf987d847358e598907cf859

Download Submit

Analysis

Sharing