4669ac7ff2b0fe6edf1a084680c2d54bafdeb243231208faaa9d19f5963533a1

Analysis

max time kernel
2628076s
max time network
168s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
23/12/2023, 16:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4669ac7ff2b0fe6edf1a084680c2d54bafdeb243231208faaa9d19f5963533a1.apk
Size

17.1MB
MD5

91a41d019817ee961d70fcaca366a50b
SHA1

9162425f6a7f25cb6a0239037a7f9a94944039bf
SHA256

4669ac7ff2b0fe6edf1a084680c2d54bafdeb243231208faaa9d19f5963533a1
SHA512

f81d636e2d40a5d429e7245ae36fbaf5f0c370a69217abe87ddcdeb7073b55d1c5fb890d8b38e46f748f8422da33ba8f38f79c5c997b6dc89966aa657bfe2109
SSDEEP

393216:ReLgeDiZ1KCgS1bMPBiMXyq1EidzGLgq9BTxiiMKVTzV+K8:GDi/pKjySPlGJxiiMyc

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 2 IoCs

Uses Android APIs to to get current cell information.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	aos.com.aostv
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	aos.com.aostv

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/qemu_pipe	aos.com.aostv
/dev/socket/qemud	aos.com.aostv

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/aos.com.aostv/[email protected]	4472	aos.com.aostv

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	aos.com.aostv

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
48	ip-api.com
63	ip-api.com

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	aos.com.aostv

aos.com.aostv
1⤵
- Requests cell location
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Acquires the wake lock
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/aos.com.aostv/[email protected]

Filesize
2.0MB

MD5
663fc2bdf40a7cbe8838ef9843cc4077

SHA1
c8830152e10d8cf6f39a0509a52b6371472901f9

SHA256
0693560a230897cba50d7aad69bd641b717f71e55f8f59d05671a0fdaa83a257

SHA512
61d90328c0eec56c6f1445627baa5d2f22a13207016dbc7fc984dabb0fc88a581d14c4045d00b376003b2f8b16b54a004d2d4ba21d6379625cdfbcd295afa523

Download Submit
/data/user/0/aos.com.aostv/app_webview_aos.com.aostv/Default/Web Data

Filesize
60KB

MD5
536e58581641e767a8bf8eca3b8cde9e

SHA1
750a88189322e36147068f1c585f02163ff3a388

SHA256
3ba04fa6622801be4e625176b175ff75caf19c8966c13418bf1433433eefa1a0

SHA512
498da0911c702bc683cf153ce9b66044642378eafb79bffe0afd7f7460bd12a4c9bb424e1606550d8bbfb25dede34b5ad6ad1f7ee698c8d5ff67208625612319

Download Submit
/data/user/0/aos.com.aostv/app_webview_aos.com.aostv/Default/Web Data-journal

Filesize
1024B

MD5
ad7ae54d5b4ee889fb93badda35deb5c

SHA1
65d94a1352f32d5f327911bbafa990e7f143a135

SHA256
69ac4ae021ba54ac876156bff822ea2e5d9bf1022ed406ab3023d4fcf9667f30

SHA512
72c79186c5aa83d8b6464647923b34f45dc64ff21f5779c04f1d8facb37d240514e68e472c22fe14c27f094fda9000e3ae5bdbfa81d5fad1e1b51a1b06096948

Download Submit
/data/user/0/aos.com.aostv/app_webview_aos.com.aostv/webview_data.lock

Filesize
19B

MD5
46fb1db130f3b56c3f1dc5cc9dbf1a9b

SHA1
1a0156ef0b90d0b3e492afe42dc6ae60f092072f

SHA256
2d2da9d8b68b05623a1404331330dc8367c4aca4a53d8626ea4b0953e59133b8

SHA512
01885d685fa5f74a54b10f33768218e1e0e329ae98b1fdfe405e8485c9e92e93fcf6c2e3955534e221f0e0586a7001e6ec6fc0086b709c488a4e09e3fc4be63f

Download Submit
/data/user/0/aos.com.aostv/cache/webview_aos.com.aostv/Default/HTTP Cache/Code Cache/js/index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/aos.com.aostv/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/user/0/aos.com.aostv/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2333bb7e1814005965610310d7c2e099

SHA1
314814cc57be688ea6b0fb6bdcd13966ae21b519

SHA256
7f4fe229c10a5bb71d5e0b91f4f36ffd2cbeb93d03e2006082cb965687d8d95d

SHA512
e2ae3df608dd71f532d58af5e4241d7e1553db7926fc927994f69d3c51d81a45f25dbd9435024c22b4ec88e119122d80e18c4ac2e2f53cb9976c71ada47f7d2e

Download Submit
/data/user/0/aos.com.aostv/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
fd47a41efceddd15865ab171a7974d61

SHA1
37307fa70198e401ad25b80b65d88e284b3d6c69

SHA256
7e9c2160c9d0fec59d27b7e79f3d23e0dbb620e8de922af7d1196ca37b5a5406

SHA512
e1fb5f846412dd0910082bf489a8b05134e577ce2bf50d838620ea9ac92df6d961b704055059b4e5760ff86c1b98aefe546194fbb918afed27c63b6b173f29d7

Download Submit
/data/user/0/aos.com.aostv/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
49f06db73952b350fec6feebae419e7c

SHA1
602c3abeb5572dbfd1df04bc0bdd46d4beb8f047

SHA256
9a7ad530b80c26a815ff7fea816d30b8bba1283f918548755b8ec1c551c49490

SHA512
45aa8a6acf088df05aed229cc6d20592cedbdb1444e070f63dacfd3d8cff4b4077099e7d0a09099bb265d00759458b75d053432f6ef9156d96b8328e6d2c2756

Download Submit
/data/user/0/aos.com.aostv/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
5d57846a22caa73b63e22ab325c81984

SHA1
a2fe7e80c0034357de24201d8275fde9e99e8d5e

SHA256
d0686530a219daaf05dd407e9935f465f6e977add4268e5cfdd8107b6053e988

SHA512
6cad0bfb95fdb21a72865d287f95c702ba30ca210cb892b6f7bcf2bc4a87550b47f27df17f18a4e82ab07bc528c48fb98fa00408e9cf73ed917eab4e5337b889

Download Submit
/data/user/0/aos.com.aostv/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
edac049afea98d9fbce02af30040eb2d

SHA1
e822406fe80aae775b23d4982670b56c1a5cab95

SHA256
ffe7b1f43010740e2040066bd5af276e6b0ca7d028169f853293823dbb6b9264

SHA512
9a8332160b84c6407fcb5a3bd6cd34f6e9b9c2456bd8ba109675834df86309f5bf687112c9512f2c15a58c5864468eae64d2b77b3106dd11db9794d7cea2c670

Download Submit
/data/user/0/aos.com.aostv/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
f5cdcf56f2f2c21e4f7ff761384accee

SHA1
19ec9d1d428dda11cb70f64a78c2255ad5204f7a

SHA256
8404b622abfa467cbc8aaaf7341bc2ce62092dfa7fa29b0d9dfcc6850134b3ca

SHA512
09af9b8a6830f0406d0aeb8a7850c1543a7aa9dd9ae8f76bfded554ccb7431838aeb03196addcfa9894450a8e8c089a6b27e1abbc6109a245e3ff0de2b589420

Download Submit