0e9c11320ceab1ba5201affb78764974626f8d54388929562de663a4e44121b3 | Triage

Analysis

max time kernel
4s
max time network
155s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
29/04/2024, 22:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

YouTube Music Premium v6.49.53 - espacioapk.com.apk
Size

51.0MB
MD5

6bb90acc7e4fe5123391a694ea17d52c
SHA1

693d261977cc7756b8c49d2a3fdb20c5d0e2c682
SHA256

0e9c11320ceab1ba5201affb78764974626f8d54388929562de663a4e44121b3
SHA512

7b8be51157ebc9c767803332eb986e2545b8d390ae7c3a9114087f938158c496c9652c12a122f1056e6bef90d1b1a279c2b76fdbe32b763eba829c520df8e85b
SSDEEP

393216:C1UilqZYl4MY5cnDfTw3oUwopRn/1OJiosKGMyfsRA/A8+9fJTgD2h:C1U2jY5cbTG/pR/0JiosKSsi/5sTgDi

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

Download New Code at Runtime

ioc	pid	Process
/data/user/0/app.rvx.android.apps.youtube.music/cache/1708042440713.jar	4231	app.rvx.android.apps.youtube.music

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

Process Discovery

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	app.rvx.android.apps.youtube.music

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	app.rvx.android.apps.youtube.music

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.rvx.android.apps.youtube.music

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Data Encrypted for Impact

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	app.rvx.android.apps.youtube.music

app.rvx.android.apps.youtube.music
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4231

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Credential Access

Discovery

Process Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.rvx.android.apps.youtube.music/cache/1708042440713.jar

Filesize
10KB

MD5
b505176427d7a39e061376ac2386dde1

SHA1
4b18624a8d042c59a9d7bc52c9e5d2c0c5a28784

SHA256
4e983048ec350842cbbbaafd0393d962bd977422549f85c45ed36d908f708643

SHA512
1e723bec59538a838b6721e55a653633fe8c41a5a46be1a4eedc3a85fa405e5ef9a0cf81c2b531231e8f0abcfa3a3f1f5e5fe7ebfed0cacaf9b46ddb7e70e3ca

Download Submit
/data/data/app.rvx.android.apps.youtube.music/cache/volleyCache/journal.tmp

Filesize
65B

MD5
23b7f6511324656bf907e95684ef16a0

SHA1
011bd68c4865b041d9201d98154d6a41fb4550e4

SHA256
d4b3d6a5e46581d77e192368a054a75f28e3475a3520405be84829abb6c8d6d6

SHA512
2b642b6aabfe964b4ecb9f46b168ab0727064242b6a952e1256abfc7287b9285141c9c460fdfa60c0d678c783603b55664a679e9ee6a86b2ef7f7d06b5afd698

Download Submit
/data/data/app.rvx.android.apps.youtube.music/databases/identity.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.rvx.android.apps.youtube.music/databases/identity.db-journal

Filesize
512B

MD5
8eb8ece9457f93786d5007f63eefeaff

SHA1
579b65cf93d15c95f31d9fb268d261d10b5d87dd

SHA256
1526ac45709ad14b20456e93b0e474b467e65fa4f44e2bdaf253d12320e50b6a

SHA512
d4b616429a6e4ae5e6f70f7e8c132d616c74bf75febbbd3f76219b8199c5aa19666348932ce25188ae0a597440d703643befd571a60e8a58b8f43001d62c4810

Download Submit
/data/data/app.rvx.android.apps.youtube.music/databases/identity.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/app.rvx.android.apps.youtube.music/databases/identity.db-wal

Filesize
16KB

MD5
bf894c9e74677ca2228e2be9ae9084a9

SHA1
98bdf21753cf602476c61e3efc981d41a5635574

SHA256
9b1f3e6d2c1d9485dd6ff876add194fdecb2a4ae1de376fb9c21d8914548b15c

SHA512
88b0a414eb5532c553e8fd42ebdaf65701d9e9825d6d6de597cc949a444919402fc52181dbcecb0a2978ad88c0b4cfc8aa2b48212a0870bdb965844e03e0cba7

Download Submit
/data/data/app.rvx.android.apps.youtube.music/files/103795117

Filesize
8B

MD5
d5698fe51c323eb17f9614f9fa9d8242

SHA1
2e8b72d9f5659d8cbed2c1698e3d299d5ea95879

SHA256
ecd07c462e63167f0f3c1edd1f40f7c4b748dd4cd03e1691f26a33d74ac258e5

SHA512
b49769528ce8f2de11ff5eac2dea83d9e6f812f6669f62de9a9b5c285ae44cfd84d96eed7aaa0531a633975f6364bbdd7f892c7d586b32811616d2e33383c0dd

Download Submit
/data/data/app.rvx.android.apps.youtube.music/files/net/shared/delayed_event.pb.tmp

Filesize
2B

MD5
a004f5605a9a75880611e5e713c694cd

SHA1
5072d54b7f4780c9e6a49beb3f852c191091d49c

SHA256
f8bf02b74055ba2b2386a34bca9a3c1e96435781363d7fd461fdb98d201b005f

SHA512
c1fd50d94960a5098a734899770ec5aca63d1c6208032d9046acd14aae7123befdd048366af0cd0f40520e4eabd323e6d1e55f8a8aaa3bccc476239a83effc5f

Download Submit
/data/data/app.rvx.android.apps.youtube.music/files/tiktok/103243289

Filesize
4B

MD5
6e613341364f27da14aa9906181c8a90

SHA1
080a3e16fd9d925324d6f4f8035a8b112999d8ec

SHA256
8277d0a6281abdb7cd3f4ef95a1dbab941b0a284d93ad8bbc8e0c8f83ccfc7fd

SHA512
890ba7ac3f20890f7a305b446388c4b77a3eb69cb1182d4c08901ec463cfc2603e138ae70af600d963501a912c88055c4a55895f66c45f312e3e784581380efe

Download Submit
/data/data/app.rvx.android.apps.youtube.music/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
fbdd029baf5739b64ef238a397dbddfd

SHA1
18d54164f427f3dd908fb342407edfa93edaa6b1

SHA256
6f09f7562fa389bdf197057cfbf976a02ded8e00250190e999d1ee1f73fa1afe

SHA512
ab2ff15dc60aa231b88e798a6138b6359e0cc6dec277b9381d3d4ae67f56fc6435b96cfc339d48d86a609a39db0714798438961e3faf186a07ddf934e65760dc

Download Submit
/data/data/app.rvx.android.apps.youtube.music/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
eb40d3ecf942074ec2d052e71dc9959d

SHA1
24a8070b6513adceb3110b76274f80c37a8f4efd

SHA256
a38efdbc0441d62a8e22bf0987c2b367a9630e36c61b09d7ff2f282860713514

SHA512
1a61fa0c6a8a4b7bedb38229f33ff87a079f7e80451b6af0c748f29644f632aef13d8ac173cc5e9df459c043dcbd05eafd10865dbc54abc1eec53e7ac11dae67

Download Submit
/data/user/0/app.rvx.android.apps.youtube.music/cache/1708042440713.jar

Filesize
22KB

MD5
22bbb94b0b30c414511fed19a37c6d50

SHA1
ccf1169191d6a6286933c637373d8c2c2a169e90

SHA256
190194b044a220317f721207ff2804669e6f808f31128fcba5302f60ca9400cc

SHA512
d2ae7f9874ed84413475854dd6544d57c3359ef5e8b65d6ff7fb3b853b3a9361a4d1400e0d3b0ee00b5e0f9bdbf31d97a14fc8856dbf231b714260fc12e1aa55

Download Submit