8508a72c29c7fb3cb207df655a85a2aac8746839ff4810020739099941ec9967

Analysis

max time kernel
157s
max time network
149s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
21/05/2024, 05:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IPTV管理.apk
Size

4.1MB
MD5

177534929eac6bf68f92138322b29992
SHA1

c335f1f15d515b9028146b8a8a78958844ec7b53
SHA256

8508a72c29c7fb3cb207df655a85a2aac8746839ff4810020739099941ec9967
SHA512

885eba5b50109418518594bda208308ac783d9b223efb136e85c6813994c4dc54e1613d8968f49f9ca0fb22e47956f873c4a37fc07a5baeebd31c78c7d05c22d
SSDEEP

98304:eQwKvotyQeRD/Gd+DOkheMUblA3xT0sx495Ab1qep2jfrREH:/eyJKkheMWlqj49561qOH

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	cn.tldati.app

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	cn.tldati.app

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	cn.tldati.app

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	cn.tldati.app

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cn.tldati.app

Unexpected DNS network traffic destination 1 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	223.5.5.5

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.tldati.app

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	cn.tldati.app

cn.tldati.app
1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5164

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.tldati.app/app_webview__ym/.com.google.Chrome.ijRTIV

Filesize
56B

MD5
0df55acdfef2860a5ff5f1b2e57e2eae

SHA1
c174b1c716a7e18b7c7a47e6d5c6ff49b983b6d2

SHA256
5d637459a3c878f17ec695551939fae1b5e079885fc58af69c3c42d8337655b2

SHA512
961062beb2cf86dc864b80bd1eaf267e7fdcd5c74a3c4d7f424acfcc30779a33c4c8b891ef76741f1e30198c79da8893ee40d58fcef6145b26b53725b9c49d33

Download Submit
/data/data/cn.tldati.app/app_webview__ym/Cookies

Filesize
24KB

MD5
0bec3bc37880f0a5402ccb5050feb4e6

SHA1
224284012e05ea0661e279743af2c6eb091e311f

SHA256
06685a30cbd77983b6595ba2eda40acc3d5e7dcd980cad8fa963b5653732ab4a

SHA512
00577bce9753e46fc80e164f9de3a0783883ffe3a3fb147c28a5d0a8deae5edf28757b3c7ded06129ecec86d1ef1f6f04d16f21739822196c65def6d87e307d6

Download Submit
/data/data/cn.tldati.app/app_webview__ym/Cookies-journal

Filesize
512B

MD5
189cc0326dbefebc927f420351ce6dc0

SHA1
1356ca57ebe7d3949010c153b17ba66a3b6ea21b

SHA256
082ab28e10775a9ef89398803f6025c5821cd6dcc2e9076cb796200536ec8394

SHA512
396d369740220d03f91c128a580620b852d26130d1afdf1bb675cead3503b4feb9d439bc3b453caad685dc4d10e90403dd4477c5e941ed8bf807c78961c6601d

Download Submit
/data/data/cn.tldati.app/app_webview__ym/Cookies-journal

Filesize
8KB

MD5
9d3b167689732858b04b6c6037119993

SHA1
b54d21be498a3299e7665b18ff6b9cc33a2ef06d

SHA256
1571634ad95288b01fce33294b356521c32047a8cdfa03610dbd86b2be0b6bf7

SHA512
0f9a1c36fd7f8a5de4d31dbbf15557ac408a4dd3d565a66d5a51ab37d11315d0fae74037dbc0312cfabea2e7bb54f77ebeb97b1b74fa88d3a3cf2b76431e4ff5

Download Submit
/data/data/cn.tldati.app/app_webview__ym/GPUCache/index-dir/temp-index

Filesize
48B

MD5
17ef8e53ba8d84372715a6dc0ef0c155

SHA1
c3284ed9c3caa457331f01469b88e557122fcfd6

SHA256
1bb8a1b296317a17b052e7f0e06930b635ffd07e091a46dedaf80c22bb9b97fc

SHA512
182820d6cf6cfd0ab87de1adb6509bab76b3943f67ac785e64129316970d697ad45b6f6f73337525cd98781a138852801a7a4c927896513a302947abd383e3c3

Download Submit
/data/data/cn.tldati.app/app_webview__ym/Web Data

Filesize
56KB

MD5
dfea4f9a562d22c658ec695eca31ea04

SHA1
2e48be6baf86078d93f14fc38fe9f395c1c54261

SHA256
a01b4f35e09bbcdf9753512d4d3ac0b82c8e2f09e2176fa4a5c2523909795b2b

SHA512
8e0aab3c5f29a8737b4713b4a1622aa71b3574feabfb41a098f1326b80472c3fea053e759036c44df71aee1a8a1e9caf93f17a9eec88ab278062d7ed48907789

Download Submit
/data/data/cn.tldati.app/app_webview__ym/Web Data-journal

Filesize
512B

MD5
83c8a02b1a702bef143d870ae82703c8

SHA1
c067d3b518c97eebcb21d5366127e70e8d646fb7

SHA256
fb9004439b3fdd836db1f013bc55b059f78f910cca5be402837b1d8c89cbc59f

SHA512
6430bcd91b36f653ecc68dd15b45d98f2e916f1ba270c50a7201420ed35007acda6741eab07911a86541bf26c95019b807a1c7a2e0e805d4da1e8dbd5993d5d0

Download Submit
/data/data/cn.tldati.app/app_webview__ym/metrics_guid

Filesize
36B

MD5
0f3f0b01165ca618c92167c37e6a072a

SHA1
bcfcb6b065fd98d7e54664a79b90648c2761f450

SHA256
cb7045c36bd531b6045458cca2749e7101f5156e58a568e36b5c6d89c1b8c02d

SHA512
a81e637a9c258ad60fbf32d453260eabddd85da9d3dddeeba05ff71cab65b10d9864df038a66b9bff88b92d0e77be59f963ab8a466abd5a4ca0b035f0d5cbd33

Download Submit
/data/data/cn.tldati.app/cache/webview__ym/org.chromium.android_webview/43d24e0db766f663_0

Filesize
138B

MD5
65f35c1ff41c27c5df362b6eefa9a7a5

SHA1
e3b427f7dcb0209b42f8b97e0c94516895674f20

SHA256
b4d2d4f0383e8096fe303bb61d0f825209b39b3bf404b70d467129d10cf53806

SHA512
b4c376455d0afc89d7bc9b7fc907d9b21a27359651258413eb9a438b415f942813f144dfd8fe9a7be13a280c233b150454f9606b6f7014b47563e77f14601cfc

Download Submit
/data/data/cn.tldati.app/cache/webview__ym/org.chromium.android_webview/Code Cache/js/index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/data/cn.tldati.app/cache/webview__ym/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

Filesize
48B

MD5
6c92fa9caf427771abdbb2fe5b8e8677

SHA1
30e494cb156c48d35abb77b48fa420070f688e5f

SHA256
75a2a9eadeb9d3a462da92f548217a15d581059b1ff00a984fb3d45244c8a2ea

SHA512
eb52b65255de94d5feaa05b85ee378d7d6f493b06b2d5fcc33844d972eeab0c96775c8faf2c3fcd6723478a94b23ce66fec120748de4116ef6dd50a9e01fd8f5

Download Submit
/data/data/cn.tldati.app/cache/webview__ym/org.chromium.android_webview/index-dir/temp-index

Filesize
48B

MD5
03a2ba5aae2ec0feb09ee38532d4090a

SHA1
287320595bb9d502bdb24bafa9bc40251f3eade6

SHA256
63810182fbe3d68d6067fec54a753c3485cf17406ab6954dc35fda83fa85064e

SHA512
f6d14ca0634e14fcff394bf794701dc69b674e7ddd69fb0c7a88df576bd72c95341a21ff88bb8cc0806bf321fb4dd3ad74d6278d4f8b2e4674058e8efcca4ab0

Download Submit
/data/data/cn.tldati.app/cache/webview__ym/org.chromium.android_webview/index-dir/temp-index

Filesize
72B

MD5
3f860576883db46f1af65d4947cb3613

SHA1
90c8e55e78bef508f7f56a6314655c711eb0d9b2

SHA256
bddc3e18a3bd2ae2bd06840f6aa7c70b74ba19e32b4a50fa03aa3d984ef44fd1

SHA512
15ceda473faef7449db5d1e46571549836b39c258b67a7f5b0a867af9969789a0cbbb61c77b03316ae1410bd5a2f448a4caaa2f69af8c7e909883468085e7d2f

Download Submit
/data/data/cn.tldati.app/cache/webview__ym/org.chromium.android_webview/index-dir/temp-index

Filesize
48B

MD5
2eb540ed11628382fa070b505677b26f

SHA1
99f9fa11e262e78b161e2864f638e25c8dc6312a

SHA256
87a2fea498394da9bb2217f88aeb74c415c5b2b5c3dfb4a7177695d7056cf097

SHA512
5584f799200c2c8743044d28973526814838c2ab72599042254a073e8d299ed10e7b11603e19dcc0bd9139c6c8919757ba964cdd661d550a526e6a490a83fee5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads