8508a72c29c7fb3cb207df655a85a2aac8746839ff4810020739099941ec9967

Analysis

max time kernel
157s
max time network
133s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
21/05/2024, 05:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

IPTV管理.apk
Size

4.1MB
MD5

177534929eac6bf68f92138322b29992
SHA1

c335f1f15d515b9028146b8a8a78958844ec7b53
SHA256

8508a72c29c7fb3cb207df655a85a2aac8746839ff4810020739099941ec9967
SHA512

885eba5b50109418518594bda208308ac783d9b223efb136e85c6813994c4dc54e1613d8968f49f9ca0fb22e47956f873c4a37fc07a5baeebd31c78c7d05c22d
SSDEEP

98304:eQwKvotyQeRD/Gd+DOkheMUblA3xT0sx495Ab1qep2jfrREH:/eyJKkheMWlqj49561qOH

Score

7^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	cn.tldati.app

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	cn.tldati.app

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	cn.tldati.app

Unexpected DNS network traffic destination 1 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	223.5.5.5

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.tldati.app

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	cn.tldati.app

cn.tldati.app
1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4500

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.tldati.app/app_webview__ym/.com.google.Chrome.Erz4uO

Filesize
152B

MD5
62c9b4d23e6059d996c080d745ecece4

SHA1
1f7953ea408c05dd3e839c05aa898cd5f0bbb764

SHA256
712ca7a5d59901e4876ddd4469cc274883f6011d0932f6764b098ba334aac853

SHA512
b7fb86caac7d5dfd0036ea304bce3e101b2dac9c803378a752fdaefa61db2e0bf318b99563700ac5a5f302b0ae00e9b0c729a08c379da2929f1b2be8ec558f72

Download Submit
/data/data/cn.tldati.app/app_webview__ym/Default/Cookies

Filesize
24KB

MD5
b3fb134ceda4c08265665f4d816a42fa

SHA1
322b9243786c2e3227f5ab0ad2be27dd72c96cb6

SHA256
d3404bbd5ef8cb06e38ba7c77f7e2c1cfb13dba0f11eb0bd45bb520657b09d53

SHA512
2c34fefd4c61f97f0a9932c0e26e246339090a87b8e3ff5b1e065598f5800a0a5835e08631b4ff6d499dac6c9384416b89924b897c535146438ed6793b009f4f

Download Submit
/data/data/cn.tldati.app/app_webview__ym/Default/Cookies-journal

Filesize
512B

MD5
46fabf517c3414eb0ee5bb13eeccc9cc

SHA1
d9b753458b69cb5e6b3b46f15f5ce78a481820ec

SHA256
84cc72dda3edcb2891dffe2b89f8ecfa4bc61b4c11cbefd6a524d4d18b909ac3

SHA512
1a28e2721f08f81f48ffd31b54b2542601f1467ac29b9a40dbb83ee803a07fb9f9aa851d2d3917b32dffa50e31da2bc4ea6577fa148369e3852876177a24bd82

Download Submit
/data/data/cn.tldati.app/app_webview__ym/Default/Cookies-journal

Filesize
8KB

MD5
e4be88414869a7c360b3ee7c3fdf3c3d

SHA1
2e28b7f3d1280a1a2c9155b5389b4e1ae036fd40

SHA256
2ca4856cd9eb662bedb1225bc25d7f497ff03d857a41600a2c1bbe98f8497d11

SHA512
5e8ee5ded3950ad5c8124f706f6d70b2542788f174fa14c0a38ead48177f01a80c5bae94ae7768d17965da10e29c6150235c3cca77cb5ff523bec3c8112a441f

Download Submit
/data/data/cn.tldati.app/app_webview__ym/Default/GPUCache/index-dir/temp-index

Filesize
48B

MD5
97095e4047d67a79ce233fbe0a29f2e6

SHA1
189afe05e2eece81e380b2246b8a3eb37df68168

SHA256
715934a49122133fdc12908997b81b89415c94183df2ee2d0080fa36ed2c0e0b

SHA512
5602ba679eb4e536f6b243c9f89e2e78d07a2bede2823c332d028baeeee2f99cc164385fe9c6ec3a514f6ba782e2791632044b15e4fa8678a92cd5eadc87ebc4

Download Submit
/data/data/cn.tldati.app/app_webview__ym/Default/Web Data

Filesize
60KB

MD5
536e58581641e767a8bf8eca3b8cde9e

SHA1
750a88189322e36147068f1c585f02163ff3a388

SHA256
3ba04fa6622801be4e625176b175ff75caf19c8966c13418bf1433433eefa1a0

SHA512
498da0911c702bc683cf153ce9b66044642378eafb79bffe0afd7f7460bd12a4c9bb424e1606550d8bbfb25dede34b5ad6ad1f7ee698c8d5ff67208625612319

Download Submit
/data/data/cn.tldati.app/app_webview__ym/Default/Web Data-journal

Filesize
1024B

MD5
5268f8f3787a354308bf3d573c201cf0

SHA1
b60ccb3fc0ce1808f708a608a486358408ca68d1

SHA256
c9b8df625cf720634f64a54cfeec0165bb20401525697dad307fecaed041decc

SHA512
2dde36ed414ae1d4d73a69ae767670cb3f58db1c269d4d9d32bf0efcc30895841cde32c64dee1a29ea6d176ce826cebef4b50f76cd60fa8f915318a27895d273

Download Submit
/data/data/cn.tldati.app/app_webview__ym/webview_data.lock

Filesize
19B

MD5
6cd3545c104f1d4779662f414b4d2b11

SHA1
62735347c228f7389eaa06a82ea54148b91714e2

SHA256
8b2bdbaf0646df28bcba4ca7436f34b3a46b4f05055e258e1418caa95a313a80

SHA512
32d0b973d6f1ff38f5df94e39f370237ec7d9db6b15dae0d4e24b8911f83e6bc657a8541a07105a57a1e8702caa8b7ee93b3dbf9cbde862cbeb9ea1692b17757

Download Submit
/data/data/cn.tldati.app/cache/webview__ym/Default/HTTP Cache/43d24e0db766f663_0

Filesize
138B

MD5
65f35c1ff41c27c5df362b6eefa9a7a5

SHA1
e3b427f7dcb0209b42f8b97e0c94516895674f20

SHA256
b4d2d4f0383e8096fe303bb61d0f825209b39b3bf404b70d467129d10cf53806

SHA512
b4c376455d0afc89d7bc9b7fc907d9b21a27359651258413eb9a438b415f942813f144dfd8fe9a7be13a280c233b150454f9606b6f7014b47563e77f14601cfc

Download Submit
/data/data/cn.tldati.app/cache/webview__ym/Default/HTTP Cache/Code Cache/js/index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/data/cn.tldati.app/cache/webview__ym/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

Filesize
48B

MD5
4e223c5680c65da3bf00358d8366bf2c

SHA1
c975d98c8573bdd05afb0e2df0432d444573754e

SHA256
ec0988979a402c4679b9a9ed1a2137bd86766834e85fe29b2de4a308cddda629

SHA512
38ff16eea78ac6f81a995682954ae1b5f5cf532aafbe0d17d81d67f59b8968aff46030d2f85a7f79735a1870af949b95a9fa9f94accca0ab14b31aef12335f46

Download Submit
/data/data/cn.tldati.app/cache/webview__ym/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

Filesize
48B

MD5
0dcd972beaf682ebeb4d596a1e046586

SHA1
c5dcd8f30bf8f32a794c8995956456c5810ac92e

SHA256
070bbffa94b04c67028e348b7ec3ac7ef60592f8a0801a49d30afcaba89d8ec6

SHA512
5e9f0dde7e7df4cd894b78eaff43d5347653bafb0e1abd8c1071afcda534136b2ee9b34a61567193c844e4be01f57f5fd8e2a424605e9cb77556e8fb914ee887

Download Submit
/data/data/cn.tldati.app/cache/webview__ym/Default/HTTP Cache/index-dir/temp-index

Filesize
72B

MD5
c8762fc8d5f3319f2f89a59d73c18469

SHA1
e876274c90cc80551f25fb1a52815d23932b41a0

SHA256
26ef57edae9fdcdd57fc8c6bca360db770074b16256f80b9465ffd4f5644a165

SHA512
69f7570681634644cd0f62dfe797b5e17023efbff603f8bd9189e1a7ab4550fd4b6ad310713641a6efb8c8d4940719e738bdaf9882805122017fd64247171fae

Download Submit
/data/data/cn.tldati.app/cache/webview__ym/Default/HTTP Cache/index-dir/temp-index

Filesize
72B

MD5
b96771247981ef5102974efdeec44f0e

SHA1
f3b59dc9b41090d4a61b02fb94f1fd2693f3c345

SHA256
024742202500fea2e694c2a4440ad7054376a39edc9eea95367621e1c1a1479d

SHA512
560963b71a42e3902c394ba69968e23521ca442b5ba07015b302e114e667643fb524e7a1f96552629034169c50ea61447f3ded0f3f9ec1533576b47731456e0a

Download Submit
/data/data/cn.tldati.app/cache/webview__ym/Default/HTTP Cache/index-dir/temp-index

Filesize
48B

MD5
8b51629e4fc3c286a2067772591887d6

SHA1
bd9ffb4053e2ec4ead409e164624d3fff7bb86ce

SHA256
16f43ee54cc1ff41e6bce43f979478b808de2aafed5a86288698935bc8fecc31

SHA512
1487151b9242fee703db330101ee7aceef65df46a3481e7cc46d9c2898bcc0799966e55919c2a767158e71adebc2ee22def9b4c8882f477bf65c04630a716010

Download Submit
/data/data/cn.tldati.app/cache/webview__ym/font_unique_name_table.pb

Filesize
28KB

MD5
9147f3c70cd68eca82079554128543fa

SHA1
3fac96cb4b59ac89a9ff4ef4b91d9570342d66db

SHA256
fd0e0c4e89444a88d27118b6eadbf01cdc5debc762d9b6ba8b51022558702736

SHA512
ba6c2ec755c4e49b5f31fd4acc4d19318352608b87b1e1ea90cd7c30c7d41fae4437a6a6bf39df31d862b2b193f43924abc22ab0998045d12e380999e43ddf98

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads