Malware Analysis Report

2025-01-19 06:59

Sample ID 240522-kdlgtshe46
Target Hoda TV NEW.apk
SHA256 5cb1fdde075753692ebc51e12bd3e1b0617163c91cc817ee0c1195e93ad0e67b
Tags
collection credential_access discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

5cb1fdde075753692ebc51e12bd3e1b0617163c91cc817ee0c1195e93ad0e67b

Threat Level: Shows suspicious behavior

The file Hoda TV NEW.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection credential_access discovery evasion impact persistence

Checks CPU information

Checks memory information

Obtains sensitive information copied to the device clipboard

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Loads dropped Dex/Jar

Declares services with permission to bind to the system

Requests dangerous framework permissions

Acquires the wake lock

Checks if the internet connection is available

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 08:29

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by remote views services to bind with the system. Allows apps to share and display views across different processes. android.permission.BIND_REMOTEVIEWS N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-22 08:29

Reported

2024-05-22 08:32

Platform

android-x64-arm64-20240514-en

Max time kernel

33s

Max time network

132s

Command Line

com.houdatv.app

Signatures

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.houdatv.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 config.e-droid.net udp
DE 82.165.74.143:443 config.e-droid.net tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/user/0/com.houdatv.app/no_backup/androidx.work.workdb-journal

MD5 02cce43138c420e810a6c549c5f0655e
SHA1 d2939852f5157b78c4907b58cfcd6ccbda688441
SHA256 5e81986f814b0b7a098ecdba38a0fd2e1d60ed074cf247863833b2eaea231430
SHA512 21612b32f47fa778d591b2776ebdd7975b182718afd8828c8ad4d928219f16c1f6383d6ff5e37e2fdea67170722bc170c95be0e513a04d8f254063da536b17f6

/data/user/0/com.houdatv.app/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/user/0/com.houdatv.app/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.houdatv.app/no_backup/androidx.work.workdb-wal

MD5 4d81a7f1e1c6eec5671b75e02b6f3ccc
SHA1 0877420dd10d53946dc21e9bec1866347190cc7a
SHA256 ca128e14a16e7ffac990b981c0eeb2a7ab3c147ff58172b5bc3fe27c52d9fb87
SHA512 9d54c326f541ec6e259c0a6aec857d75f6ece3560fd157ab57dc6dda2658ec161b6178d8cd9a3f5009b8d73b4431aaaf7e8f67f0a2ffd4de9344ccba2bba7b31

/data/user/0/com.houdatv.app/no_backup/com.google.InstanceId.properties

MD5 e3d42e8ba537783250f88b2a46ada877
SHA1 6b2f9b2f9c54089554528efb1cee8d01375ef4cf
SHA256 6e132c53f072131606d34e678afb39b0e714750ea2cd6cdaa0305609b4bdd371
SHA512 be5bd636e0a6494311ac54b63ebc3544283bf37eb47494298afef0f895d531574fa52787d5810988b53d0526243bf4933b27fcfb8efdddb313112a89ca8e736a

/data/user/0/com.houdatv.app/no_backup/androidx.work.workdb-wal

MD5 13fc4039c91a289974f40b55449c7407
SHA1 92e319fe300fbe39b4c01044ffe9fbe99af2aa01
SHA256 a64dad9f71816664bb2cdf768fe4c61dcec10484eacae96ab80d46716e658c44
SHA512 f3a9995c36fae639c03e384e732edf4bc26a3d43fa59eb21bd12f74cc443d00ff8bd18283c748075873836e595c906c935593f1e7e49d7e93bc9b3c92be3b88d

/data/user/0/com.houdatv.app/files/PersistedInstallation3945867717234783393tmp

MD5 d3628c193b91309af854071848820854
SHA1 37eafdb5db785b426473a6d11d1cc0bbc433139a
SHA256 c8b6cbb8c8e9f9be797952197fc5c03663491c2a7051902ed17a712030a92238
SHA512 e426a0c4a978bfc0141055606e7c94f1733be710e57b452fb5694392508b6220991b9df86d35f6fb072b5b0c7d7debabe5754dbe052606cb4e1f86a006e6f006

/data/user/0/com.houdatv.app/databases/google_app_measurement_local.db-journal

MD5 a7657b3e90faed38e3002c2003017d21
SHA1 5b49e3ba2be804f6e32fb96ed2e243b9ce47cd72
SHA256 42e7148bb872c403c67bb78c4501452ec4765a574f2ba2cd4e2c6f63fcbff818
SHA512 23761dea008e74314f7c1c58e4fff2dd44de26c19fad86f206be8f3f6657da0b7e0174503a94c39cc5496cf931dbe024a0c2f81a922a4355a77993c414a4a049

/data/user/0/com.houdatv.app/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/user/0/com.houdatv.app/databases/google_app_measurement_local.db-journal

MD5 8758d74cf44c631b62a9db7570364b91
SHA1 e191257dc19185c87bce91287215a9f31d75f08c
SHA256 94e7f2edcb82446092176c5c850f6c1d34f99f1f52b563180e49206482f22502
SHA512 fc875048b86ba1c0f49f09961fa12240562c11246aa44237d5b751e3386764562aeac11be901a9ea68a0704542ad504cc526928c2ccc4b12374bac412169b37a

/data/user/0/com.houdatv.app/databases/google_app_measurement_local.db-journal

MD5 93b02a3db505e760b423c0e80e0a9f49
SHA1 5a6e52ef39756718ce4d8d00338b43bd5e4f776c
SHA256 a121e74d986d6aadc9397851d47f4a0be9709c5a9f5c09e37343e962e1404f52
SHA512 3b1998a95ce02a2fe17f118f77653c769eac8e3971c020c69b0b5a5ea755ae3a8ecac8822899223a2b0ea1a1b45159655cbfd796d91ce490d263f17f886182f1

/data/user/0/com.houdatv.app/databases/google_app_measurement_local.db-journal

MD5 8fd07b6e9af646ea5b6834f6394a6172
SHA1 53fc3941b29fd97c7183d967b1a973f0f9171e64
SHA256 fe5d59bf6ae2debaa10ae967f17dc9d383e7ea1c8b8f73b295c03678f33e2cd3
SHA512 540e968b29e54b8b1a6a738336fa8df998bf1aa86c05c6e7360bb897eb19d53e6cc8fab0fdd454102a61fa2b1348a75ad20d64fb1e5b57c1d3cb4db8a0fe79a1

/data/user/0/com.houdatv.app/databases/google_app_measurement_local.db-journal

MD5 b89192a12cc02f4891b3a839691fd744
SHA1 4ac70304f7bad00ef3b58ab6f2575f8c3197b305
SHA256 e49179226ffd51576e241ab7e2904d3baebeecbba6aeba530c10acb77ec3370b
SHA512 e8cf07adb917099b355ae7042ef32f1558047e440ec52642c1f9942d8009695da27ddf53731352eb61dee8effbb97b7375822d4f88abfde7296459460ae3df46

/data/user/0/com.houdatv.app/files/PersistedInstallation2145670099416262690tmp

MD5 6a92e14c695d866c36e55742979cf181
SHA1 6cca95ff78a00f532394da95225dabce01e0c432
SHA256 e020630922b49f99bc0049b7ad5cc41156b421d731ff9b59fe8d93064ff9a881
SHA512 ca7834ffb0b4051e013bf1b284c2aa46b978a042f92e3ad9411b51bc7969beaee59b19d9b6f944b214cab97e75ddd2430f39b82a12b876c784968e788229178b

/data/user/0/com.houdatv.app/databases/google_app_measurement_local.db-journal

MD5 cf643b2cbd92667962d6c044d9e4bb6e
SHA1 aca5c6b023fca9489f7f62e5249c74b0ee26f72a
SHA256 df6a9bd917bbc8163bf3266c18b79a3373b4c62216063bb775f27c80f064d2a4
SHA512 2fb22d1c89da979005148cb6b75085c71115e4c1f66fff9f7f090f1724fd7ecaec966cdef8f93dead56a729f6ea0a9cbd4f26f03e14ca1f7cbf62979106fab82

/data/user/0/com.houdatv.app/databases/google_app_measurement_local.db

MD5 b19933c3ec4dd772c0dc363d29dfc4b3
SHA1 e0a6d33df780443d1bfdb13c810b8d41bc5d5b23
SHA256 537ebb669e7a631820e556edbb90dc615cf3541797b11bdb774d35d5c6c7b711
SHA512 543e20834b7a1a61409fb6bd8870fd73507549c62be82d6d71301e516fdcaae06ce716dc54ff0917b80d301a01ee328bb47f4ea41d94314c40ae46b3b9746f11

/data/user/0/com.houdatv.app/databases/google_app_measurement_local.db

MD5 cb81b38a5edd2f40c59fa411e0880ed6
SHA1 ad6b41d8000532081206f78f38aec8387a8ec5ff
SHA256 906092497300e6e9b391dc138c1cb434f2716bad178606d1037465f681a4fa8d
SHA512 c838d9d73ed1def8beed8fe55f9dedc034536f7659b8a6da165faa187b0e60719423394112f359894266ce635802246fb3a8083cd57e302e5697ede0a7cac13d

/data/user/0/com.houdatv.app/files/vinebre_ac.txt

MD5 55bc146ba3f456618102e24b1f0b0fce
SHA1 1e8a08f2fdbde530c2cb2b6b9ab60de410e24209
SHA256 e4223a73a42e61afba64850a1a4fc0e2c45c2d8ffd5e17f6b897924872202ee8
SHA512 88b1f0df5c2cee87b23deb08e0d9820ac6b4221dc9607c4119eef8cbdd06f2b0c80c3b318251802e1fccaa62c75d1ee5bc69d27dfa6a93a2c6bc60c001e19260

/data/user/0/com.houdatv.app/databases/google_app_measurement_local.db

MD5 3e2be8d0ebb6d40acaae1f500fc5d5a7
SHA1 ade71975ce23901cec6a454c5ef1ac09f2b4c340
SHA256 f9c362f19fa7ece4e1de2e4d3f821747155c5cd5d2be364df4967fb2a33fcad5
SHA512 5fb66df21532cd951f0fec048bbb653200faf67e9167db78812467b34746c15fbca3da6fbf56d8c8efd13574bdec13457ac9b73b7bb017a4f8754c7f4ec81b1b

/data/user/0/com.houdatv.app/databases/google_app_measurement_local.db

MD5 d18041c462df7210fef58aaac6f0a708
SHA1 58912ed0e000b39e5640da62c5c11d9c396ab220
SHA256 00fdd5daa8f2c341e4e14be207d69dc242390cb6fea9a2370e813f6c1582df9d
SHA512 aa9b6beb7751c8ff6e19a6c52cf33d7e143e8051f0887a6d5550e133e2da33075cc48a84f8b54b63f66de614572422112168833e9c63f6bb10ce8092f9e16c1a

/data/user/0/com.houdatv.app/databases/google_app_measurement_local.db

MD5 1f04cda74a616f7b031a8ef04a60ff3e
SHA1 e3943f6506cabbb3c3d34edf2587561a7f3973d3
SHA256 7abe12df7626bec5812816e3094f23cd5a81e8bfadf53cd204399c35ff3b9ae4
SHA512 bc7a867e09844bb45b6f37f7b23781ad64e4c55d7213b0e3e7f4cbaf86d13175ff6576ff8433354153b7ce6aed1815b10a775438cca670b87a1b518cc500f1d4

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 08:29

Reported

2024-05-22 08:30

Platform

android-x86-arm-20240514-en

Max time kernel

54s

Max time network

67s

Command Line

com.houdatv.app

Signatures

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.houdatv.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 config.e-droid.net udp
DE 82.165.74.143:443 config.e-droid.net tcp

Files

/data/data/com.houdatv.app/no_backup/androidx.work.workdb-journal

MD5 9cd03459e8f2ceb1a0621b274993a900
SHA1 74bce49ef74c54b03d8b4afbc3f6163474760117
SHA256 2bf0a90f41678a523e32f869a3299126b396d1a4be72ecf1cc51579bab2e4945
SHA512 54f6f805a72001692587470fd5bec2f042827e7b61c24c7d277bc567115d2a15e0520e90921320f7a5f398f285322e2bf6363a1e510c3a452382e43545a338cf

/data/data/com.houdatv.app/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.houdatv.app/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.houdatv.app/no_backup/androidx.work.workdb-wal

MD5 02822f16bb3e4be1c97cf256e0830bda
SHA1 41c739a60c705ddcfe4800bd4cec181654e66c44
SHA256 abb04fc22d5c3ff64bddf855e00251c7b93aa2fcd243687e4c56643ef77a1722
SHA512 63d472caf04a697c7deb6cff57087774a3a7ebfff4b30c501e794c0e5e5d80df8634ecab64c186b6efb60c12d7eef5c3674fbfb1af2221a02a88b8c60f5cd5fd

/data/data/com.houdatv.app/no_backup/com.google.InstanceId.properties

MD5 d2998f39645229c6e67ad6992a0d236d
SHA1 982fb065263936457dc8aa5b9d33489c8e73d417
SHA256 8df79d9941261d5326e2f06398636a0fd94b1465f1bc4f45a0dad804c3b271f3
SHA512 0a4339f4e89911588a6ad24bb6c22ead231c03f1036f33b92220c8b374aa9337fcd28ad937e1658b82f29da01023068c5a0f01778b8487c66cf37b55a7d1479d

/data/data/com.houdatv.app/no_backup/androidx.work.workdb-wal

MD5 6699a900713cbb3b4180959944ad763b
SHA1 f6e03360e692b035e663bf1f3b4efe167fcc99e6
SHA256 f3e5983be32d6126dfd5f4aba2eb4c5bfedcfb26e426d5dbc7686a37332462cf
SHA512 e331de4032e868b7b8818c4cef84480bad8e3673e19fd16582e547bb6c3922991549c53e2dc6be3206b32af9c1c4008d96c12e330deb4291b415b3810059a217

/data/data/com.houdatv.app/files/PersistedInstallation2815502881840258027tmp

MD5 756f69a9a5a47b5d83cf516bc0e3031a
SHA1 7eed532dbe6f14927ce4dc96458a40f9bae2bc33
SHA256 2dca88bba6f4f78a85015f6e8e5bcd3ff1f7020b21cf9eca972bfc98220eebf6
SHA512 72b69fffdd7aa5360991727906dfcb172fe138891a45313eb530b5eefaa15ad6b1b33535fb5c435a9b698f27ea319f77504dc0c2ca87ff6fa90d99195af3eca3

/data/data/com.houdatv.app/databases/google_app_measurement_local.db-journal

MD5 dc34a55f9a138b4fdcbebc24758de878
SHA1 7bc54670f1a2367a269e2a54554d9f9aacee9f59
SHA256 c7ec8695915fb7c870d3d6c562856bbc97ba7285491a5aab6636c6a9309e5360
SHA512 7d5dab1545f888accd33648c58583b8d81c5c0f730b8b4f36604afc7687760ff246c77b702640a4f2a1ae401201e531b943c19fd8cb05fac00be76c4f2a81b59

/data/data/com.houdatv.app/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.houdatv.app/databases/google_app_measurement_local.db-wal

MD5 cff4836bbb8e282209ccfc1ba5609532
SHA1 cf9a40c2ef51084dde4e3d1859f3cba9d4a78463
SHA256 bc3d8d6b72274c595573a9868784fc58c2d69b0c73686a9d99f56eaeb2bca9b1
SHA512 ccdd146f56d55cee04fabb70c2779a49e857848250b7c84e5d81c83db3dbc4214432ca020934cc2e1d42df4181af496b46746d93a01944dd04d086a54b43555a

/data/data/com.houdatv.app/files/PersistedInstallation4131610224450106877tmp

MD5 61ae82e8b88bbffa29be414e4ece2f4c
SHA1 f18b3bd47f30c2d7fe1b30ab195b9755825889cb
SHA256 3eda554040e4f9be2bef90ce129227912c41bf97aafbf0284902728d87dfe0d8
SHA512 3150b954fd2ee332967e8e609795cad814ed8b5ff1c1e6bac8a6b4e69ef27124a4c4a517e21abd583650d541cce46c5ca47ea7779feb3b9dcc0ad2fd571bc7bc

/data/data/com.houdatv.app/databases/google_app_measurement_local.db-wal

MD5 183e12485b76b656899f25fd0b1b0841
SHA1 f33e978c9c2b7f47fdb22740a9bf096acdc6d15f
SHA256 c8762b889f701a78eb1950779fd832a2e9adbdf8da9e5a5730725ab268d4dd40
SHA512 a17b302486292ff0f66f171965888e728dbc940ab40c7c2cf8450dd1a16e2ef766be2d757f21c54da7933063112667d1ecd35afa37af9c87ba0e3fd91b413b64

/data/data/com.houdatv.app/databases/google_app_measurement_local.db

MD5 3e66c2596ad3994e99b81835324e2c39
SHA1 249f54cb6fdd968e8848df9e5e33aaeca2be1045
SHA256 c0c21eccdfbc626777842b7798209a2b030760b0e7846c2e5658a4cbeba26f81
SHA512 dc175393b981590b59bb065ed92a42f922c900f5c1486e45f4c45e4840c0041e5d98407df089658d3214ecaf3ff1f5b68b07cc81cbc3d620288f97ccf8f5f2e8

/data/data/com.houdatv.app/databases/google_app_measurement_local.db-wal

MD5 d1673e59d856f32027c04c41ec880f5f
SHA1 dbeb3b3914bec78c2f3202be1c7d09b3b2b57025
SHA256 fc96a626642939d674c3d59fcf014406eb1a43b7a9f4524a8115b8a5653c0379
SHA512 87eba4895b074d46c54d9c5112de676a3e318eb5e399711e3f18591830e1edbe258804c93f215ee8cd824c49727cff00c3e25d3714f83ba06c088a5de2f74b9a

/data/data/com.houdatv.app/databases/google_app_measurement_local.db

MD5 64ca39bd3161bad82a91afc9e749625a
SHA1 0e9e0fc95f8cf6edadcc9e4774dd435a00281bba
SHA256 34983186586c16c07976f953a636321ec0e5223737f32317196366653645b9e1
SHA512 ea6a424be3e55638c37442c00da09a5133e06796ba2d6f2642e2b54a0b242395dc6de2f9540a407de14eb11851ff900b01b5d6fa4477030ed473b00d76dab9c9

/data/data/com.houdatv.app/databases/google_app_measurement_local.db-wal

MD5 476635c30e043567978b38475d0fe46e
SHA1 546ccf89a969e173809cd1754c433f60deb11e11
SHA256 cf794df1d1e4d091417f0c39e9fa77ad6875e90928446b6a60b92d8acbd0930d
SHA512 350fd95c8de7541aabe677f1a210504d33b7b0c393e6d43d57fc3e9fa9a58512c9f76d502829fa3a52632120623d769dc470a3298575d2dae935f8fee6aa0723

/data/data/com.houdatv.app/databases/google_app_measurement_local.db

MD5 c38907f956b1c0cab1b55ee10c1fb8d0
SHA1 cf28530ab02d4e4880c5084e1825e2f72295220a
SHA256 0b2d498645b69e673d34b6278a6fc93b9de786b6feedc5ab74fe276d3d49374e
SHA512 6fae747bea46f7d6105e84ba772107d0bece363f36758c437b3ce091d5636bdd8976f5d3801bf004f0bdc6deab40cf0e709423134e81573aab93d34dd987ef90

/data/data/com.houdatv.app/files/vinebre_ac.txt

MD5 08c18f59d3e6910568a5db2e7c825eee
SHA1 afff2859b09b9eede9dd135dbc24470637d9307c
SHA256 5e8f5562b5dbec5bcfaa5596d1c6b217b497ecb0fa98675090d61863be3df01e
SHA512 12e6c5ff2475ce78979339ac632784721ff0daf38229197d5741161a8270896f536664077aa2f20bbd41b4706a56256ab619691db2bc979ea90eff1f4820bc79

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 08:29

Reported

2024-05-22 08:32

Platform

android-x64-20240514-en

Max time kernel

155s

Max time network

196s

Command Line

com.houdatv.app

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /product/framework/com.google.android.maps.jar N/A N/A
N/A /product/framework/com.google.android.maps.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.houdatv.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 216.58.213.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 config.e-droid.net udp
DE 82.165.74.143:443 config.e-droid.net tcp
GB 216.58.212.194:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
US 1.1.1.1:53 imgs1.e-droid2.net udp
US 104.18.11.56:443 imgs1.e-droid2.net tcp
US 1.1.1.1:53 html.e-droid.net udp
GB 89.187.167.5:443 html.e-droid.net tcp
US 1.1.1.1:53 www9.mediafire.com udp
US 1.1.1.1:53 www.osn.com udp
US 1.1.1.1:53 www.mediafire.com udp
US 1.1.1.1:53 cdn.wrestletalk.com udp
US 104.16.113.74:443 www.mediafire.com tcp
US 104.16.114.74:443 www.mediafire.com tcp
US 104.16.114.74:443 www.mediafire.com tcp
US 104.16.114.74:443 www.mediafire.com tcp
US 104.16.114.74:443 www.mediafire.com tcp
US 104.16.114.74:443 www.mediafire.com tcp
US 104.16.114.74:443 www.mediafire.com tcp
US 1.1.1.1:53 static.a-ads.com udp
GB 143.244.38.136:443 cdn.wrestletalk.com tcp
US 45.60.155.96:443 www.osn.com tcp
DE 213.239.209.209:443 static.a-ads.com tcp
US 1.1.1.1:53 assets.bein.com udp
US 13.107.253.64:443 assets.bein.com tcp
US 13.107.253.64:443 assets.bein.com tcp
US 1.1.1.1:53 shahid.mbc.net udp
US 13.107.253.64:443 assets.bein.com tcp
US 13.107.253.64:443 assets.bein.com tcp
US 13.107.253.64:443 assets.bein.com tcp
US 13.107.253.64:443 assets.bein.com tcp
GB 18.165.201.107:443 shahid.mbc.net tcp
GB 18.165.201.107:443 shahid.mbc.net tcp
GB 18.165.201.107:443 shahid.mbc.net tcp
GB 18.165.201.107:443 shahid.mbc.net tcp
GB 18.165.201.107:443 shahid.mbc.net tcp
GB 18.165.201.107:443 shahid.mbc.net tcp
US 1.1.1.1:53 www.bein.com udp
GB 13.224.132.19:443 www.bein.com tcp
GB 13.224.132.19:443 www.bein.com tcp
GB 13.224.132.19:443 www.bein.com tcp
US 1.1.1.1:53 www.elsafa-nwes.com udp
US 1.1.1.1:53 upload.wikimedia.org udp
NL 185.15.59.240:443 upload.wikimedia.org tcp
NL 185.15.59.240:443 upload.wikimedia.org tcp
FI 65.109.97.140:443 www.elsafa-nwes.com tcp
US 1.1.1.1:53 zovidree.com udp
US 104.21.16.31:443 zovidree.com tcp
US 1.1.1.1:53 psimpuphoako.com udp
NL 139.45.197.243:443 psimpuphoako.com tcp
US 1.1.1.1:53 bytogeticr.com udp
US 172.67.178.81:443 bytogeticr.com tcp
US 1.1.1.1:53 my.rtmark.net udp
NL 139.45.195.8:443 my.rtmark.net tcp
US 1.1.1.1:53 ak.gaizoopi.net udp
NL 139.45.197.245:80 ak.gaizoopi.net tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 ak.gaizoopi.net udp
BE 108.177.15.84:443 accounts.google.com tcp
NL 139.45.197.245:443 ak.gaizoopi.net tcp
NL 139.45.197.245:443 ak.gaizoopi.net tcp
US 1.1.1.1:53 yonmewon.com udp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
US 1.1.1.1:53 my.rtmark.net udp
GB 172.217.169.10:443 safebrowsing.googleapis.com tcp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.197.236:443 yonmewon.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 clients1.google.com udp
GB 216.58.212.206:443 clients1.google.com tcp
GB 172.217.16.227:443 update.googleapis.com tcp
US 1.1.1.1:53 ynvdclrh udp
US 1.1.1.1:53 ezagkhdid udp
US 1.1.1.1:53 hnuzyososolka udp
US 1.1.1.1:53 srv11.e-droid.net udp
DE 82.165.61.18:443 srv11.e-droid.net tcp

Files

/product/framework/com.google.android.maps.jar

MD5 4899aca36d1ed747a447dcac0d101a62
SHA1 32e43edc0bf3e036683ea8639472e6cd31ab9929
SHA256 67a651acd867e046fb4463b31ea584c1468f7243a9d1e2efd34059e8ee2f130f
SHA512 50b23dd279a9efba566c6a6523c7537723c0cd6dd3e4871f1cbdb8d5bc355caa3ddea99452b1c8e5356802f812b3768066a9848b93d715bb8bdfa455b704285f

/data/data/com.houdatv.app/no_backup/androidx.work.workdb-journal

MD5 4d5ce448eee419facc56823e15bd9ed6
SHA1 e497e56068b249fe7bc19037dc67d5c7d6d19a2d
SHA256 e0b4bd8a53ebf7ee3e6c1acc3af0f3c69b71e2cbf147c1f4ac0445dd70c0f379
SHA512 d40a34ee313054ebd4d756b144d2a034546519f91eb0e30182c8dffd15fdaa7a0f4ce12a2516b02f8921ec598d06f10bfdc50da036806523829b5d74d2a4e3af

/data/data/com.houdatv.app/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.houdatv.app/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.houdatv.app/no_backup/androidx.work.workdb-wal

MD5 3d5798e04b0b877d89d5cf775c8e91cc
SHA1 1569bea7f0531469dbb3ed21bc1f9df4a1ea76bd
SHA256 5ded7a89df341caad4a6e92a6b993e6a1dc6407c3637476d625924871dd50f1b
SHA512 22164515c74880a71e2fe6bcb5767343ecd0f792b9d4f350b3a018722bb11370baea550cdae207e5d7bf18abddac157c3b832ce587c300c85219dfd57ea58caf

/data/data/com.houdatv.app/no_backup/com.google.InstanceId.properties

MD5 10e9678bd6c97d778f5526732fcc5fc2
SHA1 38075b55f113cd44a2424b7134759968e3974e7f
SHA256 4b37f8a398e7ba27398d4c4d729fb43cccef584be086f633d7b3ade165711ab9
SHA512 5a560c303f45fe49ae0edd01492c7b0ba4e5b881b938acb49258262ec14e758abdf6597d752125c98870c634fc24418a66bf3fb3fb07361f7b5ab47b52176504

/data/data/com.houdatv.app/no_backup/androidx.work.workdb-wal

MD5 d2b33bd04bd262e96fa077a888769376
SHA1 e51ed88e3dbd5fc320c1dfc36d469b44164c5a84
SHA256 5aef3991ff50df69b41f42311a2bc27811e3b18cd9ab6856f7419f5affa21231
SHA512 c9e47cd95c3b704863c20c1627f6f62226ed33850d6103ce721be569f52729b6d953c1fd91893b539465c16c3b53cbb76eddff5f88ffe4de78fcf20c0f445081

/data/data/com.houdatv.app/files/PersistedInstallation2927871787819418990tmp

MD5 9c7df430c805a254797ba73746807994
SHA1 4e64e5926adc283cd43ec171c482a9d7ce5dd9b2
SHA256 89c56f38c14e5fd103af565f67461ced016d7b4547b74437f54e09a568265d66
SHA512 eaff8b811b77b460421eb6cfec42c4670c02c434e087559a2795a38648f43c89537927f4cee68d7b560a08be08b3d3a21586030375f3ef0e03b954a10679281d

/data/data/com.houdatv.app/databases/google_app_measurement_local.db-journal

MD5 cc421893303d0e2aecb910698a23cb79
SHA1 0f0476db31457974b0dab0e9c74908a9ddb9b435
SHA256 36652b04130d4ccd8c831aad1077c02bff33b3c62938158ff0b3f5e332f28558
SHA512 4689f6dbcd14e74965d7739b9b04c36237661278a9e693eec8f2cabfcde269f13c129e0b1f1d9e4380a9d826052aa0fa5ed53a1f8d3d66b03a3b7ec9ecbeedae

/data/data/com.houdatv.app/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.houdatv.app/databases/google_app_measurement_local.db-journal

MD5 e7fa4634665e298f6c812fc832ac6c72
SHA1 57db5f2d1b66487edb2c1039671bbc7152e08b4d
SHA256 3f6910e826e6d21094f1670d3bcd61a27a54885d86b0cea67dcad5d5e547e193
SHA512 d425e5e8b353daae9899247f2936973614dec30dde817ea3b183b97e891eb39715fe80acefb110314dbff1db8461689f32caa260f87415fb746f07dd7fae523d

/data/data/com.houdatv.app/databases/google_app_measurement_local.db-journal

MD5 d863dc35a2f2d13a4b25ed49a59adb65
SHA1 bfad13ed2049f581bfce05147aa50ba85b47df39
SHA256 41104af47784c4850cd1e7e12d40e036760f1425c75a72c57c953262ff97ed70
SHA512 ab08a53d0b058f95715e82c63aa3d571cdcb2b8c0d1cd1521f15e31ae69cb2778111c9a3e2ee3737e8f3bf4c246e11f2a4523e8a25792237d77b4a1a269b3914

/data/data/com.houdatv.app/databases/google_app_measurement_local.db-journal

MD5 b33268c9eae1302c5bafcd695104b1e7
SHA1 99f9d19cc6b99d6c49823f0872c907a2d9e0e5df
SHA256 e4dfb20bd9750d2571aeb3e36fdde62cc8894cb420c08a04eb08b2933cf238f0
SHA512 684fb84f262373300faddf8b540c79ae1a68c1a6d59db681d53c2ae9e0b667cf476eee84c42bcaaba471fdb4f080c5d484b0432792cf9054974a605a7ef77763

/data/data/com.houdatv.app/databases/google_app_measurement_local.db-journal

MD5 439084f96dd9ca9eec30f28b31e3b214
SHA1 2b6e1a2a89bf598443109fc80c885c653a2c3e45
SHA256 0fb24d00995472c2a267637d25d815d37041adac7cf968dcda75848a4f5406e6
SHA512 abb87125052c44b99670b3540e14e065526c93b30c22eef37aa756f2a8fa8688198bd44c11fc1438b4350063fb0d0ec35e194a76be9e134bcf3d93e512227fb0

/data/data/com.houdatv.app/databases/google_app_measurement_local.db-journal

MD5 64a2088b61d3218862e560895e466783
SHA1 9b7fabbb8c5ab81717668569d3919cb1260223a9
SHA256 647daf8b85b77557173e0645de5b28a6bc34abce7a590ab85ee9c1355ae9237f
SHA512 ea73fdb1e5a5beecc371866d44a547d86c6fe40bb50f93c37125d752926b493b2955c246950636dbda91c45fd7254661b95f1d51bad5d280f0873e341558c816

/data/data/com.houdatv.app/databases/google_app_measurement_local.db

MD5 c46e75899b256ce5040a56a20d88d77c
SHA1 4d21d8a5eb18f2336463e84783a57ddfc78f8bf6
SHA256 46a77490a0c2beb4f848c8042c354b672ade7d310fa93d7d267d547bed811c0b
SHA512 d89c5cbb7eca80358adc19a9ab89cd40d9dda3e82090c8555e8411f7ee685f9848f782a11266ef053eb8085c0651443e21ab015971d2351d6d974b50ffdf921d

/data/data/com.houdatv.app/files/PersistedInstallation797293311657728142tmp

MD5 3f6774b654c8964e33acc145ca27fd6c
SHA1 046b4f876b51c2c8d16428165e4a1a596802abbd
SHA256 2c5a2597c9ca72da639e94be15281111c523f79c0c936ceab6d6cbe4798b6faf
SHA512 66bcefcd2c0085924188f328a54848205d127e0069c18b758d6fdb7d89a390d3a3c563e9adc35c8f57d425a829e4921db06b8c215e2105eadbaa84f1e916a3d4

/data/data/com.houdatv.app/databases/google_app_measurement_local.db

MD5 61ab3253ac6906f989a44d7a5b73327a
SHA1 eab96dbf081b6629de389255f7a81bea1fad3a2e
SHA256 1fd8af4684d9a4fed8997125df977775178db47afe6295f6c16346dfb2222163
SHA512 d829c9ec13c47ae619b1a59574164c02e1c396a0b6beb3ec8ccef0cb4687cfff35de31143155cec666b5e3d017a8eafd8378ea5e96af8b14bd1ec6876a13c4af

/data/data/com.houdatv.app/databases/google_app_measurement_local.db

MD5 12d8dee762d37b6c15af3e03b95c4f50
SHA1 fcab345ad8b224e9059f55751dbc05260280d2ba
SHA256 79f08752fc77163e6499e9210864bb074bb860bedcb2c3cb1d06c77f4168eaee
SHA512 2a1612085a2139093a6b82385454f8440a9b67c28c11a3ebc013a814a56685694a6b72b245f560c04736f16463ea9e91895e26d61e83b02fb8e95dc15b3112ea

/data/data/com.houdatv.app/files/vinebre_ac.txt

MD5 159d3622a62dc5a41ce8302fd5393326
SHA1 4574da55e48acc26bf4efef2fe79817afb8b344d
SHA256 208ca89086526714f3758aacb1fcc14ea9b6ae7f70b01f48d9223a92c0a9b171
SHA512 ab4fa6ee4c0655a3b54fe3c89256944ba7a386f3507e89c5959ad6f03bfa2324cebdd4f5bcfc3f07a1015bd8ff8f2d7c258f07fb2b5e39a19cc780df43c2acc2

/data/data/com.houdatv.app/databases/google_app_measurement_local.db

MD5 0ded7d5ff93b5cf7454b23264c052806
SHA1 bb6c025116d510313235828ef37ed33333397001
SHA256 025df99387cbfd25a7904f61b8a650d531c5aa1ab7fd6fd64954c5f29eac4db6
SHA512 2824e9c45dbb1e8be59c43e5a977e0d3bc45b2e1271c3f69ba3d2da91b6f3264e9cdd02a86bf9ebefd91e50c727b75d75b024b59268dbb24d48cf52d81eac683

/data/data/com.houdatv.app/files/splash

MD5 3be54e276c1ac41c4a0618f1df4e4ad4
SHA1 ba0c04e100e92a18a9d31c1da59d77e861d6055c
SHA256 be5d3cf6c8cddef930d412bc15d8af24ba654ca0961d6659b57ca7554866326e
SHA512 e1cf440871316ae3aa76e06821f49b06cc2429f4493317ba812a1cc52a335dbc7452815235cb5c625158c44dfccc5ce74de0543be7c6edac1a4bfc372639e30a

/data/data/com.houdatv.app/databases/google_app_measurement_local.db

MD5 b4c59234a08136df65bf497ba1692921
SHA1 560f87b1c906e4a13cc60661d6e0554b51cebe6a
SHA256 be34d3e03eadb6a499cdb77f3e40edca3da5938b5baddc50a259cf1e0829b714
SHA512 bd8ab4e7a84326a193fa3fa73d197f6f94449618804c9db522ee36094322d06e268792772eb4c84c00b3bbe1b6bb2e8f00dcdcc594011a52dc849b8bca81d428

/data/data/com.houdatv.app/files/font

MD5 62027b7aa5859e5ecdf9a09a5ee7cdac
SHA1 91e36b6ef56ff61b29ddc8ff9a57ee1b0cb84cd2
SHA256 33413ebb0ff003b260a3ed3f9c6c327c0ca5f15b89a04fea1dfc73ce8e306952
SHA512 e8a09e9fb32db04a5a3b58bd47f8eafefa5e0dfb1cf9289f6bc0fe543337b13676f5700dcfb86fe277fba4179fc2febb34825b471c735ab357330eee8d642731

/data/data/com.houdatv.app/files/ico_share

MD5 9769e88e084bee48eac8c479b429a556
SHA1 8bd33f69407f65bdc02453562a356bb51f581f56
SHA256 003772e5bb3502eaad74c39dcc197ab9009d9c0f0b679487b83b8c55eacf2332
SHA512 d8164f54fbadfa95d785519c622cdf5d9affac22eff67acc352dcf00266bd5407e9e2fea01d158d59a1e71744a0b28609d75763489f7b4a13fd54a09f489ebb5