5cb1fdde075753692ebc51e12bd3e1b0617163c91cc817ee0c1195e93ad0e67b

Analysis

max time kernel
154s
max time network
194s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 08:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Hoda TV NEW.apk
Size

17.0MB
MD5

c53693d288c5f5891d2a51290834d56a
SHA1

a86ca601046258565d0e26bcf5c57a781b208be0
SHA256

5cb1fdde075753692ebc51e12bd3e1b0617163c91cc817ee0c1195e93ad0e67b
SHA512

8bc659d6b1f00460c2d243a7403d23dab5f777d22c63915b9cc1a9d817e67e71028c58b53eec8fc0f8a25843f5bab4c0e8b43a172b8ca5ebfcb5a44ba253b80e
SSDEEP

393216:IveEHRFEKvZeGb1pJXYXpNp45O78QUFw5N:m9vEKv4U1pJXgPr2i5N

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.houdatv.app

description ioc process

File opened for read /proc/cpuinfo com.houdatv.app
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.houdatv.app

description ioc process

File opened for read /proc/meminfo com.houdatv.app
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

com.houdatv.app

ioc pid process

/product/framework/com.google.android.maps.jar 5198 com.houdatv.app
/product/framework/com.google.android.maps.jar 5198 com.houdatv.app
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

com.houdatv.app

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.houdatv.app
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.houdatv.app

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.houdatv.app
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.houdatv.app

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.houdatv.app
Acquires the wake lock 1 IoCs

Processes:

com.houdatv.app

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.houdatv.app
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.houdatv.app

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.houdatv.app

description	ioc	process
File opened for read	/proc/cpuinfo	com.houdatv.app

description	ioc	process
File opened for read	/proc/meminfo	com.houdatv.app

ioc	pid	process
/product/framework/com.google.android.maps.jar	5198	com.houdatv.app
/product/framework/com.google.android.maps.jar	5198	com.houdatv.app

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.houdatv.app

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.houdatv.app

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.houdatv.app

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.houdatv.app

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.houdatv.app

com.houdatv.app
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:5198

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.houdatv.app/databases/google_app_measurement_local.db
Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.houdatv.app/databases/google_app_measurement_local.db
Filesize
16KB

MD5
80194df647e46999066d30af2896b115

SHA1
04ff99fc7e33985cc1c2c402189ae1145963a639

SHA256
953f75144fe418bba64e07ead9fa311ad74ac7466f588cfae9cdb124f76fcd32

SHA512
670d77b7aa1460d6079488bbb198a3c48366408ba754bff3e1b0c4c5b2882ddf204a3dce9a3828927aae2d9c57ad2c18920e6cd1419e557904dc871fc162056c

Download Submit
/data/data/com.houdatv.app/databases/google_app_measurement_local.db
Filesize
16KB

MD5
76f200f41a53a10784652360036c4bd8

SHA1
f61038eaf73055855f4e42805821ea0e0c8a1329

SHA256
036a33e8f10fac730dcecb8fcd7a6858b6486a8124dd9e5436b649b41e4340d7

SHA512
01ca20f97f33c93d2c4374fab9874403ab6e98a7dcb1d844cf0c9c6b4cc58126075ad4756ef374d40fdd9762dc0fc02d92329d5027143e673d858ea5076937a0

Download Submit
/data/data/com.houdatv.app/databases/google_app_measurement_local.db
Filesize
16KB

MD5
fd52ce771850e6c3d999be75229682ab

SHA1
6c8d88f37e3b542bcf1e333a8e0af74b2fd600c9

SHA256
6fde52b86021b98618024e763a6b790dd854b25dd47f7643996b979a7c6fcc8c

SHA512
74e10b8e61c93714bd3970f7ab6aacfc53ec52f62c666afdb2581ec3f85e270b49d6c64e70b6aa1f5610b47e4405896de3e2c5c03eeae6dd6ff64a4ef8e4c8b1

Download Submit
/data/data/com.houdatv.app/databases/google_app_measurement_local.db
Filesize
16KB

MD5
d4962092bc19f275816a8ed3b4acb879

SHA1
5022aeda271ff70a7f4c1f6fc9d41d0a1e9f2884

SHA256
fa6191380f48d8e202b0037a7310fc21e7c8569d54591925bbf922844361b79b

SHA512
a4a06ad33178ed355ab86d3b158f0f0b1faf0b42055f94ea76a3c64b4eba7f98cb544b54bb987895c9d5de75426d5d771e6b7446d71658787041f66d9ad94063

Download Submit
/data/data/com.houdatv.app/databases/google_app_measurement_local.db
Filesize
16KB

MD5
b4c59234a08136df65bf497ba1692921

SHA1
560f87b1c906e4a13cc60661d6e0554b51cebe6a

SHA256
be34d3e03eadb6a499cdb77f3e40edca3da5938b5baddc50a259cf1e0829b714

SHA512
bd8ab4e7a84326a193fa3fa73d197f6f94449618804c9db522ee36094322d06e268792772eb4c84c00b3bbe1b6bb2e8f00dcdcc594011a52dc849b8bca81d428

Download Submit
/data/data/com.houdatv.app/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
3860feb47a89681946a7c420987cc544

SHA1
9cb0b9780955a438e38d637912231ce11aa355b6

SHA256
5a3d9ae0941151e9b97fff97e8ea357747ffec9bb48346c02a38680714096457

SHA512
23249f6dde5db7746f5fd9e358da84a58796dbd11236e1d4a8f9dc795e86f414fdb8804d367facbf3dd05e1d52607791b364551ef9f293141a8375e24487e0c9

Download Submit
/data/data/com.houdatv.app/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
0e16dae7430f7fea01f55dc5ce904485

SHA1
d3f38134d82bb6f8a163267e1241f7852e33683b

SHA256
922e604dd7ea9f773070707486e9fe2dc9b36cc60231badf8dec632e1ef98d98

SHA512
63c75ca0f186faf4e3129ff952d054f330f7be9e3e6576ddeb06cd359209250668a5eb8d69e425af5577b79c41f7106f33b4e37f1139aa3075dc777d1483b19b

Download Submit
/data/data/com.houdatv.app/databases/google_app_measurement_local.db-journal
Filesize
4KB

MD5
f7b1dccc3d11561e461747a49c8d7492

SHA1
6e49015565e71834a892ca37381e68d37b0fb384

SHA256
ee786f3b53e50f3fdf6b0f8040ca3e29e5a114a77b2f6bb2d02a96531d1f77f2

SHA512
d5975e1014640eb96ef422990364fcb30136dc4aaee8137bdab6d091ec19e54b244bc4be71c3dab4f1c77a3da3e6ef265b8349da01cbd6c2482eebee746e2aba

Download Submit
/data/data/com.houdatv.app/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
e5ee5891e048b4514b8f05e7260349f0

SHA1
3c36320e2231ba1a7a8bc85634f12fad17567862

SHA256
37132e2f3099f2d6adc1408c05a23bf79a0bc86dc646c5c9adb9a192fa817eb2

SHA512
0db19e484a1fcd48088a00b69c05beffa7b8ea3ebc65f2faaafe68523c3a54d3b871f137250353a214d31cd136925328d03b1cbbd3b8d253cb5c4362e937924b

Download Submit
/data/data/com.houdatv.app/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
12167ea367dcd96bcff631cd7eb8958c

SHA1
52a2666c0e81fe6b1f078145d439d533be2a9136

SHA256
a8736c928918aa7024d9ff9fd1aa99416e24bad3eee70ffebd58fa80bc022abd

SHA512
74d932388acfbf96ff5104fbfaff57bdc8ba647be3af11245f6412279bfcfab80bcc93f22df6f90c31f4240635343c6f53f066be3b3aa9f52376a299b37ad524

Download Submit
/data/data/com.houdatv.app/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
64b55182d34de6e3a994de2998deb1cb

SHA1
1214ab4511b1e84e09aab3c24014bd44ac236b70

SHA256
17d3875fe60b36dc4e615a5666a25eb2b6803e3913fadb7cefe7f9a221d05f89

SHA512
18f6f27f11a471b324e62a97acf30f34d7c0b67426372bb645b90c2bdb7dae442bf90d4d760f01b6bf79037888709b2be62044a985c40fda05fc54045fc2ad60

Download Submit
/data/data/com.houdatv.app/files/PersistedInstallation3356880745357694030tmp
Filesize
561B

MD5
61355baefcdc7f5fd886e19a7322efae

SHA1
c87ff99b890b28e8d383e568617e247e60c7d77b

SHA256
902e9fb820e2e7159f488e33a14e5dbb55a110288a120c3829f034660f89031b

SHA512
b5d23e91a57ec8d499be56ccd1bda86cfc74458039ffaa693e4b2fb578c297d77499f548dfe261000e62f3f1e72a4ef86a6dffdbf728ea5f38b9b25222c94a6e

Download Submit
/data/data/com.houdatv.app/files/PersistedInstallation4849280400667005946tmp
Filesize
79B

MD5
0fc806e5e5f7e1f5766440322e3204f2

SHA1
5d3f5bee92c749577cdf0a8a78195db6dc38cc25

SHA256
fc3b907083f41bac21b1d7211b742c901faaf04723af8b99f78c9583966c096a

SHA512
88f69e6c457b859e4476d4940487d2a1d45bf116be0b583050e7b538fa44c007ab0736bb927afcd5eec4a597da923940c6b9c66541b90fa5127c9abc86bcf8bc

Download Submit
/data/data/com.houdatv.app/files/font
Filesize
149KB

MD5
62027b7aa5859e5ecdf9a09a5ee7cdac

SHA1
91e36b6ef56ff61b29ddc8ff9a57ee1b0cb84cd2

SHA256
33413ebb0ff003b260a3ed3f9c6c327c0ca5f15b89a04fea1dfc73ce8e306952

SHA512
e8a09e9fb32db04a5a3b58bd47f8eafefa5e0dfb1cf9289f6bc0fe543337b13676f5700dcfb86fe277fba4179fc2febb34825b471c735ab357330eee8d642731

Download Submit
/data/data/com.houdatv.app/files/ico_share
Filesize
1KB

MD5
9769e88e084bee48eac8c479b429a556

SHA1
8bd33f69407f65bdc02453562a356bb51f581f56

SHA256
003772e5bb3502eaad74c39dcc197ab9009d9c0f0b679487b83b8c55eacf2332

SHA512
d8164f54fbadfa95d785519c622cdf5d9affac22eff67acc352dcf00266bd5407e9e2fea01d158d59a1e71744a0b28609d75763489f7b4a13fd54a09f489ebb5

Download Submit
/data/data/com.houdatv.app/files/splash
Filesize
99B

MD5
3be54e276c1ac41c4a0618f1df4e4ad4

SHA1
ba0c04e100e92a18a9d31c1da59d77e861d6055c

SHA256
be5d3cf6c8cddef930d412bc15d8af24ba654ca0961d6659b57ca7554866326e

SHA512
e1cf440871316ae3aa76e06821f49b06cc2429f4493317ba812a1cc52a335dbc7452815235cb5c625158c44dfccc5ce74de0543be7c6edac1a4bfc372639e30a

Download Submit
/data/data/com.houdatv.app/files/vinebre_ac.txt
Filesize
19B

MD5
6d3ea23b91d6b8260e757222713874a6

SHA1
ab5cead98fe7b36f443d4bf7e657cb1030686a75

SHA256
10caa5a373649129ed452555bb5304fc1afd73b4e0de0e6d1007ca62086a9dcf

SHA512
fbedcb2ef446613fb27235494a3fb1144af6e724b715078c6fbdce7a2758ed53db36775e63bee4b4e98d366337d312539322d9d171c848bc963633e275b1021d

Download Submit
/data/data/com.houdatv.app/no_backup/androidx.work.workdb
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.houdatv.app/no_backup/androidx.work.workdb-journal
Filesize
512B

MD5
7c441e26329bc35bc20d99e7ed43d96b

SHA1
8fa46440348b3f2a53d6d4d0e2fb903f37f2778f

SHA256
e62cb56c235d1642ddf97ecef9300ac32d7bd537d9a912e0ac9d1a29e42fcb6a

SHA512
27481b9cc66c36c0868affb8c812ce6982c8e8c467479ae23eb7365b4b048ed7dd78154eb9671c7e406e812a44ceaa9e037a3f0c8ee8d00f771e37c4f7765899

Download Submit
/data/data/com.houdatv.app/no_backup/androidx.work.workdb-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.houdatv.app/no_backup/androidx.work.workdb-wal
Filesize
16KB

MD5
861abb900e99e018f6041a0445036d8a

SHA1
27cd4350bfe76740de12fd0148a3fc80b8b3bcf0

SHA256
8c5efa9545b388d18a054c12a19c2ab3bbd274dc877e5731972e370cf037294b

SHA512
f70db7f69f212e0a2c959f627c5c1c712f6cd0a2b26246285a642d2c643dbe9798b25d6fda7c9a19ae9e5766a47aa05af3ac5238d27bd88e99b5f74e387341f8

Download Submit
/data/data/com.houdatv.app/no_backup/androidx.work.workdb-wal
Filesize
108KB

MD5
1bae4f06b0516a40ba56f08d53a0c9fe

SHA1
fd11e72737394a3fbce60cf0b9b416416d368e6d

SHA256
fc3dfa17b6fcaf6d0f7a69d387573aedb8f61ed192c120c4ca51488cd84621f5

SHA512
072c72fa0458cebe8f28f7ae109401bc616047a0f2426fff977125d33c91786b7335125e3712d3e6ffc32077700fea9c1ca0d377e163078a73c19d740d7a0f31

Download Submit
/data/data/com.houdatv.app/no_backup/com.google.InstanceId.properties
Filesize
2KB

MD5
2966a6b34fb1571e4b3ff452d9bba86c

SHA1
c6d6fae638a269bfe1ce659fa00bab168614aa30

SHA256
2027853526c2249a44e7e997128f70750c11eefefc91df88677e332856dde8fd

SHA512
9a2b366f0137ebd06e6f989e2c8a8231a101f4de9589798b337f3396d7163c3646cc1177c909b2db3882ab811761d9b78f6d7403df73d31118e1e14cc67e2f9d

Download Submit
/product/framework/com.google.android.maps.jar
Filesize
315KB

MD5
4899aca36d1ed747a447dcac0d101a62

SHA1
32e43edc0bf3e036683ea8639472e6cd31ab9929

SHA256
67a651acd867e046fb4463b31ea584c1468f7243a9d1e2efd34059e8ee2f130f

SHA512
50b23dd279a9efba566c6a6523c7537723c0cd6dd3e4871f1cbdb8d5bc355caa3ddea99452b1c8e5356802f812b3768066a9848b93d715bb8bdfa455b704285f

Download Submit