0313c70bc17a7edcf0fea38105a5434ad4d195f8c04f7c67f2d67b0d92e1f0aa

Analysis

max time kernel
99s
max time network
148s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 12:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AptoideTV-5.1.2.apk
Size

11.4MB
MD5

48fb019529cdd750d20693710da30fbc
SHA1

6d7912125707fc9c57dd1f074dedb1a039c4386e
SHA256

0313c70bc17a7edcf0fea38105a5434ad4d195f8c04f7c67f2d67b0d92e1f0aa
SHA512

10d93ae8d6f726da8376e23abddd334e56426ae751be7400300c9f50063ed9f26190a19aad99e17bd7393e857e808ea605e5e719f8e6b76148d37b0cc89911c4
SSDEEP

196608:hKeu5WgVAZWl1vqHhJwKL1XqVDk+FAVtf5VzwD5GzF3usY9Nq9g:hKeVW11YjL0fGVpzcGF3usk4g

Score

8^/10

banker collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 6 IoCs

evasion

System Information Discovery

T1426

Processes:

cm.aptoidetv.ptcm.aptoidetv.pt:filedownloader

ioc	process
/system/app/Superuser.apk	cm.aptoidetv.pt
/system/xbin/su	cm.aptoidetv.pt
/sbin/su	cm.aptoidetv.pt
/system/app/Superuser.apk	cm.aptoidetv.pt:filedownloader
/system/xbin/su	cm.aptoidetv.pt:filedownloader
/sbin/su	cm.aptoidetv.pt:filedownloader

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Checks memory information 2 TTPs 2 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

cm.aptoidetv.ptcm.aptoidetv.pt:filedownloader

description ioc process

File opened for read /proc/meminfo cm.aptoidetv.pt
File opened for read /proc/meminfo cm.aptoidetv.pt:filedownloader

description	ioc	process
File opened for read	/proc/meminfo	cm.aptoidetv.pt
File opened for read	/proc/meminfo	cm.aptoidetv.pt:filedownloader

Queries account information for other applications stored on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

Processes:

cm.aptoidetv.ptcm.aptoidetv.pt:filedownloader

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	cm.aptoidetv.pt
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	cm.aptoidetv.pt:filedownloader

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

cm.aptoidetv.pt:filedownloadercm.aptoidetv.pt

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cm.aptoidetv.pt:filedownloader
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cm.aptoidetv.pt

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

cm.aptoidetv.ptcm.aptoidetv.pt:filedownloader

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	cm.aptoidetv.pt
Framework service call	android.app.IActivityManager.registerReceiver	cm.aptoidetv.pt:filedownloader

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

cm.aptoidetv.ptcm.aptoidetv.pt:filedownloader

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cm.aptoidetv.pt
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cm.aptoidetv.pt:filedownloader

Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

cm.aptoidetv.ptcm.aptoidetv.pt:filedownloader

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	cm.aptoidetv.pt
Framework API call	javax.crypto.Cipher.doFinal	cm.aptoidetv.pt:filedownloader

cm.aptoidetv.pt
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4260

cm.aptoidetv.pt:filedownloader
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4322

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DE51E0286-0001-10A4-415E2E0B339ABeginSession.cls_temp
Filesize
79B

MD5
0c5a643f0b2f1b1001dd67648da91466

SHA1
d75386f9f1a76150cb93c97a402ef2c4d297352d

SHA256
d3bb26423d2054e288ac5e892c2151a6b7a2c78ec22ed339e0cccf332b7b31a5

SHA512
1bb3b430e73317979205075bdbfa9eb8af628997e4694502c8dd52fd932b30ce57de2441b9775494188fe67162b52c0b20cb3b723f9254abdb2cc2fff2993611

Download Submit
/data/data/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DE51E0286-0001-10A4-415E2E0B339ASessionApp.cls_temp
Filesize
111B

MD5
8a5e5a94e5548224f01754816ffab430

SHA1
4a77e5c4ed3d8bdc8a0f47f1a00b62890ac34c6f

SHA256
701bc381ab37e18b09f45b927313363294af43b58e92413118a6de3ca5ed9f71

SHA512
472b96db2596fd3f605d30b9f0d26714bdd2037a84b0c440f857ddc38f24eaab59a88c5ffc3b710b6f0a5ff8295889d2d4977255d67516cdb29a7626aeabe8ee

Download Submit
/data/data/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DE51E0286-0001-10A4-415E2E0B339ASessionDevice.cls_temp
Filesize
131B

MD5
d50050220128ac9864214a2e543b8809

SHA1
8dff210fddaf976d9e64c9037e006571434f50ec

SHA256
913e8188bc5ac1be02d14385466169552a5f1c644ed2838f4188a4ad1c02b107

SHA512
22d2ae4a32e9f40050a6fcd1a5b6eccc3b4afdb8dbc64d30337956b093a810024e2f66aed0f892378fe8a1bb83b06d85200176c98902419884aef818fded4393

Download Submit
/data/data/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DE51E0286-0001-10A4-415E2E0B339ASessionOS.cls_temp
Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DE52102FB-0001-10E2-415E2E0B339Akeys.meta
Filesize
38B

MD5
8087bdd0d3cc8210ef04b974b0ce65a4

SHA1
eb64b18a5284a8932b2e1ee8252c9aa2fec67b4e

SHA256
9defc29aa8cd1a6a8d7cf19a81c8d04135f1e4555083c4c896e1c354a052b899

SHA512
7052fed303feda32c5a1679702139f30afaa441d2bd5ad0195e952a23ab4a69a401f798b28c9e7cabadeb288351cdd4aef1d3908a4c3050fb6292e0f9a309c8b

Download Submit
/data/data/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
514B

MD5
8502d10d17e6c797ed2c05295dc7adb7

SHA1
d6145749686307002b7d5b9a8d444ea77917ff90

SHA256
d7975d3846f93ae603a977350702f6ed0a0e7b044645734afe90bdb99bff6ee9

SHA512
e9909bb9d4b8b21b4f99ba971a82c6ce6fd01e28c7b27e1a76f17b0a4a504f40300515b6326a11ffdc698ce4c499b459ffd990b21764b952b6d8151b2cdadcb2

Download Submit
/data/data/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
1KB

MD5
d8b70765c3ebcf673a6abc5d64626cec

SHA1
19dbd271b451e91ce4e3e5c2586b5db308a3b4a3

SHA256
b32c966fed3a2bba357a295536628a3dc0800ad8626dbba4223e08e659456fbb

SHA512
caaa00f265283b1e36443d640ca56d77d0f63118f3ebed01054267fdbd2f754657f9c0f77c4d11ebcf57139a142f98fb9fe25c4053c980fa7c1d93d0fd1e6ccd

Download Submit
/data/data/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/data/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize
292B

MD5
a169fed55d70d492cd85665a53e56d43

SHA1
3a07502c045d007fc6defaaeed61cf76d94efb3f

SHA256
5d594418a80e3cf8fc4c65189749e4541f1dec0b0c3e8542f3d9320ddd232f8a

SHA512
790ae44994a3f8cf7b8c7451be27bad49da07112dc648104fc5989c7fb8ec90d90eb6226cb214ec60d724b9f46142b09083396aabe3f08ad40e031758c7936d5

Download Submit
/data/data/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_211ab7c0-01ab-4e38-9b4a-bbcc65bbd01a_1716380963060.tap
Filesize
391B

MD5
010126849a907314bb1515cd052d59dd

SHA1
7b6eeba2df4ba7a3677a44cc72e65254f1c86309

SHA256
b3aabafda4d1125e65ff012e3962024fdb1a74c8088626cde4fb37bb390e7f88

SHA512
37ed964196be41e4df6d2a6a9b852d0979d38f72d80e3a55843b23aea4fa3f411486d298d4c46062f36e839b659ee04468e4d59bba6778fd7a559af307617948

Download Submit
/data/data/cm.aptoidetv.pt/files/.YFlurrySenderIndex.info.AnalyticsData_S5CXZ26VVW4PP9C52WQS_229
Filesize
36KB

MD5
c16f2581f7f903e2bb297fb99994b8e0

SHA1
9abf9834492fc7e0449223a752498961bd2a23f7

SHA256
1c3d2b6453c72f50c9da7a843c3c768f562aee637527e1cffe2893e0b2ee9986

SHA512
c5702e4392a5f8e444744b1f9eeaef3295b34516bb1718d64dc3ffb6c47980d79d477abda6206a6c3a9361a0c60a57445a27de76e0071f5996d58154ee63e063

Download Submit
/data/data/cm.aptoidetv.pt/files/.YFlurrySenderIndex.info.AnalyticsData_S5CXZ26VVW4PP9C52WQS_229
Filesize
88B

MD5
5ee7f2b7456c3f66a28c69fb9f777183

SHA1
04f7452c472b211084b7db0a1f6a4802d2c2f0f8

SHA256
39554ca84a454ae352104c9a99b86b1946e771eb4b98331e1a70843b822830e6

SHA512
6f7642cee7aa47c9ecbdc3fceadcd902e830ed1edf7399f472cc4522c4b9c101ce5b417c042c412fd7d5e792debc20c037b3cdfe5b3b07ada5174f1fc9dc2219

Download Submit
/data/data/cm.aptoidetv.pt/files/.YFlurrySenderIndex.info.AnalyticsMain
Filesize
32KB

MD5
c361430babe9b706dceb34fcab984d91

SHA1
4d54e0f292cd30b3205624e54920063147214f9b

SHA256
20452510805f9887dfb5357b6ddb03c3d55d0667e4485b5ac2736a9af32a5619

SHA512
bc9dad2567fcec18556e6b5bde54ea089e44c6e38cad7a1198e02fef144e9a25ada17fbdbbfd17e57e380ccbc1ebea1007318769024b7d051f282c5db998ce14

Download Submit
/data/data/cm.aptoidetv.pt/files/.YFlurrySenderIndex.info.AnalyticsMain
Filesize
72B

MD5
05d15d5c9e741e85210e7579cb47db4a

SHA1
c78bb7c45ff612f0ed6399f993ce0ea2fa7c8cc5

SHA256
d7671679784471964c5ac45f846322a640593e3ffdcce8ddde5132b0633e0b7c

SHA512
ad15a3308edaaadea4e48c00c9d998511fb8215fb6c2b1ac333d71647091435505dbf7a25895c83314d153684ccd48bb550d743d17de37fc785e4b6677fbf8fb

Download Submit
/data/data/cm.aptoidetv.pt/files/.yflurrydatasenderblock.b5bb5adb-2e25-43a0-8d34-d6ba7accb116
Filesize
512B

MD5
79419e4733db70bde9a59caffb7d664c

SHA1
bb0f316cd53f7997286e5ece19c603b13b87d607

SHA256
d716e51de56abd4743cceb0b2056580f6ef0db6dc62a7ece39540bcb6fb64a03

SHA512
4f5d1de6c60ca40215734afaa837aea7a08e30ed3d309f7d0f6468472e1a8a08b080c4921eb832bd6ba821a401bdf4960a1d174ec93071f6c92f80c2113d22b6

Download Submit
/data/data/cm.aptoidetv.pt/files/default.realm
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/cm.aptoidetv.pt/files/default.realm.lock
Filesize
1KB

MD5
a65194ed3bebbf0025723d9cf0501dd2

SHA1
c49046ea64fef2048ec09427e9208617c7224cc7

SHA256
fd9d4474451dab9b7fd75ec1a8b263ae8a125b4a200e069d83e60f8e21fb9470

SHA512
53de43a422adbc2190ab9f720633112ddaba07f2abe190b7e2f02706a24c6d78680e6903dedee3c6a80b05192d894975f35ee620f01ae27f652b6cfca1892553

Download Submit