Analysis
-
max time kernel
99s -
max time network
148s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
22-05-2024 12:00
Static task
static1
Behavioral task
behavioral1
Sample
AptoideTV-5.1.2.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
AptoideTV-5.1.2.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
AptoideTV-5.1.2.apk
-
Size
11.4MB
-
MD5
48fb019529cdd750d20693710da30fbc
-
SHA1
6d7912125707fc9c57dd1f074dedb1a039c4386e
-
SHA256
0313c70bc17a7edcf0fea38105a5434ad4d195f8c04f7c67f2d67b0d92e1f0aa
-
SHA512
10d93ae8d6f726da8376e23abddd334e56426ae751be7400300c9f50063ed9f26190a19aad99e17bd7393e857e808ea605e5e719f8e6b76148d37b0cc89911c4
-
SSDEEP
196608:hKeu5WgVAZWl1vqHhJwKL1XqVDk+FAVtf5VzwD5GzF3usY9Nq9g:hKeVW11YjL0fGVpzcGF3usk4g
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 6 IoCs
Processes:
cm.aptoidetv.ptcm.aptoidetv.pt:filedownloaderioc process /system/app/Superuser.apk cm.aptoidetv.pt /system/xbin/su cm.aptoidetv.pt /sbin/su cm.aptoidetv.pt /system/app/Superuser.apk cm.aptoidetv.pt:filedownloader /system/xbin/su cm.aptoidetv.pt:filedownloader /sbin/su cm.aptoidetv.pt:filedownloader -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks memory information 2 TTPs 2 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
cm.aptoidetv.ptcm.aptoidetv.pt:filedownloaderdescription ioc process File opened for read /proc/meminfo cm.aptoidetv.pt File opened for read /proc/meminfo cm.aptoidetv.pt:filedownloader -
Queries account information for other applications stored on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
Processes:
cm.aptoidetv.ptcm.aptoidetv.pt:filedownloaderdescription ioc process Framework service call android.accounts.IAccountManager.getAccountsAsUser cm.aptoidetv.pt Framework service call android.accounts.IAccountManager.getAccountsAsUser cm.aptoidetv.pt:filedownloader -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
cm.aptoidetv.pt:filedownloadercm.aptoidetv.ptdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses cm.aptoidetv.pt:filedownloader Framework service call android.app.IActivityManager.getRunningAppProcesses cm.aptoidetv.pt -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
cm.aptoidetv.ptcm.aptoidetv.pt:filedownloaderdescription ioc process Framework service call android.app.IActivityManager.registerReceiver cm.aptoidetv.pt Framework service call android.app.IActivityManager.registerReceiver cm.aptoidetv.pt:filedownloader -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
cm.aptoidetv.ptcm.aptoidetv.pt:filedownloaderdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cm.aptoidetv.pt Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cm.aptoidetv.pt:filedownloader -
Checks the presence of a debugger
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
cm.aptoidetv.ptcm.aptoidetv.pt:filedownloaderdescription ioc process Framework API call javax.crypto.Cipher.doFinal cm.aptoidetv.pt Framework API call javax.crypto.Cipher.doFinal cm.aptoidetv.pt:filedownloader
Processes
-
cm.aptoidetv.pt1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4260
-
cm.aptoidetv.pt:filedownloader1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4322
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DE51E0286-0001-10A4-415E2E0B339ABeginSession.cls_tempFilesize
79B
MD50c5a643f0b2f1b1001dd67648da91466
SHA1d75386f9f1a76150cb93c97a402ef2c4d297352d
SHA256d3bb26423d2054e288ac5e892c2151a6b7a2c78ec22ed339e0cccf332b7b31a5
SHA5121bb3b430e73317979205075bdbfa9eb8af628997e4694502c8dd52fd932b30ce57de2441b9775494188fe67162b52c0b20cb3b723f9254abdb2cc2fff2993611
-
/data/data/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DE51E0286-0001-10A4-415E2E0B339ASessionApp.cls_tempFilesize
111B
MD58a5e5a94e5548224f01754816ffab430
SHA14a77e5c4ed3d8bdc8a0f47f1a00b62890ac34c6f
SHA256701bc381ab37e18b09f45b927313363294af43b58e92413118a6de3ca5ed9f71
SHA512472b96db2596fd3f605d30b9f0d26714bdd2037a84b0c440f857ddc38f24eaab59a88c5ffc3b710b6f0a5ff8295889d2d4977255d67516cdb29a7626aeabe8ee
-
/data/data/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DE51E0286-0001-10A4-415E2E0B339ASessionDevice.cls_tempFilesize
131B
MD5d50050220128ac9864214a2e543b8809
SHA18dff210fddaf976d9e64c9037e006571434f50ec
SHA256913e8188bc5ac1be02d14385466169552a5f1c644ed2838f4188a4ad1c02b107
SHA51222d2ae4a32e9f40050a6fcd1a5b6eccc3b4afdb8dbc64d30337956b093a810024e2f66aed0f892378fe8a1bb83b06d85200176c98902419884aef818fded4393
-
/data/data/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DE51E0286-0001-10A4-415E2E0B339ASessionOS.cls_tempFilesize
14B
MD59b3d4522944ce6396563812bfdb92fa9
SHA16d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727
-
/data/data/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DE52102FB-0001-10E2-415E2E0B339Akeys.metaFilesize
38B
MD58087bdd0d3cc8210ef04b974b0ce65a4
SHA1eb64b18a5284a8932b2e1ee8252c9aa2fec67b4e
SHA2569defc29aa8cd1a6a8d7cf19a81c8d04135f1e4555083c4c896e1c354a052b899
SHA5127052fed303feda32c5a1679702139f30afaa441d2bd5ad0195e952a23ab4a69a401f798b28c9e7cabadeb288351cdd4aef1d3908a4c3050fb6292e0f9a309c8b
-
/data/data/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tapFilesize
514B
MD58502d10d17e6c797ed2c05295dc7adb7
SHA1d6145749686307002b7d5b9a8d444ea77917ff90
SHA256d7975d3846f93ae603a977350702f6ed0a0e7b044645734afe90bdb99bff6ee9
SHA512e9909bb9d4b8b21b4f99ba971a82c6ce6fd01e28c7b27e1a76f17b0a4a504f40300515b6326a11ffdc698ce4c499b459ffd990b21764b952b6d8151b2cdadcb2
-
/data/data/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tapFilesize
1KB
MD5d8b70765c3ebcf673a6abc5d64626cec
SHA119dbd271b451e91ce4e3e5c2586b5db308a3b4a3
SHA256b32c966fed3a2bba357a295536628a3dc0800ad8626dbba4223e08e659456fbb
SHA512caaa00f265283b1e36443d640ca56d77d0f63118f3ebed01054267fdbd2f754657f9c0f77c4d11ebcf57139a142f98fb9fe25c4053c980fa7c1d93d0fd1e6ccd
-
/data/data/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmpFilesize
36B
MD537e8e716e0e2f4a0b05cd9571d95b84d
SHA1f8d068f6931707bddb8cd69f706f2224ad1fea3c
SHA2567080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca
SHA512e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6
-
/data/data/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmpFilesize
292B
MD5a169fed55d70d492cd85665a53e56d43
SHA13a07502c045d007fc6defaaeed61cf76d94efb3f
SHA2565d594418a80e3cf8fc4c65189749e4541f1dec0b0c3e8542f3d9320ddd232f8a
SHA512790ae44994a3f8cf7b8c7451be27bad49da07112dc648104fc5989c7fb8ec90d90eb6226cb214ec60d724b9f46142b09083396aabe3f08ad40e031758c7936d5
-
/data/data/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_211ab7c0-01ab-4e38-9b4a-bbcc65bbd01a_1716380963060.tapFilesize
391B
MD5010126849a907314bb1515cd052d59dd
SHA17b6eeba2df4ba7a3677a44cc72e65254f1c86309
SHA256b3aabafda4d1125e65ff012e3962024fdb1a74c8088626cde4fb37bb390e7f88
SHA51237ed964196be41e4df6d2a6a9b852d0979d38f72d80e3a55843b23aea4fa3f411486d298d4c46062f36e839b659ee04468e4d59bba6778fd7a559af307617948
-
/data/data/cm.aptoidetv.pt/files/.YFlurrySenderIndex.info.AnalyticsData_S5CXZ26VVW4PP9C52WQS_229Filesize
36KB
MD5c16f2581f7f903e2bb297fb99994b8e0
SHA19abf9834492fc7e0449223a752498961bd2a23f7
SHA2561c3d2b6453c72f50c9da7a843c3c768f562aee637527e1cffe2893e0b2ee9986
SHA512c5702e4392a5f8e444744b1f9eeaef3295b34516bb1718d64dc3ffb6c47980d79d477abda6206a6c3a9361a0c60a57445a27de76e0071f5996d58154ee63e063
-
/data/data/cm.aptoidetv.pt/files/.YFlurrySenderIndex.info.AnalyticsData_S5CXZ26VVW4PP9C52WQS_229Filesize
88B
MD55ee7f2b7456c3f66a28c69fb9f777183
SHA104f7452c472b211084b7db0a1f6a4802d2c2f0f8
SHA25639554ca84a454ae352104c9a99b86b1946e771eb4b98331e1a70843b822830e6
SHA5126f7642cee7aa47c9ecbdc3fceadcd902e830ed1edf7399f472cc4522c4b9c101ce5b417c042c412fd7d5e792debc20c037b3cdfe5b3b07ada5174f1fc9dc2219
-
/data/data/cm.aptoidetv.pt/files/.YFlurrySenderIndex.info.AnalyticsMainFilesize
32KB
MD5c361430babe9b706dceb34fcab984d91
SHA14d54e0f292cd30b3205624e54920063147214f9b
SHA25620452510805f9887dfb5357b6ddb03c3d55d0667e4485b5ac2736a9af32a5619
SHA512bc9dad2567fcec18556e6b5bde54ea089e44c6e38cad7a1198e02fef144e9a25ada17fbdbbfd17e57e380ccbc1ebea1007318769024b7d051f282c5db998ce14
-
/data/data/cm.aptoidetv.pt/files/.YFlurrySenderIndex.info.AnalyticsMainFilesize
72B
MD505d15d5c9e741e85210e7579cb47db4a
SHA1c78bb7c45ff612f0ed6399f993ce0ea2fa7c8cc5
SHA256d7671679784471964c5ac45f846322a640593e3ffdcce8ddde5132b0633e0b7c
SHA512ad15a3308edaaadea4e48c00c9d998511fb8215fb6c2b1ac333d71647091435505dbf7a25895c83314d153684ccd48bb550d743d17de37fc785e4b6677fbf8fb
-
/data/data/cm.aptoidetv.pt/files/.yflurrydatasenderblock.b5bb5adb-2e25-43a0-8d34-d6ba7accb116Filesize
512B
MD579419e4733db70bde9a59caffb7d664c
SHA1bb0f316cd53f7997286e5ece19c603b13b87d607
SHA256d716e51de56abd4743cceb0b2056580f6ef0db6dc62a7ece39540bcb6fb64a03
SHA5124f5d1de6c60ca40215734afaa837aea7a08e30ed3d309f7d0f6468472e1a8a08b080c4921eb832bd6ba821a401bdf4960a1d174ec93071f6c92f80c2113d22b6
-
/data/data/cm.aptoidetv.pt/files/default.realmFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/cm.aptoidetv.pt/files/default.realm.lockFilesize
1KB
MD5a65194ed3bebbf0025723d9cf0501dd2
SHA1c49046ea64fef2048ec09427e9208617c7224cc7
SHA256fd9d4474451dab9b7fd75ec1a8b263ae8a125b4a200e069d83e60f8e21fb9470
SHA51253de43a422adbc2190ab9f720633112ddaba07f2abe190b7e2f02706a24c6d78680e6903dedee3c6a80b05192d894975f35ee620f01ae27f652b6cfca1892553