0313c70bc17a7edcf0fea38105a5434ad4d195f8c04f7c67f2d67b0d92e1f0aa

Analysis

max time kernel
97s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 12:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AptoideTV-5.1.2.apk
Size

11.4MB
MD5

48fb019529cdd750d20693710da30fbc
SHA1

6d7912125707fc9c57dd1f074dedb1a039c4386e
SHA256

0313c70bc17a7edcf0fea38105a5434ad4d195f8c04f7c67f2d67b0d92e1f0aa
SHA512

10d93ae8d6f726da8376e23abddd334e56426ae751be7400300c9f50063ed9f26190a19aad99e17bd7393e857e808ea605e5e719f8e6b76148d37b0cc89911c4
SSDEEP

196608:hKeu5WgVAZWl1vqHhJwKL1XqVDk+FAVtf5VzwD5GzF3usY9Nq9g:hKeVW11YjL0fGVpzcGF3usk4g

Score

8^/10

banker collection discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 8 IoCs

evasion

T1426

Processes:

cm.aptoidetv.ptcm.aptoidetv.pt:filedownloader

ioc	process
/system/bin/su	cm.aptoidetv.pt
/system/app/Superuser.apk	cm.aptoidetv.pt:filedownloader
/system/xbin/su	cm.aptoidetv.pt:filedownloader
/sbin/su	cm.aptoidetv.pt:filedownloader
/system/bin/su	cm.aptoidetv.pt:filedownloader
/system/app/Superuser.apk	cm.aptoidetv.pt
/system/xbin/su	cm.aptoidetv.pt
/sbin/su	cm.aptoidetv.pt

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Checks memory information 2 TTPs 2 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

cm.aptoidetv.ptcm.aptoidetv.pt:filedownloader

description ioc process

File opened for read /proc/meminfo cm.aptoidetv.pt
File opened for read /proc/meminfo cm.aptoidetv.pt:filedownloader

description	ioc	process
File opened for read	/proc/meminfo	cm.aptoidetv.pt
File opened for read	/proc/meminfo	cm.aptoidetv.pt:filedownloader

Queries account information for other applications stored on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

T1409

Processes:

cm.aptoidetv.pt:filedownloadercm.aptoidetv.pt

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	cm.aptoidetv.pt:filedownloader
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	cm.aptoidetv.pt

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

cm.aptoidetv.ptcm.aptoidetv.pt:filedownloader

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cm.aptoidetv.pt
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cm.aptoidetv.pt:filedownloader

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

cm.aptoidetv.ptcm.aptoidetv.pt:filedownloader

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cm.aptoidetv.pt
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cm.aptoidetv.pt:filedownloader

Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

T1471

Processes:

cm.aptoidetv.ptcm.aptoidetv.pt:filedownloader

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	cm.aptoidetv.pt
Framework API call	javax.crypto.Cipher.doFinal	cm.aptoidetv.pt:filedownloader

cm.aptoidetv.pt
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4623

cm.aptoidetv.pt:filedownloader
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DE52A00EE-0001-120F-7018AB245F41BeginSession.cls_temp
Filesize
79B

MD5
259634f776cafaab055d944e0bb75998

SHA1
8335148990c38ae9b083ac46f70ec29de98b6f57

SHA256
35f42e357464eb5c1fc80b6018f415e036364c7211c7bb92fab4c18754092dc0

SHA512
f7806dc5af33736034b118c08209c3f6075c13d8fa0a1b71aef410e6e10b0d5f1d3a29cf803c6e8b25205d9ac7e17193aa25ea84f0a4bfc1867398701aab3d82

Download Submit
/data/user/0/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DE52A00EE-0001-120F-7018AB245F41SessionApp.cls_temp
Filesize
111B

MD5
3bf507a6bc6409be07ab2b01c8fd570a

SHA1
44baf657212b99bfe7a618660aea5ef7c71a504d

SHA256
c88848eff6a9226ca978e115573989c63625943a245aa5f7c75b70ee7dc58b48

SHA512
edff6f2d0306318bdef47c12e598a6b124a72419e9654899607a1468b867ae708089f3422b8b41f9c68df45b09e35873986385afd997ce452cb02accf11f3489

Download Submit
/data/user/0/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DE52A00EE-0001-120F-7018AB245F41SessionDevice.cls_temp
Filesize
131B

MD5
636a7db9a401469b5fdcad07fbd8ed05

SHA1
e1084cf18d2e354ea3f21fb0c40009ca4364076f

SHA256
35d0ee1be5ba9e48b6567f0cb6f5d784f81603cf0526935a0090026f5b8cd609

SHA512
6b8b44d1216bf437629d1e015c6161ad79f836334df125cd56e432bc0c67868793c22d5b6848627593d067a106e28bcb01197873ffad032684ce2dc9253bcc21

Download Submit
/data/user/0/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DE52A00EE-0001-120F-7018AB245F41SessionOS.cls_temp
Filesize
15B

MD5
b3d9541cc92a9153d14e5160f8d8c008

SHA1
2e1ac80eb381dd82a03795b682f92020348c0113

SHA256
1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d

SHA512
78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

Download Submit
/data/user/0/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DE52C02AB-0001-1274-7018AB245F41keys.meta
Filesize
88B

MD5
8ac5daf3b93dfd78937435b82d82d844

SHA1
48e45ce1c62bedbd5037dc5bbb4e43ba1d6094bb

SHA256
19efbf96446302e93c7df102699bfb7b6767c98fac46072fee789bb06c6a5bc6

SHA512
fc4243fd42c60067afc0d87439f1ff9815c714197ddefbcf4c5d5469b73701499ad6c0255bc34241b4fcfb0fe96035d35556d3819c7692a5f611439cc6405c42

Download Submit
/data/user/0/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
8KB

MD5
d04793cf4e06a53c3fb93a9124792bc2

SHA1
7d125f4e37e1b3c4b170ff4b05acd0feafe56989

SHA256
d7df0c8df27bc4974daddc88a410afbc86b2aa87fff6fa78207bf66b57f0575f

SHA512
86183bc83f0b868d49c19d153e57d8c2908adc35f62102e7b469e6d24272e64f7e50a83cc910d051d7584f78d75cde8821c30c5fb017cd2fec76836a6d79b7cd

Download Submit
/data/user/0/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
1KB

MD5
4ba18b98ec12eb6db7077d13b439ac3c

SHA1
767dcec2fd174e0a44d1e9e217b791a6ba5fc7ff

SHA256
664c1314f9eb7e94bbe70c46dcbae620d9dd97b1afb985db8c0e64352dd2d00e

SHA512
a657f43fe2135de9387248dc42db11d1cb3c7c79772899c7997efab15ba007e54cf5c0fa39e16cd326e8a1c759c1a327e38fcd13254519bf0a161b199238abb0

Download Submit
/data/user/0/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize
8KB

MD5
42570c7d0d14e361d0ac8ec80d2eec13

SHA1
67ce22090674e330915b8af4b54877890bd1df17

SHA256
9b9012d2f42cb9cb868cb9a6322996ee5c456c9c3540ad1e155856b9546b8839

SHA512
1a8f29937dc6ebd66e65b866a2f93f22e63917087133f2058e8128a966be493a0f861c6a6920a82df4f39f398dfb578fddd3749464e3a1f0fc9f79e00274cfb2

Download Submit
/data/user/0/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize
297B

MD5
be3891dde45c67087fdfd2f5823689a5

SHA1
19f73915b9a217a5aff07572e9400df8babd38c8

SHA256
b077c49f795c215438759a8161e9938cc777a24bbce929a25284725a6df424c7

SHA512
4cfeb54e2d38e624fc1ec33c5bab06e5e3386a12174d8999b494646b238ee084616c472798d231e95f96b3f6eea353f94cc81fd60fa9fdc8107e268eb3da1d8f

Download Submit
/data/user/0/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_e984473d-cfce-496a-806f-027cc00ab466_1716380973324.tap
Filesize
395B

MD5
b67075d638a350eddf425e9203598cbe

SHA1
3efca401553af88e22b3c6d7473d557983acb56b

SHA256
1caeecc2361ebc868c1ec017a2fac84132fe54b10274aedb38bbc4aa39bb06a6

SHA512
e127341542100d94776f8d31f31c46314c2c98b0fb0aec8710453a6ca8df1571e225b6e5deeebdb3995d26d72f38da46568c2a69f9d9d668f2925ad83622861b

Download Submit
/data/user/0/cm.aptoidetv.pt/files/.YFlurrySenderIndex.info.AnalyticsData_S5CXZ26VVW4PP9C52WQS_229
Filesize
512B

MD5
04cfb8dbc6e3fb95ade74b5e05dec48e

SHA1
2e74404ef2c272188cf047669510d07769fde78d

SHA256
3131cb76a660e4815fa6f2c435a0a622fc63aaf7ee5d9fd0db55a243d435d772

SHA512
07ed0e976bf579990f5bab2378cf19c5c42f6e6b8ac2a4c374e6b1bca44a167489dd4a262db38ddea9a91a8d7e247ccc4929335ef0b6badd244cc9d8630c6e8f

Download Submit
/data/user/0/cm.aptoidetv.pt/files/.YFlurrySenderIndex.info.AnalyticsMain
Filesize
72B

MD5
05d15d5c9e741e85210e7579cb47db4a

SHA1
c78bb7c45ff612f0ed6399f993ce0ea2fa7c8cc5

SHA256
d7671679784471964c5ac45f846322a640593e3ffdcce8ddde5132b0633e0b7c

SHA512
ad15a3308edaaadea4e48c00c9d998511fb8215fb6c2b1ac333d71647091435505dbf7a25895c83314d153684ccd48bb550d743d17de37fc785e4b6677fbf8fb

Download Submit
/data/user/0/cm.aptoidetv.pt/files/.yflurrydatasenderblock.9d3e80ae-df00-498c-a7c9-781950c6fa2b
Filesize
295B

MD5
64cf6cd142da6105f42a85e7b3dddf3d

SHA1
c80a0190c03843fb2ada8867ab8a50248f1e468d

SHA256
c137c006de49c17afe897081db32f4b572de85fb6d3f641b7101c7c0169dac18

SHA512
c46700c4943bbf8e2cdd7fc015039ba1582c7bbb96feddb38fd8361d1ec15e388217b02a51fd7894a19c5706408971f29deed2802e15a4854ec72086cb0b3f7e

Download Submit
/data/user/0/cm.aptoidetv.pt/files/default.realm
Filesize
24KB

MD5
c15e7e44e7923f2f7ae4dd9855e7eb75

SHA1
06799149a40e8980e1da40680f93f98aa78e42fb

SHA256
6ff68ef42772bf8d41e7dd0a92f65c3f6ab12566cba249123e76f8f1faf5f4d5

SHA512
39e7f7a592c2298522d86e9415fdb34b0b3fdd62f5fb05cbf948ef4779627268af2c85c64bf0f352e3a174c908148b7915326aa45549c83e43fcc576c6c901b4

Download Submit
/data/user/0/cm.aptoidetv.pt/files/default.realm.lock
Filesize
1KB

MD5
ecd770cd2b14c7658695c3efd2765c02

SHA1
efcc9b5ecee065b4e92da097a9630c8234ad0711

SHA256
24526b19e09cb6b2c91ea4ed6b268eee380ae950de0c99ef50f691f101407668

SHA512
016e2f1e3f5d0c18d57cbf7539e1e870043d02e6f4fd599ee53d73025e9506738ef04b8a507d5133a3eddc3e1b72a2c080b8e349f29361e6f6d477156668b801

Download Submit