Analysis
-
max time kernel
97s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
22-05-2024 12:00
Static task
static1
Behavioral task
behavioral1
Sample
AptoideTV-5.1.2.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
AptoideTV-5.1.2.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
AptoideTV-5.1.2.apk
-
Size
11.4MB
-
MD5
48fb019529cdd750d20693710da30fbc
-
SHA1
6d7912125707fc9c57dd1f074dedb1a039c4386e
-
SHA256
0313c70bc17a7edcf0fea38105a5434ad4d195f8c04f7c67f2d67b0d92e1f0aa
-
SHA512
10d93ae8d6f726da8376e23abddd334e56426ae751be7400300c9f50063ed9f26190a19aad99e17bd7393e857e808ea605e5e719f8e6b76148d37b0cc89911c4
-
SSDEEP
196608:hKeu5WgVAZWl1vqHhJwKL1XqVDk+FAVtf5VzwD5GzF3usY9Nq9g:hKeVW11YjL0fGVpzcGF3usk4g
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 8 IoCs
Processes:
cm.aptoidetv.ptcm.aptoidetv.pt:filedownloaderioc process /system/bin/su cm.aptoidetv.pt /system/app/Superuser.apk cm.aptoidetv.pt:filedownloader /system/xbin/su cm.aptoidetv.pt:filedownloader /sbin/su cm.aptoidetv.pt:filedownloader /system/bin/su cm.aptoidetv.pt:filedownloader /system/app/Superuser.apk cm.aptoidetv.pt /system/xbin/su cm.aptoidetv.pt /sbin/su cm.aptoidetv.pt -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks memory information 2 TTPs 2 IoCs
Checks memory information which indicate if the system is an emulator.
-
Queries account information for other applications stored on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
Processes:
cm.aptoidetv.pt:filedownloadercm.aptoidetv.ptdescription ioc process Framework service call android.accounts.IAccountManager.getAccountsAsUser cm.aptoidetv.pt:filedownloader Framework service call android.accounts.IAccountManager.getAccountsAsUser cm.aptoidetv.pt -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
cm.aptoidetv.ptcm.aptoidetv.pt:filedownloaderdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses cm.aptoidetv.pt Framework service call android.app.IActivityManager.getRunningAppProcesses cm.aptoidetv.pt:filedownloader -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
cm.aptoidetv.ptcm.aptoidetv.pt:filedownloaderdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cm.aptoidetv.pt Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cm.aptoidetv.pt:filedownloader -
Checks the presence of a debugger
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
cm.aptoidetv.ptcm.aptoidetv.pt:filedownloaderdescription ioc process Framework API call javax.crypto.Cipher.doFinal cm.aptoidetv.pt Framework API call javax.crypto.Cipher.doFinal cm.aptoidetv.pt:filedownloader
Processes
-
cm.aptoidetv.pt1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
cm.aptoidetv.pt:filedownloader1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DE52A00EE-0001-120F-7018AB245F41BeginSession.cls_tempFilesize
79B
MD5259634f776cafaab055d944e0bb75998
SHA18335148990c38ae9b083ac46f70ec29de98b6f57
SHA25635f42e357464eb5c1fc80b6018f415e036364c7211c7bb92fab4c18754092dc0
SHA512f7806dc5af33736034b118c08209c3f6075c13d8fa0a1b71aef410e6e10b0d5f1d3a29cf803c6e8b25205d9ac7e17193aa25ea84f0a4bfc1867398701aab3d82
-
/data/user/0/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DE52A00EE-0001-120F-7018AB245F41SessionApp.cls_tempFilesize
111B
MD53bf507a6bc6409be07ab2b01c8fd570a
SHA144baf657212b99bfe7a618660aea5ef7c71a504d
SHA256c88848eff6a9226ca978e115573989c63625943a245aa5f7c75b70ee7dc58b48
SHA512edff6f2d0306318bdef47c12e598a6b124a72419e9654899607a1468b867ae708089f3422b8b41f9c68df45b09e35873986385afd997ce452cb02accf11f3489
-
/data/user/0/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DE52A00EE-0001-120F-7018AB245F41SessionDevice.cls_tempFilesize
131B
MD5636a7db9a401469b5fdcad07fbd8ed05
SHA1e1084cf18d2e354ea3f21fb0c40009ca4364076f
SHA25635d0ee1be5ba9e48b6567f0cb6f5d784f81603cf0526935a0090026f5b8cd609
SHA5126b8b44d1216bf437629d1e015c6161ad79f836334df125cd56e432bc0c67868793c22d5b6848627593d067a106e28bcb01197873ffad032684ce2dc9253bcc21
-
/data/user/0/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DE52A00EE-0001-120F-7018AB245F41SessionOS.cls_tempFilesize
15B
MD5b3d9541cc92a9153d14e5160f8d8c008
SHA12e1ac80eb381dd82a03795b682f92020348c0113
SHA2561ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d
SHA51278074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f
-
/data/user/0/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DE52C02AB-0001-1274-7018AB245F41keys.metaFilesize
88B
MD58ac5daf3b93dfd78937435b82d82d844
SHA148e45ce1c62bedbd5037dc5bbb4e43ba1d6094bb
SHA25619efbf96446302e93c7df102699bfb7b6767c98fac46072fee789bb06c6a5bc6
SHA512fc4243fd42c60067afc0d87439f1ff9815c714197ddefbcf4c5d5469b73701499ad6c0255bc34241b4fcfb0fe96035d35556d3819c7692a5f611439cc6405c42
-
/data/user/0/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tapFilesize
8KB
MD5d04793cf4e06a53c3fb93a9124792bc2
SHA17d125f4e37e1b3c4b170ff4b05acd0feafe56989
SHA256d7df0c8df27bc4974daddc88a410afbc86b2aa87fff6fa78207bf66b57f0575f
SHA51286183bc83f0b868d49c19d153e57d8c2908adc35f62102e7b469e6d24272e64f7e50a83cc910d051d7584f78d75cde8821c30c5fb017cd2fec76836a6d79b7cd
-
/data/user/0/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tapFilesize
1KB
MD54ba18b98ec12eb6db7077d13b439ac3c
SHA1767dcec2fd174e0a44d1e9e217b791a6ba5fc7ff
SHA256664c1314f9eb7e94bbe70c46dcbae620d9dd97b1afb985db8c0e64352dd2d00e
SHA512a657f43fe2135de9387248dc42db11d1cb3c7c79772899c7997efab15ba007e54cf5c0fa39e16cd326e8a1c759c1a327e38fcd13254519bf0a161b199238abb0
-
/data/user/0/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmpFilesize
8KB
MD542570c7d0d14e361d0ac8ec80d2eec13
SHA167ce22090674e330915b8af4b54877890bd1df17
SHA2569b9012d2f42cb9cb868cb9a6322996ee5c456c9c3540ad1e155856b9546b8839
SHA5121a8f29937dc6ebd66e65b866a2f93f22e63917087133f2058e8128a966be493a0f861c6a6920a82df4f39f398dfb578fddd3749464e3a1f0fc9f79e00274cfb2
-
/data/user/0/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmpFilesize
297B
MD5be3891dde45c67087fdfd2f5823689a5
SHA119f73915b9a217a5aff07572e9400df8babd38c8
SHA256b077c49f795c215438759a8161e9938cc777a24bbce929a25284725a6df424c7
SHA5124cfeb54e2d38e624fc1ec33c5bab06e5e3386a12174d8999b494646b238ee084616c472798d231e95f96b3f6eea353f94cc81fd60fa9fdc8107e268eb3da1d8f
-
/data/user/0/cm.aptoidetv.pt/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_e984473d-cfce-496a-806f-027cc00ab466_1716380973324.tapFilesize
395B
MD5b67075d638a350eddf425e9203598cbe
SHA13efca401553af88e22b3c6d7473d557983acb56b
SHA2561caeecc2361ebc868c1ec017a2fac84132fe54b10274aedb38bbc4aa39bb06a6
SHA512e127341542100d94776f8d31f31c46314c2c98b0fb0aec8710453a6ca8df1571e225b6e5deeebdb3995d26d72f38da46568c2a69f9d9d668f2925ad83622861b
-
/data/user/0/cm.aptoidetv.pt/files/.YFlurrySenderIndex.info.AnalyticsData_S5CXZ26VVW4PP9C52WQS_229Filesize
512B
MD504cfb8dbc6e3fb95ade74b5e05dec48e
SHA12e74404ef2c272188cf047669510d07769fde78d
SHA2563131cb76a660e4815fa6f2c435a0a622fc63aaf7ee5d9fd0db55a243d435d772
SHA51207ed0e976bf579990f5bab2378cf19c5c42f6e6b8ac2a4c374e6b1bca44a167489dd4a262db38ddea9a91a8d7e247ccc4929335ef0b6badd244cc9d8630c6e8f
-
/data/user/0/cm.aptoidetv.pt/files/.YFlurrySenderIndex.info.AnalyticsMainFilesize
72B
MD505d15d5c9e741e85210e7579cb47db4a
SHA1c78bb7c45ff612f0ed6399f993ce0ea2fa7c8cc5
SHA256d7671679784471964c5ac45f846322a640593e3ffdcce8ddde5132b0633e0b7c
SHA512ad15a3308edaaadea4e48c00c9d998511fb8215fb6c2b1ac333d71647091435505dbf7a25895c83314d153684ccd48bb550d743d17de37fc785e4b6677fbf8fb
-
/data/user/0/cm.aptoidetv.pt/files/.yflurrydatasenderblock.9d3e80ae-df00-498c-a7c9-781950c6fa2bFilesize
295B
MD564cf6cd142da6105f42a85e7b3dddf3d
SHA1c80a0190c03843fb2ada8867ab8a50248f1e468d
SHA256c137c006de49c17afe897081db32f4b572de85fb6d3f641b7101c7c0169dac18
SHA512c46700c4943bbf8e2cdd7fc015039ba1582c7bbb96feddb38fd8361d1ec15e388217b02a51fd7894a19c5706408971f29deed2802e15a4854ec72086cb0b3f7e
-
/data/user/0/cm.aptoidetv.pt/files/default.realmFilesize
24KB
MD5c15e7e44e7923f2f7ae4dd9855e7eb75
SHA106799149a40e8980e1da40680f93f98aa78e42fb
SHA2566ff68ef42772bf8d41e7dd0a92f65c3f6ab12566cba249123e76f8f1faf5f4d5
SHA51239e7f7a592c2298522d86e9415fdb34b0b3fdd62f5fb05cbf948ef4779627268af2c85c64bf0f352e3a174c908148b7915326aa45549c83e43fcc576c6c901b4
-
/data/user/0/cm.aptoidetv.pt/files/default.realm.lockFilesize
1KB
MD5ecd770cd2b14c7658695c3efd2765c02
SHA1efcc9b5ecee065b4e92da097a9630c8234ad0711
SHA25624526b19e09cb6b2c91ea4ed6b268eee380ae950de0c99ef50f691f101407668
SHA512016e2f1e3f5d0c18d57cbf7539e1e870043d02e6f4fd599ee53d73025e9506738ef04b8a507d5133a3eddc3e1b72a2c080b8e349f29361e6f6d477156668b801