8c33dfcf286433f795b16b6364c5aa76746a2ffcd5c9b57c43770125957a9e9d

Analysis

max time kernel
158s
max time network
180s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22/05/2024, 12:21 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TV22.apk
Size

3.4MB
MD5

e3be07aa82dde89de9489f492e4c70f8
SHA1

9090c8a6e83fdeaca511313ce258e7c1315d8088
SHA256

8c33dfcf286433f795b16b6364c5aa76746a2ffcd5c9b57c43770125957a9e9d
SHA512

380315b6516df99a3c24e5aee82810752d85d2b48d931d10e29457de4c270996389ab51da294e53606b633a6c76a9d3350f790267d478f86619869477c52b311
SSDEEP

98304:fSSMHOPKcnX6VIErOBK44IcPyqMFJrN2545haSP:f0bcAbrsKhIcsFPmPa

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	appinventor.ai_jitsolution24.TV

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	appinventor.ai_jitsolution24.TV

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	appinventor.ai_jitsolution24.TV

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	appinventor.ai_jitsolution24.TV

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	appinventor.ai_jitsolution24.TV

appinventor.ai_jitsolution24.TV
1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5164

Network

DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

216.58.212.238
DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

142.250.187.232

216.58.204.74:443

tls, https

1.2kB
40 B
1
1
216.58.212.238:443

android.apis.google.com

tls

4.1kB
7.7kB
19
19
172.217.169.14:443

tls, https

128 B
40 B
2
1
142.250.187.232:443

ssl.google-analytics.com

tls

1.5kB
6.1kB
12
10
172.21.22.2:80

420 B
7
172.21.22.2:80

420 B
7
142.250.187.238:443

520 B
10
142.250.200.2:443

520 B
10
172.217.16.228:443

tls, https

615 B
40 B
2
1
172.217.16.228:443

www.google.com

tls

8.4kB
10.8kB
26
36

224.0.0.251:5353

3.7kB
11
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

216.58.212.238
1.1.1.1:53

ssl.google-analytics.com

dns

70 B
86 B
1
1

DNS Request

ssl.google-analytics.com

DNS Response

142.250.187.232