Malware Analysis Report

2025-01-19 07:50

Sample ID 240609-lw16nsha4t
Target com.svc.vlive.home.ytv9x.apk
SHA256 7002283b97793d972e6344be887cc0d3bb34fc6800bb3c9f325bd8db8a8ca603
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

7002283b97793d972e6344be887cc0d3bb34fc6800bb3c9f325bd8db8a8ca603

Threat Level: Shows suspicious behavior

The file com.svc.vlive.home.ytv9x.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary


Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-09 09:58

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Required to be able to connect to paired Bluetooth devices. android.permission.BLUETOOTH_CONNECT N/A N/A
Allows interaction across profiles in the same profile group. android.permission.INTERACT_ACROSS_PROFILES N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-09 09:53

Reported

2024-06-09 10:28

Platform

android-x86-arm-20240603-en

Max time kernel

3s

Max time network

131s

Command Line

com.svc.vlive.home.ytv9x

Signatures

N/A

Processes

com.svc.vlive.home.ytv9x

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp

Files

/data/data/com.svc.vlive.home.ytv9x/files/prodexdir/0OO00l111l1l

MD5 3e68523f41c68fa02ebff0dfb5473694
SHA1 131624a03846f4e04e54b4dda55ff636b9188525
SHA256 f5b4c7b2f9056f839b7fe13ffc41c1ae7306908f15d97074217fdb90c2ae4a7c
SHA512 e20cb6f4787d388a62767449877e6378e0b4c3c3c21e19ea403248fa240054d420b51a547c72ab4cf65f954711635989c0f1875f9bb040f85cfdf9d18c16e544

/data/data/com.svc.vlive.home.ytv9x/files/prodexdir/o0oooOO0ooOo.dat

MD5 25bde5e92df94234cecc8c3809c28994
SHA1 6043b38c053ebc51a80c4432f1145a5d809897c2
SHA256 37cbc17d21fd3f856ca6474458f074785e5e38f40cd981bb9c8eec59beda806e
SHA512 3af76df7c2558898730faddd20184613054d1b41fb2d0047eea556f3ca8c0e4e851474538c8e8e7b08036e81672646db7d788bfeca3e48e75a6f498afa19a637

/data/data/com.svc.vlive.home.ytv9x/files/prodexdir/tosversion

MD5 c562b6e8c44bd2c64d87d903a8dd4990
SHA1 48f0df9578affce21a90e92c340b2b4730e20bbd
SHA256 47c3d73fcbd0bbea5acfdb2f886945765cbab357fc3adabcfb6260b841a3296b
SHA512 8ba3e990fb7812801893fee52d5a50ba7bc1b3ddbcf2a0407f372da0e4c3aeb66027bf9e41ea7c29a3398b0c580072ae79ef70f1cc499f2ca8f668f876b7a99c

/data/data/com.svc.vlive.home.ytv9x/files/prodexdir/libshellx-super.com.svc.vlive.home.ytv9x.so

MD5 f2e89801427fa6c3816a2f30192d9ab8
SHA1 cf97771b637ab3279e787396dbbad720f468d9e6
SHA256 943814761d969f1502cbb55953e33173681454f669e0f9c4185a388bd3da6bff
SHA512 2e4d6d4cb4b0b73e7c02a6b9085c038bb73975d38f90a6bd39d8a3bc93c3aff406d58017a5ab0b132e30889a06be443fc691fa6de76533c47fe9bc9f0567b6ff