Analysis Overview
score
6/10
SHA256
7002283b97793d972e6344be887cc0d3bb34fc6800bb3c9f325bd8db8a8ca603
Threat Level: Shows suspicious behavior
The file com.svc.vlive.home.ytv9x.apk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2024-06-09 09:58
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Required to be able to connect to paired Bluetooth devices. | android.permission.BLUETOOTH_CONNECT | N/A | N/A |
| Allows interaction across profiles in the same profile group. | android.permission.INTERACT_ACROSS_PROFILES | N/A | N/A |
| Allows an application to collect component usage statistics. | android.permission.PACKAGE_USAGE_STATS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-09 09:53
Reported
2024-06-09 10:28
Platform
android-x86-arm-20240603-en
Max time kernel
3s
Max time network
131s
Command Line
com.svc.vlive.home.ytv9x
Signatures
N/A
Processes
com.svc.vlive.home.ytv9x
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.10:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
Files
/data/data/com.svc.vlive.home.ytv9x/files/prodexdir/0OO00l111l1l
| MD5 | 3e68523f41c68fa02ebff0dfb5473694 |
| SHA1 | 131624a03846f4e04e54b4dda55ff636b9188525 |
| SHA256 | f5b4c7b2f9056f839b7fe13ffc41c1ae7306908f15d97074217fdb90c2ae4a7c |
| SHA512 | e20cb6f4787d388a62767449877e6378e0b4c3c3c21e19ea403248fa240054d420b51a547c72ab4cf65f954711635989c0f1875f9bb040f85cfdf9d18c16e544 |
/data/data/com.svc.vlive.home.ytv9x/files/prodexdir/o0oooOO0ooOo.dat
| MD5 | 25bde5e92df94234cecc8c3809c28994 |
| SHA1 | 6043b38c053ebc51a80c4432f1145a5d809897c2 |
| SHA256 | 37cbc17d21fd3f856ca6474458f074785e5e38f40cd981bb9c8eec59beda806e |
| SHA512 | 3af76df7c2558898730faddd20184613054d1b41fb2d0047eea556f3ca8c0e4e851474538c8e8e7b08036e81672646db7d788bfeca3e48e75a6f498afa19a637 |
/data/data/com.svc.vlive.home.ytv9x/files/prodexdir/tosversion
| MD5 | c562b6e8c44bd2c64d87d903a8dd4990 |
| SHA1 | 48f0df9578affce21a90e92c340b2b4730e20bbd |
| SHA256 | 47c3d73fcbd0bbea5acfdb2f886945765cbab357fc3adabcfb6260b841a3296b |
| SHA512 | 8ba3e990fb7812801893fee52d5a50ba7bc1b3ddbcf2a0407f372da0e4c3aeb66027bf9e41ea7c29a3398b0c580072ae79ef70f1cc499f2ca8f668f876b7a99c |
/data/data/com.svc.vlive.home.ytv9x/files/prodexdir/libshellx-super.com.svc.vlive.home.ytv9x.so
| MD5 | f2e89801427fa6c3816a2f30192d9ab8 |
| SHA1 | cf97771b637ab3279e787396dbbad720f468d9e6 |
| SHA256 | 943814761d969f1502cbb55953e33173681454f669e0f9c4185a388bd3da6bff |
| SHA512 | 2e4d6d4cb4b0b73e7c02a6b9085c038bb73975d38f90a6bd39d8a3bc93c3aff406d58017a5ab0b132e30889a06be443fc691fa6de76533c47fe9bc9f0567b6ff |