Malware Analysis Report

2025-01-19 07:44

Sample ID 240615-caeacayfmm
Target TREX_SMARTERS_NEW_OTT.apk
SHA256 7ebdf09199db20c8031319a9653828ede4de12923bdc7ab91779766fadf822eb
Tags
evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

7ebdf09199db20c8031319a9653828ede4de12923bdc7ab91779766fadf822eb

Threat Level: Shows suspicious behavior

The file TREX_SMARTERS_NEW_OTT.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion

Loads dropped Dex/Jar

Declares services with permission to bind to the system

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-15 01:52

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by VPN services to bind with the system. Allows apps to provision VPN services. android.permission.BIND_VPN_SERVICE N/A N/A
Required by VPN services to bind with the system. Allows apps to provision VPN services. android.permission.BIND_VPN_SERVICE N/A N/A
Required by VPN services to bind with the system. Allows apps to provision VPN services. android.permission.BIND_VPN_SERVICE N/A N/A
Required by quick settings tile services to bind with the system. Allows apps to add custom tiles to the quick settings menu. android.permission.BIND_QUICK_SETTINGS_TILE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 01:52

Reported

2024-06-15 01:58

Platform

android-x86-arm-20240611.1-en

Max time kernel

103s

Max time network

308s

Command Line

com.trexott.trexottiptvbox

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A Anonymous-DexFile@0xc9657000-0xc99813dc N/A N/A

Processes

com.trexott.trexottiptvbox

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
GB 142.250.179.227:80 tcp
GB 172.217.169.68:443 tcp
GB 142.250.200.2:443 tcp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp

Files

Anonymous-DexFile@0xc9657000-0xc99813dc

MD5 e078d5724ce1951610c1bf7cfc248651
SHA1 c11ea6d9e5d2b29f84e394c1e262683dec28b950
SHA256 cd93973550917ea1acc9683758d66ccd7f03b3401d26eb385b65613987cbe90d
SHA512 57106f92ebfafce239639115a7eee5f19a1cdd31f7f4e94f3056e24cfe9d9e2494d055cfc250f248ac5595b4e84dd52eb288bda1e199599e27566d29dedca413

/data/data/com.trexott.trexottiptvbox/databases/androidx.work.workdb-journal

MD5 a3b21f110403b29e4db1b4b141fbe714
SHA1 0e1177edf869ef23a4f3f372b9d1a7fab51f6f9e
SHA256 a9c987b500c00727f846f39b6604418e22ab3fb9d54d345dba6c17155307b5a9
SHA512 86888dca38eb72ae20c39cb50b5b160dd94bc06c0375dc122b1d271084500a61f6edd6922f597c6cba5595459f6aaae094b68b427ae8e06d4f48b47353177b53

/data/data/com.trexott.trexottiptvbox/databases/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.trexott.trexottiptvbox/databases/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.trexott.trexottiptvbox/databases/androidx.work.workdb-wal

MD5 6e02cfad945f7ee62dfacab826761c51
SHA1 f8841d9e9c57c45a1aac24223fd2fb24abeec416
SHA256 b27d858da34d414a6789c325c9fd32214288788ed4ec5a11defe323481c47a5b
SHA512 7669f75ae30310397ee05ee4f6e8fd889b561830d6d24257115e42dc35e34d68c5b5f04d7b16536190cd8156c923d1e651bda048bc12c88137c0a67480d4d2ab

/data/data/com.trexott.trexottiptvbox/databases/androidx.work.workdb-wal

MD5 72936920b4df0974f876e1400922c4fb
SHA1 3fef31ca2a066169c9f1ce71505f68192e8e6547
SHA256 e7f5b48d19142750d6dca94646b98e6ea73c58c0b299ca788f433bfab0eb5844
SHA512 f2fc98dd12f3298e70d1f1d4601084667ee0be8597ebb4d34111bae596d9ad56f1a91614d43e3d0d4b8d58f917ab5546280739d1409ef8d38558c16146f289d9

/data/data/com.trexott.trexottiptvbox/databases/iptv_smarters_multi_user.db-journal

MD5 fee31de5aabafcadad88dcc6b8a2036f
SHA1 041c7079fdd1cfc95045789113a4108c4171f071
SHA256 11dcb26eb8d6274f423fa41a765ae7e124f76eb520a228bbee07cd8dea75164c
SHA512 7603cc58a015b3a78558f4f7bc129587d0e5ddd92f19949d066583da6097f405266c63d971613e517366ffca5d4c6616b25d4f1484e1789fea8e3221e39598fa

/data/data/com.trexott.trexottiptvbox/databases/iptv_smarters_multi_user.db-wal

MD5 174f8e63901c074ca2aa2af74e1bf583
SHA1 e1f1d53d6580a3989f226deb0a3cd0efe0dc6908
SHA256 c8912f8dca21d627f3bff8a77c4c6e0954d85834cabca395e354fc488285b398
SHA512 ded41399d39a41754fcd79cb4f5965ef92e8d7d931900b7000a3c548c9d55dcb886fa9de0934121e44031924e79aac6771b69d0f7c6c235cffd764573603f551

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 01:52

Reported

2024-06-15 01:56

Platform

android-x64-20240611.1-en

Max time kernel

8s

Max time network

147s

Command Line

com.trexott.trexottiptvbox

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.trexott.trexottiptvbox/[email protected] N/A N/A

Processes

com.trexott.trexottiptvbox

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
GB 142.250.179.226:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.200.46:443 tcp

Files

/data/data/com.trexott.trexottiptvbox/databases/androidx.work.workdb-journal

MD5 6fb6d6b107947805c2b59c7b456c564c
SHA1 b74d1114b14572d33c534230824dfca6ee2267fc
SHA256 3a79e92f33a800f387e9023d0412bc076cc49afc6237a839ee93cf2d9fd8b9a2
SHA512 d3cfbf25467053fe31a910fe029347b93afeb87ea0896f64d06393727d4cfad29aa6d91a67d7e4962f81cb4b566aaedc7e0a4c0f384c9f2f3d49b63663dc4063

/data/data/com.trexott.trexottiptvbox/databases/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/user/0/com.trexott.trexottiptvbox/[email protected]

MD5 e078d5724ce1951610c1bf7cfc248651
SHA1 c11ea6d9e5d2b29f84e394c1e262683dec28b950
SHA256 cd93973550917ea1acc9683758d66ccd7f03b3401d26eb385b65613987cbe90d
SHA512 57106f92ebfafce239639115a7eee5f19a1cdd31f7f4e94f3056e24cfe9d9e2494d055cfc250f248ac5595b4e84dd52eb288bda1e199599e27566d29dedca413

/data/data/com.trexott.trexottiptvbox/databases/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.trexott.trexottiptvbox/databases/androidx.work.workdb-wal

MD5 f8299b5c32261a2f720617d6858920d9
SHA1 f0e4149a038f865e5dc251023700346e765dbc09
SHA256 97d15cb32ea03f3154e6190c800f9643d8ed143a6d15c64e174afeb90b216119
SHA512 739675a434bf7e4ec3daeb73523d5b89dffbff79906b9b030cc651c45f09d12f79f9e8ba58eb222a25e670e423ad0e04c597dfe93436c243624518dcaad5fcf9

/data/data/com.trexott.trexottiptvbox/databases/androidx.work.workdb-wal

MD5 634126944aec0807c8dbd75ae7b814ad
SHA1 a8c143c774cbb38f8080f31a9f9f7f350bf0ea11
SHA256 9b24e294bf30fb1899d07c9dc40e6cf29d1ef26c8e3940c25479ed1fdbf9e00a
SHA512 898c86cf1dab110471333fdf9815158669aafe8806f5e29ef0399cd57ce84fcdefbea50915772d39531695558c1f3559d1b9786502b91ea979394fb305c9ca93

/data/data/com.trexott.trexottiptvbox/oat/x86_64/[email protected]

MD5 61af7841c11c3e4c018b6e458994969d
SHA1 2c9bf690677a08341e28f6093227ba955d0b9745
SHA256 254ca2e82fc91ffb6444143d9be035231dfb740a498801acef10be5bd03fd5cb
SHA512 f5d4bb591cbe5de23148268d00b79f01294165d8d3722d3a223d9a70ea79d1f23dfb3522062d60cea4916f948c6d58a94e96f65793d676837bd548d5bdddd296