Analysis
-
max time kernel
59s -
max time network
67s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
23-08-2024 20:16
Static task
static1
Behavioral task
behavioral1
Sample
03122ade6371753933299d563bf26bcce3e54c1b467465bbf7a49dc9a6c13777.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
03122ade6371753933299d563bf26bcce3e54c1b467465bbf7a49dc9a6c13777.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
03122ade6371753933299d563bf26bcce3e54c1b467465bbf7a49dc9a6c13777.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
03122ade6371753933299d563bf26bcce3e54c1b467465bbf7a49dc9a6c13777.apk
-
Size
4.9MB
-
MD5
9cb79abaac5dfa0af418aa8e34e24688
-
SHA1
d51b34ca2dd411476407110d9a6d15028114db7a
-
SHA256
03122ade6371753933299d563bf26bcce3e54c1b467465bbf7a49dc9a6c13777
-
SHA512
7d54eeb26be548f9900e576dfb3ef837b1fcb793c52dbc497a1b58ed6b22d5deb937ded093a03c346cc8d7a57b640faed35c6741100660079fe55f757bd16938
-
SSDEEP
98304:fqiOhIdq+mLHNcF1B3G5jeoi2So5aZw5IT8GUZ:SzhIdq5HNcB3G5jeo7SHZNA
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
ioc Process /system/app/Superuser.apk com.makinggames.worldtv -
pid Process 4312 com.makinggames.worldtv -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.makinggames.worldtv -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.makinggames.worldtv -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.makinggames.worldtv -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.makinggames.worldtv -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.makinggames.worldtv -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.makinggames.worldtv -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.makinggames.worldtv -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.makinggames.worldtv
Processes
-
com.makinggames.worldtv1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Queries information about active data network
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4312
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
2Suppress Application Icon
1User Evasion
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9KB
MD5e8e0527a01aefdb89afd2c508f131da1
SHA1f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34
-
Filesize
823B
MD5d37ff4dc35fd83fd877fbe02b28d1ed7
SHA1ec162ad3d90627ee884e3b55f38cf29f392fc559
SHA2564284fb9d00bfd175aeb5e77f9af8136fef9f1bdd136024e95d3fdf5ecad83b8f
SHA512e2ab91ba9fd7a51a66cdf152cdb6f101ed00a98d5fe8be1f94e3378a4f4c1d064e74a336ecea0491d11df6b575f83191641e7f0c47d5d68b4661fd70e0a0f96b
-
Filesize
823B
MD55e24a05450d916da44591c31a142e75d
SHA15fc683ca2197931bb49a7914f752543998e5e0ba
SHA25635902003cb6afc2f3e362648dcfd4bb0d31edce351698d5edaedb3ba5a0de437
SHA5120d6c9913a8b7b2f9cf40ce2d3329b8bda29d3d9ac4bd6e4d3c133bdaa75a398adb5af1b469e6900f9fdecee22376d178cc2d6b5de0ef0eac3d6f9058f8954595
-
Filesize
20B
MD57029066c27ac6f5ef18d660d5741979a
SHA146c6643f07aa7f6bfe7118de926b86defc5087c4
SHA25659869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
SHA5127e8e93f4a89ce7fae011403e14a1d53544c6e6f6b6010d61129dc27937806d2b03802610d7999eab33a4c36b0f9e001d9d76001b8354087634c1aa9c740c536f
-
Filesize
823B
MD55eb08dd61177a4082d7ac6d088df147e
SHA158fdd96835ea3af0a47fc437168d9ca2ca25b44b
SHA256f2d8c93ebf351e3a0951c058f3035c5d945a15dc8a344e44adcf598411faca4f
SHA51221db50cb4a270925754796f32f3d3bda3c2286ff0daf34ce84467e3b824cc86029f12874fffae5064085167c8dd9c1a15f6b68918925afe19b79bac0b1e483eb
-
Filesize
823B
MD5f2b47a5bc2c398eb920e52d4e3b607f0
SHA1c50856cef05eb7a6bbb870aa04bb1551b56281ce
SHA2569f2498ae5bb74311b92a62203bea6c972f43e17884016a3ae06c0f9e43e1906e
SHA512d02e3781b84fb099864414defb88175d78c3c639605a1dc34607b454b731f85eb96574db0e938398e26757ac9c53e4418576f071152d3ca5c1c96fcea7b9cc41
-
Filesize
490B
MD5e4ebd8dadba676f3a03d458c37faea1b
SHA157a58b28dfae86da556f3f1f9aedf99160bd39d2
SHA2566dd04ee6d0cbd53cbb4429c46e1e95e1b148380c86cd8ae886e30cbd78262df1
SHA512eac536f47b244cbb9d60cb444354d855f8087f66d556b4ce1aa29defd672c369323bfd0ae2ce7e4811a2ad20b66aac3d440fa98edf825149cd8661d72e6ba3ec
-
Filesize
36B
MD537e8e716e0e2f4a0b05cd9571d95b84d
SHA1f8d068f6931707bddb8cd69f706f2224ad1fea3c
SHA2567080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca
SHA512e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6
-
Filesize
739B
MD5effbf6c3ff736cf6fb8a2c353893ccd6
SHA157888a0f61de109b014b08381413b8ffc3d968d4
SHA2568ef91d6651c60261f3baa506aef643bf2523910211eeab9906de89fee94d34d4
SHA5128a3d1e5d7da678b943daf1dfda1af03287bafb0c6e5837de9e14e05e985e6954cbd8853e9b9595440ca5daed673431bc9e2d4df12e0ec6578970e086d44276dd
-
Filesize
402B
MD5715f0b91ddfdca7c7cddb8e75c582d1a
SHA1983a9f2f01da7d1a81dd83c14a897e6acf0580bd
SHA256f98b33e9bb8c214c9fc15eec9aed1a1d50bc407ada91d7a4249f31df1b785d31
SHA51247a1457cb9765c77cb18abc559f7e6daaad45e47f862e1879bc6247bf4a281f28ca55a381281939d5ad2d1aeacf2e51ca2ecb1b6ae5a2e4a4867f36c3d36dd4d
-
Filesize
402B
MD58f4bebf35d9c1340614431d4a4f2a0fe
SHA150bd646a84e288ebebdc2b59a52e43da5f9fb1c4
SHA256b3f3f290c8e7e7b410bba093e139ddc720318b3393814caddc383b70aed6ef35
SHA512dba069fb968379e1d2669441e24383c2526003ab7299309a955bf398c41481a41de22c93c64b64b5d5aa4525f33ca127183a3150e947bb05a6c2ae9b04cc995e