Malware Analysis Report

2024-11-15 09:54

Sample ID 241110-n1zvhsvrhv
Target Cine10Tv.V3.apk
SHA256 8397687cece62b9c559fbc6031d9526ecd3b863c2f4f91b74af02edb951eb028
Tags
evasion persistence collection credential_access discovery execution impact
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

8397687cece62b9c559fbc6031d9526ecd3b863c2f4f91b74af02edb951eb028

Threat Level: Likely malicious

The file Cine10Tv.V3.apk was found to be: Likely malicious.

Malicious Activity Summary

evasion persistence collection credential_access discovery execution impact

Checks if the Android device is rooted.

Obtains sensitive information copied to the device clipboard

Loads dropped Dex/Jar

Queries information about active data network

Requests dangerous framework permissions

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 11:52

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 11:52

Reported

2024-11-10 11:55

Platform

android-x86-arm-20240624-en

Max time kernel

11s

Max time network

132s

Command Line

com.cinebox.iptv

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.cinebox.iptv/files/audience_network.dex N/A N/A
N/A /data/user/0/com.cinebox.iptv/files/audience_network.dex N/A N/A
N/A /data/user/0/com.cinebox.iptv/files/audience_network.dex N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.cinebox.iptv

/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/com.cinebox.iptv/files/audience_network.dex --output-vdex-fd=82 --oat-fd=84 --oat-location=/data/user/0/com.cinebox.iptv/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
GB 142.250.179.234:443 digitalassetlinks.googleapis.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp

Files

/data/data/com.cinebox.iptv/files/audience_network.dex

MD5 06dfc829bf9345876f04db7b69485799
SHA1 afac2a96af43bfe4c6db99fcf0deff352a4f5a70
SHA256 77909b82bcc2dab7e432d0547058313c5bcc5ea298de628a6ae05fb9d39d56f0
SHA512 b57fa956d0afa8dab830592a42692df3577cd7d1479f9beaed790796951eeab2120619ecdc8801006e3a607dcdbfd8ef2592436fba19f838d1851c42948dc67f

/data/data/com.cinebox.iptv/databases/SummaryNotificationIds.db-journal

MD5 610ddb4bd692968929d2f096b2919b6f
SHA1 d1b5d3429bccdffa7d5d9a7ba1a0e8cb5979bafe
SHA256 700eec18da5858e49fd26b53d52fdd2777e3e748a5b29769cdf22ce17d79b813
SHA512 55b640703fec5b07b32015a2f7cfac478c26d0e5eea13c82ba0bacf05401e395abf9ea07b5ac8dbe7f15328e373aa04d7e9482b7449cc592e4751056be4a8b87

/data/data/com.cinebox.iptv/databases/SummaryNotificationIds.db

MD5 ea337369df234668c9cd8b5231b96fc6
SHA1 7e3c6595d8c1767dcf89f2da180711f84444fb34
SHA256 025fb50487e31a21ca6f377b4e5004f8fa1ab93dd4ed8aefd8056520dc1bb92b
SHA512 c034af97edbe630eb2bff7df20d192348c68b3abe8e10c2ebc91b083ee81650a300d35b66e74ebeee57b334d9ce6224bc505b1574c5b786ec304bd33e8c13b70

/data/data/com.cinebox.iptv/databases/SummaryNotificationIds.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.cinebox.iptv/databases/SummaryNotificationIds.db-wal

MD5 f170f5eecfe0293c41e2e0f4a8eaa183
SHA1 ca862444e4b1012fc5542ae1a38834b529434ed2
SHA256 dc49e2256fbc3fbc4dba1b65a9f24e48e1cccfd84d6938c03c92632cf3cbf1ec
SHA512 c020946e8827f709191f6bfdbf69c9dbd0446906bd2bb9960573915d6be6eb859ad670a33166048c26a603340da707ca83eac4ae7b26c6d6bc5d78ba1e775f48

/data/data/com.cinebox.iptv/no_backup/androidx.work.workdb-journal

MD5 f3f878b4cdd1a7a7e063e0bc268efd41
SHA1 78f69024a3b108bb5511bd570cbf3225182975c5
SHA256 8db54df7b21b600fe21dfb52b72bb4d9ae935355ae1cc607228b4297a4680938
SHA512 f25ef66ed395ff23f6545e1637228a12c43b1ef633d9df2a486996de883bcdc4195e2379f2cb90f942b27f734a9e125800e6fa43d56cce438f767c3bc32f6d4f

/data/data/com.cinebox.iptv/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.cinebox.iptv/no_backup/androidx.work.workdb-wal

MD5 1696656e5816b5d17bac3d9c3890e92b
SHA1 d9e77a0168a8bc300da9c9758f214cc7cc5b4fb7
SHA256 0dd462259358666e587126bae6ea141f7d65d39c5e350fdac43f259d613ca1eb
SHA512 a98c8a47d7e93426b65e4123a901bc0d0744f8aff800a1a24cf04cf48ba9e440d50b03e0f131913c1ee677af60820ae3efa0167f11e620d3ef9c00474fac7d24

/data/data/com.cinebox.iptv/no_backup/androidx.work.workdb-wal

MD5 fd71e9dcde0b2c510ea751785f24510d
SHA1 17b254080fe1602a10b7ccd969f172c052aa7ab6
SHA256 2c123d8614978f3a330c580404ef99f9141aabbc42141e4fbe1422708c4a8219
SHA512 63d44d83f1f58f2cb0ab7fd3ece976a26f30a5db462d0c9db6fdfffbb15136fbb3f21061efef8893968b0bce54b59ff63b64350d223b0748bf0027be726551de

/data/data/com.cinebox.iptv/no_backup/androidx.work.workdb-wal

MD5 fcdaa1be04c938e78351bf5f01173a65
SHA1 3786ac76c18fcb891abf368326dab30547e13021
SHA256 d5d641d260c4aa4b9dc48134c57d01a896ec4815c16708cae809ecdbbc8a338b
SHA512 9798f2d9273a5f420db9874fea80982af6f2b9ad5333cd2d40e50f2969efdd1f5590726c06b6dd056a92f91f9f579405a8a08fab871cfcc2d35f1e26773f747c

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-10 11:52

Reported

2024-11-10 11:55

Platform

android-33-x64-arm64-20240624-en

Max time kernel

106s

Max time network

134s

Command Line

com.cinebox.iptv

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.cinebox.iptv/[email protected] N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.cinebox.iptv

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.100:443 udp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
GB 172.217.169.10:443 digitalassetlinks.googleapis.com tcp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
US 1.1.1.1:53 cine10.xyz udp
FI 65.108.78.242:443 cine10.xyz tcp
US 1.1.1.1:53 i.imgur.com udp
US 199.232.196.193:443 i.imgur.com tcp
US 199.232.196.193:443 i.imgur.com tcp
US 199.232.196.193:443 i.imgur.com tcp
US 199.232.196.193:443 i.imgur.com tcp
US 199.232.196.193:443 i.imgur.com tcp
US 199.232.196.193:443 i.imgur.com tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 216.58.201.106:443 remoteprovisioning.googleapis.com tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 172.217.169.67:443 tcp
US 172.64.41.3:443 udp
GB 172.217.169.67:443 udp
GB 216.58.201.100:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 216.58.201.100:443 udp
US 1.1.1.1:53 firebaselogging.googleapis.com udp
GB 216.58.201.106:443 firebaselogging.googleapis.com tcp

Files

/data/data/com.cinebox.iptv/databases/SummaryNotificationIds.db-journal

MD5 967eee842eaa009e9f70ba55a415a26d
SHA1 03c3bdf7906f983375a13535798b9652b55b401d
SHA256 3e56ac70e553ad11d2fff8c135a6ec7734261e7eb10d77b6a0055f2655e43a74
SHA512 5af9f6fe98453cbf55ea40134beda61bd614eccaceb47f644048bcef79c8820893c45bd011341192b2c9cbaaddb4e63ee0d3baa912bd5c4e822aec7c2ad3dda9

/data/data/com.cinebox.iptv/no_backup/androidx.work.workdb-journal

MD5 b80afcfb58cb98bac24d960edf25b672
SHA1 a344495a71685cb591e23e217a554ec2e03323bd
SHA256 113c7dfc5e70abdafc2e2c70d240cc34f44a951f22993e4c8a19dce33d9ea7f1
SHA512 ba475083d55fdaff994b16cf09cca637976d4049b6953b7ad7d8364834b2b4dbd88ae1c3f195f1850b83ffef935123f7c4bc5f717a8e196482ddc78feca44da2

/data/data/com.cinebox.iptv/no_backup/androidx.work.workdb

MD5 0eb157e1a86d4d00aa601dd2f6ff3ee3
SHA1 fee434f784e73cc7916322e949f727caf8363102
SHA256 b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4
SHA512 b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

/data/data/com.cinebox.iptv/databases/SummaryNotificationIds.db

MD5 c09d5282359e31047d8f4856338437e1
SHA1 b498c16152c974aa4d60d351e92d91b1e92cfbbd
SHA256 3617b8568d13f112b04f7cf0c2f4d0eddf260d75c5f3b2c9fb99fcbf3b53c06d
SHA512 d4aef9d6c5d6e532f916122566eb9e4dd1c5b224fa44fd737c26d5448a5c131d52427fd741e1f2e1a6ea4ded0971403844e1f9093872e211c673f919feade9b5

/data/data/com.cinebox.iptv/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.cinebox.iptv/no_backup/androidx.work.workdb-wal

MD5 d23a6a57eb0fa492210ec3eea1ae6875
SHA1 8762a59d7065cbc5efc89eb502ea310b73cb5f96
SHA256 a075fd84f538e1862b354d657ea07b69f8902bdcd20bf181cacc829de160e7ce
SHA512 782506d6380d9c2c4b21a8d7f62e6c78810af0cd68c35cbc87a0905fc6e93ae27a12ff11375c64e9875bf0bed134241d3f1e6e0074c03612e63dfdb8c655fdb7

/data/data/com.cinebox.iptv/databases/SummaryNotificationIds.db-journal

MD5 36caac6ffeb1aac97b6ad62b0b65c802
SHA1 3120e6424b2b9ae0a83054bf247e7421beeb3e15
SHA256 d8201f81b6140fe5bebd7126e595e6fd8344a6bcc7137e42e02613587929543d
SHA512 08cbf21392f738b6eeeb68265d688a79d3d769de740a6afca4cc85098911c2d13c9cd276e6ccaa078a984d8f3255f62c543a8d84902dde00cbe50269ac703de2

/data/data/com.cinebox.iptv/databases/SummaryNotificationIds.db-journal

MD5 f893431d20f3a3c2e00c46c8741e0538
SHA1 e9fd1832876afaa1f36f0a76a98a242283c79b24
SHA256 50c9ba2d8a187e7075b309fa5a7e36cd5cf3a87ca8e4bf20779e7f311537e3fb
SHA512 e4cc628c9f48c8e5be3e035cb3bead360acb7f9d18af69ad31a1684460749775572fefba351d69fc18830c8b4da7f4a088d1b51cc873b66e379c9fe7da5c354a

/data/user/0/com.cinebox.iptv/[email protected]

MD5 06dfc829bf9345876f04db7b69485799
SHA1 afac2a96af43bfe4c6db99fcf0deff352a4f5a70
SHA256 77909b82bcc2dab7e432d0547058313c5bcc5ea298de628a6ae05fb9d39d56f0
SHA512 b57fa956d0afa8dab830592a42692df3577cd7d1479f9beaed790796951eeab2120619ecdc8801006e3a607dcdbfd8ef2592436fba19f838d1851c42948dc67f

/data/data/com.cinebox.iptv/databases/SummaryNotificationIds.db-journal

MD5 fc0c9a319990d497b55b3fa9429e4157
SHA1 ed4cff575131dfd523658e7a6c4d423b1fb193ec
SHA256 f9d56eaa52ea1b4e0f506f9f5514609e7c3af56c044c8e8b4313483e5d809de5
SHA512 dfe2cc7aa6b201af0fc254a72e39d306b98b6916b5bcb7324a6f571167cb8793afeffd342b2c2a4c831b14d904fc9b7c42e2486a69d4699a12f606dd71c059d8

/data/data/com.cinebox.iptv/no_backup/androidx.work.workdb-wal

MD5 ab709ec92a782aa8786c37047c429dba
SHA1 11634ab2f0bc861e65b2ce7d22b8cb7120f796c4
SHA256 158927c1cc8a40a142685a885b68b74bbdbcd2b8b4c1874b72df29ae0330ddcd
SHA512 f931986996adc1852926931cf2bf2f71c54daa60d2970c028d55b05d6a2c40196f4b613965d5ba2131138e714260a1ef6772ac8ae343ba271e536251e1079b92

/data/data/com.cinebox.iptv/databases/com.google.android.datatransport.events-journal

MD5 68315e2644e7881d13e4c82044b60dc0
SHA1 373279d1bfa57041719bb09c9d32f41b10638df2
SHA256 8b09d64db370a53595215d2426b59da3cf305c8d2ae84047492b4a0799bfa190
SHA512 879df0824adb1c85e8f2c056357dd7ed7af1eda3ba1d9f6cc5755d2e8eac55a0009bd4dcb5e09ff7f8fc6e903a67dab97050fd0f2bde74ec4ed9b7e709c8908e

/data/data/com.cinebox.iptv/databases/com.google.android.datatransport.events

MD5 b8c40a6b1a54baf622d0cdaa44375256
SHA1 8502a1a6e38af0c9b9c4d587c899291f79ece737
SHA256 7133080ea4f7d6d609b257f1f904b6d53620d5c8a018806c14ba36eb9378ab24
SHA512 e871d3eb0fc8558cabeeee9e679d5f63b0d9a2323c8aa755dc964b7e9811ecd4d2eca8dc72671ac996adb3262276db3142dd717792ad2501505c325086d593ec

/data/data/com.cinebox.iptv/databases/com.google.android.datatransport.events-journal

MD5 5c8facd71f2c71bae3adb6bd4a9c1b2e
SHA1 2f8ffb01d541c66a9b95a2516e3aebd758f6ea19
SHA256 1a693802dd78524ad54486dc476e06c444af50e1503dcf0b94b9333bc7525b12
SHA512 e3b71ac6c876472d4a338b19597244791cc812cfe622fe3a465c58c74f89c47fc56e6b43ea99987ae804e160ed7d58fd2c757f072f97e368fe50251f9f144978

/data/data/com.cinebox.iptv/databases/com.google.android.datatransport.events-journal

MD5 599bf4481e66dcb8321117df6dd4ba8d
SHA1 60979c1790ccbd4a79d63fd3a3f3f6100dbef36e
SHA256 757300e52aba28c6a3c771410725b9b68094abe4ad4c9e8a06ef3894a1f9b3a6
SHA512 3dd9ee606a58b55ce47783ced3f8f478834d80c9fd3650a54c1278c2d419873a61b32b718ddf7412da0b3d2523c535cdf514d3611ee60bebd2838460d5b31515

/data/data/com.cinebox.iptv/databases/com.google.android.datatransport.events-journal

MD5 e1e32537296d5ae6c9b15bd154c004b6
SHA1 f3418983c2991effc09ab07bb0de402588867410
SHA256 c69b5df6aa48af33e2c47f526aacabf7aceae73964bc9beec04b59332a94fea4
SHA512 96247ad784bc5aa7b3dcaeeb389e36999a12aec3f8f3301e49ad8762084b5f8b6fac63d211ed2566797fbedf79b0419fadc54dd9e5f49684d00b51f16448d5ff

/data/data/com.cinebox.iptv/databases/com.google.android.datatransport.events-journal

MD5 9165230105a9d20cbb468fc1d2516b0b
SHA1 fd9fa180327b7ae6a12f6e28898599deb623ae3a
SHA256 e0331ef250a4bc8f571974646c3f911c1ebf001be2496489f0b30613eb5658ef
SHA512 af396ecd28e5a4ed2f66e1f6d6e969af3787524d10aa9e29f9555679e51ab4a44fa4fa7f32770cee48e8d3ee1d33ed1762569233b7a7860dc65ec6568ad081d6

/data/data/com.cinebox.iptv/databases/com.google.android.datatransport.events-journal

MD5 c9ef6009638ae63b23a4f9673ed894d6
SHA1 2a5987503cb1da0f3458546aec3b8b4d102b1037
SHA256 67c2f7eefff395d01f56cef10358f0fa25fb09dbfdc0be1ec4da555ce16a8d49
SHA512 cd7acad9e2948ac8f2d222497b38018b6656eeeb670e415d694158f93868b3796e6c9becf2d4ecb08b7f01d2cce477b55c110ec962c48ad79843ed2f63c84499