Analysis

  • max time kernel
    32s
  • max time network
    132s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    10-11-2024 11:15

General

  • Target

    rectv16.4.apk

  • Size

    54.6MB

  • MD5

    d5fd170a8d9eee15d0b67097527215fe

  • SHA1

    80b860ed2fd14780d0f0ed06510d3b8eed48d61a

  • SHA256

    f245537c2cdbbf0221df21d4e5ad42d5673335038a0552100a14b6a0feb22637

  • SHA512

    899bd25845767087c0e66f1c9d3bf44263892c7a031b1a7c882c0f8f46a66ff7f8c7622c7d27b63dce5989d2be559132b8bbc51f7d0aacbd306b88134bd16950

  • SSDEEP

    786432:3m4fhy+Xh9Pn4KxJQL71ySqRtWzaNxPlfAUzRmTuKWTIwMCLxAhLocjfk/6+ugLJ:fPn4gJTSJqlfA4YFChKd3j8/7LdYqvmk

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 3 IoCs
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Checks the presence of a debugger
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.rectv.shot
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4271
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.rectv.shot/files/audience_network.dex --output-vdex-fd=154 --oat-fd=155 --oat-location=/data/user/0/com.rectv.shot/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4466

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.rectv.shot/databases/com.google.android.datatransport.events

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.rectv.shot/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    9a148130f72e11b2f27e0dd51005a077

    SHA1

    53681b15fb95576fe77e24d71899fc64f600afd7

    SHA256

    9d51a86ae5795056ed72c876336558530d51ca76ff03b6c9d4a4bdc9f7166f2e

    SHA512

    926064f3029f7f687ac271fa593d626972948b4c6c53784abd9de58f3e96bc9bfe93b1dd6739c3b920b7caf0f5e5927031397192f620a2da1d30d165843718e8

  • /data/data/com.rectv.shot/databases/com.google.android.datatransport.events-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.rectv.shot/databases/com.google.android.datatransport.events-wal

    Filesize

    68KB

    MD5

    7cb22e5ea16b540fdfdec7f01327bba9

    SHA1

    b32df0bfd284971033d87a79b7f5d2871eac4494

    SHA256

    155bfd64d0ee6ee3c4aa1a8f91e7db319a1fc993e10e3fe1a38e97a50f03002a

    SHA512

    4772e84f02e5c183bb45ff35d73c0982126aa006f4314c79085fcd06a03dd8a703362f72cc2888582eb4bcd9b3c67b6d74c51b7fe97572327b23fcee27d39d7c

  • /data/data/com.rectv.shot/files/.com.google.firebase.crashlytics.files.v2:com.rectv.shot/com.crashlytics.settings.json

    Filesize

    710B

    MD5

    2e08c626554356bbbe9103fb41e339a6

    SHA1

    b782f36b189b39fbac4b3c9f15302fba7f686ecc

    SHA256

    0afe9085389968b21032550bd21b0cf7f334950213e2bc3031ee95b0c9576137

    SHA512

    1c34e426abf016861f71820137e5cc0eab201dcfc57b2f02a28d6a95fa5a7441c6fe04c85671aa7c2b47e6fd9ab0e51578cee7e7daf768f98e7ed0a0bbfbbebd

  • /data/data/com.rectv.shot/files/.com.google.firebase.crashlytics.files.v2:com.rectv.shot/open-sessions/673095EC000F000110AF31A255B5BC70/report

    Filesize

    737B

    MD5

    e5d46eedb79f9308e4d264ac84b71fbd

    SHA1

    2a6a8a864d7964ba83c653dbde9471288b304346

    SHA256

    e88600b8fc8f54feb349d415427f248d83e913e5dbd386e9d47b7b99d6917a48

    SHA512

    41fd28eb1b03ad0e7fdcefba14783c04d59ab6448d77e1d104c25f837288b685acd0e03744737d112468dcaa3d3c1de69eebe045627cf22696b074304c0c65d7

  • /data/data/com.rectv.shot/files/PersistedInstallation5205792841708525923tmp

    Filesize

    90B

    MD5

    a616b12e0b7a2c6fbe85651f6c52271e

    SHA1

    df670b429f8d2b3c68dd63932bff0cab17604704

    SHA256

    e5b83752b20e55ff823cebb21da38138b53e0c8baa331e6d5b12a007b16f206f

    SHA512

    fbb33b606aed0a2977db78c50da6c6139013b9d132ac92d76a376fc0313ae8022915529ede1fed93a6a2fcaa6ad9c710dc5802e9dd3f453665dfc29b43755e5d

  • /data/data/com.rectv.shot/files/PersistedInstallation8710977476649554797tmp

    Filesize

    569B

    MD5

    330fd4abf5570919cf7a8f192765910c

    SHA1

    8579f3e7f4fb7a085bfaedf1f355c56ad6ea685c

    SHA256

    6f0fa405d4946855dd064c038e58ad6e2524f0791d1321d7d6bc8968ab7c8dbe

    SHA512

    8080bb6a8d8e51e09cd5a6c234ae37e46cdb3cff4a6c5531547a893db7d6b891c370a5f2db9d6c1efee5e512a632c16254402a5832622723eddf4f3ea9a89dbc

  • /data/data/com.rectv.shot/files/audience_network.dex

    Filesize

    3.1MB

    MD5

    9b8164be4f0ffaedadc82125e5346c14

    SHA1

    c4bf7a6383958b493ed5c4dd6a19862d366fca4a

    SHA256

    8e632284c9b0180ef28e309b4b0f282ef608cfb9d9046df899d8bdac227ea9ce

    SHA512

    352b3e9ef70839d0850ff7ca4a1f19f3df546412ae5cac1243a80588e573fea6371edd4c408a2edf1b48d70a10a5cb579513d3cd38a4b5ccf4b7528dd28704a4

  • /data/data/com.rectv.shot/files/facebook_ml/DATA_DETECTION_ADDRESS_1

    Filesize

    240KB

    MD5

    26e37998b089275a4e2ed9c1be930879

    SHA1

    c48a03938a072a835e403c4f3ae5ca41835d9eb3

    SHA256

    b20563ed7cf7284fde09065b8fbfc3c215efc8679e82bfdbfcee39842a9f3f2e

    SHA512

    e9b888557deced806b6e4e91f229a643e5c50e6a9ab5744c7c30c1cab9b5582e858fc00024cb6e1a8bf90562b8c6cf48dac255668a15f72a5b8d7b43166cbd38

  • /data/data/com.rectv.shot/files/profileInstalled

    Filesize

    24B

    MD5

    bb7373579b8bb75e23b04469d9c5a7bd

    SHA1

    a0d0ba5b93a25475ac33f189f1f4b815c734d494

    SHA256

    dd9af6fc607b2ec8ad4ef6658351ab0f4cb306169e3867699c40bf7745041d30

    SHA512

    1d0d63d8abaaffed8db2f8c4eaf0709ee204d39bccb12c2f1cda512a16aebe92618e1cd64a7f2b20781103191102895b41e571dc5a18f9a01637c5696e9e8a49

  • /data/data/com.rectv.shot/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

    Filesize

    8B

    MD5

    b25318bb59ae622ccf760ed3273528aa

    SHA1

    db22fa32276f246f1e962f2ab8294ff5788966e2

    SHA256

    8843f6deba05700fa87c6872996f06ef7cffe2bb896e1993a43d21025b12a806

    SHA512

    14069afd16fce48e4d221c93d634ab8a56e0732324a73ac16d716838831a87dac14dd6733cc82394fa0dbe8e107b4928868aa09a038adc899cc2fb18d92fd6f2

  • /data/data/com.rectv.shot/no_backup/androidx.work.workdb-journal

    Filesize

    512B

    MD5

    525a823547aa8ec9f9954e670a736b78

    SHA1

    de41deb4f495c16eafb8331f1b5264ed9b4745b8

    SHA256

    cc530fa103dd12b10d60fe1ecfae02cb8e15f6b7960454b03c80c5507d33ee19

    SHA512

    ad69fc080daebb070881d0aae790b5f75fbce4182f0478131731eb708f313af62df7077307ea2556efb273d1b6fdf509568f75ecb08fc778e553145770f9e0da

  • /data/data/com.rectv.shot/no_backup/androidx.work.workdb-wal

    Filesize

    16KB

    MD5

    df7ed4db834f6207f6eb4d979751302a

    SHA1

    c2bdfab00cc39fd7e126851d32074159b00dfad5

    SHA256

    d3942a7329bf3583c0a4c597c52201ae7508245eca4c350a249cb734379c676e

    SHA512

    e515d738fa4be9f4b871604f7be909bf6c027ce53525dd82585928f209a1388670a36ed2c382b7825f2766c61bdb2577dcc34a7a0fe8fb6a2e34dd6ce7588fb5

  • /data/data/com.rectv.shot/no_backup/androidx.work.workdb-wal

    Filesize

    108KB

    MD5

    b258f2e9b75d6a36e7cba121f40ff1e3

    SHA1

    34e71cdbcb121ee2127bee9417d17c0fd96a1186

    SHA256

    a2c766069b3a56f688719f0a682c2c75b3221523d1c403a98d21cacf44c45024

    SHA512

    0188bb8d63d9ff7a274c9a3984aae3bdffddee27cf13e9f31b531f3e3699b1e8daf163f43c4fbe2dba6cbec1c6c10950d98180bed74b45214405286185133f68

  • /data/misc/profiles/cur/0/com.rectv.shot/primary.prof

    Filesize

    8KB

    MD5

    065c4ee92926d1e4ba0cfa69f5b535c3

    SHA1

    7f6c244a3737e315b8d4a5967019305bfd84fbce

    SHA256

    d408218ded1aa6ca194d4b6f09d619fbb0a91c40c473d2126f7c98a4eb7b62a7

    SHA512

    53629ac9b3d7bab9530fc68ae749cbfc0481a95f519266540c5c25396d9656d6cec0cf7500224a7343f08ff01fe919af174ccccdf7550d432e071f4dcbdba17c

  • /data/user/0/com.rectv.shot/files/audience_network.dex

    Filesize

    3.1MB

    MD5

    1a1c4a86c349f59879a21c1d29e05d63

    SHA1

    e46fb2259be158107c2b87222f8f17d817812f7f

    SHA256

    222bb52a333a1375364c0c91e680013ddb4314f03ec684970a2543b04b492328

    SHA512

    63dba4aebc2750028fbe5bb94d83e07ad5c1ab395d02a830fa4aee45d71eeb06841990f29e5c2fbc97933090d1466bbca6f35b6afef25f75216cba937ce036b2