Analysis
-
max time kernel
32s -
max time network
132s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
10-11-2024 11:15
Static task
static1
Behavioral task
behavioral1
Sample
rectv16.4.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
rectv16.4.apk
Resource
android-x64-20240624-en
General
-
Target
rectv16.4.apk
-
Size
54.6MB
-
MD5
d5fd170a8d9eee15d0b67097527215fe
-
SHA1
80b860ed2fd14780d0f0ed06510d3b8eed48d61a
-
SHA256
f245537c2cdbbf0221df21d4e5ad42d5673335038a0552100a14b6a0feb22637
-
SHA512
899bd25845767087c0e66f1c9d3bf44263892c7a031b1a7c882c0f8f46a66ff7f8c7622c7d27b63dce5989d2be559132b8bbc51f7d0aacbd306b88134bd16950
-
SSDEEP
786432:3m4fhy+Xh9Pn4KxJQL71ySqRtWzaNxPlfAUzRmTuKWTIwMCLxAhLocjfk/6+ugLJ:fPn4gJTSJqlfA4YFChKd3j8/7LdYqvmk
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
Processes:
com.rectv.shotioc process /system/app/Superuser.apk com.rectv.shot /system/xbin/su com.rectv.shot /sbin/su com.rectv.shot -
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.rectv.shot/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.rectv.shot/files/audience_network.dex --output-vdex-fd=154 --oat-fd=155 --oat-location=/data/user/0/com.rectv.shot/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&ioc pid process /data/user/0/com.rectv.shot/files/audience_network.dex 4271 com.rectv.shot /data/user/0/com.rectv.shot/files/audience_network.dex 4466 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.rectv.shot/files/audience_network.dex --output-vdex-fd=154 --oat-fd=155 --oat-location=/data/user/0/com.rectv.shot/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.rectv.shot/files/audience_network.dex 4271 com.rectv.shot -
Acquires the wake lock 1 IoCs
Processes:
com.rectv.shotdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.rectv.shot -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.rectv.shotdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.rectv.shot -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.rectv.shotdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.rectv.shot -
Checks the presence of a debugger
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.rectv.shotdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.rectv.shot -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.rectv.shotdescription ioc process File opened for read /proc/cpuinfo com.rectv.shot -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.rectv.shotdescription ioc process File opened for read /proc/meminfo com.rectv.shot
Processes
-
com.rectv.shot1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4271 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.rectv.shot/files/audience_network.dex --output-vdex-fd=154 --oat-fd=155 --oat-location=/data/user/0/com.rectv.shot/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4466
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD59a148130f72e11b2f27e0dd51005a077
SHA153681b15fb95576fe77e24d71899fc64f600afd7
SHA2569d51a86ae5795056ed72c876336558530d51ca76ff03b6c9d4a4bdc9f7166f2e
SHA512926064f3029f7f687ac271fa593d626972948b4c6c53784abd9de58f3e96bc9bfe93b1dd6739c3b920b7caf0f5e5927031397192f620a2da1d30d165843718e8
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
68KB
MD57cb22e5ea16b540fdfdec7f01327bba9
SHA1b32df0bfd284971033d87a79b7f5d2871eac4494
SHA256155bfd64d0ee6ee3c4aa1a8f91e7db319a1fc993e10e3fe1a38e97a50f03002a
SHA5124772e84f02e5c183bb45ff35d73c0982126aa006f4314c79085fcd06a03dd8a703362f72cc2888582eb4bcd9b3c67b6d74c51b7fe97572327b23fcee27d39d7c
-
/data/data/com.rectv.shot/files/.com.google.firebase.crashlytics.files.v2:com.rectv.shot/com.crashlytics.settings.json
Filesize710B
MD52e08c626554356bbbe9103fb41e339a6
SHA1b782f36b189b39fbac4b3c9f15302fba7f686ecc
SHA2560afe9085389968b21032550bd21b0cf7f334950213e2bc3031ee95b0c9576137
SHA5121c34e426abf016861f71820137e5cc0eab201dcfc57b2f02a28d6a95fa5a7441c6fe04c85671aa7c2b47e6fd9ab0e51578cee7e7daf768f98e7ed0a0bbfbbebd
-
/data/data/com.rectv.shot/files/.com.google.firebase.crashlytics.files.v2:com.rectv.shot/open-sessions/673095EC000F000110AF31A255B5BC70/report
Filesize737B
MD5e5d46eedb79f9308e4d264ac84b71fbd
SHA12a6a8a864d7964ba83c653dbde9471288b304346
SHA256e88600b8fc8f54feb349d415427f248d83e913e5dbd386e9d47b7b99d6917a48
SHA51241fd28eb1b03ad0e7fdcefba14783c04d59ab6448d77e1d104c25f837288b685acd0e03744737d112468dcaa3d3c1de69eebe045627cf22696b074304c0c65d7
-
Filesize
90B
MD5a616b12e0b7a2c6fbe85651f6c52271e
SHA1df670b429f8d2b3c68dd63932bff0cab17604704
SHA256e5b83752b20e55ff823cebb21da38138b53e0c8baa331e6d5b12a007b16f206f
SHA512fbb33b606aed0a2977db78c50da6c6139013b9d132ac92d76a376fc0313ae8022915529ede1fed93a6a2fcaa6ad9c710dc5802e9dd3f453665dfc29b43755e5d
-
Filesize
569B
MD5330fd4abf5570919cf7a8f192765910c
SHA18579f3e7f4fb7a085bfaedf1f355c56ad6ea685c
SHA2566f0fa405d4946855dd064c038e58ad6e2524f0791d1321d7d6bc8968ab7c8dbe
SHA5128080bb6a8d8e51e09cd5a6c234ae37e46cdb3cff4a6c5531547a893db7d6b891c370a5f2db9d6c1efee5e512a632c16254402a5832622723eddf4f3ea9a89dbc
-
Filesize
3.1MB
MD59b8164be4f0ffaedadc82125e5346c14
SHA1c4bf7a6383958b493ed5c4dd6a19862d366fca4a
SHA2568e632284c9b0180ef28e309b4b0f282ef608cfb9d9046df899d8bdac227ea9ce
SHA512352b3e9ef70839d0850ff7ca4a1f19f3df546412ae5cac1243a80588e573fea6371edd4c408a2edf1b48d70a10a5cb579513d3cd38a4b5ccf4b7528dd28704a4
-
Filesize
240KB
MD526e37998b089275a4e2ed9c1be930879
SHA1c48a03938a072a835e403c4f3ae5ca41835d9eb3
SHA256b20563ed7cf7284fde09065b8fbfc3c215efc8679e82bfdbfcee39842a9f3f2e
SHA512e9b888557deced806b6e4e91f229a643e5c50e6a9ab5744c7c30c1cab9b5582e858fc00024cb6e1a8bf90562b8c6cf48dac255668a15f72a5b8d7b43166cbd38
-
Filesize
24B
MD5bb7373579b8bb75e23b04469d9c5a7bd
SHA1a0d0ba5b93a25475ac33f189f1f4b815c734d494
SHA256dd9af6fc607b2ec8ad4ef6658351ab0f4cb306169e3867699c40bf7745041d30
SHA5121d0d63d8abaaffed8db2f8c4eaf0709ee204d39bccb12c2f1cda512a16aebe92618e1cd64a7f2b20781103191102895b41e571dc5a18f9a01637c5696e9e8a49
-
Filesize
8B
MD5b25318bb59ae622ccf760ed3273528aa
SHA1db22fa32276f246f1e962f2ab8294ff5788966e2
SHA2568843f6deba05700fa87c6872996f06ef7cffe2bb896e1993a43d21025b12a806
SHA51214069afd16fce48e4d221c93d634ab8a56e0732324a73ac16d716838831a87dac14dd6733cc82394fa0dbe8e107b4928868aa09a038adc899cc2fb18d92fd6f2
-
Filesize
512B
MD5525a823547aa8ec9f9954e670a736b78
SHA1de41deb4f495c16eafb8331f1b5264ed9b4745b8
SHA256cc530fa103dd12b10d60fe1ecfae02cb8e15f6b7960454b03c80c5507d33ee19
SHA512ad69fc080daebb070881d0aae790b5f75fbce4182f0478131731eb708f313af62df7077307ea2556efb273d1b6fdf509568f75ecb08fc778e553145770f9e0da
-
Filesize
16KB
MD5df7ed4db834f6207f6eb4d979751302a
SHA1c2bdfab00cc39fd7e126851d32074159b00dfad5
SHA256d3942a7329bf3583c0a4c597c52201ae7508245eca4c350a249cb734379c676e
SHA512e515d738fa4be9f4b871604f7be909bf6c027ce53525dd82585928f209a1388670a36ed2c382b7825f2766c61bdb2577dcc34a7a0fe8fb6a2e34dd6ce7588fb5
-
Filesize
108KB
MD5b258f2e9b75d6a36e7cba121f40ff1e3
SHA134e71cdbcb121ee2127bee9417d17c0fd96a1186
SHA256a2c766069b3a56f688719f0a682c2c75b3221523d1c403a98d21cacf44c45024
SHA5120188bb8d63d9ff7a274c9a3984aae3bdffddee27cf13e9f31b531f3e3699b1e8daf163f43c4fbe2dba6cbec1c6c10950d98180bed74b45214405286185133f68
-
Filesize
8KB
MD5065c4ee92926d1e4ba0cfa69f5b535c3
SHA17f6c244a3737e315b8d4a5967019305bfd84fbce
SHA256d408218ded1aa6ca194d4b6f09d619fbb0a91c40c473d2126f7c98a4eb7b62a7
SHA51253629ac9b3d7bab9530fc68ae749cbfc0481a95f519266540c5c25396d9656d6cec0cf7500224a7343f08ff01fe919af174ccccdf7550d432e071f4dcbdba17c
-
Filesize
3.1MB
MD51a1c4a86c349f59879a21c1d29e05d63
SHA1e46fb2259be158107c2b87222f8f17d817812f7f
SHA256222bb52a333a1375364c0c91e680013ddb4314f03ec684970a2543b04b492328
SHA51263dba4aebc2750028fbe5bb94d83e07ad5c1ab395d02a830fa4aee45d71eeb06841990f29e5c2fbc97933090d1466bbca6f35b6afef25f75216cba937ce036b2