Analysis
-
max time kernel
47s -
max time network
148s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
10-11-2024 11:15
Static task
static1
Behavioral task
behavioral1
Sample
rectv16.4.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
rectv16.4.apk
Resource
android-x64-20240624-en
General
-
Target
rectv16.4.apk
-
Size
54.6MB
-
MD5
d5fd170a8d9eee15d0b67097527215fe
-
SHA1
80b860ed2fd14780d0f0ed06510d3b8eed48d61a
-
SHA256
f245537c2cdbbf0221df21d4e5ad42d5673335038a0552100a14b6a0feb22637
-
SHA512
899bd25845767087c0e66f1c9d3bf44263892c7a031b1a7c882c0f8f46a66ff7f8c7622c7d27b63dce5989d2be559132b8bbc51f7d0aacbd306b88134bd16950
-
SSDEEP
786432:3m4fhy+Xh9Pn4KxJQL71ySqRtWzaNxPlfAUzRmTuKWTIwMCLxAhLocjfk/6+ugLJ:fPn4gJTSJqlfA4YFChKd3j8/7LdYqvmk
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
Processes:
com.rectv.shotioc process /sbin/su com.rectv.shot /system/app/Superuser.apk com.rectv.shot /system/xbin/su com.rectv.shot -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.rectv.shotioc pid process /data/user/0/com.rectv.shot/files/audience_network.dex 5069 com.rectv.shot /data/user/0/com.rectv.shot/files/audience_network.dex 5069 com.rectv.shot -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.rectv.shotdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.rectv.shot -
Acquires the wake lock 1 IoCs
Processes:
com.rectv.shotdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.rectv.shot -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.rectv.shotdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.rectv.shot -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.rectv.shotdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.rectv.shot -
Checks the presence of a debugger
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.rectv.shotdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.rectv.shot -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.rectv.shotdescription ioc process File opened for read /proc/cpuinfo com.rectv.shot -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.rectv.shotdescription ioc process File opened for read /proc/meminfo com.rectv.shot
Processes
-
com.rectv.shot1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:5069
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB
MD5c9cbb69d561b6c2a679ab7f81f91fced
SHA1770a00202a61f088b0db76a920afe051616f0b45
SHA2565652ee1ab4f0b243e96f2d400a14659d9c1652fba21ee0fd9cd5417215c8c95b
SHA5123fe714d9cca3903326370a592c1d29949e35a4bab72d9ea82827f242b5735616efb0859c5b83132ace213aad5c6d9bcdaac43eae0a8ded9bcaccffb46a3816f3
-
Filesize
512B
MD5922f592821b938df0a574bf814240833
SHA1dec34b89e641741cf60a888236b2f851855b9122
SHA25653b8951b3d71c895615d28d9264199de1f41fe16ad04515100de0aacf10dd09f
SHA512f8cafcb24a4d9cf52e1e11b828b37c35bd533f13d63a302f5c2c08f3b41f02dddc3661684bd79325a72acdb01c69e59bb0546acba9b678e8a25425f9c6269425
-
Filesize
8KB
MD5368f1f3a68973dec141b850a34c821d4
SHA163c1d039eab3805272bc03976dc4872c77ce6f59
SHA256e4435d09760a8f4040643042c922bc529b9de98b8dd62f958221f950d2085175
SHA512d3fde120ebde6ec27f7884f47de6e6197872d2cca16ebe94463c1fc5d21bb038e5835372db3f7d4d80fce4779c15d0fae387e8893e16d0e4534343085c414480
-
Filesize
8KB
MD51112f607e10539941a774f0738ac2cab
SHA1a9c14725fe62b2bb76b04e992eaa179d2c1fbf4e
SHA256eda674771d8dec5318a6c1e1452811541a469b126a553ffb8d6291282c20324f
SHA512fcf395964536aa58498c336896b964788ebe3ec74a098e27cbce0b70f00d9913dc306b0d5b63e16503b51cf919c57af1c5953b16bbb2198628b8d0ddb034831a
-
Filesize
16KB
MD5eb52a90bb70b76e946b62f50b6f7fb85
SHA142d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA25648472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c
-
Filesize
16KB
MD59811d8e49ca3f301c0d78574caa7adb6
SHA1363cff6b219b8b5f231044c68ec1910e8b542f7c
SHA256cb5bac0d73bafc803e3c2fe071db23c6844fe84a84c1bf7d43644186dd78aa22
SHA512f7c0540854ffce4e854c0dadba38770c22ba2b5354cecb9fe9fe9ef729a80968b796575a32a7c16e490834b2e8534dc100127b7a9597273742ac1a026e492f5a
-
Filesize
16KB
MD5b5b133b27ee2b864c9971f819fc21f24
SHA126f47c47020c1cdb4448a031ef76f12cbc3076fd
SHA256b9c55977681e162135ce31c43631734dbe583cf31d41d0f8098de0cd2e3543fb
SHA5124f610725963e7e164da8d1ac162393ee27f83b2262aa258809ff59668ecf60c71b13282b6920a51faa567cd9dd0c8565c8f0dac6e590e327cf569ad211c8042a
-
Filesize
16KB
MD50afb9810989538e0ee78edce7666bf2e
SHA14504b77e8e57e14d3f93b7776ddcc5a12928325e
SHA25610bcdf6585660c398eefa0679858b236a82b750de6cf721388d07296b7eca878
SHA51257fc14add9ef48b638dfb3adffc1d819822421d6ec997c5ccf63e94c87bb7e5c6d7ed32a44981aaa7c51e0d80d74a9dcfc18ce10723400c91caf6e57476bd97f
-
Filesize
16KB
MD559e81662f52793f08163fcd5e18ac242
SHA18905ca126e27f14585a70e522492d55165fef036
SHA2564e1bbddd386e08fa75523338a89b726c41a8defd502b82c0cc7036046a815024
SHA51242ec9eb799142b9cb8d83a0ee56e82d90ace46bc8f48e0fc22f895ef2717840c65131a586b2dcd99a859d9dc656e373f5788c6812616c0cab95a6d869ed97c34
-
Filesize
16KB
MD51fd548b64cb2d59ccdf49ce436ce0f8e
SHA1f953d3c7b485f1021b5f6624cae5ba779068590e
SHA25695884b1255fb06b3609ba8eaa00fde3ae1ed390f147e7ad411b55b7a04b2c804
SHA512ddb2ac9796fc4d9fb2bab034baee4d7f55b498e0935b06e9105c6a88b4dbeb39cbea96afb3b1f52d52f225dae6b221e83fef5e6816c117a4ead412ac88735c4e
-
Filesize
512B
MD5694389966195684497f435a588b56358
SHA136fb62b6d46776157370c908d88734c96af8ae38
SHA256549d59a79555089b82ab2a31f42360539b3f9955828fa3123fc889bc067ed049
SHA5127899df0d03336380cab7ceb5834fb4f0b3f344647452866c9507f0bfc638a9c9244380f901626ae6c6791f5e166d8e17e860c3bf5489b631ea87938d4387f66f
-
Filesize
8KB
MD592c027dc4c443e4ca48e5c6d3ac04094
SHA1d1087387b8cfd3cd05c3201e9eb5f5190cc28382
SHA256beecd1c16778ae6a9cc1649ef409a744adbc7dcddb1eb1227b1d5521d9413b09
SHA512a814ef517192fd0ce5cac9113490bc022f4655a265c98b9b6a5dc0c6a43564891f0f82d534dcf766a801e51eadd2110b46f50f6b4975638ffb57ea7fc91c9518
-
Filesize
4KB
MD5086bfb04f7477237e1fefa3c5fd97a19
SHA12bc764f3c065ce8d25e687caafda92b7fb403f56
SHA256e4ff2d0907d0cd59333eedd40e165ea71344db7b9a51872dc3c402d46f651264
SHA512448159420931711a04cbfbe39c2c257b42edaa1ef4f92abea9fdc992852242a629f4f3959cf12487b6b60dd47bbb22d1e23ad2a575300c1b3fa310cbd386143d
-
Filesize
8KB
MD53b5cdf71b07888855b9a6f3316f20711
SHA1c4bc575421e4868f7f1bfd70352c6a581ca48bcd
SHA256cff707d1a15aaeaf2be37f9ec51231f2294e82dd9af3568355f39eb969c49369
SHA512847b0c87a5aa7b2c06d0e23eea697796fcb78956bb2ae67ba5b4d69efd89fd11c8582d608ec05c5769db45b8c27fbad2feba2920d2309bcd26925f326f162b30
-
Filesize
8KB
MD512099d47940a894efbec315e14154a96
SHA13d4fc4b8fe0451733b77adb6b83519121214239b
SHA2563a81620a4fafe3fc75bf3015a5f49203312e8326ea7f58fa11e47b81132631e3
SHA512fe65ef2146604614207a983a146141e676c7a2232b725228746f1ed67f58aa7db9c245bb63c0082068b7e6a6cec7c3f1de0b6ef271557aec7b89911d8397b7a4
-
Filesize
8KB
MD576a7d1f9d219965940df7d6968b0cd73
SHA1f82ae9b18ca7fef5d339c6389508ebd7c784d1f6
SHA256f04376c11a0f3acf79349bc879d9951cebb4dc20e240e4efce73f91abc93c320
SHA512886fd52e84b3bfd68853b07356388de54046fb1bba7903b6bfb980bb946e41ab73e7f518f3c42eae1669044a39bc34ada77b36edaded26b429a4c12258de8241
-
/data/data/com.rectv.shot/files/.com.google.firebase.crashlytics.files.v2:com.rectv.shot/com.crashlytics.settings.json
Filesize710B
MD5707ba426219381e6a92ef4948af5954b
SHA124164e610b4bf0a79b857cc088693c70e6b28863
SHA256f91de762cdb0f05916b47338e2b228ee647f5d98f524901eb811dc9317fe1e6d
SHA5124892b9b05d366777243a4f3131367373d6f647d1d93d98318e03423820eac533eb328a0f37a5437eda94cc5afc8a54ff1b3eeb35b7d50c0b40c4d9787b2dcbd6
-
/data/data/com.rectv.shot/files/.com.google.firebase.crashlytics.files.v2:com.rectv.shot/open-sessions/673095EB0034000113CD08F7D3D58ED7/report
Filesize738B
MD52e9d7d6fac00834e3afac33bb94f76a8
SHA1230e71ed6da53a4ec35f6809b54d5cdfc3e9130b
SHA25631f7f670d42c8cb6ceb53ab419730ea744cc61ebc02d8b4e40d7bf59784d87e9
SHA512e2daa1ebd8279fd0568bbaf56bef97926ec06a3d1b0626e6ac9c3937e01fbc9a2f339c841648e9c02d0f84613fd3e1d6d10543255039581eceb994926d95a508
-
/data/data/com.rectv.shot/files/.com.google.firebase.crashlytics.files.v2:com.rectv.shot/open-sessions/673095EB0034000113CD08F7D3D58ED7/userlog
Filesize192B
MD512fdd6a23f913c67a58481418a9f847b
SHA126f58f0509fb98f70a3c698f970ecd8a289e3def
SHA2560d5436c51ac831bd1bb792a2e9bbfbf3e135cde99b36cb67d49f94f0b13716de
SHA51250f9b3bc13c7a8c865b44d76136e064f5fd47d63cf413c3e10bcc1725aa49f4860c1c357fc50f35e164df1a8f5e35bd34a1d951be424bda9506fe1ddaac6104f
-
/data/data/com.rectv.shot/files/.com.google.firebase.crashlytics.files.v2:com.rectv.shot/open-sessions/673095EB0034000113CD08F7D3D58ED7/userlog.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
Filesize
569B
MD5fcc59add96de2b90816a4e872c0963f2
SHA18e59a84607c2f64199d6904a06cdee12880932b5
SHA2561db248d7096c1bb2cbb9f77a86a62ba9e001efa499a2e0158b33a66479ee7ced
SHA51230cf189bb7c359574f2ef5270a3135e8cca0702b127ca250388fb6ff8007c5b3ab9c48bbfa372086d490fa79005679604794c985058bb65a8e696afddd54bb9f
-
Filesize
90B
MD5adaa41bcfb2c86fa97ef04a8f90b66fb
SHA175500118aa980189318f8b8a24825ae0063a43d9
SHA256a641ea53faaff6081f58f71f8089674373423d9b725393ed91c5f8bb26992eff
SHA5123da62e8e7e25e3637f80a3d069f5b412ef1ded7e359c13fe9d5d5e45901528f29926b50f370b51e03acc75b539955f6e1856e0cfad72b91c59691c383d5bf9c7
-
Filesize
3.1MB
MD59b8164be4f0ffaedadc82125e5346c14
SHA1c4bf7a6383958b493ed5c4dd6a19862d366fca4a
SHA2568e632284c9b0180ef28e309b4b0f282ef608cfb9d9046df899d8bdac227ea9ce
SHA512352b3e9ef70839d0850ff7ca4a1f19f3df546412ae5cac1243a80588e573fea6371edd4c408a2edf1b48d70a10a5cb579513d3cd38a4b5ccf4b7528dd28704a4
-
Filesize
240KB
MD526e37998b089275a4e2ed9c1be930879
SHA1c48a03938a072a835e403c4f3ae5ca41835d9eb3
SHA256b20563ed7cf7284fde09065b8fbfc3c215efc8679e82bfdbfcee39842a9f3f2e
SHA512e9b888557deced806b6e4e91f229a643e5c50e6a9ab5744c7c30c1cab9b5582e858fc00024cb6e1a8bf90562b8c6cf48dac255668a15f72a5b8d7b43166cbd38
-
Filesize
24B
MD561fab1861efd7c638ce7762f875c57ef
SHA11d920f9d27bab5f26700172fa0cd52df2d229b90
SHA25654cb3d589bdaa79e7aa03965d4c18fca75e6797a1230d10681f9ac83c5c57fa0
SHA5123ab31c7ddd572e2bdd1c55b5513266285768d72036ce3b396591d577f05905cb47292349ac9901e37df7c82048e1e070748853a1173559c6f4c342631eaf8ee1
-
Filesize
8B
MD5119ed2e8ccd8814c276303ddbda447e7
SHA176f9e53ec28d5b59f48c3ecf05f911db043b694c
SHA256950565fda4230d0b0b38541ca7d74c989fd0f2860307e2650bf1354f5861b7d2
SHA5121d63ba797cf781bb9143b4010b2a740a1af594516960df6dace09c2e9be72735d56f70e21e064c5861166abde47f7add3a69c8f5044a547205b5aaa70807f2c8
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD547ad9d75b2e0851ec472dac53a6b5fdc
SHA136757ac59c3c91546793f499a47a9a1154cf9be7
SHA256c29e04361c5870e48638e919511e42cc4beca53c8da20781c0a34d5506c2b9aa
SHA5124ab0dadeca28f84e4abc2550575de6ff350f4e23ad02ef97bf10fd5ecfbd3cd3b81afdfd98b893d044675c841a162038462de33b2c0670e93f9b672cb7f066be
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD5cfcc0e108beaddf43d2e1aacd8c1053f
SHA197bebdaf9fa7e6e6935e4247113ee0aa4b155bb3
SHA256d9024c21100dffaaa8ee582086aafc43467e6103cb112334efabedc3f49addba
SHA512e1d38f76b1b32a047b164ef9c9229966d273b6d43c9ac2b39a8d391755af2c754211b8f28cf850f164f3671f55f71cdd8ed25e00650f2e23040d251757dbb9ca
-
Filesize
108KB
MD549b2733ef5237d122e17816e3ae50d84
SHA19d23968b1ac79a3c1ca734ac51e6bebcaf8d1ad2
SHA2561746f9e7b4e85d1cdffa0b44538c3be7e43313fc3bd2cadc3170743672e4bf9d
SHA5126e4e7b501f8a72e055f51500a15f4ea9d6e2b9fabacae75dcf429f1014e044be3e2e819b650584b40821486a83619d8ba9d4004425707aec20db41aa695d3e6d
-
Filesize
8KB
MD5065c4ee92926d1e4ba0cfa69f5b535c3
SHA17f6c244a3737e315b8d4a5967019305bfd84fbce
SHA256d408218ded1aa6ca194d4b6f09d619fbb0a91c40c473d2126f7c98a4eb7b62a7
SHA51253629ac9b3d7bab9530fc68ae749cbfc0481a95f519266540c5c25396d9656d6cec0cf7500224a7343f08ff01fe919af174ccccdf7550d432e071f4dcbdba17c
-
Filesize
21KB
MD52ca723c79a6f3746b2216cf07c2261eb
SHA155cd3420c4ec0064b64356907429a535f18dfe09
SHA256a47a13b61edb402987fc95f3358b8c02cf6144729ff227c2b52abf378f26dcdf
SHA5120ad6bb29f5a9e5752e2135ae5f87726fff5e067cc0ee4d42218b5ce9cb8f82c46201b7d678af2ef5177293543a9eb24caedc2e5db4e85a396a601f9110a5f98f