Analysis

  • max time kernel
    47s
  • max time network
    148s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    10-11-2024 11:15

General

  • Target

    rectv16.4.apk

  • Size

    54.6MB

  • MD5

    d5fd170a8d9eee15d0b67097527215fe

  • SHA1

    80b860ed2fd14780d0f0ed06510d3b8eed48d61a

  • SHA256

    f245537c2cdbbf0221df21d4e5ad42d5673335038a0552100a14b6a0feb22637

  • SHA512

    899bd25845767087c0e66f1c9d3bf44263892c7a031b1a7c882c0f8f46a66ff7f8c7622c7d27b63dce5989d2be559132b8bbc51f7d0aacbd306b88134bd16950

  • SSDEEP

    786432:3m4fhy+Xh9Pn4KxJQL71ySqRtWzaNxPlfAUzRmTuKWTIwMCLxAhLocjfk/6+ugLJ:fPn4gJTSJqlfA4YFChKd3j8/7LdYqvmk

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 3 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Checks the presence of a debugger
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.rectv.shot
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:5069

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.rectv.shot/databases/com.google.android.datatransport.events

    Filesize

    56KB

    MD5

    c9cbb69d561b6c2a679ab7f81f91fced

    SHA1

    770a00202a61f088b0db76a920afe051616f0b45

    SHA256

    5652ee1ab4f0b243e96f2d400a14659d9c1652fba21ee0fd9cd5417215c8c95b

    SHA512

    3fe714d9cca3903326370a592c1d29949e35a4bab72d9ea82827f242b5735616efb0859c5b83132ace213aad5c6d9bcdaac43eae0a8ded9bcaccffb46a3816f3

  • /data/data/com.rectv.shot/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    922f592821b938df0a574bf814240833

    SHA1

    dec34b89e641741cf60a888236b2f851855b9122

    SHA256

    53b8951b3d71c895615d28d9264199de1f41fe16ad04515100de0aacf10dd09f

    SHA512

    f8cafcb24a4d9cf52e1e11b828b37c35bd533f13d63a302f5c2c08f3b41f02dddc3661684bd79325a72acdb01c69e59bb0546acba9b678e8a25425f9c6269425

  • /data/data/com.rectv.shot/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    368f1f3a68973dec141b850a34c821d4

    SHA1

    63c1d039eab3805272bc03976dc4872c77ce6f59

    SHA256

    e4435d09760a8f4040643042c922bc529b9de98b8dd62f958221f950d2085175

    SHA512

    d3fde120ebde6ec27f7884f47de6e6197872d2cca16ebe94463c1fc5d21bb038e5835372db3f7d4d80fce4779c15d0fae387e8893e16d0e4534343085c414480

  • /data/data/com.rectv.shot/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    1112f607e10539941a774f0738ac2cab

    SHA1

    a9c14725fe62b2bb76b04e992eaa179d2c1fbf4e

    SHA256

    eda674771d8dec5318a6c1e1452811541a469b126a553ffb8d6291282c20324f

    SHA512

    fcf395964536aa58498c336896b964788ebe3ec74a098e27cbce0b70f00d9913dc306b0d5b63e16503b51cf919c57af1c5953b16bbb2198628b8d0ddb034831a

  • /data/data/com.rectv.shot/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    eb52a90bb70b76e946b62f50b6f7fb85

    SHA1

    42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

    SHA256

    48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

    SHA512

    b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

  • /data/data/com.rectv.shot/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    9811d8e49ca3f301c0d78574caa7adb6

    SHA1

    363cff6b219b8b5f231044c68ec1910e8b542f7c

    SHA256

    cb5bac0d73bafc803e3c2fe071db23c6844fe84a84c1bf7d43644186dd78aa22

    SHA512

    f7c0540854ffce4e854c0dadba38770c22ba2b5354cecb9fe9fe9ef729a80968b796575a32a7c16e490834b2e8534dc100127b7a9597273742ac1a026e492f5a

  • /data/data/com.rectv.shot/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    b5b133b27ee2b864c9971f819fc21f24

    SHA1

    26f47c47020c1cdb4448a031ef76f12cbc3076fd

    SHA256

    b9c55977681e162135ce31c43631734dbe583cf31d41d0f8098de0cd2e3543fb

    SHA512

    4f610725963e7e164da8d1ac162393ee27f83b2262aa258809ff59668ecf60c71b13282b6920a51faa567cd9dd0c8565c8f0dac6e590e327cf569ad211c8042a

  • /data/data/com.rectv.shot/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    0afb9810989538e0ee78edce7666bf2e

    SHA1

    4504b77e8e57e14d3f93b7776ddcc5a12928325e

    SHA256

    10bcdf6585660c398eefa0679858b236a82b750de6cf721388d07296b7eca878

    SHA512

    57fc14add9ef48b638dfb3adffc1d819822421d6ec997c5ccf63e94c87bb7e5c6d7ed32a44981aaa7c51e0d80d74a9dcfc18ce10723400c91caf6e57476bd97f

  • /data/data/com.rectv.shot/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    59e81662f52793f08163fcd5e18ac242

    SHA1

    8905ca126e27f14585a70e522492d55165fef036

    SHA256

    4e1bbddd386e08fa75523338a89b726c41a8defd502b82c0cc7036046a815024

    SHA512

    42ec9eb799142b9cb8d83a0ee56e82d90ace46bc8f48e0fc22f895ef2717840c65131a586b2dcd99a859d9dc656e373f5788c6812616c0cab95a6d869ed97c34

  • /data/data/com.rectv.shot/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    1fd548b64cb2d59ccdf49ce436ce0f8e

    SHA1

    f953d3c7b485f1021b5f6624cae5ba779068590e

    SHA256

    95884b1255fb06b3609ba8eaa00fde3ae1ed390f147e7ad411b55b7a04b2c804

    SHA512

    ddb2ac9796fc4d9fb2bab034baee4d7f55b498e0935b06e9105c6a88b4dbeb39cbea96afb3b1f52d52f225dae6b221e83fef5e6816c117a4ead412ac88735c4e

  • /data/data/com.rectv.shot/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    694389966195684497f435a588b56358

    SHA1

    36fb62b6d46776157370c908d88734c96af8ae38

    SHA256

    549d59a79555089b82ab2a31f42360539b3f9955828fa3123fc889bc067ed049

    SHA512

    7899df0d03336380cab7ceb5834fb4f0b3f344647452866c9507f0bfc638a9c9244380f901626ae6c6791f5e166d8e17e860c3bf5489b631ea87938d4387f66f

  • /data/data/com.rectv.shot/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    92c027dc4c443e4ca48e5c6d3ac04094

    SHA1

    d1087387b8cfd3cd05c3201e9eb5f5190cc28382

    SHA256

    beecd1c16778ae6a9cc1649ef409a744adbc7dcddb1eb1227b1d5521d9413b09

    SHA512

    a814ef517192fd0ce5cac9113490bc022f4655a265c98b9b6a5dc0c6a43564891f0f82d534dcf766a801e51eadd2110b46f50f6b4975638ffb57ea7fc91c9518

  • /data/data/com.rectv.shot/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    086bfb04f7477237e1fefa3c5fd97a19

    SHA1

    2bc764f3c065ce8d25e687caafda92b7fb403f56

    SHA256

    e4ff2d0907d0cd59333eedd40e165ea71344db7b9a51872dc3c402d46f651264

    SHA512

    448159420931711a04cbfbe39c2c257b42edaa1ef4f92abea9fdc992852242a629f4f3959cf12487b6b60dd47bbb22d1e23ad2a575300c1b3fa310cbd386143d

  • /data/data/com.rectv.shot/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    3b5cdf71b07888855b9a6f3316f20711

    SHA1

    c4bc575421e4868f7f1bfd70352c6a581ca48bcd

    SHA256

    cff707d1a15aaeaf2be37f9ec51231f2294e82dd9af3568355f39eb969c49369

    SHA512

    847b0c87a5aa7b2c06d0e23eea697796fcb78956bb2ae67ba5b4d69efd89fd11c8582d608ec05c5769db45b8c27fbad2feba2920d2309bcd26925f326f162b30

  • /data/data/com.rectv.shot/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    12099d47940a894efbec315e14154a96

    SHA1

    3d4fc4b8fe0451733b77adb6b83519121214239b

    SHA256

    3a81620a4fafe3fc75bf3015a5f49203312e8326ea7f58fa11e47b81132631e3

    SHA512

    fe65ef2146604614207a983a146141e676c7a2232b725228746f1ed67f58aa7db9c245bb63c0082068b7e6a6cec7c3f1de0b6ef271557aec7b89911d8397b7a4

  • /data/data/com.rectv.shot/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    76a7d1f9d219965940df7d6968b0cd73

    SHA1

    f82ae9b18ca7fef5d339c6389508ebd7c784d1f6

    SHA256

    f04376c11a0f3acf79349bc879d9951cebb4dc20e240e4efce73f91abc93c320

    SHA512

    886fd52e84b3bfd68853b07356388de54046fb1bba7903b6bfb980bb946e41ab73e7f518f3c42eae1669044a39bc34ada77b36edaded26b429a4c12258de8241

  • /data/data/com.rectv.shot/files/.com.google.firebase.crashlytics.files.v2:com.rectv.shot/com.crashlytics.settings.json

    Filesize

    710B

    MD5

    707ba426219381e6a92ef4948af5954b

    SHA1

    24164e610b4bf0a79b857cc088693c70e6b28863

    SHA256

    f91de762cdb0f05916b47338e2b228ee647f5d98f524901eb811dc9317fe1e6d

    SHA512

    4892b9b05d366777243a4f3131367373d6f647d1d93d98318e03423820eac533eb328a0f37a5437eda94cc5afc8a54ff1b3eeb35b7d50c0b40c4d9787b2dcbd6

  • /data/data/com.rectv.shot/files/.com.google.firebase.crashlytics.files.v2:com.rectv.shot/open-sessions/673095EB0034000113CD08F7D3D58ED7/report

    Filesize

    738B

    MD5

    2e9d7d6fac00834e3afac33bb94f76a8

    SHA1

    230e71ed6da53a4ec35f6809b54d5cdfc3e9130b

    SHA256

    31f7f670d42c8cb6ceb53ab419730ea744cc61ebc02d8b4e40d7bf59784d87e9

    SHA512

    e2daa1ebd8279fd0568bbaf56bef97926ec06a3d1b0626e6ac9c3937e01fbc9a2f339c841648e9c02d0f84613fd3e1d6d10543255039581eceb994926d95a508

  • /data/data/com.rectv.shot/files/.com.google.firebase.crashlytics.files.v2:com.rectv.shot/open-sessions/673095EB0034000113CD08F7D3D58ED7/userlog

    Filesize

    192B

    MD5

    12fdd6a23f913c67a58481418a9f847b

    SHA1

    26f58f0509fb98f70a3c698f970ecd8a289e3def

    SHA256

    0d5436c51ac831bd1bb792a2e9bbfbf3e135cde99b36cb67d49f94f0b13716de

    SHA512

    50f9b3bc13c7a8c865b44d76136e064f5fd47d63cf413c3e10bcc1725aa49f4860c1c357fc50f35e164df1a8f5e35bd34a1d951be424bda9506fe1ddaac6104f

  • /data/data/com.rectv.shot/files/.com.google.firebase.crashlytics.files.v2:com.rectv.shot/open-sessions/673095EB0034000113CD08F7D3D58ED7/userlog.tmp

    Filesize

    16B

    MD5

    c33583fae4e0b61cde1c5b9227963237

    SHA1

    fe2ebe4d27469af1460f7e852031a04208ef629b

    SHA256

    35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

    SHA512

    fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

  • /data/data/com.rectv.shot/files/PersistedInstallation5268547547304293457tmp

    Filesize

    569B

    MD5

    fcc59add96de2b90816a4e872c0963f2

    SHA1

    8e59a84607c2f64199d6904a06cdee12880932b5

    SHA256

    1db248d7096c1bb2cbb9f77a86a62ba9e001efa499a2e0158b33a66479ee7ced

    SHA512

    30cf189bb7c359574f2ef5270a3135e8cca0702b127ca250388fb6ff8007c5b3ab9c48bbfa372086d490fa79005679604794c985058bb65a8e696afddd54bb9f

  • /data/data/com.rectv.shot/files/PersistedInstallation7172248732851064787tmp

    Filesize

    90B

    MD5

    adaa41bcfb2c86fa97ef04a8f90b66fb

    SHA1

    75500118aa980189318f8b8a24825ae0063a43d9

    SHA256

    a641ea53faaff6081f58f71f8089674373423d9b725393ed91c5f8bb26992eff

    SHA512

    3da62e8e7e25e3637f80a3d069f5b412ef1ded7e359c13fe9d5d5e45901528f29926b50f370b51e03acc75b539955f6e1856e0cfad72b91c59691c383d5bf9c7

  • /data/data/com.rectv.shot/files/audience_network.dex

    Filesize

    3.1MB

    MD5

    9b8164be4f0ffaedadc82125e5346c14

    SHA1

    c4bf7a6383958b493ed5c4dd6a19862d366fca4a

    SHA256

    8e632284c9b0180ef28e309b4b0f282ef608cfb9d9046df899d8bdac227ea9ce

    SHA512

    352b3e9ef70839d0850ff7ca4a1f19f3df546412ae5cac1243a80588e573fea6371edd4c408a2edf1b48d70a10a5cb579513d3cd38a4b5ccf4b7528dd28704a4

  • /data/data/com.rectv.shot/files/facebook_ml/DATA_DETECTION_ADDRESS_1

    Filesize

    240KB

    MD5

    26e37998b089275a4e2ed9c1be930879

    SHA1

    c48a03938a072a835e403c4f3ae5ca41835d9eb3

    SHA256

    b20563ed7cf7284fde09065b8fbfc3c215efc8679e82bfdbfcee39842a9f3f2e

    SHA512

    e9b888557deced806b6e4e91f229a643e5c50e6a9ab5744c7c30c1cab9b5582e858fc00024cb6e1a8bf90562b8c6cf48dac255668a15f72a5b8d7b43166cbd38

  • /data/data/com.rectv.shot/files/profileInstalled

    Filesize

    24B

    MD5

    61fab1861efd7c638ce7762f875c57ef

    SHA1

    1d920f9d27bab5f26700172fa0cd52df2d229b90

    SHA256

    54cb3d589bdaa79e7aa03965d4c18fca75e6797a1230d10681f9ac83c5c57fa0

    SHA512

    3ab31c7ddd572e2bdd1c55b5513266285768d72036ce3b396591d577f05905cb47292349ac9901e37df7c82048e1e070748853a1173559c6f4c342631eaf8ee1

  • /data/data/com.rectv.shot/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

    Filesize

    8B

    MD5

    119ed2e8ccd8814c276303ddbda447e7

    SHA1

    76f9e53ec28d5b59f48c3ecf05f911db043b694c

    SHA256

    950565fda4230d0b0b38541ca7d74c989fd0f2860307e2650bf1354f5861b7d2

    SHA512

    1d63ba797cf781bb9143b4010b2a740a1af594516960df6dace09c2e9be72735d56f70e21e064c5861166abde47f7add3a69c8f5044a547205b5aaa70807f2c8

  • /data/data/com.rectv.shot/no_backup/androidx.work.workdb

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.rectv.shot/no_backup/androidx.work.workdb-journal

    Filesize

    512B

    MD5

    47ad9d75b2e0851ec472dac53a6b5fdc

    SHA1

    36757ac59c3c91546793f499a47a9a1154cf9be7

    SHA256

    c29e04361c5870e48638e919511e42cc4beca53c8da20781c0a34d5506c2b9aa

    SHA512

    4ab0dadeca28f84e4abc2550575de6ff350f4e23ad02ef97bf10fd5ecfbd3cd3b81afdfd98b893d044675c841a162038462de33b2c0670e93f9b672cb7f066be

  • /data/data/com.rectv.shot/no_backup/androidx.work.workdb-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.rectv.shot/no_backup/androidx.work.workdb-wal

    Filesize

    16KB

    MD5

    cfcc0e108beaddf43d2e1aacd8c1053f

    SHA1

    97bebdaf9fa7e6e6935e4247113ee0aa4b155bb3

    SHA256

    d9024c21100dffaaa8ee582086aafc43467e6103cb112334efabedc3f49addba

    SHA512

    e1d38f76b1b32a047b164ef9c9229966d273b6d43c9ac2b39a8d391755af2c754211b8f28cf850f164f3671f55f71cdd8ed25e00650f2e23040d251757dbb9ca

  • /data/data/com.rectv.shot/no_backup/androidx.work.workdb-wal

    Filesize

    108KB

    MD5

    49b2733ef5237d122e17816e3ae50d84

    SHA1

    9d23968b1ac79a3c1ca734ac51e6bebcaf8d1ad2

    SHA256

    1746f9e7b4e85d1cdffa0b44538c3be7e43313fc3bd2cadc3170743672e4bf9d

    SHA512

    6e4e7b501f8a72e055f51500a15f4ea9d6e2b9fabacae75dcf429f1014e044be3e2e819b650584b40821486a83619d8ba9d4004425707aec20db41aa695d3e6d

  • /data/misc/profiles/cur/0/com.rectv.shot/primary.prof

    Filesize

    8KB

    MD5

    065c4ee92926d1e4ba0cfa69f5b535c3

    SHA1

    7f6c244a3737e315b8d4a5967019305bfd84fbce

    SHA256

    d408218ded1aa6ca194d4b6f09d619fbb0a91c40c473d2126f7c98a4eb7b62a7

    SHA512

    53629ac9b3d7bab9530fc68ae749cbfc0481a95f519266540c5c25396d9656d6cec0cf7500224a7343f08ff01fe919af174ccccdf7550d432e071f4dcbdba17c

  • /data/misc/profiles/cur/0/com.rectv.shot/primary.prof

    Filesize

    21KB

    MD5

    2ca723c79a6f3746b2216cf07c2261eb

    SHA1

    55cd3420c4ec0064b64356907429a535f18dfe09

    SHA256

    a47a13b61edb402987fc95f3358b8c02cf6144729ff227c2b52abf378f26dcdf

    SHA512

    0ad6bb29f5a9e5752e2135ae5f87726fff5e067cc0ee4d42218b5ce9cb8f82c46201b7d678af2ef5177293543a9eb24caedc2e5db4e85a396a601f9110a5f98f