Analysis
-
max time kernel
45s -
max time network
138s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
10-11-2024 11:28
Static task
static1
Behavioral task
behavioral1
Sample
rectv16.6.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
rectv16.6.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
rectv16.6.apk
-
Size
48.6MB
-
MD5
4910cff8dcb1b3e9b6d1eb74c168aeec
-
SHA1
d97ab629dc672591d09cc5be3089ba12b884ea5f
-
SHA256
72434f9e7ab70d6e404a252d94ce7986831b6a86a0398d9f0c54cfe4e2622bf2
-
SHA512
fb9d1e75f1dad707879aabd974695417f9ad5da08a838fd6479aa4712e858ff6238cc89eba13c51e6a5499702a50eafb4d26c37e8d32ddfed56dc63d7dbb1e66
-
SSDEEP
786432:ysfIYxs8vzJoVBHCuK7O+xxsgbEz3/kiATEzunodqahLMcjfk/6+ugS9goOL:yKIYxXLJoXizOAi8IzuoAadbj8/7SE
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
Processes:
com.rectv.shotioc process /system/app/Superuser.apk com.rectv.shot /system/xbin/su com.rectv.shot /sbin/su com.rectv.shot -
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.rectv.shot/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.rectv.shot/files/audience_network.dex --output-vdex-fd=148 --oat-fd=149 --oat-location=/data/user/0/com.rectv.shot/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&ioc pid process /data/user/0/com.rectv.shot/files/audience_network.dex 4265 com.rectv.shot /data/user/0/com.rectv.shot/files/audience_network.dex 4448 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.rectv.shot/files/audience_network.dex --output-vdex-fd=148 --oat-fd=149 --oat-location=/data/user/0/com.rectv.shot/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.rectv.shot/files/audience_network.dex 4265 com.rectv.shot -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.rectv.shotdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.rectv.shot -
Acquires the wake lock 1 IoCs
Processes:
com.rectv.shotdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.rectv.shot -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.rectv.shotdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.rectv.shot -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.rectv.shotdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.rectv.shot -
Reads information about phone network operator. 1 TTPs
-
Checks the presence of a debugger
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.rectv.shotdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.rectv.shot -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.rectv.shotdescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.rectv.shot -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.rectv.shotdescription ioc process File opened for read /proc/cpuinfo com.rectv.shot -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.rectv.shotdescription ioc process File opened for read /proc/meminfo com.rectv.shot
Processes
-
com.rectv.shot1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4265 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.rectv.shot/files/audience_network.dex --output-vdex-fd=148 --oat-fd=149 --oat-location=/data/user/0/com.rectv.shot/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4448
-
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD50a60ee298c97824fafbb679db91e41a1
SHA168f01752fb9b71e51f1515ef3baa8cc333ee3f2a
SHA2560a5a5e0af0000abc59960332270b4a154a171d3106c0ca2735262b0b61a08bfe
SHA51202261d56fdd45a9adbdcd6604d0be9ee698006d5271e3521af96bcfac858282c0799446fbfdaca9894bd332a285b8d1f56ce4941fdd574b88a2386405a680b12
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
120KB
MD51f9f3d4986e9f55e646997580e50002b
SHA186d0b676882130147fe798ab79875190e2064385
SHA2567313c4783e3b51d5c473980b3dd1b8898fe5632258c2c1b1bf62448283ddab29
SHA512428eff16931d4f16e45493a7c81bf1150dd273071e9268d0bfa7581cb17a92829b1922d8e677eedefaca64cdeaf4252e278ab060b8b12debab87197680426f84
-
Filesize
710B
MD5b5814f112cd782063502ec73677f6fa5
SHA17e780d001718713b1aadf6ad57897d2ec5a84261
SHA2563b2642f169f9c55d21548f7440d6115cc0a651ef9aa4022559d91f1702081e90
SHA5125b9fbf35a00bbd72e8078437b6d72a6570aa44141939106d0da1a18908b52d9a0a60f58dc32c1671725daf4d0daba86f498e3e99089dbddb8c6080935468545a
-
/data/data/com.rectv.shot/files/.crashlytics.v3/com.rectv.shot/open-sessions/673099030098000110A9FAE2EFCC1F4B/internal-keys
Filesize207B
MD5c6dfba44da57402c29b24a4a469f7c90
SHA1c089ff1c86b2d446ba1ef9e852f4c27b292a4b9a
SHA2562c6056e21eb062eb034755d542fdf590c2236e3818a5749706b7cb6140364b3c
SHA512f47f22c14f514c223b3b0c8a868de8828adca7fb683097e2b7777663fba2988002fad1facb6c6e6b640dc43b40d80e882c23487d704f5d6e3e64246cd388f5f7
-
/data/data/com.rectv.shot/files/.crashlytics.v3/com.rectv.shot/open-sessions/673099030098000110A9FAE2EFCC1F4B/report
Filesize785B
MD57857b15bdc0255f4fcba2af96cebf0e5
SHA1d550df2020e587a8da699aa9014f5098a7626f2f
SHA256105974ae90319eac720762cf7c061318988f17114f1280c1c98c4aad2b6d3a40
SHA5122e41eac2ea442113fe02e6e8a5158bb96fbd0736f7c36f7a8d63561b2b276414072e66c14ba80459a257d0cc134a6356e55075bea44f48f1539cfe43a9185f52
-
Filesize
90B
MD520c08b1ec1564b7482c6422506c35e3d
SHA188cdf19c42c9b014e5cc0ec11f01d2e435c4f034
SHA256641f0f6d9866729176066cd29719faa411dc01052107c948575a5f021e3332e1
SHA51218a8def55315a76593ee2fdd04e5c766a1f41f0b6eaf3cb07cc4a391fe1f800653faaedda27a8725cead46e3ebf7f896d42fa294483cdb391cf6e6278280a581
-
Filesize
567B
MD5a908489fde1b98ecde19ec1bd4a7b22b
SHA16a775425b343c2a850cbcf93d26e65b8c6042dd8
SHA2567f8b4849df30280c87a978ee7335eeaca9304dd7dd93b72194e7e1b5dcaf8e53
SHA512e12e16e09269371bea687bae6243fac0ced23e929d8bc24ea05095b1bc9a96fc7abd72a76b18927e34325d95e00c2dea4d0f8c7e2b6af6fe4757c3ca259677d0
-
Filesize
3.1MB
MD59b8164be4f0ffaedadc82125e5346c14
SHA1c4bf7a6383958b493ed5c4dd6a19862d366fca4a
SHA2568e632284c9b0180ef28e309b4b0f282ef608cfb9d9046df899d8bdac227ea9ce
SHA512352b3e9ef70839d0850ff7ca4a1f19f3df546412ae5cac1243a80588e573fea6371edd4c408a2edf1b48d70a10a5cb579513d3cd38a4b5ccf4b7528dd28704a4
-
/data/data/com.rectv.shot/files/datastore/firebase_session_Y29tLnJlY3R2LnNob3Q=_data.preferences_pb.tmp
Filesize50B
MD585fae1f36ddaa57de7b4d3ecbdf2e63a
SHA11593068521a577885f78f3251ad8ba8f0a2cf4ed
SHA256ead944a2da23d994dda934305285068f68d1d6ef5128dfdf735e98c1bdf65b84
SHA5122093892b729b3a3f4c7f9ac201c5fa728763cd5642546024449959bfb0acd105b5c738ce2c6b4025960785adbe9c6f9eaa1dcae5615bc846bd87d855cb531dd9
-
/data/data/com.rectv.shot/files/datastore/firebase_session_Y29tLnJlY3R2LnNob3Q=_settings.preferences_pb.tmp
Filesize33B
MD5a65b9b3e4670dc3b48a9609f816ad531
SHA1682a73f2c248815fba0cb50c45031a53d6f8dbcf
SHA256a4aaa2a4e0cb12123b405a9d33bdd7edf8cbb41ea92e75deb1ba21bf1db5b2a6
SHA5126c06e6791dd41c1c8d8e0246e9bf7fed81dbdb5e918e7dd78cc2af1f002f8a532ec28335b229a0ec5c1ee220861092cb1a7c7f4060663394e420d80ed391179e
-
/data/data/com.rectv.shot/files/datastore/firebase_session_Y29tLnJlY3R2LnNob3Q=_settings.preferences_pb.tmp
Filesize75B
MD506bd63584cc699cbc92ade3aeab0ac42
SHA1e21167e5419847271e7f67b3b286916b8124165d
SHA2561e58e88b20702d0a80025c1fbacc9ad5fe2565311e2230d581d669fbd7e8b0ef
SHA512675f177e388425023df5e19cda634ab1e7673681feabfa7bb860089105353166491d15b8c86b5408833230dc5b0ac43e2b5a61e1d36ea0b40d6ce7166bfc385e
-
/data/data/com.rectv.shot/files/datastore/firebase_session_Y29tLnJlY3R2LnNob3Q=_settings.preferences_pb.tmp
Filesize121B
MD51fbccf7b936a9b713de5d42c6d8a075d
SHA17c8bbdf9151e7f53e2675329d471e552446e9ad3
SHA256232f9626cbee2e063e25f61a08f46575d019b62f02a6753c1325957a95e1c513
SHA512b9177426b3facda6d86b5a83d05805a4dd2f5357d4979ca7282a13ce3f08ef7e7a0c5922675ada826bde264450b1b4ddcc54eea4de62249fd3eab1ec9acf32cf
-
/data/data/com.rectv.shot/files/datastore/firebase_session_Y29tLnJlY3R2LnNob3Q=_settings.preferences_pb.tmp
Filesize163B
MD514770edbc1290230aebe82f8dcc730a0
SHA1f86874de3ff45c2dd7c982f9ada6b5fc979f082f
SHA2567495b9faf55ff02d0a2906ca3e3f4b356abd96e421815f9d07f893682da6eaf2
SHA512c6be6c93262e0c42527722af20fdd3be2c9936eb601280c36492e0bb2151bb63f88bfb150690ae361c75d01a33647c2440bb49e290af38c5c5af5a707320e3de
-
/data/data/com.rectv.shot/files/datastore/firebase_session_Y29tLnJlY3R2LnNob3Q=_settings.preferences_pb.tmp
Filesize212B
MD5d4aec65cb3275e15c310b5cf16088d0a
SHA1105beea5452126f49255b040d592aeeda751fb06
SHA2564665340caa5c22ece4cb788e2e7e2eef90461872ed89ebe997a6792be7c48639
SHA5121e948bca1db2e8ff78a920798bd9e570b148a4a24e451beb47994a9aa3fa79c6b90463eed6cbcec833c2aa676446f24b60fb8a91dcf437926cb8a4485903d62e
-
Filesize
24B
MD588c561ed1586ea2225f5da9041d140e4
SHA115f79e4ad65dc4bf6b44c92cf8a464316d167553
SHA2566b04d656fa946085460faac891b51969bcdb544630b689ae89ebdd5d1d50ef14
SHA512081fceaf74d73984828d4b7dea8d0867399489ab11e492ec1decfb5fd374e42c2893d881bc9b7fddc32e1fe21502d8408a111ff1c5ce3f20ae126d209bb8481e
-
Filesize
8B
MD5110b66b4931be42a16cb7f581f2d5bbc
SHA1bf14938f005b9b01e882a7c59f195abdf0a9a442
SHA256486ec777da81028a761bdc11605c4cf637e71afb0889c61cb41c1f85b2f5e20a
SHA512e02b69c64b00ebfa92a7e1910b5040a09d4d659e12cbc320be8a741fc5831713c349f1517364fcf3517128d22086e2eebdab812629bfeffdd148c7f5c5dbe9e8
-
Filesize
512B
MD58a3697a8234bae2dcb3071d501387f37
SHA11bb8e0f815e98875ae8a64325c5dd1e368925576
SHA2561ae1698abdd5c36c2c5d52aef73dbecef06b925dee7267e2bad8f343f202c5cd
SHA512df9fee28a3d50041dbbc1549afee59ffed79631962d7508f2d01a624db9a2a42d2c024878ee936f026dbb196c0644367f0f02ee42b7889c641919fa028a872de
-
Filesize
16KB
MD52e414816df2498ecfbe3668758c1c9be
SHA1ead18f462bd87bfaeff54a554a87262d800f8deb
SHA2565f99b1bcdf6c98210f45b462eb5749be637e03cbec7552c5e029044066e7ddca
SHA512194961c9fab8a055b088aa1d639719364350d1afecdd7ea1deadd4280b0d048c774737d87c568071b4fbcf0059c775be07937ae61f6d41d28ee3a3961f0489ef
-
Filesize
108KB
MD563d53f42a0aa351eddaa00637aff2e0a
SHA1175659c288c4a44222d30fbbebfefbe94ea4127b
SHA256f0684784b0b2f18c59a1283330cc81da18acf9323a42e9f8e69111bab9a81152
SHA512467ce7e565206661563f5b6282678b9f762c1d00a1d770634a7506e743288520319b2ffad44ebf842236a144793598dcdd72a558dbeffbc9eeed0c3a95bba5f1
-
Filesize
10KB
MD5b8639e1594a65debb6bd511ad4b6cedd
SHA15266bb1853f589a4208f9e3c8e393e29a81788aa
SHA2565b77b78965fce9f1a87f63a35bc34bda6ad533e91153f4f20a34129c70936f2f
SHA51246d67e844df4a95fcf79e5ae11cd709bd060b1583243381bf8b2dbfa4b04b307a6b65061e34303afb7b3af524aeeb65366bcd3d6696e8dca896440dddac0af6d
-
Filesize
3.1MB
MD51a1c4a86c349f59879a21c1d29e05d63
SHA1e46fb2259be158107c2b87222f8f17d817812f7f
SHA256222bb52a333a1375364c0c91e680013ddb4314f03ec684970a2543b04b492328
SHA51263dba4aebc2750028fbe5bb94d83e07ad5c1ab395d02a830fa4aee45d71eeb06841990f29e5c2fbc97933090d1466bbca6f35b6afef25f75216cba937ce036b2