Analysis
-
max time kernel
73s -
max time network
105s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
10-11-2024 12:51
Static task
static1
Behavioral task
behavioral1
Sample
X.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
X.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
X.apk
-
Size
25.1MB
-
MD5
1baee24401eded5695698c4353f0f958
-
SHA1
16395f60f4a49a0a0dec37dd7ab43396b4e33574
-
SHA256
a70f8d74bc0df4c8273d0a20591251dbb7a63cb563ab06e29938179ad69ca8b3
-
SHA512
9e93df21e33f90f55876ca499d1ad2ccbf11a6cbdb4f0a40b28d9b924ee4eda1858d761dc1a63314b6358c3d82515c2561060c533a225bfa22d115a9ae7da72c
-
SSDEEP
393216:oRKfCwecSAam6xpBm+1pYsC6NqOYE98UbtpuhxCONejGT67mQHDxhf/yTM2YA0C8:69DmTNzLg3bixCOEK+7HhfqAAJ8
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
Processes:
blu.tvcopy2/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/blu.tvcopy2/files/audience_network.dex --output-vdex-fd=95 --oat-fd=113 --oat-location=/data/user/0/blu.tvcopy2/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&ioc pid process /data/user/0/blu.tvcopy2/files/audience_network.dex 4263 blu.tvcopy2 /data/user/0/blu.tvcopy2/files/audience_network.dex 4427 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/blu.tvcopy2/files/audience_network.dex --output-vdex-fd=95 --oat-fd=113 --oat-location=/data/user/0/blu.tvcopy2/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/blu.tvcopy2/files/audience_network.dex 4263 blu.tvcopy2 -
Acquires the wake lock 1 IoCs
Processes:
blu.tvcopy2description ioc process Framework service call android.os.IPowerManager.acquireWakeLock blu.tvcopy2 -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
blu.tvcopy2description ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo blu.tvcopy2 -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
blu.tvcopy2description ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone blu.tvcopy2 -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
blu.tvcopy2description ioc process Framework service call android.app.IActivityManager.registerReceiver blu.tvcopy2 -
Checks memory information 2 TTPs 1 IoCs
Processes:
blu.tvcopy2description ioc process File opened for read /proc/meminfo blu.tvcopy2
Processes
-
blu.tvcopy21⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4263 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/blu.tvcopy2/files/audience_network.dex --output-vdex-fd=95 --oat-fd=113 --oat-location=/data/user/0/blu.tvcopy2/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4427
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
Filesize
16KB
MD537b7ff6c50d2ceec3bf27b03dfc7134e
SHA153adbfadb6c163403cfa5e14ea197acf618b249f
SHA256242ffd1d7095834178a218cad2f1c74ecd35a95a2b81a9a142d1104cb77dba55
SHA512301e590342e958f1482cd7da52446986fbb3ed3690e5a3dd23639a9f3280c7b3e784d8c53b3a332d087e76b6e71ac077ee1f384d200092dcaf566442f4d181ef
-
Filesize
16KB
MD58e5a8119efd5f33bbe5c02e1bdf4034e
SHA1cbffd6bdcfb4493332678f105951bb13c121dbfa
SHA256c90d9571df3caef38636170b66ba007f3ddeab12b6fa4bb1bbf07a74b8f40fb7
SHA512caa567b17a3e921612ca9b0c5e05f4e82e923c6fa9086e871c0e6d6e9cba113b4dedcc8d0671c0ba71678521b662918f8c40594a8d34108719dbc0a12a5bf412
-
Filesize
16KB
MD5b6731d2bb3fa141754560e5a05e14f12
SHA14ea26847e9bc0b9803d5120be0699005a44e030b
SHA2560862220469ac1be588c3118a01e41b94a9ea10b1a1b6e734c5eb0896b9bba4d3
SHA5129a994e434a8e2068a942edb97f8e504f9c9c7ac6f0e980ecc04d81650520577fea13ccce624532c541dd97e98dad41ecebe1c3f404045856fa571d1986a0e8f4
-
Filesize
16KB
MD5efa89f652b2d5591ae7a26aa19bc4a68
SHA174554eef8b4fa6edebfae8642988e34f9ec4b779
SHA25640f27c766a9a5f2354aa127d654554f038d21eb85085674eeb576aef0e5db2e2
SHA512929ace87a4b4f8110f38aa682ee91ceb4befa4119705a8bd4b1a99528c0bfd80fd82ec728b7b02f3d92922c01db1d1c428eaab40758542923976e0a3119ff6d9
-
Filesize
16KB
MD500a62fb24d06075c6092dbde825759d4
SHA1cadcb44692a9d6ddec3ef20ab5d8dbf4b3ad2153
SHA2567d6b0bf7ff3b3fe75dd6606ed3b417211c9aea134f57d74342cbfd3ebc830a6e
SHA51221b76bb5808e3c55c83b2260c674f3f5d5107c8694b046ce2b71b68be3debd83c03fccd990c09d6959a22e6e61747222ac2ad031309cafe8646b3a3a49e0d787
-
Filesize
512B
MD57fb2dadc0cefe4c1b061d4b7d36e49ae
SHA10f95981e0fa4ae679d974953c3fd3aea097a3f32
SHA256d7c10f444efcab6d304722086065a5c49f086261cb51b3d1299e5c479492c7b0
SHA512e0bab7b93b1406855d72eedb4bd208eca07b9d7a92d7848dc6272d573eb50c3a301b3357fa36bcaa329bb7ab78f4b959e7424f971a073744168d8a50a58ba51f
-
Filesize
36KB
MD5501e7aa7a4fcc0d02ef8f3954be4754c
SHA18180380289f38c055f179d00cab66c868f6fd5be
SHA256a4c422e98d1ae913d259735ad964f9155985faf15d28a52bc8a05ef81a868e56
SHA512ede577b9f26a7777fe62e9b1c4944649f0745a3cb26d7ee576f95fee4d955817b8ae52aa6ccbf7e6b15977b84d8be22b0814e7eae725051c1b84788dc5ba361e
-
Filesize
4KB
MD5fdbb1e43b1bf0164e504f4cacffafcca
SHA10fbb918f77b3f98c17d2812c170c7cc313e7b0fa
SHA25632d0dbc142a2136969cb523487cee028755c258b4224d96046727e666312ae78
SHA5125f376fd8b11782fe95ffdde4ab925297460a47f921149e2fdcedbbfb40d628557c5c745f4829f58b3f4ee08eb47e7c6420fbe6cf5c8ae60631c7ef42abc3f5e9
-
Filesize
4KB
MD50df533407d25a6afe85e06eda48542e3
SHA1b1e27394d38055f394048942c90d93771f0b61cb
SHA25681360e34e36e9f94092b6b49b533ce1cab12d5709204ecb4bdf8cf3572600562
SHA512fc11b9f6d5128fd3fe6c1212e4d509d89b3dc671c432dec6057e92a07e0403e142113426bfe942fac57d99465f01ac2e9b1acc1c198b05ac95276d0a68a68f0e
-
Filesize
4KB
MD5f96dee7f8a68535924a65da6eacb5d86
SHA12b15a369f039017ab676e8e3d5e6811c7fd44d2f
SHA256ebb2302667edab95a920a37c338bbf06ad590a6ab0862e5a71991731a051a137
SHA512ac1a5d93cfbd02718a2ee5b6b214d23e88b0e1d7b78f3e5613a1a0d7ed04a9dcab828f53e9fc713664fda6e74ec84e7dab5f25e045443182924ec1832871e6bc
-
Filesize
4KB
MD551143234097b488b5eca95dcbe953ec5
SHA19dd74759e099b229e3443247fdf839ed5575de77
SHA256bd740c7d1a86cae21ef90893e00ba19b9ed0fa359a5e6ddb39563265d6584fa4
SHA5127ef4fbb2fbf02e4c9a6b18e6bf8fc953cfd5aed702a281e950a2401018f1a39d7e123f5427dffe56cb22c76d75d99992310db685b7995aa24e12a3a91d391de6
-
Filesize
4KB
MD5b69ca0b6ea0d77252f7380a45d8e37c0
SHA1de16303abae7b2d906702777e0b40619352701dc
SHA256d9d0e448f8ee9bf251af5ded3f7ae075daf9e5f3df226d90d39c475dd6b1febf
SHA512163995a737f334788c8afea3efe4b6e6cac35993736c2d83b2de03973d8f9a05768b4b4f0481f2719656e455b4dc80872210a24988ebd867263265897217804e
-
Filesize
559B
MD58f021e28a924319f3f4e71176ee9b112
SHA169158e93131ee3ed927513a28eecd8fc44131c4b
SHA2568c33437a20e1a9a9ad053e03f99cb8025f949c281d68c4105ca0a10cd691e26d
SHA512b67752fc14f25d8b6edf4f66b533d714c1a8ddd57b968672357a07b37289fdbc229b1e2e85f5a544226d9ec6c3d3ea7329f58fe94dd9db7bd24b94288602d3b6
-
Filesize
79B
MD520518946cbda453ee67ed0a54cbe7a51
SHA17df047c181d140312406acc28eadeaf78f8a7ae5
SHA2560b589ec425581419d39783df21f6498d770bc317cb0414ec3d40750c6a4443e6
SHA51295d80d19a2f879b55ce4b88cd5d49d3f67962f9aed90ba0f1ebb3114d2dc7c06a4096628c40ede3d8ab23184c15f493d295078c4f9ae81dc2c689c5d091c7c05
-
Filesize
3.1MB
MD59b8164be4f0ffaedadc82125e5346c14
SHA1c4bf7a6383958b493ed5c4dd6a19862d366fca4a
SHA2568e632284c9b0180ef28e309b4b0f282ef608cfb9d9046df899d8bdac227ea9ce
SHA512352b3e9ef70839d0850ff7ca4a1f19f3df546412ae5cac1243a80588e573fea6371edd4c408a2edf1b48d70a10a5cb579513d3cd38a4b5ccf4b7528dd28704a4
-
Filesize
385B
MD52848712e470c8faa5caeeac1e4595565
SHA138f72105a466cffa31f72db9ca885daf9a0d6a31
SHA256fc22c17dc96d5051e8e2ce6d5f56e4476d1e28cf0ddd6d10bc5d537a0f444933
SHA51227a32a81b13e2df2fc2e529985b2c8ad389e48b76e0282c1a11fd976442097f831242d900a27f95e8fa9cde7cd5b68bf0958456af4fdf17bd65bd5d660de2748
-
Filesize
19B
MD5ee9fbca66d148e2a271197208acb4e00
SHA16918dde0e17151f7ed9cd3a3a25377091964740e
SHA256bb7d848abf7bc86a4f8a918d305a9e5ab530f67df0030eb43b095db0224a6311
SHA5127dd6bdc6e39f7d7a3ddf6f8ba6b7f52d502d9f3da05ff020e888502954e76a73539e1fd3e8da9e365c7f58ed8f0af3d5cbe54047f0f7a9a445f68ca0c8255fef
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5d5d3300ce60d7298da041278a883ef39
SHA154ac62eec3bad046529245644fc82fd7ea30bde6
SHA256f287186681fe2a96a781fb253a4a1d2b9e801dc313b2a8576176f448ab4f5e5d
SHA512c651e6e86e5951367e4621281e5f42d3c6ea7791ab56e6ef4f7102ae902570647f1073a31b25a00bcba30feda84e9eae0bb98f4f22957acf1e803bb789902bb7
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD586dc07c936383463655a57f40fd6a042
SHA1ce0a49e51974d5584e17200a6b28fd609fb9db0c
SHA2567630e8be5d8619190b374a77ed00696144762300bee19d784ad14cd30708c697
SHA51266f4bc95b15f4f28e312ad81924e6e49c16eda551d177d546dcd45ed1b707ad5a2c4441695c8c404929cb99603e9823674ad6002165b2ba28db57a034845e473
-
Filesize
108KB
MD532293c47ea2f5f7a10a35d22ab8f0252
SHA1315c3c443b14aeffe23d4e77b8a068a5b4059774
SHA256cc52f370c0edd618e4f8f4c5cdff4ee8ef19d9ea9bf0c7cffb0ac04d1075dd9e
SHA512fcc360538038a5c517740c97f9e6bbe9623e164255128059943680649b04228192e9c8aa099e817e3372c442e7367d66b94f0d3ee5395065e7e454a9af0d07f5
-
Filesize
2KB
MD571be715342ed9a224acfd886bb45bac0
SHA1f58daee52487374efe734b7414032c7cc52ffd4c
SHA25620a269ac1eeea15445a4cd49eb743e2b49db2d867546ce74be45be3064c02c7d
SHA512fe46f4bd7b21a3ae9c5850aadb80d1104387c06ec70fea6cb10f715d4058b0a1e0c5c8fb95aee867206670b7df78fb1f74109ba37fe4d2f37b5bf4a60ddafe90
-
Filesize
3.1MB
MD51a1c4a86c349f59879a21c1d29e05d63
SHA1e46fb2259be158107c2b87222f8f17d817812f7f
SHA256222bb52a333a1375364c0c91e680013ddb4314f03ec684970a2543b04b492328
SHA51263dba4aebc2750028fbe5bb94d83e07ad5c1ab395d02a830fa4aee45d71eeb06841990f29e5c2fbc97933090d1466bbca6f35b6afef25f75216cba937ce036b2