Analysis

  • max time kernel
    73s
  • max time network
    105s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    10-11-2024 12:51

General

  • Target

    X.apk

  • Size

    25.1MB

  • MD5

    1baee24401eded5695698c4353f0f958

  • SHA1

    16395f60f4a49a0a0dec37dd7ab43396b4e33574

  • SHA256

    a70f8d74bc0df4c8273d0a20591251dbb7a63cb563ab06e29938179ad69ca8b3

  • SHA512

    9e93df21e33f90f55876ca499d1ad2ccbf11a6cbdb4f0a40b28d9b924ee4eda1858d761dc1a63314b6358c3d82515c2561060c533a225bfa22d115a9ae7da72c

  • SSDEEP

    393216:oRKfCwecSAam6xpBm+1pYsC6NqOYE98UbtpuhxCONejGT67mQHDxhf/yTM2YA0C8:69DmTNzLg3bixCOEK+7HhfqAAJ8

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • blu.tvcopy2
    1⤵
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks memory information
    PID:4263
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/blu.tvcopy2/files/audience_network.dex --output-vdex-fd=95 --oat-fd=113 --oat-location=/data/user/0/blu.tvcopy2/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4427

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/blu.tvcopy2/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    7237409e0640cfab7bdbd429bf821a3b

    SHA1

    4c3da934842f8d4835dfe2a9c275a300e5123309

    SHA256

    5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

    SHA512

    c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

  • /data/data/blu.tvcopy2/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    37b7ff6c50d2ceec3bf27b03dfc7134e

    SHA1

    53adbfadb6c163403cfa5e14ea197acf618b249f

    SHA256

    242ffd1d7095834178a218cad2f1c74ecd35a95a2b81a9a142d1104cb77dba55

    SHA512

    301e590342e958f1482cd7da52446986fbb3ed3690e5a3dd23639a9f3280c7b3e784d8c53b3a332d087e76b6e71ac077ee1f384d200092dcaf566442f4d181ef

  • /data/data/blu.tvcopy2/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    8e5a8119efd5f33bbe5c02e1bdf4034e

    SHA1

    cbffd6bdcfb4493332678f105951bb13c121dbfa

    SHA256

    c90d9571df3caef38636170b66ba007f3ddeab12b6fa4bb1bbf07a74b8f40fb7

    SHA512

    caa567b17a3e921612ca9b0c5e05f4e82e923c6fa9086e871c0e6d6e9cba113b4dedcc8d0671c0ba71678521b662918f8c40594a8d34108719dbc0a12a5bf412

  • /data/data/blu.tvcopy2/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    b6731d2bb3fa141754560e5a05e14f12

    SHA1

    4ea26847e9bc0b9803d5120be0699005a44e030b

    SHA256

    0862220469ac1be588c3118a01e41b94a9ea10b1a1b6e734c5eb0896b9bba4d3

    SHA512

    9a994e434a8e2068a942edb97f8e504f9c9c7ac6f0e980ecc04d81650520577fea13ccce624532c541dd97e98dad41ecebe1c3f404045856fa571d1986a0e8f4

  • /data/data/blu.tvcopy2/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    efa89f652b2d5591ae7a26aa19bc4a68

    SHA1

    74554eef8b4fa6edebfae8642988e34f9ec4b779

    SHA256

    40f27c766a9a5f2354aa127d654554f038d21eb85085674eeb576aef0e5db2e2

    SHA512

    929ace87a4b4f8110f38aa682ee91ceb4befa4119705a8bd4b1a99528c0bfd80fd82ec728b7b02f3d92922c01db1d1c428eaab40758542923976e0a3119ff6d9

  • /data/data/blu.tvcopy2/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    00a62fb24d06075c6092dbde825759d4

    SHA1

    cadcb44692a9d6ddec3ef20ab5d8dbf4b3ad2153

    SHA256

    7d6b0bf7ff3b3fe75dd6606ed3b417211c9aea134f57d74342cbfd3ebc830a6e

    SHA512

    21b76bb5808e3c55c83b2260c674f3f5d5107c8694b046ce2b71b68be3debd83c03fccd990c09d6959a22e6e61747222ac2ad031309cafe8646b3a3a49e0d787

  • /data/data/blu.tvcopy2/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    7fb2dadc0cefe4c1b061d4b7d36e49ae

    SHA1

    0f95981e0fa4ae679d974953c3fd3aea097a3f32

    SHA256

    d7c10f444efcab6d304722086065a5c49f086261cb51b3d1299e5c479492c7b0

    SHA512

    e0bab7b93b1406855d72eedb4bd208eca07b9d7a92d7848dc6272d573eb50c3a301b3357fa36bcaa329bb7ab78f4b959e7424f971a073744168d8a50a58ba51f

  • /data/data/blu.tvcopy2/databases/google_app_measurement_local.db-wal

    Filesize

    36KB

    MD5

    501e7aa7a4fcc0d02ef8f3954be4754c

    SHA1

    8180380289f38c055f179d00cab66c868f6fd5be

    SHA256

    a4c422e98d1ae913d259735ad964f9155985faf15d28a52bc8a05ef81a868e56

    SHA512

    ede577b9f26a7777fe62e9b1c4944649f0745a3cb26d7ee576f95fee4d955817b8ae52aa6ccbf7e6b15977b84d8be22b0814e7eae725051c1b84788dc5ba361e

  • /data/data/blu.tvcopy2/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    fdbb1e43b1bf0164e504f4cacffafcca

    SHA1

    0fbb918f77b3f98c17d2812c170c7cc313e7b0fa

    SHA256

    32d0dbc142a2136969cb523487cee028755c258b4224d96046727e666312ae78

    SHA512

    5f376fd8b11782fe95ffdde4ab925297460a47f921149e2fdcedbbfb40d628557c5c745f4829f58b3f4ee08eb47e7c6420fbe6cf5c8ae60631c7ef42abc3f5e9

  • /data/data/blu.tvcopy2/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    0df533407d25a6afe85e06eda48542e3

    SHA1

    b1e27394d38055f394048942c90d93771f0b61cb

    SHA256

    81360e34e36e9f94092b6b49b533ce1cab12d5709204ecb4bdf8cf3572600562

    SHA512

    fc11b9f6d5128fd3fe6c1212e4d509d89b3dc671c432dec6057e92a07e0403e142113426bfe942fac57d99465f01ac2e9b1acc1c198b05ac95276d0a68a68f0e

  • /data/data/blu.tvcopy2/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    f96dee7f8a68535924a65da6eacb5d86

    SHA1

    2b15a369f039017ab676e8e3d5e6811c7fd44d2f

    SHA256

    ebb2302667edab95a920a37c338bbf06ad590a6ab0862e5a71991731a051a137

    SHA512

    ac1a5d93cfbd02718a2ee5b6b214d23e88b0e1d7b78f3e5613a1a0d7ed04a9dcab828f53e9fc713664fda6e74ec84e7dab5f25e045443182924ec1832871e6bc

  • /data/data/blu.tvcopy2/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    51143234097b488b5eca95dcbe953ec5

    SHA1

    9dd74759e099b229e3443247fdf839ed5575de77

    SHA256

    bd740c7d1a86cae21ef90893e00ba19b9ed0fa359a5e6ddb39563265d6584fa4

    SHA512

    7ef4fbb2fbf02e4c9a6b18e6bf8fc953cfd5aed702a281e950a2401018f1a39d7e123f5427dffe56cb22c76d75d99992310db685b7995aa24e12a3a91d391de6

  • /data/data/blu.tvcopy2/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    b69ca0b6ea0d77252f7380a45d8e37c0

    SHA1

    de16303abae7b2d906702777e0b40619352701dc

    SHA256

    d9d0e448f8ee9bf251af5ded3f7ae075daf9e5f3df226d90d39c475dd6b1febf

    SHA512

    163995a737f334788c8afea3efe4b6e6cac35993736c2d83b2de03973d8f9a05768b4b4f0481f2719656e455b4dc80872210a24988ebd867263265897217804e

  • /data/data/blu.tvcopy2/files/PersistedInstallation1822016463010313130tmp

    Filesize

    559B

    MD5

    8f021e28a924319f3f4e71176ee9b112

    SHA1

    69158e93131ee3ed927513a28eecd8fc44131c4b

    SHA256

    8c33437a20e1a9a9ad053e03f99cb8025f949c281d68c4105ca0a10cd691e26d

    SHA512

    b67752fc14f25d8b6edf4f66b533d714c1a8ddd57b968672357a07b37289fdbc229b1e2e85f5a544226d9ec6c3d3ea7329f58fe94dd9db7bd24b94288602d3b6

  • /data/data/blu.tvcopy2/files/PersistedInstallation6116836444507721270tmp

    Filesize

    79B

    MD5

    20518946cbda453ee67ed0a54cbe7a51

    SHA1

    7df047c181d140312406acc28eadeaf78f8a7ae5

    SHA256

    0b589ec425581419d39783df21f6498d770bc317cb0414ec3d40750c6a4443e6

    SHA512

    95d80d19a2f879b55ce4b88cd5d49d3f67962f9aed90ba0f1ebb3114d2dc7c06a4096628c40ede3d8ab23184c15f493d295078c4f9ae81dc2c689c5d091c7c05

  • /data/data/blu.tvcopy2/files/audience_network.dex

    Filesize

    3.1MB

    MD5

    9b8164be4f0ffaedadc82125e5346c14

    SHA1

    c4bf7a6383958b493ed5c4dd6a19862d366fca4a

    SHA256

    8e632284c9b0180ef28e309b4b0f282ef608cfb9d9046df899d8bdac227ea9ce

    SHA512

    352b3e9ef70839d0850ff7ca4a1f19f3df546412ae5cac1243a80588e573fea6371edd4c408a2edf1b48d70a10a5cb579513d3cd38a4b5ccf4b7528dd28704a4

  • /data/data/blu.tvcopy2/files/oat/audience_network.dex.cur.prof

    Filesize

    385B

    MD5

    2848712e470c8faa5caeeac1e4595565

    SHA1

    38f72105a466cffa31f72db9ca885daf9a0d6a31

    SHA256

    fc22c17dc96d5051e8e2ce6d5f56e4476d1e28cf0ddd6d10bc5d537a0f444933

    SHA512

    27a32a81b13e2df2fc2e529985b2c8ad389e48b76e0282c1a11fd976442097f831242d900a27f95e8fa9cde7cd5b68bf0958456af4fdf17bd65bd5d660de2748

  • /data/data/blu.tvcopy2/files/vinebre_ac.txt

    Filesize

    19B

    MD5

    ee9fbca66d148e2a271197208acb4e00

    SHA1

    6918dde0e17151f7ed9cd3a3a25377091964740e

    SHA256

    bb7d848abf7bc86a4f8a918d305a9e5ab530f67df0030eb43b095db0224a6311

    SHA512

    7dd6bdc6e39f7d7a3ddf6f8ba6b7f52d502d9f3da05ff020e888502954e76a73539e1fd3e8da9e365c7f58ed8f0af3d5cbe54047f0f7a9a445f68ca0c8255fef

  • /data/data/blu.tvcopy2/no_backup/androidx.work.workdb

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/blu.tvcopy2/no_backup/androidx.work.workdb-journal

    Filesize

    512B

    MD5

    d5d3300ce60d7298da041278a883ef39

    SHA1

    54ac62eec3bad046529245644fc82fd7ea30bde6

    SHA256

    f287186681fe2a96a781fb253a4a1d2b9e801dc313b2a8576176f448ab4f5e5d

    SHA512

    c651e6e86e5951367e4621281e5f42d3c6ea7791ab56e6ef4f7102ae902570647f1073a31b25a00bcba30feda84e9eae0bb98f4f22957acf1e803bb789902bb7

  • /data/data/blu.tvcopy2/no_backup/androidx.work.workdb-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/blu.tvcopy2/no_backup/androidx.work.workdb-wal

    Filesize

    16KB

    MD5

    86dc07c936383463655a57f40fd6a042

    SHA1

    ce0a49e51974d5584e17200a6b28fd609fb9db0c

    SHA256

    7630e8be5d8619190b374a77ed00696144762300bee19d784ad14cd30708c697

    SHA512

    66f4bc95b15f4f28e312ad81924e6e49c16eda551d177d546dcd45ed1b707ad5a2c4441695c8c404929cb99603e9823674ad6002165b2ba28db57a034845e473

  • /data/data/blu.tvcopy2/no_backup/androidx.work.workdb-wal

    Filesize

    108KB

    MD5

    32293c47ea2f5f7a10a35d22ab8f0252

    SHA1

    315c3c443b14aeffe23d4e77b8a068a5b4059774

    SHA256

    cc52f370c0edd618e4f8f4c5cdff4ee8ef19d9ea9bf0c7cffb0ac04d1075dd9e

    SHA512

    fcc360538038a5c517740c97f9e6bbe9623e164255128059943680649b04228192e9c8aa099e817e3372c442e7367d66b94f0d3ee5395065e7e454a9af0d07f5

  • /data/data/blu.tvcopy2/no_backup/com.google.InstanceId.properties

    Filesize

    2KB

    MD5

    71be715342ed9a224acfd886bb45bac0

    SHA1

    f58daee52487374efe734b7414032c7cc52ffd4c

    SHA256

    20a269ac1eeea15445a4cd49eb743e2b49db2d867546ce74be45be3064c02c7d

    SHA512

    fe46f4bd7b21a3ae9c5850aadb80d1104387c06ec70fea6cb10f715d4058b0a1e0c5c8fb95aee867206670b7df78fb1f74109ba37fe4d2f37b5bf4a60ddafe90

  • /data/user/0/blu.tvcopy2/files/audience_network.dex

    Filesize

    3.1MB

    MD5

    1a1c4a86c349f59879a21c1d29e05d63

    SHA1

    e46fb2259be158107c2b87222f8f17d817812f7f

    SHA256

    222bb52a333a1375364c0c91e680013ddb4314f03ec684970a2543b04b492328

    SHA512

    63dba4aebc2750028fbe5bb94d83e07ad5c1ab395d02a830fa4aee45d71eeb06841990f29e5c2fbc97933090d1466bbca6f35b6afef25f75216cba937ce036b2