Analysis
-
max time kernel
145s -
max time network
159s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
10-11-2024 12:20
Static task
static1
Behavioral task
behavioral1
Sample
ing.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
ing.apk
Resource
android-x64-20240624-en
General
-
Target
ing.apk
-
Size
15.8MB
-
MD5
02f6b98935cd81a72ef703bbaefe5c24
-
SHA1
c4bcdbf7264a1c66699129a2957728f20e0032ad
-
SHA256
e6f49c577a130e98ec146a493b11b6706816dd05742dd10af300ade7e4340de3
-
SHA512
7b3e7cc7e8a60382d1995ee84b7d7712a55bfcab31203b424dc1f89ac8b3e52055ca83ebcb4015d96af9f5a2668a8a5c1486b816a53cc3dc5fdf850742497d51
-
SSDEEP
393216:xkYkO4hsKi+HVT/2CAHobrok1k52BSKP32Qhn:Kuui+HECAINTEKPphn
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 8 IoCs
Processes:
ingsportwebtv.appamyioc process /system/xbin/su ingsportwebtv.appamy /data/local/su ingsportwebtv.appamy /data/local/bin/su ingsportwebtv.appamy /data/local/xbin/su ingsportwebtv.appamy /sbin/su ingsportwebtv.appamy /system/bin/su ingsportwebtv.appamy /system/bin/failsafe/su ingsportwebtv.appamy /system/sd/xbin/su ingsportwebtv.appamy -
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
Processes:
ingsportwebtv.appamyioc process /dev/socket/qemud ingsportwebtv.appamy /dev/qemu_pipe ingsportwebtv.appamy -
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
Processes:
ingsportwebtv.appamyioc pid process /product/framework/com.google.android.maps.jar 4973 ingsportwebtv.appamy /product/framework/com.google.android.maps.jar 4973 ingsportwebtv.appamy /data/user/0/ingsportwebtv.appamy/files/audience_network.dex 4973 ingsportwebtv.appamy /data/user/0/ingsportwebtv.appamy/files/audience_network.dex 4973 ingsportwebtv.appamy -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
ingsportwebtv.appamydescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener ingsportwebtv.appamy -
Acquires the wake lock 1 IoCs
Processes:
ingsportwebtv.appamydescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock ingsportwebtv.appamy -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
ingsportwebtv.appamydescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo ingsportwebtv.appamy -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
ingsportwebtv.appamydescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone ingsportwebtv.appamy -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
ingsportwebtv.appamydescription ioc process Framework service call android.app.IActivityManager.registerReceiver ingsportwebtv.appamy -
Checks CPU information 2 TTPs 1 IoCs
Processes:
ingsportwebtv.appamydescription ioc process File opened for read /proc/cpuinfo ingsportwebtv.appamy -
Checks memory information 2 TTPs 1 IoCs
Processes:
ingsportwebtv.appamydescription ioc process File opened for read /proc/meminfo ingsportwebtv.appamy
Processes
-
ingsportwebtv.appamy1⤵
- Checks if the Android device is rooted.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4973
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD53f42144ad2d9588381c86e0d02188c91
SHA19c00f02d4c03080c9853e13ad84b76c104b0f862
SHA2569228463e5183557b7f5bb3c1277e89df6efaf82878f33db00c37eea2672caf06
SHA51208f0628c1f643d97a98bbbbae2881a06c72ded72820c1331639d3836dbd0e8b72212fb453c53de1ed44632ea35479a3240f2c3addb481e869efebf12bc7fd7e1
-
Filesize
512B
MD5ddb02ec8d5721c57b581e4a490bd86dd
SHA1cff2386e3ab116c77bfe15d3151e3d6e89f28d5a
SHA2561a458191ec5ba3dd489e8913c108bce452a7920814fccca2f742a82325995537
SHA512deb88fc38d8633661e58d3b11fe0abbb4f8eabaf57267c574b94061b7860069f1bd26915f8e87450e10e78f60ab687d95b7bf87f431a2551d236dc889f4bcc8a
-
Filesize
8KB
MD5923d404eff17eb4ee1c582ef21154e03
SHA1e47828818ec73ab0b329c34262d7933c31603f5c
SHA256bc5f27c5abf1efaa960aab63fd7284fb8760442de44bc3c1406273d321118ffb
SHA5125b7e75d8a44313403959320f8c0cc0d29a0e3b5a27d0b219e1be7f91ad96c7ee04efe4aa1e71d64be50d19b9bcc7a0ba5fe64a2581ac93f070cc705697c68ab0
-
Filesize
8KB
MD5fa74bc2f341025e6291c9087f421649b
SHA1e4591fb8c11a50cdddb89c62100eb484964c182a
SHA25673db40ea6ea94c9ae7743f40af5960e083bc8dbacfbc36254802c629c73e676a
SHA5129172c2d87f22a2005ecf3666f1f736ccdaf843ad0402c52338dc9e4ef9a8a0a809d0c6df938a4abd41740b5e565141a446eee5d92301f8ef40332eedaf6e8cda
-
Filesize
8KB
MD549c26db59efa7fb3354362b2478b4f13
SHA1332c276f18c4797c9ec171de43fb80655a476bf0
SHA256285961467c0ddf77cbead70b2ac35a6f4bafce262cc1dbe31d9592825a1db07f
SHA512ae92e50e7135631f4dde554410129534f7df37d1d81c422314eaf1ebe29346de70c4a18bbe33523e36235bc19ea5ba736f390676dce0760895113c5474ea1d9c
-
Filesize
16KB
MD5eb52a90bb70b76e946b62f50b6f7fb85
SHA142d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA25648472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c
-
Filesize
16KB
MD557f83c3dfcf69b0852fc035c02b42d14
SHA1013530707e5fa9a4bc1f967f4a9c437cfc84b561
SHA256f07f02816c7420d3887814f56b3e9023847e9e34c9b1b0594d124ebc5e4fd103
SHA512f8aa85f6dae76dd97afe3610de6b8ca499cd4e1f3b016201b3ee8143e395177cb58ec2289ec9307fd136079aa72a88cc0b7d55075f6a2e8282328c30b2f27867
-
Filesize
16KB
MD58c7077ae40d1d2b197b2020de7a7f398
SHA1e775a5bc6b666ade9effc5ba77ff950ed62b3a0d
SHA256b5b67495afb76dcf9ee9df48c3fa07c77dd9294fff49c84f7c422bdedf7fc2ee
SHA512d5ace6837b7ad629db606b1bb9d7c2e85f49ad5befb390efc6c80013a4b98447456857c69c229168769e76d538d6d4778d0373b75aa613f4faeb8a0c9b13fc00
-
Filesize
16KB
MD535327bd7901fcc6ab6372f3156f61649
SHA1edc8a99d7aa3db799f98e689f0db1441f15e5040
SHA25623acba9a224e3a99cba930b6018cdf015ab3a1da7a88164405aaa9d96311f960
SHA5124801d80f6171a4a034b1f9f29ed0f7250f5b683ecf6026f57e1b8542114dccdf2ad4e263c44f5c0579b4300cb898ec2035753448f61f7a390c4ea63ff88726dd
-
Filesize
16KB
MD559a18ef09efde2c4c051eb43c6855113
SHA1ddfac40c6ffdc4226a5322af2d6ae944cf0e4d9c
SHA25612c80f5333bd7369506a41f90a9a40a11d8552ca14f2de0948bd5ff4420533c3
SHA51279007a2dc42980ecc51e251c140f14327ccc7c61f17d58ec25715ab4cf9460a908b3bcac2696ef4b4d39670f04ce0dce2a546838b1a572e0a274555232d97398
-
Filesize
16KB
MD59a12ded5f32ec234b50ff0cb58a44dfe
SHA15163aff5689724838f05278d03e9eae5504ec371
SHA2564c481242f6fc9ef5b430c95d4fbe3a2cc463ceb5aca324c3d47882dd0fdc274d
SHA5125427f2155338d8113501ec35ce5ac0157bfe322ab212066052c74d6d8a6a867612f91eee955397d2d752aaf27664f22a8bf1550d4518c12187aa10de4cc47f4c
-
Filesize
512B
MD537d6be01b2d5ca49dc43a77fffa60d1b
SHA17427d5986a033c1f79b99ccf0d43af1dfb51c755
SHA256e714f542f58d8a7726fa7a536edf93afc910e6ecc096e8771d883f3269c158a7
SHA5122b7e8a51e48b0e7d68517f3faff077b9f2c4cb135cfd7ee0f727dd3adf898ccaef942866b95ce8b49c871958d6eb8a0a69829070c361bc4fe545ec18c55da51f
-
Filesize
8KB
MD59f3568e960e4f1d4d3de2b44e36c1a0f
SHA1bb0c032e673dd9a2f3cd68063cf06961ac052842
SHA2561ae7072648df48ebc8bf1734c88a4bc960bfccecb0a332a9fa15c0fff1ae7c33
SHA5126b7d03675547511a22161206ec54daeff807f934db20671da5b5dc5bc018140306e4c725a1051a7cc6ce9c7bca87bff96319380c44ceae78037a68cf9b433095
-
Filesize
4KB
MD585627fb8259c228fde27029569f2365e
SHA1c03bac4f580996c32b77538ee71f56989b5cfde5
SHA256f3f8e5178892a1ccbef2c9c681fb32c889b4fa5958b65e20455ab614b13fe0e3
SHA5120e3adf06ef0e4b88598898cd8805f8e3200251b582db0644c83edfdb7538b848f45a19def164a940745a45c8fd0703e58a2a2f65dba6b1fcad84479cf9caaaa6
-
Filesize
8KB
MD532ba2cf06e6600a64044a3f8251410b4
SHA1419d86dfd801606a12fc8390267ad403286af6da
SHA256439dfcf97fa527e58cd556f6f22bed642549be38d3d07d1c2589f978d706fb31
SHA5125c536dd0e8e82c162f65148ec6ffaaca3758cff48bc051e82e92a8864c34c967e8ef6da795a44cda8ed50b50e20255411e147febd311d2e93b7db5f4ecc2cb66
-
Filesize
8KB
MD53877af38c23db48c54608a331a5d44f5
SHA1ec0910001f3a4ead6d188301bc8e4c31537cf39c
SHA2565d96bdbf6541fc7b285cf0ea25567433fcd83b0f92f249a54770a8c347cd8405
SHA51228529a85e9a40d62f6275f8259f15a5c823b9ee3ea49f012ec9aad6e13cecfcba7eb7dd40a232fa107d4d8035f6072b87402bed9e015876032bd318f4c8c312c
-
Filesize
8KB
MD54f6849f290a02aa0391df0df0fa9589b
SHA1c1cf828139a8ef7ab814ae382ff4849a1b8d47cb
SHA25622513e60986839188fc08ccf862fd3da639063790bd66b826e446ee02ea4976c
SHA512e92e4d0dbf1a88903a42cf3e125ee2e3e7c9bdb0b3362e1d4e92fa95f27d2e9033a62c5c7e5a223696649c670034f70f898926a0b5790a19918949679393b533
-
Filesize
79B
MD56a311d66c0054e3bb08ba3d2646bd837
SHA1f339948049254ce6481e9b437f5b50285d21a8d2
SHA2567f3a485317d14e2385132dcfdd7f37ee270c2c26b9c949c0ebb5e75de460bbaa
SHA51244beb66114990173944b9b47f103ae7dc588350a6a6dd389d6fccd4de470aa347ce54bc447a4e55524c7d95619bd940840be03e386fd540b9a740e660b10db49
-
Filesize
559B
MD56c2e8f037195a378e03098caee5e7dfd
SHA1127eb3da5c5fce3d22b7a0d54f7d0950e73f5de7
SHA25652204ae528ce26784857dae330db3cfbf61414c6ba5ea9e71d6f2afa523387d2
SHA5120d6c45bdedb5dd01bf1cd95c7abf97b41ca8d1ea822a15d8fe0f082a7c1f2522d955229e2a072439d59bdb5b2cc3138c249b0c2abfe6bfc46631fca90f0ddc9c
-
Filesize
3.0MB
MD5b18ab03453d5d70113873d8c45c10d2f
SHA1ad3c48b1ca11b9c84f380b9ae7a025f957f3d02b
SHA256bee390afa2267bc48829ee7a0f4286895bf32ba2443ff447451f515818f7203b
SHA51263e75b38dd472b2de19f6e513026e732ca040699437be4a1684827ab2ba4baf2077b053c0ccc4a702b72bfbc2ed7e343296b9a9f85ba906be37bdd6f905694c8
-
Filesize
107KB
MD5ca688303f1b83c7fc6469ae044be15ca
SHA1ca6d5ffc026f41213d7bf15f792be4bb8240ad5c
SHA2562596b413ed1d14d398011a56522003bd5833c6bff278896d13d61fce48572954
SHA5122e3f94f4858019d92b09f341004232e4a3a07d569c944653a9d5afd75e397dc928109ca21b062a5ac1327d9a765faa446e750940be7dea9dc58dd2f9efb9d5a9
-
Filesize
62KB
MD54eb9585c37dfc32bc93cc245d4439289
SHA120fd943903743d2c311aa8214766719b9b2db9b6
SHA25626e19de06beb54c8b9281f9f52aab0a4640353685c0032713db3ba54926caa6a
SHA512198cb49bd4c31f3e21ca670768bb0eb6d1dddc454dae9f7fdc02eeca3adfaf9fff62aa29724ab0ad0a6ca25608c317601f31720187354f22d65f647d0514a4e3
-
Filesize
90KB
MD55afee71ce13df484a9f06c945cb863c0
SHA19b54c7c7a032f3c93cd1b477f0d8079d85befd02
SHA2568758faecd347fe14c543075c29ed0b746856f3c289633eef431ba21aad33f7a3
SHA512cdc4c44c613200784fd5ac2439b07c13ccef4173301f4e269dba160d51664aa7e89951a3936737825e36d59b796fbe598f88b6525f52990959aadddb5ab83299
-
Filesize
153B
MD565026ee778e1372d9f4aed742772e893
SHA15a5f1c821d7639424f3c75a44468ab5f7dd4e8cc
SHA25615070f52136d5a8332f8d70f790bd7bb04cd6a99b386d40e0abedc40c42caa3c
SHA512589c4a12c6b6ec1a1cca957da758aaa900e68a23b4bc2f42524b0e8dd34f6c5378541d9293eae1ae8d478bf5b5229ce4218c058fc3b399eb5756afeb05c68616
-
Filesize
16KB
MD5ec8e6a76f51fa457ba3587883c5d21d6
SHA1b52e22c66998020a609b70d61e431a2782ddd2dd
SHA2561deaa14dab94391ccd3a60d9c443dfbc45f10ae4aef7918f187fce99f6c4a8f9
SHA5129e2f294df79cd66d6f2bfb43184b7bb71bad22f9b9d21f12b2972c525faca9e395b1038f8fd4911ac2dc044063d21874f0ccaa6c3117252659c570532e73dcb6
-
Filesize
19B
MD5981186aff2ed590cdcb46fbaf11aae4e
SHA14c91c4fdc70692d8d907f97ee4b53c2350e321b9
SHA256e1cd6deaa57d56d3cf61d27200932b33d185798fb69687319f2b7e1323668fa8
SHA512ae21a621a66d5876c34951b093eb8f68ccab3c8b04253961cf9b2b03116c4b7b019dab89de746797019c80e7595d63ce3e642b1e3cf3e88bbd067737325a180e
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD50451e1d00fff8c535d86b8a1d58d1db9
SHA1af969648069fdd71ce2932c21174c5785ecc4bbf
SHA25649be4b7a9101277e1ed68daf361c3894feea226e5abc1a58efdbcd9ae8e98156
SHA51222756e3bd9e5eb669787a1b2651697c516114006fabd5609e20ccf889e7a4de0ff01a0046b647555a865ecaf8cf54238ff6f376b3a9336964988c6a27035c180
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD560a4cf8b6231eb81a34a22e25a818565
SHA1b92e8cf96a9b33f1b82e05fde60888f4cf14513f
SHA25613fc82d016e238bfbfed2364511514b978def7e8cb8b7712ac3787c85b6a62a3
SHA5129298743c96c9fb458823e8e85fbd5079d2291147bef3c9488d4178b32f02c6d79a98529e33f70aebaead90d6686f22bd312272d0a4cfe42132b059fcbd994b82
-
Filesize
108KB
MD5fc666920634645666059738dd8a0035a
SHA1322d9965505463bef9df92b0a9811a9a65bb54e6
SHA256a5231b628c76ca1a589bc434d0cfb0bbacc93e08b21b3ec2bc5afebc768e5084
SHA5125cbc01d2d254f22e62eb62c6d07468d7cc5272184e56bccdb3a83a9bc02168c235e9f1d7f902d9ec65e3f1ae5fb4c62bc25b57817b81cd95f35bf2b2255ea90b
-
Filesize
2KB
MD5aa47aadadb050740eef0e33cb0d256c6
SHA1bd2f47ec3fe199293f86ddf97e0d2ecb1740454a
SHA25619a7d067e86fb2431b02c3e05406ca1491c2119192b3160ab04b49f2cd460e12
SHA5123fa881a33c5e81fddb31c5b9f68526059a40ae22bb1108965fa646d98d999367c66615a8d8190ce56e01cc23f8697e2891e3c07f50ed8e25d551416a1d6b8ad5
-
Filesize
315KB
MD54899aca36d1ed747a447dcac0d101a62
SHA132e43edc0bf3e036683ea8639472e6cd31ab9929
SHA25667a651acd867e046fb4463b31ea584c1468f7243a9d1e2efd34059e8ee2f130f
SHA51250b23dd279a9efba566c6a6523c7537723c0cd6dd3e4871f1cbdb8d5bc355caa3ddea99452b1c8e5356802f812b3768066a9848b93d715bb8bdfa455b704285f