Malware Analysis Report

2025-04-03 14:15

Sample ID 241114-xh539a1md1
Target night-vision-lubos-vonasek.apk
SHA256 f9b7676922ded4108de8d0641551350ca5c4158b0c5736d2d5e8e4afa9e3a67e
Tags
discovery impact
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

f9b7676922ded4108de8d0641551350ca5c4158b0c5736d2d5e8e4afa9e3a67e

Threat Level: Shows suspicious behavior

The file night-vision-lubos-vonasek.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery impact

Requests dangerous framework permissions

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 18:52

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 18:52

Reported

2024-11-14 18:54

Platform

android-33-x64-arm64-20240910-en

Max time kernel

62s

Max time network

112s

Command Line

cm.aptoide.pt

Signatures

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

cm.aptoide.pt

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.214.1:443 graph.facebook.com tcp
GB 157.240.214.1:443 graph.facebook.com tcp
GB 157.240.214.1:443 graph.facebook.com tcp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
GB 142.250.179.234:443 digitalassetlinks.googleapis.com tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 udp
GB 64.233.166.84:443 tcp
GB 142.250.187.228:443 tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 216.58.213.10:443 remoteprovisioning.googleapis.com tcp
GB 142.250.187.228:443 tcp
GB 172.217.16.234:443 remoteprovisioning.googleapis.com tcp
GB 142.250.187.228:443 udp
GB 18.172.153.92:80 www.espn.com tcp
GB 18.172.153.92:80 tcp
GB 18.172.153.92:443 tcp
GB 23.56.238.51:443 tcp
IE 52.51.219.145:443 tcp
GB 23.56.238.51:443 tcp
GB 23.56.238.51:443 tcp
GB 23.56.238.51:443 tcp
GB 88.221.179.63:443 tcp
US 54.227.240.181:443 tcp
GB 104.86.110.146:443 tcp
GB 104.86.110.146:443 tcp
IE 52.51.219.145:443 tcp
GB 23.56.238.56:443 tcp
GB 23.56.238.56:443 tcp
GB 108.138.217.10:443 tcp
GB 18.164.68.48:443 tcp
GB 23.56.238.64:443 tcp
GB 18.164.68.48:443 tcp
GB 23.56.238.64:443 tcp
IE 52.51.219.145:443 udp
GB 23.56.238.73:443 tcp
US 1.1.1.1:53 voilatile-pa.googleapis.com udp
GB 142.250.200.42:443 voilatile-pa.googleapis.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 108.138.217.10:443 udp
GB 142.250.187.195:443 update.googleapis.com tcp
GB 23.56.238.73:443 tcp
GB 108.138.217.21:443 tcp
US 104.18.87.42:443 tcp
GB 142.250.180.2:443 tcp
US 52.200.27.194:443 tcp
GB 142.250.187.202:443 voilatile-pa.googleapis.com tcp
US 104.18.87.42:443 tcp
GB 142.250.178.2:443 tcp
GB 142.250.179.238:443 tcp
GB 18.164.68.48:443 tcp
GB 23.56.238.83:443 tcp
GB 18.245.218.86:443 tcp
GB 18.245.218.86:443 tcp
US 162.159.61.3:443 tcp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
GB 23.56.238.73:443 tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
GB 142.250.187.202:443 voilatile-pa.googleapis.com udp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
GB 88.221.179.63:443 tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 142.250.178.1:443 tcp
US 44.209.107.84:443 tcp
US 35.155.100.224:443 tcp
GB 18.244.140.101:443 tcp
GB 18.244.140.101:443 tcp
GB 18.244.140.101:443 tcp
GB 18.244.140.101:443 tcp
GB 18.244.140.101:443 tcp
GB 18.244.140.101:443 tcp
GB 23.56.238.74:443 tcp
GB 142.250.178.1:443 udp
GB 142.250.178.14:443 udp
US 172.64.155.119:443 tcp
GB 142.250.200.14:443 android.apis.google.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 142.250.187.202:443 voilatile-pa.googleapis.com udp
GB 142.250.178.14:443 tcp
IE 34.243.197.139:443 tcp
GB 216.58.204.65:443 tcp
GB 216.58.204.65:443 tcp
US 172.67.29.206:443 tcp
US 172.67.29.206:443 tcp
US 172.67.29.206:443 tcp
US 172.67.29.206:443 tcp
US 172.67.29.206:443 tcp
US 172.67.29.206:443 tcp
US 104.22.11.83:443 tcp
US 104.22.11.83:443 tcp
GB 142.250.187.232:443 tcp
US 104.22.11.83:443 tcp
US 104.22.11.83:443 tcp
GB 216.58.204.65:443 tcp
GB 216.58.204.65:443 tcp
US 104.22.11.83:443 tcp
US 104.22.11.83:443 tcp
GB 142.250.178.2:443 udp
GB 216.58.213.2:443 tcp
GB 2.21.67.41:443 tcp
GB 216.58.213.2:443 tcp

Files

/data/data/cm.aptoide.pt/files/.fstreaming/fInProgress/currentFile

MD5 11f162caa27a4d385e946d7f1d46fa16
SHA1 f0addfc71ac68ca353bc418989ee63615bee6689
SHA256 980cdc9c039d1666c9ca9113a0f63d74c59abfbf461ce2e3a659eab98009fb82
SHA512 1061ed4159adb7697dfac757dae8fc0161c4ec21770961d40ee66d7dffddcd5ae07bbae54e97a04347b95158c4f83463c5edca40476375f51af3000b4fe08685

/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-journal

MD5 ffd8b2dcda798f5463eba5bb043b21d9
SHA1 e40a30df754fe75b295b7b4dbc369b19b7082026
SHA256 34da996021456fb175bbba1673e6fa9eed22a14a07826fd645d7103978cf8f29
SHA512 90cec6ef19e7831800f0913265336cb6fa68e1c8215dc3bad4bc3c0c11511b3a95bee563058a5f310ece9f3fcb1244e89a3ea5052314a359e18bbb15154c8e36

/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb

MD5 0eb157e1a86d4d00aa601dd2f6ff3ee3
SHA1 fee434f784e73cc7916322e949f727caf8363102
SHA256 b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4
SHA512 b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-wal

MD5 305a1d4c22a988447826319962752a31
SHA1 0972b0550ec94647467dc1566dc27b5627e54ed0
SHA256 5ecd73cc24e61eb75bc22b4f40c3849c26311d7222ac9f32c5d0386e46c0d624
SHA512 06f166e11fd40a80cffbfe9ad3575c4e214509a8cc30417f01797feab78b06f0bc83a564769b35467a33b176c433b875f42a9721d26864a5a1af85b9d363aa98

/data/data/cm.aptoide.pt/databases/aptoide.db-journal

MD5 5ef156551f208b051c02be3e7842f482
SHA1 9015837a39550854d7109050ae817735aafbd31f
SHA256 6dbcd2c00bae12c9ea694b11514aeda632d3c0e9545974b8d54b58bd96c381f0
SHA512 6d72fefeadbfa401a0074c6000e25f0eda2498585c9a21d2c98ec0ed5b89872dd7d8c8230d01afa902e78cafaaf9a14a86279d96922e55ba2b20d69d85415a04

/data/data/cm.aptoide.pt/databases/aptoide.db-wal

MD5 4cd7d050bca391cdbe51edc1fa9b1f00
SHA1 6e94db64420b4abbe60581c701dd2496e90d4edd
SHA256 cc037954a3b43ef3076f50b571caeab8240b7b79b78d34a60956800a9be7e376
SHA512 ac8a0883c3bda6a1337eb6c4893e05cbcbbb2f09fb9d0a605002ffa52f80d75cc09838f717bf4eb04f0c537de84f766d34c297c1ea1ee0234337ef22ad2bb841

/data/data/cm.aptoide.pt/databases/aptoide.db-wal

MD5 63154dee4879b8f3a7b17bdff0f79b8a
SHA1 c51e6c56ff59fb7f7dd9a2a0f3ddda2c35b154f9
SHA256 06dec5e736389930c4ed15216b6b759c7486993250aaa05a1e1db3063dfbf644
SHA512 51c37bd04d8cf3fc8f0042b37b9e04a540d379e9f3bd136a1d10c586fe9c732c085217945b01740fb074b61153f75f2f3c0813dd944449b665b26c80a4aaba3b

/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-wal

MD5 27669b0390f491133b9695a89a4ba510
SHA1 110a079054cb630284350940c719dcfaef83945c
SHA256 8ee7a35780bf7387e89ecc47a2118670b0b5e2307787117bc8f636f24ad0f4ad
SHA512 810eb6050a23d49453bb5ce3d3e1d947bade3ea05dbd6caec76d47baa67dc0f6850cde5cad3d0bd82fb52b47785caf185acc134c4fa34224584a895c4d386afd

/data/data/cm.aptoide.pt/no_backup/.flurryNoBackup/installationNum

MD5 4986a7912d443d9297b1956ca04a4dae
SHA1 fa80d32e304c383df4622cf89c8fd0ea8ea20771
SHA256 2a9debceb9a6e92539f12c1ba68dc5018b1f7298fee1196107a82cbdf2a3eb11
SHA512 903ce6054f0344252ac859965ebda063d76e11a539e70c11135962430a09766c26faa0bce90ae98c9952a5bc2cd692cede4e61bd475e74c9b12882ce3b5cff28