Analysis Overview
SHA256
f9b7676922ded4108de8d0641551350ca5c4158b0c5736d2d5e8e4afa9e3a67e
Threat Level: Shows suspicious behavior
The file night-vision-lubos-vonasek.apk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-14 18:52
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 18:52
Reported
2024-11-14 18:54
Platform
android-33-x64-arm64-20240910-en
Max time kernel
62s
Max time network
112s
Command Line
Signatures
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
cm.aptoide.pt
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | graph.facebook.com | udp |
| GB | 157.240.214.1:443 | graph.facebook.com | tcp |
| GB | 157.240.214.1:443 | graph.facebook.com | tcp |
| GB | 157.240.214.1:443 | graph.facebook.com | tcp |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| GB | 142.250.179.234:443 | digitalassetlinks.googleapis.com | tcp |
| US | 1.1.1.1:53 | rcs-acs-tmo-us.jibe.google.com | udp |
| US | 216.239.36.155:443 | rcs-acs-tmo-us.jibe.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | udp | |
| GB | 64.233.166.84:443 | tcp | |
| GB | 142.250.187.228:443 | tcp | |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| GB | 216.58.213.10:443 | remoteprovisioning.googleapis.com | tcp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 172.217.16.234:443 | remoteprovisioning.googleapis.com | tcp |
| GB | 142.250.187.228:443 | udp | |
| GB | 18.172.153.92:80 | www.espn.com | tcp |
| GB | 18.172.153.92:80 | tcp | |
| GB | 18.172.153.92:443 | tcp | |
| GB | 23.56.238.51:443 | tcp | |
| IE | 52.51.219.145:443 | tcp | |
| GB | 23.56.238.51:443 | tcp | |
| GB | 23.56.238.51:443 | tcp | |
| GB | 23.56.238.51:443 | tcp | |
| GB | 88.221.179.63:443 | tcp | |
| US | 54.227.240.181:443 | tcp | |
| GB | 104.86.110.146:443 | tcp | |
| GB | 104.86.110.146:443 | tcp | |
| IE | 52.51.219.145:443 | tcp | |
| GB | 23.56.238.56:443 | tcp | |
| GB | 23.56.238.56:443 | tcp | |
| GB | 108.138.217.10:443 | tcp | |
| GB | 18.164.68.48:443 | tcp | |
| GB | 23.56.238.64:443 | tcp | |
| GB | 18.164.68.48:443 | tcp | |
| GB | 23.56.238.64:443 | tcp | |
| IE | 52.51.219.145:443 | udp | |
| GB | 23.56.238.73:443 | tcp | |
| US | 1.1.1.1:53 | voilatile-pa.googleapis.com | udp |
| GB | 142.250.200.42:443 | voilatile-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 108.138.217.10:443 | udp | |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| GB | 23.56.238.73:443 | tcp | |
| GB | 108.138.217.21:443 | tcp | |
| US | 104.18.87.42:443 | tcp | |
| GB | 142.250.180.2:443 | tcp | |
| US | 52.200.27.194:443 | tcp | |
| GB | 142.250.187.202:443 | voilatile-pa.googleapis.com | tcp |
| US | 104.18.87.42:443 | tcp | |
| GB | 142.250.178.2:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 18.164.68.48:443 | tcp | |
| GB | 23.56.238.83:443 | tcp | |
| GB | 18.245.218.86:443 | tcp | |
| GB | 18.245.218.86:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| GB | 23.56.238.73:443 | tcp | |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| GB | 142.250.187.202:443 | voilatile-pa.googleapis.com | udp |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 88.221.179.63:443 | tcp | |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 142.250.178.1:443 | tcp | |
| US | 44.209.107.84:443 | tcp | |
| US | 35.155.100.224:443 | tcp | |
| GB | 18.244.140.101:443 | tcp | |
| GB | 18.244.140.101:443 | tcp | |
| GB | 18.244.140.101:443 | tcp | |
| GB | 18.244.140.101:443 | tcp | |
| GB | 18.244.140.101:443 | tcp | |
| GB | 18.244.140.101:443 | tcp | |
| GB | 23.56.238.74:443 | tcp | |
| GB | 142.250.178.1:443 | udp | |
| GB | 142.250.178.14:443 | udp | |
| US | 172.64.155.119:443 | tcp | |
| GB | 142.250.200.14:443 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 142.250.187.202:443 | voilatile-pa.googleapis.com | udp |
| GB | 142.250.178.14:443 | tcp | |
| IE | 34.243.197.139:443 | tcp | |
| GB | 216.58.204.65:443 | tcp | |
| GB | 216.58.204.65:443 | tcp | |
| US | 172.67.29.206:443 | tcp | |
| US | 172.67.29.206:443 | tcp | |
| US | 172.67.29.206:443 | tcp | |
| US | 172.67.29.206:443 | tcp | |
| US | 172.67.29.206:443 | tcp | |
| US | 172.67.29.206:443 | tcp | |
| US | 104.22.11.83:443 | tcp | |
| US | 104.22.11.83:443 | tcp | |
| GB | 142.250.187.232:443 | tcp | |
| US | 104.22.11.83:443 | tcp | |
| US | 104.22.11.83:443 | tcp | |
| GB | 216.58.204.65:443 | tcp | |
| GB | 216.58.204.65:443 | tcp | |
| US | 104.22.11.83:443 | tcp | |
| US | 104.22.11.83:443 | tcp | |
| GB | 142.250.178.2:443 | udp | |
| GB | 216.58.213.2:443 | tcp | |
| GB | 2.21.67.41:443 | tcp | |
| GB | 216.58.213.2:443 | tcp |
Files
/data/data/cm.aptoide.pt/files/.fstreaming/fInProgress/currentFile
| MD5 | 11f162caa27a4d385e946d7f1d46fa16 |
| SHA1 | f0addfc71ac68ca353bc418989ee63615bee6689 |
| SHA256 | 980cdc9c039d1666c9ca9113a0f63d74c59abfbf461ce2e3a659eab98009fb82 |
| SHA512 | 1061ed4159adb7697dfac757dae8fc0161c4ec21770961d40ee66d7dffddcd5ae07bbae54e97a04347b95158c4f83463c5edca40476375f51af3000b4fe08685 |
/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-journal
| MD5 | ffd8b2dcda798f5463eba5bb043b21d9 |
| SHA1 | e40a30df754fe75b295b7b4dbc369b19b7082026 |
| SHA256 | 34da996021456fb175bbba1673e6fa9eed22a14a07826fd645d7103978cf8f29 |
| SHA512 | 90cec6ef19e7831800f0913265336cb6fa68e1c8215dc3bad4bc3c0c11511b3a95bee563058a5f310ece9f3fcb1244e89a3ea5052314a359e18bbb15154c8e36 |
/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb
| MD5 | 0eb157e1a86d4d00aa601dd2f6ff3ee3 |
| SHA1 | fee434f784e73cc7916322e949f727caf8363102 |
| SHA256 | b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4 |
| SHA512 | b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8 |
/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-wal
| MD5 | 305a1d4c22a988447826319962752a31 |
| SHA1 | 0972b0550ec94647467dc1566dc27b5627e54ed0 |
| SHA256 | 5ecd73cc24e61eb75bc22b4f40c3849c26311d7222ac9f32c5d0386e46c0d624 |
| SHA512 | 06f166e11fd40a80cffbfe9ad3575c4e214509a8cc30417f01797feab78b06f0bc83a564769b35467a33b176c433b875f42a9721d26864a5a1af85b9d363aa98 |
/data/data/cm.aptoide.pt/databases/aptoide.db-journal
| MD5 | 5ef156551f208b051c02be3e7842f482 |
| SHA1 | 9015837a39550854d7109050ae817735aafbd31f |
| SHA256 | 6dbcd2c00bae12c9ea694b11514aeda632d3c0e9545974b8d54b58bd96c381f0 |
| SHA512 | 6d72fefeadbfa401a0074c6000e25f0eda2498585c9a21d2c98ec0ed5b89872dd7d8c8230d01afa902e78cafaaf9a14a86279d96922e55ba2b20d69d85415a04 |
/data/data/cm.aptoide.pt/databases/aptoide.db-wal
| MD5 | 4cd7d050bca391cdbe51edc1fa9b1f00 |
| SHA1 | 6e94db64420b4abbe60581c701dd2496e90d4edd |
| SHA256 | cc037954a3b43ef3076f50b571caeab8240b7b79b78d34a60956800a9be7e376 |
| SHA512 | ac8a0883c3bda6a1337eb6c4893e05cbcbbb2f09fb9d0a605002ffa52f80d75cc09838f717bf4eb04f0c537de84f766d34c297c1ea1ee0234337ef22ad2bb841 |
/data/data/cm.aptoide.pt/databases/aptoide.db-wal
| MD5 | 63154dee4879b8f3a7b17bdff0f79b8a |
| SHA1 | c51e6c56ff59fb7f7dd9a2a0f3ddda2c35b154f9 |
| SHA256 | 06dec5e736389930c4ed15216b6b759c7486993250aaa05a1e1db3063dfbf644 |
| SHA512 | 51c37bd04d8cf3fc8f0042b37b9e04a540d379e9f3bd136a1d10c586fe9c732c085217945b01740fb074b61153f75f2f3c0813dd944449b665b26c80a4aaba3b |
/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-wal
| MD5 | 27669b0390f491133b9695a89a4ba510 |
| SHA1 | 110a079054cb630284350940c719dcfaef83945c |
| SHA256 | 8ee7a35780bf7387e89ecc47a2118670b0b5e2307787117bc8f636f24ad0f4ad |
| SHA512 | 810eb6050a23d49453bb5ce3d3e1d947bade3ea05dbd6caec76d47baa67dc0f6850cde5cad3d0bd82fb52b47785caf185acc134c4fa34224584a895c4d386afd |
/data/data/cm.aptoide.pt/no_backup/.flurryNoBackup/installationNum
| MD5 | 4986a7912d443d9297b1956ca04a4dae |
| SHA1 | fa80d32e304c383df4622cf89c8fd0ea8ea20771 |
| SHA256 | 2a9debceb9a6e92539f12c1ba68dc5018b1f7298fee1196107a82cbdf2a3eb11 |
| SHA512 | 903ce6054f0344252ac859965ebda063d76e11a539e70c11135962430a09766c26faa0bce90ae98c9952a5bc2cd692cede4e61bd475e74c9b12882ce3b5cff28 |