Malware Analysis Report

2025-04-03 14:15

Sample ID 241114-xkveja1mft
Target night-vision-lubos-vonasek.apk
SHA256 f9b7676922ded4108de8d0641551350ca5c4158b0c5736d2d5e8e4afa9e3a67e
Tags
banker collection discovery evasion execution impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

f9b7676922ded4108de8d0641551350ca5c4158b0c5736d2d5e8e4afa9e3a67e

Threat Level: Likely malicious

The file night-vision-lubos-vonasek.apk was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion execution impact persistence

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries account information for other applications stored on the device

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Reads information about phone network operator.

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Schedules tasks to execute at a specified time

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 18:55

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 18:55

Reported

2024-11-14 18:56

Platform

android-x86-arm-20240624-en

Max time kernel

69s

Max time network

72s

Command Line

cm.aptoide.pt

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

cm.aptoide.pt

/system/bin/sh

stat /sbin/su

Network

Country Destination Domain Proto
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
GB 142.250.179.234:443 digitalassetlinks.googleapis.com tcp
GB 142.250.180.10:443 digitalassetlinks.googleapis.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.214.1:443 graph.facebook.com tcp
GB 157.240.214.1:443 graph.facebook.com tcp
GB 157.240.214.1:443 graph.facebook.com tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 1.1.1.1:53 ws75.aptoide.com udp
US 1.1.1.1:53 aptoide-mmp.aptoide.com udp
US 1.1.1.1:53 pnp.aptoide.com udp
IE 34.250.60.121:443 pnp.aptoide.com tcp
US 1.1.1.1:53 data.flurry.com udp
US 1.1.1.1:53 rakam-api.aptoide.com udp
US 1.1.1.1:53 www.google.com udp
NL 37.48.77.165:443 ws75.aptoide.com tcp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 diagnostics.rakam.io udp
NL 37.48.77.165:443 ws75.aptoide.com tcp
NL 37.48.77.165:443 ws75.aptoide.com tcp
US 1.1.1.1:53 aptoide-mmp.aptoide.com udp
IE 52.213.116.0:443 aptoide-mmp.aptoide.com tcp
US 172.67.215.225:443 diagnostics.rakam.io tcp
US 1.1.1.1:53 data.flurry.com udp

Files

/data/data/cm.aptoide.pt/databases/aptoide.db-journal

MD5 db5f3191cae4d983fc8fef990dd27ac8
SHA1 24407eeb8c8d70189ac006628b192e149f6a585b
SHA256 14231fb94b81c57710fbfc7b7ad4159beff89d2264d3d90445893e990c89d9da
SHA512 77aebbb54967ac2b947c067f00f3b6bb825d76d983f3a59aa235089ef2e149bbf8a487771024e0c0deae85137552f8b51abdac6086b7e23384fa68c6b6abfb5b

/data/data/cm.aptoide.pt/databases/aptoide.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/cm.aptoide.pt/databases/aptoide.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/cm.aptoide.pt/databases/aptoide.db-wal

MD5 5107786fb820967511728ad8e6b38b4a
SHA1 d4cfbf937ef9f4ead3fe3c296de7134503bfa791
SHA256 7ca228a3b6dd6d02cd2e07073e89d80fd57c88b42013d4eb0e2ef82f539e18be
SHA512 39ebcc39c8af5413e1dab4d3a023d1d4536a53740bef268fca493439669068cf2810838972019f007b6f9b5b8f1cd2c55b03dd33ea0b138bc213d9c3feab792b

/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-journal

MD5 1f83af372f227e9a7fce45de3c7929c5
SHA1 68643539df4e9d388dcef713c3aec6db8ee96b0a
SHA256 c8065e25b7c439ccf42e9a1b4e8e4aedc0cd2668376ec328f5780a4cda4bedd0
SHA512 6420e5c742a95e4edc74de3ae3bb7dbec847c3ff4ccd905e6ec385f1565b022052594b9f8b1953eb6f1096a86917d4755b6ca2f0b2ada44636f226a1a4d49eb5

/data/data/cm.aptoide.pt/files/.fstreaming/fInProgress/currentFile

MD5 024ab2fc61868102c025a354dd8206a0
SHA1 527c0044d4d0af0b872845a00d304a87eb6a3b81
SHA256 95d4c94b8025e88cc2252956fd3087338fb1ba3c574633ac3bace6dc69ec59de
SHA512 5870b211ca2d1699244db946be0ad66615185587b3b19e922c5becaba437ae0b239e9e9b2791c7be4e84b0e2a9398bb5976d7d23ad2ee5d2470a0de7f1debc6e

/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-wal

MD5 dc29a6c021d7ebcd13cc46134e5f59e5
SHA1 f17306183fe329fb14970242e48cab2fa255a782
SHA256 0bc43d07c98f6a04ac066b48d5f7484cb502663b57ecf2e7556773a6d2f960fa
SHA512 ba7f8d07caa00f4b5d1b28c5b16844e06cdc08fde34af0808d498f83a97036507981ae45e222a047ad417b18a1d392246f76f7bf3a69cc88e66ea9feca23b9c6

/data/data/cm.aptoide.pt/databases/io.rakam.api-journal

MD5 c993ad55b7a6dd5101a47dc8b7c457f4
SHA1 a7fc98fa7f6feac74d999ea66c121962010863f5
SHA256 c69fccc293fcf55760cd97721c5217d8bfc8d7ab8045bf67c922288ae4aa9e0d
SHA512 16f1cd0b12093b2e02a46afda2c9995bcf95d3fe54922264ce3cc250a47122c9a56070b7b2401cb832aabbae42199fb928df19c9ec16a6ca2de0fbf0962dd915

/data/data/cm.aptoide.pt/databases/io.rakam.api

MD5 55cfc645bbff94d3bd68fd9002f74615
SHA1 e0b2a049d178c6f3837c43da6c0accdd2cb662db
SHA256 3f1d79542d39399f078104b3e4c13385e0cea4a22c4f89277822c3e1a7fc1ea7
SHA512 fab7af03f88c5bfadcba0bc930a6a2891082957bfd403fa9c92eb7155c6c6b005e6a44741398f363a88264a72c065ac8aaeb1fb81c0556a16f7bd8c291074508

/data/data/cm.aptoide.pt/databases/io.rakam.api-wal

MD5 291a6be03ba51925e7c9ef45d6a08e3c
SHA1 53b7ba6530bc0dac1081152da9c5d2e9428fb761
SHA256 7d83f159dd68b47f4a209fb3fe646e5ab840b9100346e15bb63ad51222f79b4c
SHA512 e67f63729c3b7a97fd98f7c37dff955dc011624dc85548aed166bb2d0a34b48f32e816eb784ad05605177ce04f7f1dfa093c141ee3cde9a4bbe4db3cc441b6ab

/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-wal

MD5 82dbec8db07cb380d372632b15cc2c05
SHA1 408a1d896e106156830599abda8afaa1108abf7c
SHA256 30870d425586c224dbda695d8f22ee12a10727b3fd8a560801c589d4f240017e
SHA512 1bd38a91b0e0afdd9c0e7c7310e4d20c167c4830b1580c4151656046ddadee3ca02890563e4c251e60a2d0dd2f717c0e708c3f351163f21935fd0e6f5809eead

/data/data/cm.aptoide.pt/databases/aptoide.db-wal

MD5 fd827a4071d181cb3c3750523b8cb673
SHA1 096329e6d82c8ebd20dabf24a2e1479dae2567b1
SHA256 ed38657975d53f892359c143e2ce915a0c4bd70cb3a25b537907521859d0babe
SHA512 1c377c1804bb1c70df8990f437d95bf8caa4e491656da984a4ec087017e4fb75109a79a8d5170d43de4dbbe507234c115b678baffc3c9f9316fb3ce60e0ed43d

/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-wal

MD5 b9e7a6498aa3025155ce849406b50a1b
SHA1 f8ac4a8d02f6262c2bd74ad6a711db17a991dcdc
SHA256 9064d7e1087a782b68158329a558281b845b1cbe617bc935a3163c2f3828de5a
SHA512 8a2933d87a61d4a7b8fff7a1de76cb42bc91acc7f24e887611fdbd5159191b44e4a79318a4bd8f2f3618edfa807818fdab2316d1b057c17cd26222a7f84a71a6

/data/data/cm.aptoide.pt/databases/io.rakam.api-wal

MD5 aa7647e8467d10b8d8ae998a6bea230e
SHA1 ce37b0ce0a6fe3fc0208e8fe872e67a6c423b92c
SHA256 86f9d80f2bb6e43e593095c4bf4d9d7af4fbdbc552f66391858352e264e9a05f
SHA512 f965690c7a954c2e0a38ba6954be51a5683aa360ff87012041dba3098fb71d312c97aed758943b769e2edfd2b602bf9a7a15be22ede47df651a3753cc19022bd

/data/data/cm.aptoide.pt/databases/io.rakam.api

MD5 fdd9b123ac7e738aa513b57f454f519d
SHA1 c244bc860b46a93dc7e241e2ce57bf4ca050fa4c
SHA256 f333fd566466fcdc697f412803d8ffc46e8a400cd048719a744a9bc6b6032a0b
SHA512 a6e6a9b257413f6857c760b628fc17a07cad201d39fc5cf92cef553921fe05dc1ef3f22bc6e7733d8d17b53eb5e12438ff2abba730f6cc8d9b1a141ef93b47c2

/data/data/cm.aptoide.pt/databases/io.rakam.api-wal

MD5 45547e045d94dc457e5a7fe66b8b67c6
SHA1 f43ed930e1cb6f07bdf85ab6690eb08830bdccef
SHA256 a579136de9e8bcf31c0211069d12d1650621831f1f5934c5e374d29bde0e217a
SHA512 80531a92a9400f09789deaa0f59a01b303438e714aebbe4e17987ff1a7f497202d0f70255fffc5998e688813a6138976864250b653a5d9edabe6247dcfd159d2

/data/data/cm.aptoide.pt/databases/io.rakam.api

MD5 3de8f2d3ddab1bd9f86b2231ccdb88bb
SHA1 8e34e93c7f6638ff3754bc09163f4ecddde63725
SHA256 eb341926efae83d2960722ddc87f05d02d70e46550c72af63ecf07bf13ac773b
SHA512 2abdbc18105e11edf2320f9d7e552748c2b2278f77f0425a6ec7ec2f3c509c74b6d1ecd40dd5e1b31d330f34591e57c40bee6866ff76086fcd2d6e77ed3bb13e

/data/data/cm.aptoide.pt/databases/io.rakam.api-wal

MD5 dd527d28bba4c7f71465ec3243cb724d
SHA1 1e1d53e07d8b4f7a3966b77278165d9513817dec
SHA256 1d5941c76a7a0eb1385ba07bc6859f63ffee48d0b492b9080e4a7807e6932b71
SHA512 c88fb27015c6bb38c6cfc620604cdbd50fe06e672d8c388a4e0662f7e9b825c91d59392ea36fa14298554750ccef4aeff9b99e4917c5c6f7cc1fc4308a213b2b

/data/data/cm.aptoide.pt/databases/io.rakam.api

MD5 2f77d6cc51fb01b716b11086ab018421
SHA1 6d18a19928fec9066fc1468e1f2ba51d60d42b88
SHA256 83e96a6f687fffad1f6369a5a960111de1d6a619bebc1e197cd0a51f6c767211
SHA512 f3c9a1a4a30bc56fe7a838f8a721fea66e4b150794df9c2c0d87570980da31c26394c2b1a6a434b49f89a4e8f65cab65819d5b44b4566b50cf3e475358597998

/data/data/cm.aptoide.pt/databases/io.rakam.api-wal

MD5 18b65b9103e841f86eb092d9031ca2df
SHA1 35bd22cbbcbd2d021f8d3c75a074796c2dce6b73
SHA256 fb141c1c8ebbf718d4c6a6f1af7a83b957c1a6ed4fe47c51ec9e420d0a6669bd
SHA512 52955241933385ecd49046f8fcb9fd48277b7bf9fc4a440e71b52854e32c0307bd2ba096f9970420de387e1bf69bded33fe211021ea520c56b7d5213edeacabb

/data/data/cm.aptoide.pt/databases/io.rakam.api

MD5 ff92c5205ce1854526f4126947723bce
SHA1 901ee0f5a026ce79a387a5bb158b8a2f116697df
SHA256 bbea5172672a146f7fcb208e98aa413945fb7cdc9e4656a2c3c3f2f19f9bbf61
SHA512 d0e2c4865f7167656a22a51afdbcf5d9234bdf122440cc12237f4cafbeb9c7618ae331b993bc1c7a58fefa6e6d33a16f8d6c1111f73b35759d3ab5baa9100729

/data/data/cm.aptoide.pt/databases/aptoide.db-wal

MD5 5b09de0f3510ad26bd2e34a61f9055c2
SHA1 d731d39cc031692e80c2024a541ec691160dafd8
SHA256 16f7ae6f9ad80c1d8d0eafad9fae81d92ec80cf546f283ab0820e42e3022cb86
SHA512 b8d47af67347db5729d0c9980ea4a6593a46b1cc441177851576553bd8bb78e1e1f613e32ab29257fe23f118807ba6cee920890d088791c3b829c8c4f38c24d5

/data/data/cm.aptoide.pt/databases/io.rakam.api-wal

MD5 cf570a5706c701829d088f44fa163df0
SHA1 0891ab266cd87513df71351b04bbc1e6318aa97d
SHA256 74c2469cbb7b0d1ea723b0f90c2e22e6a54e77d735f2d2f7ce5ef746162e0408
SHA512 088cb6df49de5331bb70bd0e20bf7c166be67ea717e3cc604953affef847d14574b8923fe1ccd7e566f9d6f88b8981f2d0133bb4284454233a203e19f6def5d2

/data/data/cm.aptoide.pt/databases/io.rakam.api

MD5 09983348d62a2ee1b49a2de6edaec107
SHA1 95dcf4336813d06bd158e516f715f31d6042f70f
SHA256 e2ac3ccb05a1fbcf5c1cd637f4f424ab0a75be3e029cb43b8b9a42f7b1c4ba84
SHA512 5d0bdacde6f60340fae70f7076220758c55fe316301071e288834a2ab3f2487ddd4c07f0ee45d3c2220c61f7f0e41a947d6fb25b92af9a4f8f14267be63f333e

/data/data/cm.aptoide.pt/no_backup/.flurryNoBackup/installationNum

MD5 cd1d8394b1c024ee9fcc2ea441cb74ba
SHA1 6353eafc358febe83fb2dbd2b14791390efe5c0d
SHA256 59a6b62d8cdd1066298c95d902f766d34bdc06b773521e8b071e7b2bf2292f9c
SHA512 a6bb379154ac87afbfd3839928a1e6ef4418177f6d1e8b3c2fcc43f0ae88aa28069f35d842f477c3eef74292c33277f104755027e4eb9c641e108ebb51b428b5

/data/data/cm.aptoide.pt/cache/journal.tmp

MD5 37e8e716e0e2f4a0b05cd9571d95b84d
SHA1 f8d068f6931707bddb8cd69f706f2224ad1fea3c
SHA256 7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca
SHA512 e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

/data/data/cm.aptoide.pt/files/.fstreaming/fInProgress/currentFile

MD5 a94460d249d001f5d4ab86c572561671
SHA1 046f775e40b89c95dd412e8f13483920e33f3cb8
SHA256 6a8aa48dfdb19e8185e44a9a117f097c4f56840bf34321062ff0efc5f0b6a9e9
SHA512 2ea4e72f4fbb06d9fb265d0f0b0326a2c3c8b85340f6229e1afb80bc7275aa4adbd339155556a0c18083e214557feb90788ff0b2b9e194b4e6219cea7c7d22cf

/data/data/cm.aptoide.pt/files/.yflurrydatasenderblock.754e52f1-030b-4ac4-b060-944a32e67811

MD5 eb512ebe629d5e0a9cecf410fe3791e8
SHA1 60884e834319744e652cc7072850c829aaa6fdb3
SHA256 585762c7ce0b003c195d3046f3ebd440ddf05a12ab594bcb18007dac7e01dca7
SHA512 4346cf8ff6937f034cf5ddb6347e79e9de4b2fe500725059bbb46cf1bfa1fda65945b03944695ee365b00e1eb28fedb97f478d419268c0f6c80603d94b38d9ae

/data/data/cm.aptoide.pt/files/.YFlurrySenderIndex.info.AnalyticsData_X89WPPSKWQB2FT6B8F3X_328

MD5 ce0a4de5d1c63039d53ee957a07a7504
SHA1 988194440f2b6792262e9e3f007687af0831166b
SHA256 b6595226feffeb61a8ab3e27aceb6951cdcf12cee2d6944046933106595466b6
SHA512 ea010ec05fd43096f48d26ca126c2f9285eb59eec69308a4d31a1c5c37c32223fb2a84ca51e4ab35b1237638b518cdfaf191cd149d70e767b20dee4fc65e6403

/data/data/cm.aptoide.pt/files/.YFlurrySenderIndex.info.StreamingMain

MD5 2a4a2b7ada5477b8d2757d96b1151356
SHA1 8c0a3be89cb6fc528a1bf511283264eac42fec3b
SHA256 04176f89473d2a441423eb09c9d7d7b522107d606d64c0ee96bd82483a776ea6
SHA512 8c6986fac8e8b94cf3ecb3341c184c281d1d8133cff30994b8d2ed6359d097a929aee49d6ab982d2ab873de2e1c295ff627728c5c6f79d41c89809ad433714d6

/data/data/cm.aptoide.pt/files/AppEventsLogger.persistedevents

MD5 5edbcc776bf1327c65d841ec49e92321
SHA1 824d48e2520a466a85d4c0b9f1a4123ccd397e63
SHA256 729606c305b6162958a824c411e12ba12c61f79143ddb1a1c9ab463a37c690a4
SHA512 570d8fd2fd0ff6678abe3c02007720e50a61941468dd2018fad927357af6edba838db52a1e79318a9cbc8bce8a81da21a50e6ded4cbb0f777af9a5071815ebc5

/data/data/cm.aptoide.pt/cache/journal

MD5 fba833450764296c503fece91b9ca5f7
SHA1 5a116cb785d6d5437a7576cab35c3f2f77fbfdaa
SHA256 35c95dd94c719e2a60b0c064d1f5a7b407f41fcb33d785558b1c6107b291dc6b
SHA512 004b8f61f5750f807eff3a8e4add1f4517422854b94fb227b9eb03c131ea98b91f41bc2003cf596ec26c1b5072e863c81ed716e00242d98efdf76fd2d3cc03f6

/data/data/cm.aptoide.pt/cache/2b90785c9fc1ce4162aed1facb1398df.0.tmp

MD5 c5313a4ec69317fcca083f39f83f992e
SHA1 79c6af2ae117dfda5d35fb0727558c3de1a99f41
SHA256 3140d286d6bb3226681e55a25170187b367d895486ac4aaf856bcaa410049b08
SHA512 dba33afe9e6c28b380145a1bff5a5feadfddbce8be6a53da7b678bc6394acdbebfa4997fa9bc13e2bdfcbcadb3dede89c846ae21ec956d46d0af20fcabd197f7

/data/data/cm.aptoide.pt/cache/2b90785c9fc1ce4162aed1facb1398df.1.tmp

MD5 7a5b1f4f8fb2b60a5ff365cc29b1d580
SHA1 f599cf953bc51c60917359cb43387024902f98ce
SHA256 144ed6780cc5833fb70eb77710f2784bc48f9327ba8564a76a33dc5542bccfc1
SHA512 75e1c2d1b3d8ce38d179fe4747e2dc7f6bdc377b92bc7ed099410a5760ba823af67c90b72d6abf06d6afd6f2a0daab2a5fa71c086347fad861b5b74b4c9f4d8a

/data/data/cm.aptoide.pt/cache/f7803bd24bc4f10874987a9618845803.0.tmp

MD5 cefc3512acd6f1741a7a1de5d0d1d1f9
SHA1 97f27880d21bc1d28df082039deeae4be0076e70
SHA256 5cf4d53c05af8b887045bb127da7e7b2980e928fe6bbf57182a63388dd7839d5
SHA512 f460c4c934215a5c0389731fddfa2600bb7af152ad5da36e97bca79d0f1df0d6a8797f079b932753095fd3be2fa842e39ef26ed31e6f68bccd799c8c86614176

/data/data/cm.aptoide.pt/cache/f7803bd24bc4f10874987a9618845803.1.tmp

MD5 5f7db03bb4d4bfa1feb59a16e63eacfd
SHA1 8d292432a31455e96ca626c7ceb4d7e65d104937
SHA256 07e3e958b494cf81b59bcc9a8a7e56513b5360c384ad6146fda8b053bacabf12
SHA512 8b5b5abb46e829b18b7282205a618143b06554ca68a4c949efc623eae6797f064d8d882717ffae515b3c729edfb53c3c7ad47ad36e15987194727b79155c6004

/data/data/cm.aptoide.pt/files/.fstreaming/fInProgress/currentFile

MD5 7c8db321181189cc7d4a075a5e722d3c
SHA1 3b3e9fd6c25a73375d5ed7514346733f4c5569e8
SHA256 9f2a53b7ac57d4d1aaa1a6c1e5449c6c2550338caa7cc1d1b1015a3756b7b237
SHA512 8f82fa4115fe282882f71f30726d7c0296bc384f4295e4f273a8d5e6bee405df9d04bc7d82199ca8bdc6a85f08f633330c63336d3a6446a90070df09ef3e9a1b

/data/data/cm.aptoide.pt/files/.yflurrydatasenderblock.60c625fe-1b49-413b-9310-28c06cfbdb54

MD5 83b5b2a293121f3483051c02d1b762b7
SHA1 2844d44bad4540c855f81b5f522c9571f82e1934
SHA256 77da78996b0254de2cb1ebcbb5580dce33b4c8e618e5c68d875257a2d175b458
SHA512 0daf42aae1ca66cb2ea66c52c441e322d817072a5b480c6cb405d164c1a0f884efcd67b2da91ee2e4a1af8b0c3973b881c6bc3b43e7553676e6dbec36aa9180d

/data/data/cm.aptoide.pt/files/.YFlurrySenderIndex.info.AnalyticsData_X89WPPSKWQB2FT6B8F3X_328

MD5 fe4a8f05a30006feb3bcdf36d891b5de
SHA1 adbfbc14a03d38602ae90805e6e56727b7080164
SHA256 5b42237cea0c9495b5d046f9e43008d5bf78d4ccaf84c614ca43ddb50a1685a0
SHA512 7c95e97085299f6641b197a19cea1dfd913ffe4a455487fbe3de728fd44dc7d1aa9ab0e4c3f91d9c6a89b59d7c20b18d095f906d2eb23f39ef107fbaaacd9c41

/data/data/cm.aptoide.pt/databases/aptoide.db-wal

MD5 4d3bba7d95fc585503c57d73ec2fa21f
SHA1 52d5b6bac4f44666069b0b0621e06d23a1ec36dd
SHA256 3c8ef6af232e2d83fac0d45e75dbfcc4c383c85d943a74729b671f2b93e22336
SHA512 8f710afd0b5de1afcb630122476519700427e1780366bf01d38f302381fecd5451c1f2740f054fa75318446cd245193666224fa0525583b55cbcd8618686b4dc

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 18:55

Reported

2024-11-14 18:56

Platform

android-x64-20240910-en

Max time kernel

61s

Max time network

76s

Command Line

cm.aptoide.pt

Signatures

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

cm.aptoide.pt

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
US 1.1.1.1:53 graph.facebook.com udp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp

Files

/data/data/cm.aptoide.pt/databases/aptoide.db-journal

MD5 e889a48be1185e4014c6e77d682ed1f3
SHA1 ad9dd6a7ed5d5eca2d3082b5cc42a89869172706
SHA256 480e2878274d4ea5d1cb76a68bca38922febf19ee4c9f0252776061c6abf0764
SHA512 969e05b99225d708799ce075925f8803c43c492678bcb71fb3a78301d94b46b9a0e7d6b50fedb99958e8b4304b0b3179a76ac0afc49c37613344d1bea8d4215b

/data/data/cm.aptoide.pt/files/.fstreaming/fInProgress/currentFile

MD5 6140609cebe2065be388ff59a4dd3796
SHA1 928dcd10152ed30cf25e9995b60de6a27304eb5a
SHA256 7020fd28c6bdd2d9fd0c396b7f8efc225bd7a8617f90e5550592218b0fbfafd5
SHA512 cff4f3b2847f379d996e36311b0fb365b392fe2e290ebdbbceac51e76b861c988a1c0caccdc0dc09da52e07c583579cc7ae76ecdf6929c38f328a2bba4c154c3

/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-journal

MD5 6c4ce7f46cb3cdc70ce3acb8d36d70ad
SHA1 6366bf3cf8f404ddd161d35cfe2ab7728351cd4a
SHA256 afb5fed7650b36425d4f33b464f376073a8ebbe936937544a20c0f2355cd577a
SHA512 91e22a53fa9393e13dffe49d5baa81fb2c0d074f69bdc00eb234e64ec237621fde464332f0ca12e7415403cdf7202c8fd1122050bb3e883f6f6ea501b2c7ec95

/data/data/cm.aptoide.pt/databases/aptoide.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/cm.aptoide.pt/databases/aptoide.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/cm.aptoide.pt/databases/aptoide.db-wal

MD5 856408860baba110c8c6b179a65c864c
SHA1 09a6d815c181ae7ea62c3f277fd41177a139ac8f
SHA256 62776a04089b8ec715436d351a35d1ed88a7bf6618e99c609587714e0c0e2372
SHA512 ca09d95408cd0b8781470205bbad48d3f735b06ec8e62626a6d599b827c1abc9ccb5fbd84ce8afd7cb6e823f105d77ad25bf3023d7783b4485f14a4f2f8faaa8

/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-wal

MD5 68f4c166382fd2e84437312721ec320b
SHA1 bf9c0f44e67fcc1753f4b746dc6ac303a2275d60
SHA256 203f9630e6006a09ab143a973771551ae0e5e8c6ab84124267ad52bb9d0f3363
SHA512 1f045495d6ccbe877dcb3dd1fc04358bd255e14c4a9e33b2889e877ab2c52c1355c13fe601dc42f923b689b4ee814c77cfc6c5c0d72983a28e903c91786edb38

/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-wal

MD5 cf6a425da822602f76bb0a0dd8b5c51e
SHA1 df006506db69038522c81e59de76da069cb8dfbe
SHA256 1fb24c2503b5c7e2bd82c3e4c276adbc0ab6ae55044a2867ce2e20cccd7a6cfa
SHA512 38df214899730d5988e1f0895d7cd0ee69de9bb6905c93d3c205b90c9f60465e4f76beb2c46ce82c576161db3ab78a83785bb9500fa18a2a14c7aa48410cb861

/data/data/cm.aptoide.pt/databases/aptoide.db-wal

MD5 8438f6a4ec50a7968e090ce9d1244eb1
SHA1 d5d685a64981806d992ac7de836bd19d21051fa9
SHA256 659fe828072b8c657d1337cf2436cec28648e1ae524d0e06b6ab7a7741a72661
SHA512 15764282345265c61e2cc0a77ae93fffdeaebfd15667a222cc95c60de6acd45f3d781af4fd8bece1a9483aef2cde47ea4f7f7e0159b8fc04083d7db6006d0988

/data/data/cm.aptoide.pt/no_backup/.flurryNoBackup/installationNum

MD5 603adafa932f5c1dd161d993f0300e72
SHA1 acd5427ba87ec6955b81e2908b51aae67c5f9a6a
SHA256 822d53073cc4585e56fae7704be735abef17d85734a5232e349194231407bcb2
SHA512 767a2f3223773b9866690496820cea1cab80091b7cab8cd795bc9eeadf2fb5c220570ac27521cd38c3df77a262dd8d4b2551bd05b48ceb1f6d7e00b0dfb6fd05

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-14 18:55

Reported

2024-11-14 18:56

Platform

android-x64-arm64-20240624-en

Max time kernel

53s

Max time network

69s

Command Line

cm.aptoide.pt

Signatures

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

cm.aptoide.pt

Network

Country Destination Domain Proto
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
GB 142.250.187.234:443 digitalassetlinks.googleapis.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp

Files

/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-journal

MD5 741eb54445db299734a49254a0d9f8b0
SHA1 1fba177bbdbb5864e8625e4e5159086d4ecce0a9
SHA256 f7a5a92852f673758c9be5b71dfc193bfe63116b57b0ed6ce8ab1dc2baa66aa3
SHA512 43fb763c76786c90cf3edac32b2508c28a9edeef4a7134bccf325ec7faf568cfcd7c6bd06e9fe1566afd83bf90c77650d9c7ccc58129d9fde5fe6b2a67931b86

/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-wal

MD5 93d3f4caa6604450968c67f6392954be
SHA1 96333530d53f32460c39d01f5b6fdbbce7aef486
SHA256 eb0e3aebd65f7d23d47cb37538fb4ac218f4189ca8e95212bba44d940c6b5124
SHA512 cf2bbc751dab4d3bb45a840ed04231ec9ac9eb283803241c2e54faf4925c50fe80bbddd420447b34ed40329ff1660208ccca08510a95101513caf7841c23022f

/data/data/cm.aptoide.pt/databases/aptoide.db-journal

MD5 be35e39f8f4082597c1229b9ebd74587
SHA1 990e2705f1a56ba3b3361789bd7d47b7d6a5e13e
SHA256 1b35703282f3c7e9da40655dc7733160150cabe6ec262d79b1ef2f6df3160630
SHA512 25120590c561b352c046dd60c462968d390550e6b08c5a03189763949f4e728404cecde925d1bc90317f8ed66e46b500a30ae573ff3cf5a2884e35e5f02a07a2

/data/data/cm.aptoide.pt/files/.fstreaming/fInProgress/currentFile

MD5 1887ca16b3e0e0f21ded31bb0b193998
SHA1 453ebbd8e4629b34878887b1449b56c5ff1c4b8b
SHA256 c1bb2c46c8fc45955597779ec6db3de755d1029b8b05dbb784c0bb96f6f93a58
SHA512 874896a6a4ee46edaaf34ad61b910f9f9dde571964c3f7ee71eebfd4e9b1bf1f3849669e406abc698a4999bd106c40588d43eafd0962030860acdee57397e3c0

/data/data/cm.aptoide.pt/databases/aptoide.db-wal

MD5 8f3d34dcda623fc5bd9e14e1073ff218
SHA1 a61cb7c0128afae0ab8409d52787fb1c9f813230
SHA256 c8f681c544eaf2b3ae15bf6b6de36bb148396ee7a2eee27c042a9ff92317258b
SHA512 81368c56bad259ceb52409a2269cadec90953d164e1451e9ebdb23fa875fdf068e8222160069712698221b0e83a8c502a22106982d09b6c7830dce9495837918

/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-wal

MD5 942edd22991ab235d5004bacd8e0490c
SHA1 2a5aa8a07d9a9d167e35c705d1e5e38561d4079e
SHA256 22675085e844be3ac2a4e6f5d5a28f59929f7807346d9b2c538535ed311bc3b0
SHA512 13761cc1dfab33dc3179b4f4b9a726a0a3e58c86d9e4e5f746adc2f706714705a1c18685bbe7518910fa167e960953f4fb24707bf8712d1faaf12e7dca2ef844

/data/data/cm.aptoide.pt/databases/aptoide.db-wal

MD5 63d0d75d95bd06d44aa6df2471cc8d06
SHA1 a91590c2284e658b46016ba69904e23dfb3cf4a9
SHA256 174e7e54fd6bf1ef179aec0cc78fc8bde297ce3436af02f352e9c73ec6227146
SHA512 569db177cccba169a5d630d6cea9e08b5623c0f86e55a4617c1341f71ce9bb982aef59872ec5d39127619ed8e18117f632b922ef74cc3099f5a3ce1f04c9fbf7

/data/data/cm.aptoide.pt/no_backup/.flurryNoBackup/installationNum

MD5 4fbd45d9161d5e514e4cbf31162d5d17
SHA1 2db605fe61f8b29354ed8ce0dfcf20ee5450f287
SHA256 f26738ddac8423a14cece27cc0a92b06fa9b5b810fc93197be135da5647eeed2
SHA512 09fbd9f3c57608fb711ae769f6bfcbdfbea721bd8ab500d7079e91370f52f588e277ad3828b61d017f02069274f8e8c8ff8662dc34afef5aef95d32f056dc7fc