Analysis Overview
SHA256
f9b7676922ded4108de8d0641551350ca5c4158b0c5736d2d5e8e4afa9e3a67e
Threat Level: Likely malicious
The file night-vision-lubos-vonasek.apk was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries account information for other applications stored on the device
Requests dangerous framework permissions
Queries the mobile country code (MCC)
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Schedules tasks to execute at a specified time
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-14 18:55
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 18:55
Reported
2024-11-14 18:56
Platform
android-x86-arm-20240624-en
Max time kernel
69s
Max time network
72s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /sbin/su | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries account information for other applications stored on the device
| Description | Indicator | Process | Target |
| Framework service call | android.accounts.IAccountManager.getAccountsAsUser | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
cm.aptoide.pt
/system/bin/sh
stat /sbin/su
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| GB | 142.250.179.234:443 | digitalassetlinks.googleapis.com | tcp |
| GB | 142.250.180.10:443 | digitalassetlinks.googleapis.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | graph.facebook.com | udp |
| GB | 157.240.214.1:443 | graph.facebook.com | tcp |
| GB | 157.240.214.1:443 | graph.facebook.com | tcp |
| GB | 157.240.214.1:443 | graph.facebook.com | tcp |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ws75.aptoide.com | udp |
| US | 1.1.1.1:53 | aptoide-mmp.aptoide.com | udp |
| US | 1.1.1.1:53 | pnp.aptoide.com | udp |
| IE | 34.250.60.121:443 | pnp.aptoide.com | tcp |
| US | 1.1.1.1:53 | data.flurry.com | udp |
| US | 1.1.1.1:53 | rakam-api.aptoide.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| NL | 37.48.77.165:443 | ws75.aptoide.com | tcp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | diagnostics.rakam.io | udp |
| NL | 37.48.77.165:443 | ws75.aptoide.com | tcp |
| NL | 37.48.77.165:443 | ws75.aptoide.com | tcp |
| US | 1.1.1.1:53 | aptoide-mmp.aptoide.com | udp |
| IE | 52.213.116.0:443 | aptoide-mmp.aptoide.com | tcp |
| US | 172.67.215.225:443 | diagnostics.rakam.io | tcp |
| US | 1.1.1.1:53 | data.flurry.com | udp |
Files
/data/data/cm.aptoide.pt/databases/aptoide.db-journal
| MD5 | db5f3191cae4d983fc8fef990dd27ac8 |
| SHA1 | 24407eeb8c8d70189ac006628b192e149f6a585b |
| SHA256 | 14231fb94b81c57710fbfc7b7ad4159beff89d2264d3d90445893e990c89d9da |
| SHA512 | 77aebbb54967ac2b947c067f00f3b6bb825d76d983f3a59aa235089ef2e149bbf8a487771024e0c0deae85137552f8b51abdac6086b7e23384fa68c6b6abfb5b |
/data/data/cm.aptoide.pt/databases/aptoide.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/cm.aptoide.pt/databases/aptoide.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/cm.aptoide.pt/databases/aptoide.db-wal
| MD5 | 5107786fb820967511728ad8e6b38b4a |
| SHA1 | d4cfbf937ef9f4ead3fe3c296de7134503bfa791 |
| SHA256 | 7ca228a3b6dd6d02cd2e07073e89d80fd57c88b42013d4eb0e2ef82f539e18be |
| SHA512 | 39ebcc39c8af5413e1dab4d3a023d1d4536a53740bef268fca493439669068cf2810838972019f007b6f9b5b8f1cd2c55b03dd33ea0b138bc213d9c3feab792b |
/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-journal
| MD5 | 1f83af372f227e9a7fce45de3c7929c5 |
| SHA1 | 68643539df4e9d388dcef713c3aec6db8ee96b0a |
| SHA256 | c8065e25b7c439ccf42e9a1b4e8e4aedc0cd2668376ec328f5780a4cda4bedd0 |
| SHA512 | 6420e5c742a95e4edc74de3ae3bb7dbec847c3ff4ccd905e6ec385f1565b022052594b9f8b1953eb6f1096a86917d4755b6ca2f0b2ada44636f226a1a4d49eb5 |
/data/data/cm.aptoide.pt/files/.fstreaming/fInProgress/currentFile
| MD5 | 024ab2fc61868102c025a354dd8206a0 |
| SHA1 | 527c0044d4d0af0b872845a00d304a87eb6a3b81 |
| SHA256 | 95d4c94b8025e88cc2252956fd3087338fb1ba3c574633ac3bace6dc69ec59de |
| SHA512 | 5870b211ca2d1699244db946be0ad66615185587b3b19e922c5becaba437ae0b239e9e9b2791c7be4e84b0e2a9398bb5976d7d23ad2ee5d2470a0de7f1debc6e |
/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-wal
| MD5 | dc29a6c021d7ebcd13cc46134e5f59e5 |
| SHA1 | f17306183fe329fb14970242e48cab2fa255a782 |
| SHA256 | 0bc43d07c98f6a04ac066b48d5f7484cb502663b57ecf2e7556773a6d2f960fa |
| SHA512 | ba7f8d07caa00f4b5d1b28c5b16844e06cdc08fde34af0808d498f83a97036507981ae45e222a047ad417b18a1d392246f76f7bf3a69cc88e66ea9feca23b9c6 |
/data/data/cm.aptoide.pt/databases/io.rakam.api-journal
| MD5 | c993ad55b7a6dd5101a47dc8b7c457f4 |
| SHA1 | a7fc98fa7f6feac74d999ea66c121962010863f5 |
| SHA256 | c69fccc293fcf55760cd97721c5217d8bfc8d7ab8045bf67c922288ae4aa9e0d |
| SHA512 | 16f1cd0b12093b2e02a46afda2c9995bcf95d3fe54922264ce3cc250a47122c9a56070b7b2401cb832aabbae42199fb928df19c9ec16a6ca2de0fbf0962dd915 |
/data/data/cm.aptoide.pt/databases/io.rakam.api
| MD5 | 55cfc645bbff94d3bd68fd9002f74615 |
| SHA1 | e0b2a049d178c6f3837c43da6c0accdd2cb662db |
| SHA256 | 3f1d79542d39399f078104b3e4c13385e0cea4a22c4f89277822c3e1a7fc1ea7 |
| SHA512 | fab7af03f88c5bfadcba0bc930a6a2891082957bfd403fa9c92eb7155c6c6b005e6a44741398f363a88264a72c065ac8aaeb1fb81c0556a16f7bd8c291074508 |
/data/data/cm.aptoide.pt/databases/io.rakam.api-wal
| MD5 | 291a6be03ba51925e7c9ef45d6a08e3c |
| SHA1 | 53b7ba6530bc0dac1081152da9c5d2e9428fb761 |
| SHA256 | 7d83f159dd68b47f4a209fb3fe646e5ab840b9100346e15bb63ad51222f79b4c |
| SHA512 | e67f63729c3b7a97fd98f7c37dff955dc011624dc85548aed166bb2d0a34b48f32e816eb784ad05605177ce04f7f1dfa093c141ee3cde9a4bbe4db3cc441b6ab |
/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-wal
| MD5 | 82dbec8db07cb380d372632b15cc2c05 |
| SHA1 | 408a1d896e106156830599abda8afaa1108abf7c |
| SHA256 | 30870d425586c224dbda695d8f22ee12a10727b3fd8a560801c589d4f240017e |
| SHA512 | 1bd38a91b0e0afdd9c0e7c7310e4d20c167c4830b1580c4151656046ddadee3ca02890563e4c251e60a2d0dd2f717c0e708c3f351163f21935fd0e6f5809eead |
/data/data/cm.aptoide.pt/databases/aptoide.db-wal
| MD5 | fd827a4071d181cb3c3750523b8cb673 |
| SHA1 | 096329e6d82c8ebd20dabf24a2e1479dae2567b1 |
| SHA256 | ed38657975d53f892359c143e2ce915a0c4bd70cb3a25b537907521859d0babe |
| SHA512 | 1c377c1804bb1c70df8990f437d95bf8caa4e491656da984a4ec087017e4fb75109a79a8d5170d43de4dbbe507234c115b678baffc3c9f9316fb3ce60e0ed43d |
/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-wal
| MD5 | b9e7a6498aa3025155ce849406b50a1b |
| SHA1 | f8ac4a8d02f6262c2bd74ad6a711db17a991dcdc |
| SHA256 | 9064d7e1087a782b68158329a558281b845b1cbe617bc935a3163c2f3828de5a |
| SHA512 | 8a2933d87a61d4a7b8fff7a1de76cb42bc91acc7f24e887611fdbd5159191b44e4a79318a4bd8f2f3618edfa807818fdab2316d1b057c17cd26222a7f84a71a6 |
/data/data/cm.aptoide.pt/databases/io.rakam.api-wal
| MD5 | aa7647e8467d10b8d8ae998a6bea230e |
| SHA1 | ce37b0ce0a6fe3fc0208e8fe872e67a6c423b92c |
| SHA256 | 86f9d80f2bb6e43e593095c4bf4d9d7af4fbdbc552f66391858352e264e9a05f |
| SHA512 | f965690c7a954c2e0a38ba6954be51a5683aa360ff87012041dba3098fb71d312c97aed758943b769e2edfd2b602bf9a7a15be22ede47df651a3753cc19022bd |
/data/data/cm.aptoide.pt/databases/io.rakam.api
| MD5 | fdd9b123ac7e738aa513b57f454f519d |
| SHA1 | c244bc860b46a93dc7e241e2ce57bf4ca050fa4c |
| SHA256 | f333fd566466fcdc697f412803d8ffc46e8a400cd048719a744a9bc6b6032a0b |
| SHA512 | a6e6a9b257413f6857c760b628fc17a07cad201d39fc5cf92cef553921fe05dc1ef3f22bc6e7733d8d17b53eb5e12438ff2abba730f6cc8d9b1a141ef93b47c2 |
/data/data/cm.aptoide.pt/databases/io.rakam.api-wal
| MD5 | 45547e045d94dc457e5a7fe66b8b67c6 |
| SHA1 | f43ed930e1cb6f07bdf85ab6690eb08830bdccef |
| SHA256 | a579136de9e8bcf31c0211069d12d1650621831f1f5934c5e374d29bde0e217a |
| SHA512 | 80531a92a9400f09789deaa0f59a01b303438e714aebbe4e17987ff1a7f497202d0f70255fffc5998e688813a6138976864250b653a5d9edabe6247dcfd159d2 |
/data/data/cm.aptoide.pt/databases/io.rakam.api
| MD5 | 3de8f2d3ddab1bd9f86b2231ccdb88bb |
| SHA1 | 8e34e93c7f6638ff3754bc09163f4ecddde63725 |
| SHA256 | eb341926efae83d2960722ddc87f05d02d70e46550c72af63ecf07bf13ac773b |
| SHA512 | 2abdbc18105e11edf2320f9d7e552748c2b2278f77f0425a6ec7ec2f3c509c74b6d1ecd40dd5e1b31d330f34591e57c40bee6866ff76086fcd2d6e77ed3bb13e |
/data/data/cm.aptoide.pt/databases/io.rakam.api-wal
| MD5 | dd527d28bba4c7f71465ec3243cb724d |
| SHA1 | 1e1d53e07d8b4f7a3966b77278165d9513817dec |
| SHA256 | 1d5941c76a7a0eb1385ba07bc6859f63ffee48d0b492b9080e4a7807e6932b71 |
| SHA512 | c88fb27015c6bb38c6cfc620604cdbd50fe06e672d8c388a4e0662f7e9b825c91d59392ea36fa14298554750ccef4aeff9b99e4917c5c6f7cc1fc4308a213b2b |
/data/data/cm.aptoide.pt/databases/io.rakam.api
| MD5 | 2f77d6cc51fb01b716b11086ab018421 |
| SHA1 | 6d18a19928fec9066fc1468e1f2ba51d60d42b88 |
| SHA256 | 83e96a6f687fffad1f6369a5a960111de1d6a619bebc1e197cd0a51f6c767211 |
| SHA512 | f3c9a1a4a30bc56fe7a838f8a721fea66e4b150794df9c2c0d87570980da31c26394c2b1a6a434b49f89a4e8f65cab65819d5b44b4566b50cf3e475358597998 |
/data/data/cm.aptoide.pt/databases/io.rakam.api-wal
| MD5 | 18b65b9103e841f86eb092d9031ca2df |
| SHA1 | 35bd22cbbcbd2d021f8d3c75a074796c2dce6b73 |
| SHA256 | fb141c1c8ebbf718d4c6a6f1af7a83b957c1a6ed4fe47c51ec9e420d0a6669bd |
| SHA512 | 52955241933385ecd49046f8fcb9fd48277b7bf9fc4a440e71b52854e32c0307bd2ba096f9970420de387e1bf69bded33fe211021ea520c56b7d5213edeacabb |
/data/data/cm.aptoide.pt/databases/io.rakam.api
| MD5 | ff92c5205ce1854526f4126947723bce |
| SHA1 | 901ee0f5a026ce79a387a5bb158b8a2f116697df |
| SHA256 | bbea5172672a146f7fcb208e98aa413945fb7cdc9e4656a2c3c3f2f19f9bbf61 |
| SHA512 | d0e2c4865f7167656a22a51afdbcf5d9234bdf122440cc12237f4cafbeb9c7618ae331b993bc1c7a58fefa6e6d33a16f8d6c1111f73b35759d3ab5baa9100729 |
/data/data/cm.aptoide.pt/databases/aptoide.db-wal
| MD5 | 5b09de0f3510ad26bd2e34a61f9055c2 |
| SHA1 | d731d39cc031692e80c2024a541ec691160dafd8 |
| SHA256 | 16f7ae6f9ad80c1d8d0eafad9fae81d92ec80cf546f283ab0820e42e3022cb86 |
| SHA512 | b8d47af67347db5729d0c9980ea4a6593a46b1cc441177851576553bd8bb78e1e1f613e32ab29257fe23f118807ba6cee920890d088791c3b829c8c4f38c24d5 |
/data/data/cm.aptoide.pt/databases/io.rakam.api-wal
| MD5 | cf570a5706c701829d088f44fa163df0 |
| SHA1 | 0891ab266cd87513df71351b04bbc1e6318aa97d |
| SHA256 | 74c2469cbb7b0d1ea723b0f90c2e22e6a54e77d735f2d2f7ce5ef746162e0408 |
| SHA512 | 088cb6df49de5331bb70bd0e20bf7c166be67ea717e3cc604953affef847d14574b8923fe1ccd7e566f9d6f88b8981f2d0133bb4284454233a203e19f6def5d2 |
/data/data/cm.aptoide.pt/databases/io.rakam.api
| MD5 | 09983348d62a2ee1b49a2de6edaec107 |
| SHA1 | 95dcf4336813d06bd158e516f715f31d6042f70f |
| SHA256 | e2ac3ccb05a1fbcf5c1cd637f4f424ab0a75be3e029cb43b8b9a42f7b1c4ba84 |
| SHA512 | 5d0bdacde6f60340fae70f7076220758c55fe316301071e288834a2ab3f2487ddd4c07f0ee45d3c2220c61f7f0e41a947d6fb25b92af9a4f8f14267be63f333e |
/data/data/cm.aptoide.pt/no_backup/.flurryNoBackup/installationNum
| MD5 | cd1d8394b1c024ee9fcc2ea441cb74ba |
| SHA1 | 6353eafc358febe83fb2dbd2b14791390efe5c0d |
| SHA256 | 59a6b62d8cdd1066298c95d902f766d34bdc06b773521e8b071e7b2bf2292f9c |
| SHA512 | a6bb379154ac87afbfd3839928a1e6ef4418177f6d1e8b3c2fcc43f0ae88aa28069f35d842f477c3eef74292c33277f104755027e4eb9c641e108ebb51b428b5 |
/data/data/cm.aptoide.pt/cache/journal.tmp
| MD5 | 37e8e716e0e2f4a0b05cd9571d95b84d |
| SHA1 | f8d068f6931707bddb8cd69f706f2224ad1fea3c |
| SHA256 | 7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca |
| SHA512 | e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6 |
/data/data/cm.aptoide.pt/files/.fstreaming/fInProgress/currentFile
| MD5 | a94460d249d001f5d4ab86c572561671 |
| SHA1 | 046f775e40b89c95dd412e8f13483920e33f3cb8 |
| SHA256 | 6a8aa48dfdb19e8185e44a9a117f097c4f56840bf34321062ff0efc5f0b6a9e9 |
| SHA512 | 2ea4e72f4fbb06d9fb265d0f0b0326a2c3c8b85340f6229e1afb80bc7275aa4adbd339155556a0c18083e214557feb90788ff0b2b9e194b4e6219cea7c7d22cf |
/data/data/cm.aptoide.pt/files/.yflurrydatasenderblock.754e52f1-030b-4ac4-b060-944a32e67811
| MD5 | eb512ebe629d5e0a9cecf410fe3791e8 |
| SHA1 | 60884e834319744e652cc7072850c829aaa6fdb3 |
| SHA256 | 585762c7ce0b003c195d3046f3ebd440ddf05a12ab594bcb18007dac7e01dca7 |
| SHA512 | 4346cf8ff6937f034cf5ddb6347e79e9de4b2fe500725059bbb46cf1bfa1fda65945b03944695ee365b00e1eb28fedb97f478d419268c0f6c80603d94b38d9ae |
/data/data/cm.aptoide.pt/files/.YFlurrySenderIndex.info.AnalyticsData_X89WPPSKWQB2FT6B8F3X_328
| MD5 | ce0a4de5d1c63039d53ee957a07a7504 |
| SHA1 | 988194440f2b6792262e9e3f007687af0831166b |
| SHA256 | b6595226feffeb61a8ab3e27aceb6951cdcf12cee2d6944046933106595466b6 |
| SHA512 | ea010ec05fd43096f48d26ca126c2f9285eb59eec69308a4d31a1c5c37c32223fb2a84ca51e4ab35b1237638b518cdfaf191cd149d70e767b20dee4fc65e6403 |
/data/data/cm.aptoide.pt/files/.YFlurrySenderIndex.info.StreamingMain
| MD5 | 2a4a2b7ada5477b8d2757d96b1151356 |
| SHA1 | 8c0a3be89cb6fc528a1bf511283264eac42fec3b |
| SHA256 | 04176f89473d2a441423eb09c9d7d7b522107d606d64c0ee96bd82483a776ea6 |
| SHA512 | 8c6986fac8e8b94cf3ecb3341c184c281d1d8133cff30994b8d2ed6359d097a929aee49d6ab982d2ab873de2e1c295ff627728c5c6f79d41c89809ad433714d6 |
/data/data/cm.aptoide.pt/files/AppEventsLogger.persistedevents
| MD5 | 5edbcc776bf1327c65d841ec49e92321 |
| SHA1 | 824d48e2520a466a85d4c0b9f1a4123ccd397e63 |
| SHA256 | 729606c305b6162958a824c411e12ba12c61f79143ddb1a1c9ab463a37c690a4 |
| SHA512 | 570d8fd2fd0ff6678abe3c02007720e50a61941468dd2018fad927357af6edba838db52a1e79318a9cbc8bce8a81da21a50e6ded4cbb0f777af9a5071815ebc5 |
/data/data/cm.aptoide.pt/cache/journal
| MD5 | fba833450764296c503fece91b9ca5f7 |
| SHA1 | 5a116cb785d6d5437a7576cab35c3f2f77fbfdaa |
| SHA256 | 35c95dd94c719e2a60b0c064d1f5a7b407f41fcb33d785558b1c6107b291dc6b |
| SHA512 | 004b8f61f5750f807eff3a8e4add1f4517422854b94fb227b9eb03c131ea98b91f41bc2003cf596ec26c1b5072e863c81ed716e00242d98efdf76fd2d3cc03f6 |
/data/data/cm.aptoide.pt/cache/2b90785c9fc1ce4162aed1facb1398df.0.tmp
| MD5 | c5313a4ec69317fcca083f39f83f992e |
| SHA1 | 79c6af2ae117dfda5d35fb0727558c3de1a99f41 |
| SHA256 | 3140d286d6bb3226681e55a25170187b367d895486ac4aaf856bcaa410049b08 |
| SHA512 | dba33afe9e6c28b380145a1bff5a5feadfddbce8be6a53da7b678bc6394acdbebfa4997fa9bc13e2bdfcbcadb3dede89c846ae21ec956d46d0af20fcabd197f7 |
/data/data/cm.aptoide.pt/cache/2b90785c9fc1ce4162aed1facb1398df.1.tmp
| MD5 | 7a5b1f4f8fb2b60a5ff365cc29b1d580 |
| SHA1 | f599cf953bc51c60917359cb43387024902f98ce |
| SHA256 | 144ed6780cc5833fb70eb77710f2784bc48f9327ba8564a76a33dc5542bccfc1 |
| SHA512 | 75e1c2d1b3d8ce38d179fe4747e2dc7f6bdc377b92bc7ed099410a5760ba823af67c90b72d6abf06d6afd6f2a0daab2a5fa71c086347fad861b5b74b4c9f4d8a |
/data/data/cm.aptoide.pt/cache/f7803bd24bc4f10874987a9618845803.0.tmp
| MD5 | cefc3512acd6f1741a7a1de5d0d1d1f9 |
| SHA1 | 97f27880d21bc1d28df082039deeae4be0076e70 |
| SHA256 | 5cf4d53c05af8b887045bb127da7e7b2980e928fe6bbf57182a63388dd7839d5 |
| SHA512 | f460c4c934215a5c0389731fddfa2600bb7af152ad5da36e97bca79d0f1df0d6a8797f079b932753095fd3be2fa842e39ef26ed31e6f68bccd799c8c86614176 |
/data/data/cm.aptoide.pt/cache/f7803bd24bc4f10874987a9618845803.1.tmp
| MD5 | 5f7db03bb4d4bfa1feb59a16e63eacfd |
| SHA1 | 8d292432a31455e96ca626c7ceb4d7e65d104937 |
| SHA256 | 07e3e958b494cf81b59bcc9a8a7e56513b5360c384ad6146fda8b053bacabf12 |
| SHA512 | 8b5b5abb46e829b18b7282205a618143b06554ca68a4c949efc623eae6797f064d8d882717ffae515b3c729edfb53c3c7ad47ad36e15987194727b79155c6004 |
/data/data/cm.aptoide.pt/files/.fstreaming/fInProgress/currentFile
| MD5 | 7c8db321181189cc7d4a075a5e722d3c |
| SHA1 | 3b3e9fd6c25a73375d5ed7514346733f4c5569e8 |
| SHA256 | 9f2a53b7ac57d4d1aaa1a6c1e5449c6c2550338caa7cc1d1b1015a3756b7b237 |
| SHA512 | 8f82fa4115fe282882f71f30726d7c0296bc384f4295e4f273a8d5e6bee405df9d04bc7d82199ca8bdc6a85f08f633330c63336d3a6446a90070df09ef3e9a1b |
/data/data/cm.aptoide.pt/files/.yflurrydatasenderblock.60c625fe-1b49-413b-9310-28c06cfbdb54
| MD5 | 83b5b2a293121f3483051c02d1b762b7 |
| SHA1 | 2844d44bad4540c855f81b5f522c9571f82e1934 |
| SHA256 | 77da78996b0254de2cb1ebcbb5580dce33b4c8e618e5c68d875257a2d175b458 |
| SHA512 | 0daf42aae1ca66cb2ea66c52c441e322d817072a5b480c6cb405d164c1a0f884efcd67b2da91ee2e4a1af8b0c3973b881c6bc3b43e7553676e6dbec36aa9180d |
/data/data/cm.aptoide.pt/files/.YFlurrySenderIndex.info.AnalyticsData_X89WPPSKWQB2FT6B8F3X_328
| MD5 | fe4a8f05a30006feb3bcdf36d891b5de |
| SHA1 | adbfbc14a03d38602ae90805e6e56727b7080164 |
| SHA256 | 5b42237cea0c9495b5d046f9e43008d5bf78d4ccaf84c614ca43ddb50a1685a0 |
| SHA512 | 7c95e97085299f6641b197a19cea1dfd913ffe4a455487fbe3de728fd44dc7d1aa9ab0e4c3f91d9c6a89b59d7c20b18d095f906d2eb23f39ef107fbaaacd9c41 |
/data/data/cm.aptoide.pt/databases/aptoide.db-wal
| MD5 | 4d3bba7d95fc585503c57d73ec2fa21f |
| SHA1 | 52d5b6bac4f44666069b0b0621e06d23a1ec36dd |
| SHA256 | 3c8ef6af232e2d83fac0d45e75dbfcc4c383c85d943a74729b671f2b93e22336 |
| SHA512 | 8f710afd0b5de1afcb630122476519700427e1780366bf01d38f302381fecd5451c1f2740f054fa75318446cd245193666224fa0525583b55cbcd8618686b4dc |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-14 18:55
Reported
2024-11-14 18:56
Platform
android-x64-20240910-en
Max time kernel
61s
Max time network
76s
Command Line
Signatures
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
cm.aptoide.pt
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| US | 1.1.1.1:53 | graph.facebook.com | udp |
| GB | 163.70.147.22:443 | graph.facebook.com | tcp |
| GB | 163.70.147.22:443 | graph.facebook.com | tcp |
| GB | 163.70.147.22:443 | graph.facebook.com | tcp |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
Files
/data/data/cm.aptoide.pt/databases/aptoide.db-journal
| MD5 | e889a48be1185e4014c6e77d682ed1f3 |
| SHA1 | ad9dd6a7ed5d5eca2d3082b5cc42a89869172706 |
| SHA256 | 480e2878274d4ea5d1cb76a68bca38922febf19ee4c9f0252776061c6abf0764 |
| SHA512 | 969e05b99225d708799ce075925f8803c43c492678bcb71fb3a78301d94b46b9a0e7d6b50fedb99958e8b4304b0b3179a76ac0afc49c37613344d1bea8d4215b |
/data/data/cm.aptoide.pt/files/.fstreaming/fInProgress/currentFile
| MD5 | 6140609cebe2065be388ff59a4dd3796 |
| SHA1 | 928dcd10152ed30cf25e9995b60de6a27304eb5a |
| SHA256 | 7020fd28c6bdd2d9fd0c396b7f8efc225bd7a8617f90e5550592218b0fbfafd5 |
| SHA512 | cff4f3b2847f379d996e36311b0fb365b392fe2e290ebdbbceac51e76b861c988a1c0caccdc0dc09da52e07c583579cc7ae76ecdf6929c38f328a2bba4c154c3 |
/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-journal
| MD5 | 6c4ce7f46cb3cdc70ce3acb8d36d70ad |
| SHA1 | 6366bf3cf8f404ddd161d35cfe2ab7728351cd4a |
| SHA256 | afb5fed7650b36425d4f33b464f376073a8ebbe936937544a20c0f2355cd577a |
| SHA512 | 91e22a53fa9393e13dffe49d5baa81fb2c0d074f69bdc00eb234e64ec237621fde464332f0ca12e7415403cdf7202c8fd1122050bb3e883f6f6ea501b2c7ec95 |
/data/data/cm.aptoide.pt/databases/aptoide.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/cm.aptoide.pt/databases/aptoide.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/cm.aptoide.pt/databases/aptoide.db-wal
| MD5 | 856408860baba110c8c6b179a65c864c |
| SHA1 | 09a6d815c181ae7ea62c3f277fd41177a139ac8f |
| SHA256 | 62776a04089b8ec715436d351a35d1ed88a7bf6618e99c609587714e0c0e2372 |
| SHA512 | ca09d95408cd0b8781470205bbad48d3f735b06ec8e62626a6d599b827c1abc9ccb5fbd84ce8afd7cb6e823f105d77ad25bf3023d7783b4485f14a4f2f8faaa8 |
/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-wal
| MD5 | 68f4c166382fd2e84437312721ec320b |
| SHA1 | bf9c0f44e67fcc1753f4b746dc6ac303a2275d60 |
| SHA256 | 203f9630e6006a09ab143a973771551ae0e5e8c6ab84124267ad52bb9d0f3363 |
| SHA512 | 1f045495d6ccbe877dcb3dd1fc04358bd255e14c4a9e33b2889e877ab2c52c1355c13fe601dc42f923b689b4ee814c77cfc6c5c0d72983a28e903c91786edb38 |
/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-wal
| MD5 | cf6a425da822602f76bb0a0dd8b5c51e |
| SHA1 | df006506db69038522c81e59de76da069cb8dfbe |
| SHA256 | 1fb24c2503b5c7e2bd82c3e4c276adbc0ab6ae55044a2867ce2e20cccd7a6cfa |
| SHA512 | 38df214899730d5988e1f0895d7cd0ee69de9bb6905c93d3c205b90c9f60465e4f76beb2c46ce82c576161db3ab78a83785bb9500fa18a2a14c7aa48410cb861 |
/data/data/cm.aptoide.pt/databases/aptoide.db-wal
| MD5 | 8438f6a4ec50a7968e090ce9d1244eb1 |
| SHA1 | d5d685a64981806d992ac7de836bd19d21051fa9 |
| SHA256 | 659fe828072b8c657d1337cf2436cec28648e1ae524d0e06b6ab7a7741a72661 |
| SHA512 | 15764282345265c61e2cc0a77ae93fffdeaebfd15667a222cc95c60de6acd45f3d781af4fd8bece1a9483aef2cde47ea4f7f7e0159b8fc04083d7db6006d0988 |
/data/data/cm.aptoide.pt/no_backup/.flurryNoBackup/installationNum
| MD5 | 603adafa932f5c1dd161d993f0300e72 |
| SHA1 | acd5427ba87ec6955b81e2908b51aae67c5f9a6a |
| SHA256 | 822d53073cc4585e56fae7704be735abef17d85734a5232e349194231407bcb2 |
| SHA512 | 767a2f3223773b9866690496820cea1cab80091b7cab8cd795bc9eeadf2fb5c220570ac27521cd38c3df77a262dd8d4b2551bd05b48ceb1f6d7e00b0dfb6fd05 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-14 18:55
Reported
2024-11-14 18:56
Platform
android-x64-arm64-20240624-en
Max time kernel
53s
Max time network
69s
Command Line
Signatures
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
cm.aptoide.pt
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| GB | 142.250.187.234:443 | digitalassetlinks.googleapis.com | tcp |
| US | 1.1.1.1:53 | graph.facebook.com | udp |
| GB | 163.70.147.22:443 | graph.facebook.com | tcp |
| GB | 163.70.147.22:443 | graph.facebook.com | tcp |
| GB | 163.70.147.22:443 | graph.facebook.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp |
Files
/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-journal
| MD5 | 741eb54445db299734a49254a0d9f8b0 |
| SHA1 | 1fba177bbdbb5864e8625e4e5159086d4ecce0a9 |
| SHA256 | f7a5a92852f673758c9be5b71dfc193bfe63116b57b0ed6ce8ab1dc2baa66aa3 |
| SHA512 | 43fb763c76786c90cf3edac32b2508c28a9edeef4a7134bccf325ec7faf568cfcd7c6bd06e9fe1566afd83bf90c77650d9c7ccc58129d9fde5fe6b2a67931b86 |
/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb
| MD5 | 7e858c4054eb00fcddc653a04e5cd1c6 |
| SHA1 | 2e056bf31a8d78df136f02a62afeeca77f4faccf |
| SHA256 | 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad |
| SHA512 | d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb |
/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-wal
| MD5 | 93d3f4caa6604450968c67f6392954be |
| SHA1 | 96333530d53f32460c39d01f5b6fdbbce7aef486 |
| SHA256 | eb0e3aebd65f7d23d47cb37538fb4ac218f4189ca8e95212bba44d940c6b5124 |
| SHA512 | cf2bbc751dab4d3bb45a840ed04231ec9ac9eb283803241c2e54faf4925c50fe80bbddd420447b34ed40329ff1660208ccca08510a95101513caf7841c23022f |
/data/data/cm.aptoide.pt/databases/aptoide.db-journal
| MD5 | be35e39f8f4082597c1229b9ebd74587 |
| SHA1 | 990e2705f1a56ba3b3361789bd7d47b7d6a5e13e |
| SHA256 | 1b35703282f3c7e9da40655dc7733160150cabe6ec262d79b1ef2f6df3160630 |
| SHA512 | 25120590c561b352c046dd60c462968d390550e6b08c5a03189763949f4e728404cecde925d1bc90317f8ed66e46b500a30ae573ff3cf5a2884e35e5f02a07a2 |
/data/data/cm.aptoide.pt/files/.fstreaming/fInProgress/currentFile
| MD5 | 1887ca16b3e0e0f21ded31bb0b193998 |
| SHA1 | 453ebbd8e4629b34878887b1449b56c5ff1c4b8b |
| SHA256 | c1bb2c46c8fc45955597779ec6db3de755d1029b8b05dbb784c0bb96f6f93a58 |
| SHA512 | 874896a6a4ee46edaaf34ad61b910f9f9dde571964c3f7ee71eebfd4e9b1bf1f3849669e406abc698a4999bd106c40588d43eafd0962030860acdee57397e3c0 |
/data/data/cm.aptoide.pt/databases/aptoide.db-wal
| MD5 | 8f3d34dcda623fc5bd9e14e1073ff218 |
| SHA1 | a61cb7c0128afae0ab8409d52787fb1c9f813230 |
| SHA256 | c8f681c544eaf2b3ae15bf6b6de36bb148396ee7a2eee27c042a9ff92317258b |
| SHA512 | 81368c56bad259ceb52409a2269cadec90953d164e1451e9ebdb23fa875fdf068e8222160069712698221b0e83a8c502a22106982d09b6c7830dce9495837918 |
/data/data/cm.aptoide.pt/no_backup/androidx.work.workdb-wal
| MD5 | 942edd22991ab235d5004bacd8e0490c |
| SHA1 | 2a5aa8a07d9a9d167e35c705d1e5e38561d4079e |
| SHA256 | 22675085e844be3ac2a4e6f5d5a28f59929f7807346d9b2c538535ed311bc3b0 |
| SHA512 | 13761cc1dfab33dc3179b4f4b9a726a0a3e58c86d9e4e5f746adc2f706714705a1c18685bbe7518910fa167e960953f4fb24707bf8712d1faaf12e7dca2ef844 |
/data/data/cm.aptoide.pt/databases/aptoide.db-wal
| MD5 | 63d0d75d95bd06d44aa6df2471cc8d06 |
| SHA1 | a91590c2284e658b46016ba69904e23dfb3cf4a9 |
| SHA256 | 174e7e54fd6bf1ef179aec0cc78fc8bde297ce3436af02f352e9c73ec6227146 |
| SHA512 | 569db177cccba169a5d630d6cea9e08b5623c0f86e55a4617c1341f71ce9bb982aef59872ec5d39127619ed8e18117f632b922ef74cc3099f5a3ce1f04c9fbf7 |
/data/data/cm.aptoide.pt/no_backup/.flurryNoBackup/installationNum
| MD5 | 4fbd45d9161d5e514e4cbf31162d5d17 |
| SHA1 | 2db605fe61f8b29354ed8ce0dfcf20ee5450f287 |
| SHA256 | f26738ddac8423a14cece27cc0a92b06fa9b5b810fc93197be135da5647eeed2 |
| SHA512 | 09fbd9f3c57608fb711ae769f6bfcbdfbea721bd8ab500d7079e91370f52f588e277ad3828b61d017f02069274f8e8c8ff8662dc34afef5aef95d32f056dc7fc |