a9d1561ed0d23a5473d68069337e2f8e7862f7b72b74251eb63ccc883ba9459f

Resubmissions

07-07-2022 11:54

220707-n21hfahhg6 10

04-07-2022 06:02

220704-grfa7ahac4 8

16-03-2022 13:46

220316-q2zl9aceeq 8

Analysis

max time kernel
3352216s
max time network
148s
platform
android_x64
resource
android-x64-arm64-20220621-en
submitted
04-07-2022 06:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

escobar.apk
Size

2.0MB
MD5

d57e1c11f915b874ef5c86cedb25abda
SHA1

22e943025f515a398b2f559c658a1a188d0d889f
SHA256

a9d1561ed0d23a5473d68069337e2f8e7862f7b72b74251eb63ccc883ba9459f
SHA512

2e8324559e46cb9f912eeb84b6e80a3838c71c4d045fd0a112aa3bea7fb8efdeb2ca03990a7189f5fec8d0a3f81fdaf2a98b8bce4edebc4afdc3813739bc8601

Score

8^/10

banker evasion

Malware Config

Signatures

Makes use of the framework's Accessibility service. 2 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.escobar.pablo
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.escobar.pablo

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.escobar.pablo

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.escobar.pablo

com.escobar.pablo
1⤵
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Removes a system notification.
PID:4391

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.escobar.pablo/app_webview/Default/Cookies

Filesize
88KB

MD5
8cd313955b3d084f8599468485c0ef08

SHA1
f8b5f286ade3929e7b31a457a96323852e42d034

SHA256
3e3bc78176c65cda394e49469a3ea0d63b4fb0b2649c67511f3abc3a32400cea

SHA512
4e36923869d71f9edebcee06a0a389d61d608a674af9ae83f8e2b7e3231f0bf50b7eb718125524d98ea2b595090cd3885bca199070b2a28902297980a2395312

Download Submit
/data/user/0/com.escobar.pablo/app_webview/Default/Cookies-journal

Filesize
1KB

MD5
5fbfada4a29c50fbb34d7411e5e20773

SHA1
bb52a5a2fa93969f18dccb18911ff7970452b1d8

SHA256
1601ca5e4e06e4df070afea9fbde086e2cdbe3bbd225c7cad20b22fc4fa6cd50

SHA512
a3c61356c8ff15109ba85a556661d4ad3a765a773c821853a17310f41b2364d41886fe8c3bb3ba22b9ff70c38285fbe66bad9d17a6b004a28ddcb2f8d75b1d50

Download Submit
/data/user/0/com.escobar.pablo/app_webview/Default/GPUCache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.escobar.pablo/app_webview/Default/GPUCache/index-dir/temp-index

Filesize
96B

MD5
39d12b52402e8cb16c7ed4350bc2c921

SHA1
ace63844ca529cc6df0ebc4c15ab90380063efa2

SHA256
ed61728e44edfe275dc39d6b08854980069b001159a496cc7c1b3af6eda7a3ea

SHA512
6f96fcd56d1c8142bfcb9adbd08d32af431d6eaff5cf612c3a6f05f661beef79e2dfa4af231f0fe893af4244fe8c2e7830ac2533b37670aac05e1e6f102839f4

Download Submit
/data/user/0/com.escobar.pablo/app_webview/Default/Session Storage/000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
/data/user/0/com.escobar.pablo/app_webview/Default/Session Storage/000003.log

Filesize
61B

MD5
9f7eadc15e13d0608b4e4d590499ae2e

SHA1
afb27f5c20b117031328e12dd3111a7681ff8db5

SHA256
5c3a5b578ab9fe853ead7040bc161929ea4f6902073ba2b8bb84487622b98923

SHA512
88455784c705f565c70fa0a549c54e2492976e14643e9dd0a8e58c560d003914313df483f096bd33ec718aeec7667b8de063a73627aa3436ba6e7e562e565b3f

Download Submit
/data/user/0/com.escobar.pablo/app_webview/Default/Session Storage/LOG

Filesize
129B

MD5
3be470c36d068f1e3877a5fe52aa4ca8

SHA1
72e0fc14830a3b425d716ff69432baf2ef06bc28

SHA256
8b8c91d8c57701ec4483049ff763cd9ad872e972c91e931f960df473dd44202d

SHA512
48f62fc5bd2203e1b15ea601fb7e877f585f3104351189df4f60ea6b830d31055fef0cd14345e3ff4e57b9b26eb94020d960d08d694720fc6e16aa4e9d663302

Download Submit
/data/user/0/com.escobar.pablo/app_webview/Default/Session Storage/MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
/data/user/0/com.escobar.pablo/app_webview/Default/Web Data

Filesize
120KB

MD5
a48cd9324b1f8754b07f00d863b840f3

SHA1
11c6614775b35a58f440971dfc87c8aaac6d6173

SHA256
8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420

SHA512
35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

Download Submit
/data/user/0/com.escobar.pablo/app_webview/Default/Web Data-journal

Filesize
2KB

MD5
b4904bd909d8944e54e46d1857660315

SHA1
26894b8fc1df309b9b446fa8c90b7105ecb4b680

SHA256
38b4ca9c28bc004f7ce9808be46b89d78b257bd140bb22817d76fbf1919f4992

SHA512
07843bf75c2143e2804f96ceea172143be3c77631688827bd86f13fbf1209c2dee3c4d349719270566e6bd150974ab754a1dbe7cfc7c356b1cdae2b9dcebeaf2

Download Submit
/data/user/0/com.escobar.pablo/app_webview/webview_data.lock

Filesize
23B

MD5
a4e52fc0751c718a4468a1629334f1b5

SHA1
5618be60303c00260ea1169fe26e01cc539fb3ca

SHA256
e728914421457edbfc52787dbcab1c07c1595bea79738dbf9c6a388fa9e56c62

SHA512
1b7c2c0f305529881821aaa0515f77cca96feb2ca7472728a14cc110ef82bcf94a4ca86f4d1e27d16a19e4c95c0ac2b9435eda92cc6abd7216bc0f29d95f54e7

Download Submit
/data/user/0/com.escobar.pablo/cache/WebView/Crashpad/settings.dat

Filesize
40B

MD5
323e0ef7ee8e253ac853174a8a866744

SHA1
963c6e300d6b40a63c1ee8305b57037a775c82ba

SHA256
ec2a229693ef8150687bf59dda9fb1764426793f50654091411e120d48213d71

SHA512
1b1e347e1bafe270317c73ce668a48867da9add90358310a8e55bc85b59ea2cb9aafc5a925cb5c9f1e58420ac39b64aab87ae196b46010924d006bec4715f65c

Download Submit
/data/user/0/com.escobar.pablo/cache/WebView/Default/HTTP Cache/0149509195d1231d_0

Filesize
113KB

MD5
89acb04eda91dc110d1e247743513ebf

SHA1
2303380078f23345f9f8f3b50691e4824ce23035

SHA256
ab8fd0b05425a38986eae50745a11aed0507c750d4ba8007b026726c0dcab5e7

SHA512
be5203a3fe92a817a54c38a15a0c2387feefc366ae0ed44e246bc08638296737d5ed560326be6a8ee3e551ae74a1c23284085f94717a432db4162979a7a1449f

Download Submit
/data/user/0/com.escobar.pablo/cache/WebView/Default/HTTP Cache/32159da42ecc2b58_0

Filesize
906B

MD5
7f3c4ed40d4e72c604725f95ceb0620f

SHA1
d4d5ba5f2586574154384978028f10df7645d1be

SHA256
c39211ca7f6ee4f270316731a8dec94e9c2356331fe1bab7e7112ccae0552a4a

SHA512
b1373dc6b326249e6f37ffad8cddff91de743d2a4618baecf7b2f2e5c80f787bb1b3d4f7fe64d5987e6aa65424ee607c440c81d9a918354aea2a694bbc929197

Download Submit
/data/user/0/com.escobar.pablo/cache/WebView/Default/HTTP Cache/371a1e83a023f11d_0

Filesize
288B

MD5
a1815ab49d29b6ecd2ee9c1e0025aff2

SHA1
7b46758633f5a7ae3a0531fb0d0e28507c6f9a63

SHA256
5209febf3831b681fa617113c35fec4a426e73b1694e06e18b6e651e19381893

SHA512
ac91a7d0cc6e0a438bb47a0cc54749b7a1105282c7fcd0aa1cf867704432de58112521f7d7a87d257724790d5ed6c8d2653f651b346a76823576e094cf0cd2f5

Download Submit
/data/user/0/com.escobar.pablo/cache/WebView/Default/HTTP Cache/787ed942d78df634_0

Filesize
9KB

MD5
f8f2e0a368e4a76a420ab165908499f8

SHA1
766297f6b33ef9ed9338aa772d9bce3770d3e827

SHA256
47e5fbedea773cc9c45dd517dadee3324d4b32de2f4fafa7f6ad34eb74c5a5b7

SHA512
ed6b56077be89104bd9d090fcf856663ba36b5ee1c80fe4417db9a4ea9c20aa78f2af1d4d07f8171a39d2f26a98811a114a9a67e50a1b313fca61c3418ada0d7

Download Submit
/data/user/0/com.escobar.pablo/cache/WebView/Default/HTTP Cache/7dcde7a07c1d9692_0

Filesize
332B

MD5
38a2c0e6c88cb81c0a98ab3f25a9ed64

SHA1
4eaa89fad35015b72ac5ce9e750271a9b866f746

SHA256
abc7ca5dc557df4022dbbf78757bda082f703d4a060eee63d90a25232d3d8ddf

SHA512
747b25b4ef27ca13f296be00e6b301c82ab7fcb0f8aaf3ba186d881467ffeaeec1a4fda1074ce041146321dfe7cb3b764d092d30e241c249cf3240e7bada15eb

Download Submit
/data/user/0/com.escobar.pablo/cache/WebView/Default/HTTP Cache/Code Cache/js/115fc3cffd12694e_0

Filesize
376B

MD5
97e662448b0926c50c92342b5e83e7fc

SHA1
d359e6f48df14a5b0d4896a7b1d1f22e0e5fe349

SHA256
5021ebe575d9cf5cfee49853fecaa19dda8b36249425f6fa1c3903e71dda9fd3

SHA512
bed506027a64120b2ca16b336a5fd375a7c61572763de415e28dbb44c866986281152e9d8cb6fb62c027f93dc0a3dbc8fb94a81c692ac4f6685916b91276658c

Download Submit
/data/user/0/com.escobar.pablo/cache/WebView/Default/HTTP Cache/Code Cache/js/64a265355235c485_0

Filesize
289KB

MD5
8f6942ef4f1ccd55f5881c18c8e18a53

SHA1
dad9f087fa65e983021030b738f1e79a2efc5c4a

SHA256
9c29f32c71dafb7274be4c17783db6f342b5c6f3e828b71c9c47777c2392e886

SHA512
8cc267962c9d638e4c7b88ab475a59ff5470de15aa2f85288e0f1fbc8f76bd6eb1b69b8b0a4f1f9c1fb011d33844265a89e04e7c471ff64c467ae73af4acdb63

Download Submit
/data/user/0/com.escobar.pablo/cache/WebView/Default/HTTP Cache/Code Cache/js/7aead8dfd0735dab_0

Filesize
366B

MD5
aaaa7f61989d11244b864141213ff230

SHA1
9f24d3c2cbefdb25935afd9a9757c52a3ea9363b

SHA256
ad15966015408364243a7fb40ee5ce1b9f8b1601c6ba5eba958006b8d3aa2f8e

SHA512
90fde127baab1eb2f0610fddff9033dbfd9b9389ee16287dbfa79fdb47fca18527b073e551af1656b07e2b4b16f813dc0c1ec7e77769401bc5695c160edc3531

Download Submit
/data/user/0/com.escobar.pablo/cache/WebView/Default/HTTP Cache/Code Cache/js/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.escobar.pablo/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

Filesize
96B

MD5
8b48492e64256784623d812cd0dcab64

SHA1
8196f7a25a6d7020d69d1c9237c9e0a0ce8851f4

SHA256
c6a73ad999195d2fca197d2e021f9b783151982358f9212b1bdd54e60e50bac7

SHA512
991172dd8cee505d98d913bef65376ade6accb2a187abdd8a3180f1aa8fec2a22ff099d6e325b1dd4740a190f1d9c6672f18169de66e0f5ebcb770d87e054d6f

Download Submit
/data/user/0/com.escobar.pablo/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

Filesize
240B

MD5
966fa5b822ec7f316092f7428563f849

SHA1
8693eaa810aacce13ba185820d1ce764910bde29

SHA256
dc498a0b4de7bf593ee64a62bd3de8717eaa25184874e95612fdb75bb06c7952

SHA512
c8d8eae557af63cbacd4087b65ba442938a5926ec169f223de7ad568a31dc027f8d36d91923d2db1438b29e38d87ffdcca4b362f3888d9f45a9694bb9cd8fd36

Download Submit
/data/user/0/com.escobar.pablo/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.escobar.pablo/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

Filesize
96B

MD5
182dee03fbb2edab476a4571ef5def2b

SHA1
64b0bff7782121a1f4d65f30ac037ecf30087e3b

SHA256
eb304a5365de52f08dc129aaf630e65ae146fa4e607e5f2029bf66aee4ce969a

SHA512
0b558e99cff5914d08e0f40c81a355bec7396b4ba7a1485307bbb685dce7486da7ca54e06433472fac364d0f9bc82b91b61acf1d7c44988ea806280647d90dd1

Download Submit
/data/user/0/com.escobar.pablo/cache/WebView/Default/HTTP Cache/aeb2cb9e0bbdaebf_0

Filesize
17KB

MD5
041f5580d7926eb5fa55414d616ad2f2

SHA1
80144db2fcff6ed5380fccdcce9013e7813a4d22

SHA256
537bd682308bfdd56ae323baf8b437305bea9081c47d1d765a67982244d91ecb

SHA512
40edaa03f3d2512bccc7f51ef6bae8edadef8303e24ba448ec9d436681a8f99059ae828acd414aae7481eb08c655bfa88e0278f4b867c5e8959b10a583cce5bf

Download Submit
/data/user/0/com.escobar.pablo/cache/WebView/Default/HTTP Cache/ba35ad142a1cb613_0

Filesize
308B

MD5
aed32092992d0b3484323ca85e5394a2

SHA1
57e1350b711deaaa74c8f62ee2f69118d8e3104b

SHA256
c0dfdc6f9722108ca294c485f4f46720568e815b82d535b8a72d6b8bca7cc334

SHA512
69a355603771f08a2e738bf7e6eb90c636d234a3b8ac52118b30e73eb68a7bd3fd0231a22aff862ee0ef94ec66e7639bd08ac9cfb7eae2ba9c0dbf653d622deb

Download Submit
/data/user/0/com.escobar.pablo/cache/WebView/Default/HTTP Cache/c687e2fb4ed7204c_0

Filesize
17KB

MD5
1654595d470d9dd9b82da0efb1b96abe

SHA1
a9f8d0ea62ea40b5457ccce037283f53457beea8

SHA256
5d0ea0035505c015055a73772a0569020bb0d6dce7bb90e2d297799461c2b79a

SHA512
7e3407817ead22aa02903d6fbceee5eedb64c3e1230491c167e2757ed27322d496a9730c071b4de4b2c0ca1a20b75dd5e6bb7321aa8968eb7e76a50331f00db4

Download Submit
/data/user/0/com.escobar.pablo/cache/WebView/Default/HTTP Cache/c9741571a3e5ca21_0

Filesize
10KB

MD5
c3e28823a6add7044eab7126a6edbcac

SHA1
30e1e7970954b732046cacbff89b0cbdbbda5fd5

SHA256
d6050e5f1514c8d4b4cb672bb47e112d0adc3abe4205ad7b0950a5ea8f8565ae

SHA512
0a3c736a15aa5ff59c01dad6114424cd15968ed960c72494932e17ad0e0cecb4f90bad04b5978fb4e3199c13af1e2b738eccf40375ac135970913df39fdd1977

Download Submit
/data/user/0/com.escobar.pablo/cache/WebView/Default/HTTP Cache/d26d15cd392db121_0

Filesize
332B

MD5
099a05e8c5fd32bf4ff869ae7bfbf253

SHA1
5c1554052accefe84131830ad383d5dd1670878a

SHA256
ee98b28341cc100580e27d05f6c968f1ee7e8ef9b6ca688d849ac89e3f5d9cd7

SHA512
dbcae663b32c37095d816d7b071da51252c90be3149a6814c45c61a6a3d721e6794710e4dd28b221cd9e23b882d03cc816a0cb8e95e96d3a15ba7c6507673592

Download Submit
/data/user/0/com.escobar.pablo/cache/WebView/Default/HTTP Cache/fc59ea4dfb761b79_0

Filesize
14KB

MD5
cd968d4198f5955bae3c4b10e58ba6bc

SHA1
6cd0745a52b2aa8f369883a3f4c588be4ec56408

SHA256
7737e151b104c32cc4aefb71d05a6ee52bae1c2af34a97bdc611d0d2587a17b4

SHA512
33a996b16bcdf1d90da1648186718264be7fa26726b2f72853e11ab98f39d975bf1d457179f4c8b01a729fe50390d42a8dadd186646f087b3d246abe98339c51

Download Submit
/data/user/0/com.escobar.pablo/cache/WebView/Default/HTTP Cache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.escobar.pablo/cache/WebView/Default/HTTP Cache/index-dir/temp-index

Filesize
144B

MD5
f62556d5234d2b55b8bb3d7ed27c6751

SHA1
add573b80bda711778342fe73fb22bfe9d2a31d9

SHA256
425d3d91c2a83b6e264d25d4d217acdd014d9bacbd5beeed631db42d192757cf

SHA512
279c0ae71bb312803530c0f026b0b280f2aa26d1c3a6787eb52a951d85e1002d26243799e123429f2154a42b29ffb73af2f731e0674a45164e1da70e6bd16577

Download Submit
/data/user/0/com.escobar.pablo/cache/WebView/Default/HTTP Cache/index-dir/temp-index

Filesize
432B

MD5
3d3cbed6177ea9bb53662589fc5bdb57

SHA1
99d0a23484da4aa3994c0b25c120cdf2e65e2a92

SHA256
4639a41779284633c7e485651fdc306575a78acb848f8632289d05b9f4d2da0e

SHA512
1e5bdcc77ea9a09b8365382177c4c6d650aebd742757b866ad1ef829c1c8ee9c4b7d5ca002aec158ba6f1f1aabd04a2b9f838dae2c2cd0c074dbe7bfd95cc065

Download Submit
/data/user/0/com.escobar.pablo/cache/WebView/font_unique_name_table.pb

Filesize
57KB

MD5
f080fa2a56ab5479d58063e5ea871447

SHA1
4b3fd57a98916fa5784305b76ba30af26b5253d9

SHA256
0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815

SHA512
8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

Download Submit
/data/user/0/com.escobar.pablo/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
97ccd9a2b2063143df56b6937f961ca4

SHA1
5e78a91ae5df289ce83443cb7d5589dd3504fb5d

SHA256
248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd

SHA512
86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

Download Submit