a9d1561ed0d23a5473d68069337e2f8e7862f7b72b74251eb63ccc883ba9459f

Resubmissions

07-07-2022 11:54

220707-n21hfahhg6 10

04-07-2022 06:02

220704-grfa7ahac4 8

16-03-2022 13:46

220316-q2zl9aceeq 8

Analysis

max time kernel
3632603s
max time network
83s
platform
android_x86
resource
android-x86-arm-20220621-en
submitted
07-07-2022 11:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

escobar.apk
Size

2.0MB
MD5

d57e1c11f915b874ef5c86cedb25abda
SHA1

22e943025f515a398b2f559c658a1a188d0d889f
SHA256

a9d1561ed0d23a5473d68069337e2f8e7862f7b72b74251eb63ccc883ba9459f
SHA512

2e8324559e46cb9f912eeb84b6e80a3838c71c4d045fd0a112aa3bea7fb8efdeb2ca03990a7189f5fec8d0a3f81fdaf2a98b8bce4edebc4afdc3813739bc8601

Score

8^/10

banker evasion

Malware Config

Signatures

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

com.escobar.pablo

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.escobar.pablo
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.escobar.pablo

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
banker

Processes:

com.escobar.pablo

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications com.escobar.pablo
Reads information about phone network operator.
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
evasion

Processes:

com.escobar.pablo

description ioc process

Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.escobar.pablo
Removes a system notification. 1 IoCs
evasion

Processes:

com.escobar.pablo

description ioc process

Framework service call android.app.INotificationManager.cancelNotificationWithTag com.escobar.pablo

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.escobar.pablo

description	ioc	process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.escobar.pablo

description	ioc	process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.escobar.pablo

com.escobar.pablo
1⤵
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Removes a system notification.
PID:4662

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.escobar.pablo/app_webview/Cookies

Filesize
88KB

MD5
d3e070d40714e9eb2af0f586b6efb264

SHA1
00b7d04a66156271a674b996b8767b5a698ef9d3

SHA256
4ccd6688f55b03fe8649bed6844c054af91e9dfc0d006cfd6873f4fdc70b1f11

SHA512
1fa542e90a90e813461b340e1919a36c0da8008c5348793e51a14a8f37625ff3706bcc21a817fd6b7a74de54e2dc0c30e2994ee233de8e3a50a0630c6227d2a5

Download Submit
/data/user/0/com.escobar.pablo/app_webview/Cookies-journal

Filesize
1KB

MD5
7b28d88cd87fc7bd2a52c80f036a2055

SHA1
57cadd73ba16d366e40ab25cd0c6f6986bc3af13

SHA256
f8840d0f124cc09ff68d49d43133587719bd4667643b44b14f00c7a8d02bdf89

SHA512
cfabd519712256dad8ba84b239ac41150caa785cab519d935e312bc3642277c8a0fb6b9560b3607db9c3c95983f5acb3c5ef6f9ade61c65e1693515eaa6d3a21

Download Submit
/data/user/0/com.escobar.pablo/app_webview/GPUCache/index

Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.escobar.pablo/app_webview/GPUCache/index-dir/temp-index

Filesize
48B

MD5
e178ef2f74cc41c365e90da3cb2ae4ca

SHA1
2db8ce7f42dc6819e476dfbcdf95f0216626d074

SHA256
6aa8a60d886429d8d22608fb6884965ce44aa548bb23a0f84a66a34362f14164

SHA512
b93d43b295d18a13e64ff033f8f6ac59e9bed9aa4624b46fd8903388d3f4250db3e033116eb887952f240edae42eccda103821cec50ef61fbd82723291a5d9bf

Download Submit
/data/user/0/com.escobar.pablo/app_webview/Web Data

Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.escobar.pablo/app_webview/Web Data-journal

Filesize
1KB

MD5
0e0981fbca071b0849710c85fd9b0259

SHA1
2cbe259a80fabb112838b10b0e5707135ececd04

SHA256
f0478bd3bee65d14009b45af2ea44790b7631c2c78da8f42c5e79b2f9251b9a9

SHA512
810f8d2bb63a68c90466b69532019b175c6e5d82a6143d4bef45828b0827fba32e62b38ffb5103c97fb1849e54484e6f4f68bd4699baa7f9ddac69f464fe56a8

Download Submit
/data/user/0/com.escobar.pablo/app_webview/metrics_guid

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.escobar.pablo/app_webview/metrics_guid

Filesize
36B

MD5
10d3fb8232b7ab1eb33c7d3528d732d9

SHA1
5b5fdfc101b01836e32ffb3565e27c887391f906

SHA256
1d334fc5788e08903d3a5bb23fd026902a229d09131472d6be31e24dff49ecad

SHA512
d6cddb0de2cbaa3ba8dd414a10fd3e8a334d2f789e6c2686a51ddb18ee875e6dd0a3e6886db519bdb61a560811866474a0efd68905524353f4eaf6421eff3066

Download Submit
/data/user/0/com.escobar.pablo/app_webview/variations_seed_new

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.escobar.pablo/app_webview/variations_stamp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.escobar.pablo/app_webview/webview_data.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.escobar.pablo/cache/org.chromium.android_webview/0149509195d1231d_0

Filesize
57KB

MD5
5688de1fa3b4d3397a39beb5f41a2147

SHA1
16d05dcb5b4445e4906d79e734f94bd6d4815650

SHA256
845d8d987964cba5864b81144c5e80fd1c1a92842d3d0d4e5505a1fd1acaad57

SHA512
f3a979a38d93275fe253943c4c45fc78cb1e34400cc51f4c9a345b74c8f0da514035c85daeae974404a8d89cb19ba9f20f46364dfa8688b7cbfba91d8e35ac41

Download Submit
/data/user/0/com.escobar.pablo/cache/org.chromium.android_webview/0149509195d1231d_1

Filesize
101B

MD5
d184bc1cf183872de9ae0b39b8fcdb34

SHA1
25066870a517275410847a1b12a5fdacc8395a6f

SHA256
cdd83aedb73cc2a20d7b914b968e5ee1ba6e469e1f6fce616901ba84e14f5041

SHA512
0ce2eee80cc98d4e6d7297c72d8e87af5286167e5366eacc6aaafe592532b69b740174ea9adcc41c7079331d4c4a26e2a64a528bb33cd6e293f8a26374131ae3

Download Submit
/data/user/0/com.escobar.pablo/cache/org.chromium.android_webview/089801264237f3f2_0

Filesize
5KB

MD5
9d89e282fad3fe66a545d64dd6f2482c

SHA1
d385c698c7f79f4afc992c953a5fca1f768255b9

SHA256
85654b15bd4590afed1fa164ff6feb0578ed1a3ac9e74aaebb1f694cc02ed65c

SHA512
e5e9c72949e4b72cf0bcf6a498047965f1597fa1a542ed2025bb0a79613133ce65c6659d512542ccfd92a3529f20b479c46486cb206664e28389328da820be1d

Download Submit
/data/user/0/com.escobar.pablo/cache/org.chromium.android_webview/32159da42ecc2b58_0

Filesize
437B

MD5
388825026ceeaa0fff79bb2b5cfed785

SHA1
2fe3b4f6d02f017bf492c206a5f3e78b6cc4c981

SHA256
9a7d92e67fbdfeb5b9f7e41f7194564b9ab6de6e607cb2b7644bda80b6e065ed

SHA512
7145e3c00b92686135546dc31f6403c6d66e342306c4d1471f5d6ff1a8886b1b9d16eeac648c9ae70a99c3f9c9e5424adf4e23f6433cc451073e328759a1c66e

Download Submit
/data/user/0/com.escobar.pablo/cache/org.chromium.android_webview/371a1e83a023f11d_0

Filesize
132B

MD5
543fb288d98972a5dcb0ef71313c9296

SHA1
ca4477809cd19c5b68dee061f4a2b5a81b901f01

SHA256
6c4d15f32ae3a88a851525d225ece67885eb64a19c9f937007bbb21b694b797a

SHA512
522ffb5665a0eec2f6058cf5d76ea047f969b5650e6bf1906a83434f5ce52e48d172f62531617145aeae794ec605a9e918c1613e2bcd18d819ca189d20e71dfd

Download Submit
/data/user/0/com.escobar.pablo/cache/org.chromium.android_webview/7c65d8027ed9fd2b_0

Filesize
154B

MD5
8187a78901b84ba05c4f9b5ef60fffa5

SHA1
892a401dd04ccad4bd8a76a604937b9bc333b402

SHA256
320c88dfa23438ed524471beadb55c15bb7d0f22fd9ddf216c8de1cd15fdea43

SHA512
0a82f62d95b92e455ed501a055963263b5d872f49775902b00cffecce3f01e2ba77d70065e57c3167394b3cf24abc05041208396b6a54aa8f6b81c5f2172d8c1

Download Submit
/data/user/0/com.escobar.pablo/cache/org.chromium.android_webview/aea1d8ae30dec26a_0

Filesize
8KB

MD5
9116df57c859dbd35d5fe645572faede

SHA1
95f3818d7d4830487a1dcc55284be37ac75397ff

SHA256
25da7034f02e824f0251a4ed4da85d3e4b798c1e410573999616146f1f74f962

SHA512
fcdd4d6ccce67f86938e930feed37c7e86d81749beed76f8250440adc05697022e7e3985f20ffa9e42c0eb1eefe4aa1d587a84f36a0702babebefa75409d56f7

Download Submit
/data/user/0/com.escobar.pablo/cache/org.chromium.android_webview/aea1d8ae30dec26a_1

Filesize
731B

MD5
97a550ad0812b62d714f90ac2bf45329

SHA1
fbe9f66f1350ff1c6de41fd1fe4d8c36ce06bf1f

SHA256
303ca5e04d2a2546de70212e9347d454d0299bf3097b90a412a5a7bf449abaf2

SHA512
e02205f534739b34d92f1bb4e11d3e2697712db5cf6bd8c45ca2c2cced4f09380351d7c05afeb4795953c479796e2990c7f5f9a6e714946d4991d67075a0611a

Download Submit
/data/user/0/com.escobar.pablo/cache/org.chromium.android_webview/aeb2cb9e0bbdaebf_0

Filesize
9KB

MD5
66fb3f5ba6836a766c3d53355e40d492

SHA1
9a8775e754708b9e2c5bbcf19b01abeb4de40138

SHA256
0c8dfb3ef5d07fb7bee272255e0015ce37ee128f720829ff64fa07f9c447abc4

SHA512
8bf24945bd12d83ae44a9edc51592da2c9749fe5b1ad69486bacfcf287c3d8d0ff710ade91bd7cd055088d38f9b0fcbd3076a1073cb2030b103a43823bdbe459

Download Submit
/data/user/0/com.escobar.pablo/cache/org.chromium.android_webview/b1a32ba3ada0c083_0

Filesize
154B

MD5
201cf4a178407c3b5fc01d6340e5d5d3

SHA1
dfe060390ba273be9101adb4f1b0fcb726d7f859

SHA256
26bc4d9c646d655386b1f8f854d1c9641a1a0e4aaf1b04ed7cc1ccced333bd30

SHA512
4dd2c588bd9f37fa0589385b5163b93900ffce9b13114375dabd4ec38fb5ad83057bceeea83bc6ccebe63b4ef56b63de10d6a5a4d119acf479f4c0ab7198fb60

Download Submit
/data/user/0/com.escobar.pablo/cache/org.chromium.android_webview/bf07639963457136_0

Filesize
142B

MD5
8368d73cdbf9755a7a3996919f68051a

SHA1
e0cd933aaf22c8bc6f7e5bd3d15e437d9571ecb3

SHA256
f14fd3f535b9422fa691572a0657bd9ec6bf9c918e69c8e4e2b1d4493b08fe2c

SHA512
9cfc2043fa850d894ba77f0f192c7777c07005b05e82b7f2307175c365af4928767adabfbd6932a6417e6a1b9e11d1efdfb2c162bc02822f3878d32687fb3f4f

Download Submit
/data/user/0/com.escobar.pablo/cache/org.chromium.android_webview/c687e2fb4ed7204c_0

Filesize
9KB

MD5
c62569e45aba4d10f0e9c7f2a85a01bd

SHA1
8f15bf6ff1a557faa68a4f1b1d5ae2ee0dee6f92

SHA256
2e1fd09482b705e5448a16f4b03c8429ac1b58883c16ce35649d0a6818f96ff6

SHA512
cae465321674f881d8679c3f0b49e9474419939b06a288808e249249837954d1ee496e6c78c3fae0bbf7c3b55ef97e0fef881c553f7d0cf5f3695a8cbd1a7add

Download Submit
/data/user/0/com.escobar.pablo/cache/org.chromium.android_webview/c9741571a3e5ca21_0

Filesize
5KB

MD5
8a71493c29b3549d83c0f2efd4aec8ed

SHA1
cd33621f54268166e7cb4d1d41866eb0d5ec1552

SHA256
0536b7af08039d3df33d80131ea9d6bf71d8ff4fb3e256dd1f4e6ba9790de64e

SHA512
1020360bdab0ea4b946b4fbf5c8e68cc838df02c62594d0a3fcbdb8d025ded81736b61dbfbe8fbe6498800a1c31949056b624c58f5097e298910a402e7934c0e

Download Submit
/data/user/0/com.escobar.pablo/cache/org.chromium.android_webview/index

Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.escobar.pablo/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
72B

MD5
d3897f243d5002cd8d92edb7592f4ea7

SHA1
d5d892bd61353d04edd628f25bae532864ae2234

SHA256
06e43608df2792c168e4ab39e218fe8326c154b7b33df5f1025dd03abbf92b61

SHA512
8b232dff565b4eb4b8998756fd401a6eccd24b438a67457107e2a7627000f56c7161cda78fce426d037900de61ff0c32242efca4b7d91f35dbec823f341741cb

Download Submit
/data/user/0/com.escobar.pablo/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
216B

MD5
6bc1f0b56b4a2340e6d26081f992bbbe

SHA1
c4a45ec6a5588196897d6e387d6f7e664cc30d92

SHA256
1f61fe07e760bda1bf45b5f8e0c0bac2aafdd9d1ad049c1f0bca17af38af9bf6

SHA512
7ee1f1ace9ef968f643da87771a8a2caf0fd3c6d8d5aaf91ad8b2ef77e0125f97f3fc7545133a8d58acccae5f0c76c47426613b42033b0d69a2b4c526673a3f8

Download Submit
/data/user/0/com.escobar.pablo/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit