220fcfa47a11e7e3f179a96258a5bb69914c17e8ca7d0fdce44d13f1f3229548

Analysis

max time kernel
141s
max time network
166s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
10-04-2024 09:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

220fcfa47a11e7e3f179a96258a5bb69914c17e8ca7d0fdce44d13f1f3229548.apk
Size

12.7MB
MD5

07532dea34c87ea2c91d2e035ed5dc87
SHA1

04ec835ae9240722db8190c093a5b2a7059646b1
SHA256

220fcfa47a11e7e3f179a96258a5bb69914c17e8ca7d0fdce44d13f1f3229548
SHA512

270319f1a8a8fe9e19a78741cdcdf5f7c62d3072e55ea68a8c5ecb154bea9fb0895d1562164a0a04ffac19cd2bfa760ee219e3e0ef3890ccce564ace0c1f51ea
SSDEEP

196608:A8ULZA2UNZPFyeRlQbQ4Waex2Jg6K3KVSOjQHITUI8KgYeX1EVsf6lCJwtBD/SZP:qqdZPFyeR2b/WWO3K75Uv5JEVsaUwtNu

Score

8^/10

banker collection discovery

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs
banker discovery

Security Software Discovery
T1418.001

Processes:

org.schabi.newpipe.mask

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications org.schabi.newpipe.mask
Queries account information for other applications stored on the device. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

Stored Application Data
T1409

Processes:

org.schabi.newpipe.mask

description ioc process

Framework service call android.accounts.IAccountManager.getAccounts org.schabi.newpipe.mask
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads the contacts stored on the device. 1 TTPs 1 IoCs
collection

Contact List
T1636.003

Processes:

org.schabi.newpipe.mask

description ioc process

URI accessed for read content://com.android.contacts/data/phones org.schabi.newpipe.mask
Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs
collection

Data from Local System
T1533

Processes:

org.schabi.newpipe.mask

description ioc process

URI accessed for read content://media/external/images/media org.schabi.newpipe.mask
Reads the content of the call log. 1 TTPs 1 IoCs
collection

Call Log
T1636.002

Processes:

org.schabi.newpipe.mask

description ioc process

URI accessed for read content://call_log/calls org.schabi.newpipe.mask
Acquires the wake lock 1 IoCs

Processes:

org.schabi.newpipe.mask

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock org.schabi.newpipe.mask

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	org.schabi.newpipe.mask

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccounts	org.schabi.newpipe.mask

description	ioc	process
URI accessed for read	content://com.android.contacts/data/phones	org.schabi.newpipe.mask

description	ioc	process
URI accessed for read	content://media/external/images/media	org.schabi.newpipe.mask

description	ioc	process
URI accessed for read	content://call_log/calls	org.schabi.newpipe.mask

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	org.schabi.newpipe.mask

org.schabi.newpipe.mask
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Queries account information for other applications stored on the device.
- Reads the contacts stored on the device.
- Reads the content of photos stored on the user's device.
- Reads the content of the call log.
- Acquires the wake lock
PID:5045

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Data from Local System

T1533

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.schabi.newpipe.mask/databases/com.google.android.datatransport.events

Filesize
40KB

MD5
15d5b92dcbda7ef7f9ca327a903e46e4

SHA1
ca153b66028a58d90346ff8abadbdf01b95c37b1

SHA256
e802fdc1ccd833b91d80bb1d8f54cab2b585393e6a07622c4d9feaab07633370

SHA512
2352f167ee5aa37cb3438a0a7df8f632771a1d019c5cd120fe62313fb73aed6d0e09186a9bf306a564371b846a8da020f6acd7aede0cc47ca50701611fa84aca

Download Submit
/data/data/org.schabi.newpipe.mask/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
8b66389069bea51ea7abc36224552a65

SHA1
eb3341aa2220ad806a2147a6cfff18b911af9514

SHA256
72923f2b8c995e57eb29267f3c11cb934bc93b1d0ae479ad664e804ae215a626

SHA512
ddb149e7308eb38e98baa4a833fcfdb85c9b0c41b63890acf0ab0cc69ad53665fb0d70231ff1f3df5356c295389e674301dc3e13e1fce7b69953ef6268b88969

Download Submit
/data/data/org.schabi.newpipe.mask/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
c84a23221d55f0e724eafd2ec3bfa701

SHA1
a331d453d5a7ab62e93ff30fe95e5dda3121d2e1

SHA256
432b88a90496dcf4b83d151fc82bc252a6f23d610d49a5fbaadaf55a8381f19f

SHA512
384ec00d140205353d0f85657448189eb0512fac488494b9b74c9d95e1987746236b1eedd8b9de8157fefb993d7b48411348b051a20cb276ab6b59785f71433c

Download Submit
/data/data/org.schabi.newpipe.mask/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
dad7a1b22c7bf36d8e6837d5edae66ae

SHA1
0e99deae468d8544a3009d587025cbf16314b5be

SHA256
1150efb087148fad672f52ef6aff5b07c9a22cdf2ba34ca8c1421ef1b28d27bd

SHA512
0fd2576edfa1d5b24e936413c78d3276f9db60c91b55b479f6538c05cb1c30e26b92b023af0d1dc73f698d913a7852010480318fc680f526ad3a351d0cb1e19a

Download Submit
/data/data/org.schabi.newpipe.mask/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/org.schabi.newpipe.mask/databases/google_app_measurement_local.db

Filesize
16KB

MD5
617b0e69d875f08babc4606678401e0d

SHA1
3a7d7b9a7914fff0349faf267165bdcceaf16321

SHA256
36828786d29d7b89847400c1f1c909b7577a7eb3db1da38dae04243ae48121bb

SHA512
f7f85a2174c69021c9435402b395125ba1183591bb8f28e055d430f8f7d06fa0ffc2e02faccafb4dd50bb267fe60f260a9d6095fd2d128f0fe802b694bd7acb6

Download Submit
/data/data/org.schabi.newpipe.mask/databases/google_app_measurement_local.db

Filesize
16KB

MD5
05718a37b9e3ef44cc0e69dd9818cee7

SHA1
64c1b58c5379178e0ee2ab604f934d94a4c50fd8

SHA256
100b16bbf6b8e67380df0008ad084dae08b8444fcbf69575c2402a384a3bb51f

SHA512
3a1a5655295cec054ff32cf468f03001b48232a20ef83c16fbf111c8a61a59f12b6dc7cb27ba55cd72e8b45fef896d6c8b8bebb788a20639668f0bf7f6d3da22

Download Submit
/data/data/org.schabi.newpipe.mask/databases/google_app_measurement_local.db

Filesize
16KB

MD5
74e10603959dd306a2cc4060da0b4dbe

SHA1
ff24948cf980a95ea039b57578e36cba37a3593c

SHA256
8c432adc07f9503c8d6b5914227af8bea38e19d11c555096dae6e60f2007effb

SHA512
46e9e5e0f538321f354ce2ca7678be6f776a438bceb2f532134bb4fffda5e0605e3ff3e55f7e2f1987e55fca6d23f8bcf7ada2b4a6b02389eb4d143143168ee0

Download Submit
/data/data/org.schabi.newpipe.mask/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f0117b64d0ef264a78558c2f10428e5b

SHA1
f9ce8228e56b7e0897b2c90ba51eb817a2acad4b

SHA256
2688781ee88f77715770e6de2307f6dc4c45f504459ed427932525bf3ae74db1

SHA512
d74c7acfe7f15e0ed0adb4a3e9a4ecea7fb31a89acc34be846716ee06d940ab4f604bc2433d01a6d037e1d5d635d260a68fc68640f50b286cab395f677c03384

Download Submit
/data/data/org.schabi.newpipe.mask/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2f1eeee3602c828b8e9f81f6fbd20d41

SHA1
d240b568bb6929702815b9a5edd05ad635671caa

SHA256
458aa953a9e0adbf5b8765ebcf6b51bc5b5a48b7664e85d25c7a8ce9781a2d5c

SHA512
a8642cc12cb9af0cd9d3fdc4bb1fe3b246d02af6b36714d80cdd2809def699b0b93eb585187c17f0a8e19801879e2e9edef7963ee416ae9e8cc35fd9cede2859

Download Submit
/data/data/org.schabi.newpipe.mask/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
c383f5e0788e14774f04c58094fd407b

SHA1
605aa6e4ea60e0f5536d501e882010fcdc1dfff6

SHA256
e33620d95aa70810007697331e054de5f94f8227fa61ef420bddf2d71a356b08

SHA512
f38e5eb0a59ce0f1493ff8ad44cdfb0a72e9067021664ca29f9533086723e0308e5856fb2a5e0876dd45f3e804b3c5e093f10108fa932021a5ce327399ff1f6b

Download Submit
/data/data/org.schabi.newpipe.mask/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6e673508aac5f469379c668df623712d

SHA1
a389e349621871a21d4df21bff186b29f27f77d6

SHA256
3f369a356e2087b742abd583233bd00fa79479608944af32c96b4363d03b7bd9

SHA512
41378e8c06397954a341cae0a252fca633a88f4d5b33bd5260b3c68474a48542a668b96c500615563a920b9ee1c1ebdf6093db223a71ac44ec4f24c7571c2655

Download Submit
/data/data/org.schabi.newpipe.mask/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
6b25fe7e789ec7e32553f97bae380a13

SHA1
c1dded654d54f47d1bc0884d74573d0e7ae4eeeb

SHA256
7e2653652656b1011ea5dd269810af0e6a232148a7e442a62c2dca8b0aef9b1d

SHA512
067422daad046ac2a658c3f0123234dde838c4b4d8bc2568c0abec8ed0a5b14c97dcf3e3e5bd9efaddef01fe72969c4be1e8a8b35c98c516fea7bf531ead81c3

Download Submit
/data/data/org.schabi.newpipe.mask/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
fff9fd1b370da3ba5ee28eb7ec52b1c4

SHA1
c428839f433ca267e15e654322cfe69b62d7a3f7

SHA256
a2ae5559967f0df1d75147ef07416e84d03f68c32974ca57fc266e723f703cdb

SHA512
8fd7034cc779bed0f59f48ea025d2d980f3823155bc70ec3150733afadd2a5ae1bd40b9291626530900b1ede4b805f74ac4dc0cd99258482b9ddce14cee48b83

Download Submit
/data/data/org.schabi.newpipe.mask/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
d87fd817546ab7fd9ce211b63aa8921a

SHA1
590e42bf3069a80302e342ad774ba1a9a08a52f4

SHA256
db6e67162f5bb7b7369899d5b8fe7dfc70f6540cb3634c54525305abcca6a851

SHA512
c5495b03a08be1f5241e283c4ddf8e86cad9e78a9ad226969950df8a09b40ee60301b6668dab8fa5c0c3d1c1dbb2d77f25f899870205b188f9230774f4be289e

Download Submit
/data/data/org.schabi.newpipe.mask/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
9ad528b05959889eb76e3bad2635f713

SHA1
05058374e66dafb7655be80aaca44eaa983d5511

SHA256
2004a4a0637a3e346aaf3baf4877f8ef88c5f66c4879e974cf76e7ce70227b06

SHA512
dfa3e999c32f366d9b8cd798c8ef1b45674006c2f90f668508c38a6312787b7fd870e28904e87f1b65ca4531d7ddfe967ca3e0af3d37c814e8808ba60b7cebf4

Download Submit
/data/data/org.schabi.newpipe.mask/databases/newpipe.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/org.schabi.newpipe.mask/databases/newpipe.db-journal

Filesize
512B

MD5
cf3bf6f20bc4d79911366b72e08118ba

SHA1
fc5ff8cf8bb72c2734ab7de9457df786875fcaf0

SHA256
2bd0e5707ba6c447f2a88035c58fdfffddd819e44c3b5777255d32511e2ab7bc

SHA512
acda56d89ee294006f2a873fe60c4bc2abad7e0dbc980633eb21adc351ea3c45fcd46bd6b75549dd1f0a1afd1b30a258cf284e84ffe91dc8776c9f7415e2faac

Download Submit
/data/data/org.schabi.newpipe.mask/databases/newpipe.db-wal

Filesize
16KB

MD5
aeab685a74412116b037fececd5d20e3

SHA1
0f5b689114c0e92669bbfb6a409c6ce42989d2d1

SHA256
5ee3cdc6983b86242b004204aed5237fe685a568073cb82bc50cefe4f86b7f59

SHA512
3283f925a6a1b8df752ba41dc5e39b14b75d2ae501121b809e806a0fd8a7249de36a30f8c8678655f42e5a9ca6f6574fbffe817298c537720bbf588b877b228c

Download Submit
/data/data/org.schabi.newpipe.mask/databases/newpipe.db-wal

Filesize
152KB

MD5
5e2dc2fb1f9296abd6eff9a6b608a322

SHA1
f5cbbd9e51aa7c2a9c9dfb6953489c21ed698fde

SHA256
d0575f5e966242b211ed015d0d4ce512e952de5202c0830bf1d8282417aeb36b

SHA512
80c1d868ae43808d973e1639bcb49f655c265b4155241344877cd69dbd6d2bcbf1a112a2f3ece25dbabdfa342f44346ee3144b235295e34948fe31519e41c69e

Download Submit
/data/data/org.schabi.newpipe.mask/files/.id_config

Filesize
99B

MD5
b3d67b71009ea086e88910ff5a8c1450

SHA1
ddfdd35af7952ccee641f3e236d93c6a2d73596c

SHA256
4b08c1b20117527f7c1e5db54716c62545db35ec6cfea986048e6ff407c2341d

SHA512
50c5d8b4545c959101156d52f23af40f08f93cc345349002c8357ef0f7072823dd48c7bc6e829bc8bede0636bab1d5a8d1ff647b3045d052938e52b2e69cab0b

Download Submit
/data/data/org.schabi.newpipe.mask/files/PersistedInstallation6631080927306399146tmp

Filesize
90B

MD5
f87f7cde972b355c4fbdd4823fc172ee

SHA1
06d6d3ad838d3905f549e23cd7457321b76d12e6

SHA256
81c9e742e867aa0eb9c477623b6fdffb2a7f0d5c98bc9e700ae0a8fb732ff189

SHA512
c7d324dac688422860256ea3e06b02c483828da82fc898becb8317d79a9908bcf4a8dc3c7fb0273d5559f4e6b0866c442f674da64e7f47b57486955fe07f847c

Download Submit
/data/data/org.schabi.newpipe.mask/files/PersistedInstallation8693761902659207794tmp

Filesize
570B

MD5
87df9d525c0f7f8363dd844b22bbd4e7

SHA1
ec087a3db97bc0c6198ec662be210d2e6eacc7d8

SHA256
1dc6ad09df7ca582de36ecd4ac3770cf050711c94d60ad0c97200418b0e52ec8

SHA512
ccb08ef47017951e4982fe5bb3b915abe5aee11ad4ffb0d9182c167fd9992fcdcf69cf1e0ea45a2c6fbbb839ff47f429b6413b7ee844a909e52dd1e62b0f9496

Download Submit
/data/data/org.schabi.newpipe.mask/files/time.config

Filesize
37B

MD5
73b332e367d23967f33f68b209ce2dd1

SHA1
b320c327feab307c4526ca5a8e3b71720f9029b4

SHA256
fb1cc362c9cb491e893cf60811a02aa7829c0c9a610be5c5a53ad161d8846814

SHA512
2307b946536b4d27cf1f6c00031077f211e95bdb4a3dd4fe5b36f2374ca7511a7372f2b6e7acb0f682d6a12eed67f2d3b2088a0af7c9020eba1c0cd1249b8d6f

Download Submit
/data/data/org.schabi.newpipe.mask/no_backup/androidx.work.workdb

Filesize
96KB

MD5
816b6c4978d932eee472b534f089ba0c

SHA1
2c7253ed09bfc715f93bd120b4560ef718fb7c52

SHA256
74acf310d38bada481ccf9e208df17cde4c8b08bd68755546c63a9f5667f1a86

SHA512
7038ffd84ac89e85faaf7350797ac2c3095c5bdb2f57ed768167519c65c2b26683530be8d9db5c9e6538ad40cefb8723858de608d3721c2fdaf25d3d4e93a915

Download Submit
/data/data/org.schabi.newpipe.mask/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
2229fc6457f57f99a299b24b3b9fe87f

SHA1
dcb9bd33697abc4f0679f9510830a5d1e98728ce

SHA256
fe8080b6187a47c2192f33456a2067242ceab24b1a6532c3cd6b4d65739442e0

SHA512
0be934580f5c31159c9319b9e8bfdeec097b9054f24bcdabead140eafcc6fb883bb474905be5da93b41bd5057c4cac102314961b847f09c0b1aae5309d70b41a

Download Submit
/data/data/org.schabi.newpipe.mask/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/org.schabi.newpipe.mask/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
032a4110da671078dbbf4d82e34b4aa3

SHA1
09cbc92dbcb368050f4f2728191bc19600b16529

SHA256
806e91017e80d2ee38560b268813c74faa8de1de45e15e3f3aa185557e389544

SHA512
20820f9afd6d0c32aef001e327e484e31433ac58d0e796b37965a42631932b3f4d224464a6e95b5cd43a44ecb412127f097dbdd136961899124cd6100d501970

Download Submit
/data/data/org.schabi.newpipe.mask/no_backup/androidx.work.workdb-wal

Filesize
406KB

MD5
2acc0fdcb2967c707aaddc7cb7d21bce

SHA1
588fea62f313ae72e127fb07cd373bc9aa8520df

SHA256
cc96c220a0713c2159877af7e7b1b96fabfd71d0ef2f1036f155eeb587461c63

SHA512
4335ba02146871de7be81ef8dd31b7e1301095c9902c36c0620a4c6d9eb29a48869198f4322de77bd3dd903f4c2df91c1e75cefd26ffad93fef731008aa0dcc2

Download Submit
/data/data/org.schabi.newpipe.mask/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
28772c4a2f04f03831d10be517eacf19

SHA1
1b09bedf7af917434eabfb585c6d2598e28c1936

SHA256
915bbbe39a06728e6d722fbd7c2f46e952f3a58fc51e0b72240f920f1c44a664

SHA512
1b07631d4eb8226e3b34c4dd208c45fe26c83348b3f61bb940609f9b8ac89382434d73c5e8c770e789e3a6581d12ae071d0e868f5c67496ff850cb14ea128918

Download Submit
/storage/emulated/0/Android/data/org.schabi.newpipe.mask/cache/uil-images/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit