220fcfa47a11e7e3f179a96258a5bb69914c17e8ca7d0fdce44d13f1f3229548

Analysis

max time kernel
135s
max time network
166s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
10-04-2024 09:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

220fcfa47a11e7e3f179a96258a5bb69914c17e8ca7d0fdce44d13f1f3229548.apk
Size

12.7MB
MD5

07532dea34c87ea2c91d2e035ed5dc87
SHA1

04ec835ae9240722db8190c093a5b2a7059646b1
SHA256

220fcfa47a11e7e3f179a96258a5bb69914c17e8ca7d0fdce44d13f1f3229548
SHA512

270319f1a8a8fe9e19a78741cdcdf5f7c62d3072e55ea68a8c5ecb154bea9fb0895d1562164a0a04ffac19cd2bfa760ee219e3e0ef3890ccce564ace0c1f51ea
SSDEEP

196608:A8ULZA2UNZPFyeRlQbQ4Waex2Jg6K3KVSOjQHITUI8KgYeX1EVsf6lCJwtBD/SZP:qqdZPFyeR2b/WWO3K75Uv5JEVsaUwtNu

Score

8^/10

banker collection discovery

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs
banker discovery

Security Software Discovery
T1418.001

Processes:

org.schabi.newpipe.mask

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications org.schabi.newpipe.mask
Queries account information for other applications stored on the device. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

Stored Application Data
T1409

Processes:

org.schabi.newpipe.mask

description ioc process

Framework service call android.accounts.IAccountManager.getAccountsAsUser org.schabi.newpipe.mask
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads the contacts stored on the device. 1 TTPs 1 IoCs
collection

Contact List
T1636.003

Processes:

org.schabi.newpipe.mask

description ioc process

URI accessed for read content://com.android.contacts/data/phones org.schabi.newpipe.mask
Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs
collection

Data from Local System
T1533

Processes:

org.schabi.newpipe.mask

description ioc process

URI accessed for read content://media/external/images/media org.schabi.newpipe.mask
Reads the content of the call log. 1 TTPs 1 IoCs
collection

Call Log
T1636.002

Processes:

org.schabi.newpipe.mask

description ioc process

URI accessed for read content://call_log/calls org.schabi.newpipe.mask
Acquires the wake lock 1 IoCs

Processes:

org.schabi.newpipe.mask

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock org.schabi.newpipe.mask

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	org.schabi.newpipe.mask

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	org.schabi.newpipe.mask

description	ioc	process
URI accessed for read	content://com.android.contacts/data/phones	org.schabi.newpipe.mask

description	ioc	process
URI accessed for read	content://media/external/images/media	org.schabi.newpipe.mask

description	ioc	process
URI accessed for read	content://call_log/calls	org.schabi.newpipe.mask

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	org.schabi.newpipe.mask

org.schabi.newpipe.mask
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Queries account information for other applications stored on the device.
- Reads the contacts stored on the device.
- Reads the content of photos stored on the user's device.
- Reads the content of the call log.
- Acquires the wake lock
PID:4569

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Data from Local System

T1533

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.schabi.newpipe.mask/databases/com.google.android.datatransport.events

Filesize
40KB

MD5
1cf3f63c021d755a21623e6d0e86dbc6

SHA1
e40e0f1faa61abcca7ba3394c54c92ff7334b49b

SHA256
100c67650ba652d547d8a1128edc550a8e95541a1d9268a199d1b924294d0895

SHA512
38d72e14f3513ffd26989cbda3df46ed3dd6e731bdfae56440eff6b64760cc13f91014281c9add61e018fe3529e49c63a6892ca22479515816c768b546244466

Download Submit
/data/data/org.schabi.newpipe.mask/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
ed5edd610eb7a7cfbb7333f17d5954c2

SHA1
7d1fade74d04a7f3ae7d2e2d1d53f5a6354d81b6

SHA256
e8151e6d0a58a9b43253a06d7abbf3c8af7d0a02a0c5af9c8d5283032dc464f0

SHA512
fe0a8a61d996b7b35420a5c4dfc6d3c094d8a27685ca79bc399e411deecee96b3c39e5bded3bcafab28eef67f67a0a75d0b10449d9924a7c2b040651bd79860d

Download Submit
/data/data/org.schabi.newpipe.mask/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
298cb6261956f379d7e9a108a01dd4f4

SHA1
0229f6aaaea96906f797d1dd70fdc46244fa4cf6

SHA256
188026489bda87da7344fb84bd09a08333943ea173a081c7b7e193a29584eb0d

SHA512
5ec303489f4c60e580ec51306a29d8d542a201d6ae686542d26650b91607ad157d6377fe4e89c977cc6f00385130843ebda3ca22c331abd4713808f13060d302

Download Submit
/data/data/org.schabi.newpipe.mask/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
f7232b6a32f14b15335a45ee1b10706e

SHA1
3b07feb2a374c00233236b0bd718cc6d30880697

SHA256
eae7a4d0515509148a60b2a9dfc7f3e48f1f136e196a60f107b778356c2e30d9

SHA512
fb792037b7d6688afd12954c8acb63ee650832e5f49e103de871ac948f4fcbc0aba800b4a5b2c01dc0709535b336e75337d02e96b4375c386ebc5221f3085e0e

Download Submit
/data/data/org.schabi.newpipe.mask/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/org.schabi.newpipe.mask/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9ff78d0416f484e5faad471f55f07bc4

SHA1
5978688c47b781c98b8f599a7ab5024673c8b390

SHA256
b0b2480183bfc44b666dadeeaeb569c15bd00f8d8fe85b51ac04a50df2cdf28f

SHA512
225de345e666375201a620faf9c7eb7f5d6c6275f6d8778fbe516b778bc53626f59ed3c222c2595ce4852419b7748cab52a4c2b14b1df81450f45e8c395e4842

Download Submit
/data/data/org.schabi.newpipe.mask/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1dce46ab7b6e7f97c587c02dafd6b0f2

SHA1
9e22da07de295e2c84bd8d96fb972e0ba9936003

SHA256
d9bac63966a363ff612a7574807360dc80aff3ea1f44925dfe6140b595096414

SHA512
7846babd7bfa88b042a90103c5828b40d9a86666b27521340e19f509f9e04c76804a455b6e53c524ad6573f407b94d149a685b705b40345a4ddb54f75784a8db

Download Submit
/data/data/org.schabi.newpipe.mask/databases/google_app_measurement_local.db

Filesize
16KB

MD5
bb7a69afd5d3ac6b157bbed608e1729b

SHA1
27fe7bbed21da6e92f7076a1e70b1afa64fd6efb

SHA256
f72943194a75ca7a06f6ee0b8868ae47dde151411ca0f47b6dd9ff9158c1f6a6

SHA512
7342d237384e409a6ad9504b35a1b0da5302f219b832f848a4525c3649f3294f31675f9d04fab195274496272ae92a9d8b42666d8d21f75da4abc839920d0c5b

Download Submit
/data/data/org.schabi.newpipe.mask/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e0f308893791d84cc49a81f9485e4294

SHA1
4e3aeedf6ca545032a74898546e101819ce0b542

SHA256
ff7db35ae3e8e0d68f6a212e027b82bd815430c7eb55a7f52b66be09dac2ba7f

SHA512
384b3a23851ad6c026f963dd84b16b8fb4a33aad6608a81301f888558601c6977b304c5ac8f8f0b4ae3d820106ffb59239ebc86b432b6bc36f9a84a79e931713

Download Submit
/data/data/org.schabi.newpipe.mask/databases/google_app_measurement_local.db

Filesize
16KB

MD5
818548be1885386cc995f564f36a8e8e

SHA1
008b0c602ed55b1122dadfb3a20db517d55c10b3

SHA256
b4765a86f69c122307448d0c6e81cebd52ffbc59b0d19da42971e2857f773e6d

SHA512
47840561a1eded73600b656576a7a9195bd1beddb79b08090b9e6bd9ab610de6cfb0a334310bfefe0b33ef157d420aaa17c6315fa2e689398da3328c4460a02f

Download Submit
/data/data/org.schabi.newpipe.mask/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
c02d0f2d08ca8dd5d9a2b222995120b1

SHA1
9babac8a73319e63df28e8937e62cca36fdd270e

SHA256
39b33ea33c87a3e9711f79c7ef8f9256b1b7156b8b2fcd79385c4b614d51e057

SHA512
768d94ed8b76c7503fec0c88468613d78dbf70f262489bde5491ddf2f2f32a44f2e4021a22bbdc3b4a0453a87bed6694c849fab58406306885e7cdbe08d541df

Download Submit
/data/data/org.schabi.newpipe.mask/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7b850b27940381067388a64e4cb0ec8e

SHA1
74079e2b3724fbbf40fd6fad40fc0bbb763f4df1

SHA256
75c5af3d62d6f9c52ba3f38a4ab3392c6744584fdf1938a44180f48cdfff2239

SHA512
3471481944f2a46f3dd7ed8eae44bb5633acdf365e8fc1cca2938a2fd7ca65f3d6735bbc2b53ca7e3c9c225b2a2a816a16a8aee4f0024f62bfe50032eabbca57

Download Submit
/data/data/org.schabi.newpipe.mask/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
3e60a5c0e69b1fc70acabe4b76300ee4

SHA1
88514836ee7f75b7d72fd045d1d94bcde9d2b3be

SHA256
210d58c9828371cbd4487935b867def43e4ecb6ca4840c8557e71a628e4544d1

SHA512
ff3478936074aa3858af601f1e3e8c0dab9aa2fdc5115cf447c1315806c1e03b17284cdc9d1922fa06afd414a484301589449970e0d0ce7b0ab3b947b286d71c

Download Submit
/data/data/org.schabi.newpipe.mask/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
76af59ab96d6a4d39f1e0e303d6a50d2

SHA1
0d4a21822a27a24a9a31247517ee63f73c9a74f7

SHA256
2123a5ddbffbd595aa56de47c0da0cf569d3eca5bcea0ec8505455945859090a

SHA512
9cecbf04151e251a5e61ae9202ac2e02d4d5c41471b5556cbf1edb19776cb4bfe8a687889cf2003f440eb91b6fca29e0649f1a3c11bb2946751375a570a08bf5

Download Submit
/data/data/org.schabi.newpipe.mask/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
db718e0301b7279475d88e1c9234900e

SHA1
04bb2d6b736953de61869b490865f44c857ca60a

SHA256
cedbc0e5f1767d9941ac74abad843b62371b6f8b06badfeccd611c04b10cdc2a

SHA512
ceb05bc2124bf4a23e1c415daa0fde2d37aae12d868e05b91c109b241f4356a99ea9e26fc23e6a2a2841eb10aaa2464454b01f3586d8323009c832ac0b52ef36

Download Submit
/data/data/org.schabi.newpipe.mask/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
77e2d931dbc047e6b5bdaafe30b7bc65

SHA1
45eaca245ca37dccbab8cbb588e53dd2f824400a

SHA256
d23578e26ce23f95b385d89555712924766ddaee0d46e957f3f40970f54406e3

SHA512
d02791dd29b490ea45b0e8d4c056d8d49a13820980389dc44c26133c80f937283217d2731981c4a8c62486418836273b10484b722609537064a8e72aedf76244

Download Submit
/data/data/org.schabi.newpipe.mask/databases/newpipe.db

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/org.schabi.newpipe.mask/databases/newpipe.db-journal

Filesize
512B

MD5
132d44cce4e35d7c088c74050a5032b8

SHA1
b4740dc6f22cad18bae0d7838e9192f061f80ac5

SHA256
fab164afaf8a078b5bdb5f8f77ab2d2e3b7072d8311ae249ca26a57455621a50

SHA512
22766dd8f376cf51d9260a5dc2cc814430dd9f591e511a72ecd4fed59ac7f332e18f7a17a9208d45e5f2734e6a1ae8afc472c4e7b21330243e8811d399bc5607

Download Submit
/data/data/org.schabi.newpipe.mask/databases/newpipe.db-wal

Filesize
16KB

MD5
6449089bc149f0b8602fd8dc5a2eddf3

SHA1
524b1d43d6870fb46cf0827cc64a7a568818cd89

SHA256
43ee0a32df0191f0c406f5a53eaa825b731015d298448932feb9253802f5b3ec

SHA512
748c2f3a7b0a4d5cb0d8808fd3ccefa41750d7498b33235742ecc336afb1d8251d421d09369774d6079904c071b661cee3481382e5c5c3f0be5f1d3548b03691

Download Submit
/data/data/org.schabi.newpipe.mask/databases/newpipe.db-wal

Filesize
152KB

MD5
b2168b32fc1ca403bad972d43024e3c3

SHA1
bbcfed20ac1f343c300a09091cb97492cfceff31

SHA256
9354e4a024c49f9fbba866d3454c6eb510f612772aa25910cc53421c54425425

SHA512
8b1b8e9f5af823bed1af49793ef5ce424b7e275a151a492d200d31844a12a5eee3d770b250365117159fd0ca371173d70ba74caf7ee292f60e0b3eb3d014d401

Download Submit
/data/data/org.schabi.newpipe.mask/files/.id_config

Filesize
99B

MD5
c5da21938219507edfaef2e6745f2c8b

SHA1
c4ab6e721562b3a7bea79334d7c2692d570ac45e

SHA256
641ade3362c08ac5c8bbec0e23500dfc533fa0693f347215b3b1d57370982313

SHA512
9764d11da76b38787e8da851ea338f2f8fb9e2c2f782d0691b10f5e8f7d6f550e4283cc0bb027136de0b28fdda078b98d3d168fe8b25b2d2b1c9ee291c474ea1

Download Submit
/data/data/org.schabi.newpipe.mask/files/PersistedInstallation2828715374973942381tmp

Filesize
90B

MD5
14dbc49f37fe2849848035a19a30ea22

SHA1
9c4193632d49e745a67050b2eb19a27f762abab2

SHA256
d970c1920cfd2ddf2aeacda3be0ac416928719f6c77ea96e087ca00bc21f81d2

SHA512
26b82e20bba832476de9b2c1ea4bfbce0a619dd1a483110ebe605b85ee488b1fadb1e30b5e69316beaf99e615871f2dec1086fb86473965e770ee953c5b7a3d6

Download Submit
/data/data/org.schabi.newpipe.mask/files/PersistedInstallation6449607863831735364tmp

Filesize
569B

MD5
530a915301c73876965510b9a7039d17

SHA1
ce227eb7313c54ae64d66bf5c09b03eb433a4cf8

SHA256
9ce80deca5c688a61a69bea8303663bd47ebfd0d0c6c95be1cccff291af23200

SHA512
48b9f95c0d3b058765f50c33cf4672787599a649a4fae0dfc7f9a75d6dae2e538e10893203492e89d467ff0b6087c3cfb25721418cdab639c41b4a8bbbcc4216

Download Submit
/data/data/org.schabi.newpipe.mask/files/time.config

Filesize
37B

MD5
73b332e367d23967f33f68b209ce2dd1

SHA1
b320c327feab307c4526ca5a8e3b71720f9029b4

SHA256
fb1cc362c9cb491e893cf60811a02aa7829c0c9a610be5c5a53ad161d8846814

SHA512
2307b946536b4d27cf1f6c00031077f211e95bdb4a3dd4fe5b36f2374ca7511a7372f2b6e7acb0f682d6a12eed67f2d3b2088a0af7c9020eba1c0cd1249b8d6f

Download Submit
/data/data/org.schabi.newpipe.mask/no_backup/androidx.work.workdb

Filesize
96KB

MD5
8d18f2520b5f1501f404b312ab1f5bad

SHA1
e3a97b046ad6f31337b017c8a82725a7cfac575f

SHA256
484b2e8aa081619b410d579db18e0e8bf4036ec096499a0fe691e5e312a40a57

SHA512
a08f40af60bc159bdbf9833666cb7802d355ae3fe0c9ff79a120cc769466c57ae2bda722b3816ad087e8719fb1f361d7b682c864f53dae919f1b536f8e116912

Download Submit
/data/data/org.schabi.newpipe.mask/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
2f144890d88328e092888fa94762c588

SHA1
b813c1dcec5988ef1f8e3385ed1bf708235bcc09

SHA256
a7fb288405674a1104d99f2e050fa515768f451fef47de2a48eaf5e556a97f49

SHA512
d544c74d43d21eaec320e1eb10ae9becfca9b64e3a179962f4a4ac9fcb062bc217efbe7af4ff968cc7a0be3c66fa94d64948ce30cb23ce500b47f29bd8dd55cc

Download Submit
/data/data/org.schabi.newpipe.mask/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/org.schabi.newpipe.mask/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
75090e712f5e3f3f71e95cad95925ce5

SHA1
ff0b6e0a65e2c3462b7e60ad4c4f51b22aac25ee

SHA256
1dda26b6d68e0247967fda4b9731a08e2b6a223abc19f6cb28a0e0dc3c34d228

SHA512
da93756d1588d1aca34d7b3e2fad2b5e345655cdf122a2642dcb32a5a2ac27ab084ae68d8a0738666f845f19aa4ad209f5f38448b62246b3666c7965b7de6d4d

Download Submit
/data/data/org.schabi.newpipe.mask/no_backup/androidx.work.workdb-wal

Filesize
406KB

MD5
c814b634b82244c34c392c7f1796b780

SHA1
a6d51b582ce0649eea088eeb2364bb1fa76ee895

SHA256
e1e088bea635ac3e6f4e22ff01a561d85df02d1057eb3bd80d77581ad49b8263

SHA512
d319a7f85f1ac7854879c0daf5cc5c1b2ba8274153487cc5aa245bbbab4cb7150302511df878ef6e51cd2f5d66ce00380666d26e7ffda67ea4ddbcacc5263246

Download Submit
/data/data/org.schabi.newpipe.mask/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
c389bf512ae20a8a49bbd61039bd3daf

SHA1
2047f45f73ebfeecf78c74e05b1d518f0013f0d6

SHA256
cc6ccc032f5546cf7f064e39897aeeabe91cd32164db20597f2b0023c7974260

SHA512
bede6d20d1f2d63670dedb1d4a2c469f75cda13de33f138668edeb74f609ca579deb759f80560815c043746c3374bbc64ef55d218dc18196c3557d726de359dc

Download Submit
/storage/emulated/0/Android/data/org.schabi.newpipe.mask/cache/uil-images/journal.tmp (deleted)

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit