0386bf9d79f79114edb870b7f444163b14ae63dbf8c21f703205954f59f84778

Analysis

max time kernel
10s
max time network
133s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
06-07-2024 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tubular_v0.27.0.apk
Size

11.3MB
MD5

0436a990f7dd4e57e6e7933750e4e7de
SHA1

d8dd4e553f847d7e264035baca68b2a3883f5a10
SHA256

0386bf9d79f79114edb870b7f444163b14ae63dbf8c21f703205954f59f84778
SHA512

3ca65fe0360a67692627774788b0c6f6331e4d74041f0f8131d25262bef948f77f0357b5526a2b289f88e493a1179d3a6607130518f357f1f9f48090aa5dbbc1
SSDEEP

196608:nr1dAQ1yLujbDBRvyZsMbMd+VFj9Bzdhv:nr1t1yajbDjosMwwVFjrv

Score

7^/10

discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.sidecar.jar	4489	org.polymorphicshade.tubular
/system_ext/framework/androidx.window.sidecar.jar	4489	org.polymorphicshade.tubular

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	org.polymorphicshade.tubular

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	org.polymorphicshade.tubular

org.polymorphicshade.tubular
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
PID:4489

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.polymorphicshade.tubular/databases/newpipe.db-journal

Filesize
512B

MD5
7c0f840bbd34a3c44d2c3731a86eb703

SHA1
51ad013d387ce2e59ac5575bdc9dcd772258c9de

SHA256
476598a46bfaecc1f392245bde617becfb039346a576a1e93a9f5f4e725bf882

SHA512
9e9ca534cee44fc6dd59bab575c30e4d7c75f7f3642e27478c20b8190ee5dfa44ad703941be33e76be4289618419472648728dd06405adbb7bfe9177c1238e04

Download Submit
/data/data/org.polymorphicshade.tubular/databases/newpipe.db-wal

Filesize
16KB

MD5
6262c511a1f13866cb8ea3f3473ac680

SHA1
93c4c9c0825c3a086c85ceb4fb36b9ba7f65e200

SHA256
a8ec6f94b6da824169ae565993e126e1be14f472095f4650e7a016a5cdd2b1d3

SHA512
a4ebf2e34a6eebe18c37775e0bccabdcf948f78aeae7dbaa5819847066f461f6c913d6f3c65b285ea7d8f4f382ee68f4d2f1d318bf0c7e68b4b1199887d050cf

Download Submit
/data/data/org.polymorphicshade.tubular/databases/newpipe.db-wal

Filesize
144KB

MD5
bf84325696abada751c8daa1ae41b4b4

SHA1
ff54c87ee12e5751680a3f7fe992475624c7c53d

SHA256
4a58a3659b3313530d225387416a4a6a85ccb8b68742195654f3d175916d1607

SHA512
bbbf8eb54ce9770e4c5c289532febb14c445db6dca741c7bc0831c6e21e033779d17ad825c6ecee9f6d14c1068bddc37c0a3efbd4aaa97d9e166b229b4268377

Download Submit
/data/data/org.polymorphicshade.tubular/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
ad5a26b869e183551190346aa8d32417

SHA1
cda7b137b616779eda5ffe1df3052684d06a77dc

SHA256
f9ac4bf04d1f371b7c7bb7ff3a2099a91cc6cee2b6a202a46b058ac2a6524809

SHA512
026e7982c6a22cec80965d156ac4a297339bba5717e7a1e0da6f51db53bb680525ba6040d3ae2a148f5961842b8fe6fd7954c00a1c1f21a90062819fe6db4cef

Download Submit
/data/data/org.polymorphicshade.tubular/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/org.polymorphicshade.tubular/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
36b20056d98da0285e2bdb8da5f21992

SHA1
bc53c85ead098849e8a31314cd4a769c1081ae8a

SHA256
b4446d120ee646d312a100532414b8e849e10c18c381feffb092a38ed7acf50e

SHA512
58dae9a2952af9f746421ec0422c69e1315a5046e3ff487f65fea03a81bf7efa588cdb37c1e9a96f902c345cdbd270d497521c5f5f368c1a46ae243cba632596

Download Submit
/data/data/org.polymorphicshade.tubular/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/org.polymorphicshade.tubular/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
f9fd3a699b3c08f22b63832fb11ff080

SHA1
9d61902d04f3a9f8eda5fc6830f46efbad8962cb

SHA256
cd6b2add7b4db478ba0b16a12d47b01ba4a470327cb975201a6d212c2751422f

SHA512
d6e0cae32bd2404de08c5cbae856baf78062aee7c0ac1b6e2efec23624a96f297fac2324abc748626a77c2b58a1379ca9935cf0a8c17eeca74b5aea7ea1b8769

Download Submit
/data/data/org.polymorphicshade.tubular/no_backup/androidx.work.workdb-wal

Filesize
112KB

MD5
9f262dac832ccc42766e9fbfe3a58cf9

SHA1
39c34363c4c5acb1893f266683030cd60bd94fcd

SHA256
37545b8cefeca3b85ab771e0d2fc8dc48a537f81477e572f14d763a9b89ab471

SHA512
c0927a5140a50824c3a5b094fa424454e3c06696262052c8f3393611ac2b84889f0954a6a53fa618119c77525758fe6de4869cb339568126d0369d1869439de7

Download Submit
/data/misc/profiles/cur/0/org.polymorphicshade.tubular/primary.prof

Filesize
3KB

MD5
930cbdd38230e5159c0278b4032114a0

SHA1
f193f111c54d6f3cc630d8c59b4afa17a4bf7862

SHA256
ac4b4092e7e46259195cfc114586e5b0ec6b7acba2a293983a5869f80dbf0b06

SHA512
219558b114b303e9f569cec34b100679b63bd7ae58200d49612db9b2b0fedb4434ca510a805b0938f072d869b7250d41a6ca07422f2109fd49ec4c3f35248d32

Download Submit
/storage/emulated/0/Android/data/org.polymorphicshade.tubular/cache/picasso/3449304e1ad853d90e4005ea24574bef.0.tmp (deleted)

Filesize
6KB

MD5
503115d95bf99a6bf5852ca7332cb523

SHA1
de6eff8558825249ba4aebd903925773c838e586

SHA256
82534a8c2c4860a3bb65a594bfe2dcbf7c1abab7b5246414bfc19f7673f14850

SHA512
e398c9c531ddb1847f9e33184c84f1e6133a8c4633127627217aa44d7360f7c92d694e809eac09c24bdebbae8676d14e71fa8e1371db86833215ea49011793ac

Download Submit
/storage/emulated/0/Android/data/org.polymorphicshade.tubular/cache/picasso/3449304e1ad853d90e4005ea24574bef.1.tmp (deleted)

Filesize
9KB

MD5
5b65880cf1ef9f7b2b369ef2f9cb17e0

SHA1
53347d4f235cac847da8ee2f78ed58864b9a5644

SHA256
4da563584e98f78c49c1f85fa2b850d2aa931e3575406c250b6e62da9c31d676

SHA512
c9808cace89a92a58d4f8db780c223fabaa384b0997071845792a199adaae0cb55c98d1f3524e912848a2f17c8260b12ba10693540cb20d0fb74888e4a9d61d1

Download Submit
/storage/emulated/0/Android/data/org.polymorphicshade.tubular/cache/picasso/3ea383c8b74ae6202e87957b7f9088a4.0.tmp (deleted)

Filesize
6KB

MD5
24e1ccbf7104743dfc424a727e4a114a

SHA1
986570f1a9e1b418c325b3b490d3b6fde4d5fc91

SHA256
1724efdd72d2ad418eee2b8cf1050041d81a2238738be856cc72927d7d6b20c6

SHA512
c6afcd1a35809160418b20646e7c00a856a83196046775d1e34b2d0ab794174f69c609d926e3519bb28d9063605f985a786cb0067e88147d2a1216a1339b2dd5

Download Submit
/storage/emulated/0/Android/data/org.polymorphicshade.tubular/cache/picasso/3ea383c8b74ae6202e87957b7f9088a4.1.tmp (deleted)

Filesize
14KB

MD5
6e5178df4fa3dbd1054d3b13b86f2024

SHA1
f3461246109ca819a9c8fd77a239ac378aeeeb59

SHA256
d4a3751352d00eb318f854d2364f8f3e3cde227afa059e92acfc3d531dc19b81

SHA512
487da94437b2b83c821060691117c31f87edd61c9041bbc032fa66cd9ac5a4f753c4110bd8adee6308ab371c5aeb225d3827ac73bfa1dd35e7adb05512bec664

Download Submit
/storage/emulated/0/Android/data/org.polymorphicshade.tubular/cache/picasso/4809c5c7a0049ef515554ec040bdb11a.0.tmp (deleted)

Filesize
6KB

MD5
b92214047d602064e358ac43edfdb5b6

SHA1
e40507d73e6ae0862bb8299ac410d60da18b8312

SHA256
1d47ec2478d9db132e3f160bef22368fe24f0cf8960cbc900b50f94b55962562

SHA512
a76a16f4dd00cfbd2ac4f9dc129a38698ceda24333bc5b74008c5acada1a4048a52c5cd36ca5c903b01f344deefe9cb32644a7c9299fd167249cf54a97f5ea7e

Download Submit
/storage/emulated/0/Android/data/org.polymorphicshade.tubular/cache/picasso/4809c5c7a0049ef515554ec040bdb11a.1.tmp (deleted)

Filesize
25KB

MD5
6b1a0d913d9c0017cb9a930a990a9f9d

SHA1
df9cfffc977fd402f57feda4acfa95364f2f7aeb

SHA256
0fbe8e19d9c1d508e3072426b48d7b8e704b59cb165a8520a449b54c1a534282

SHA512
c0379fca1befdee730b60e7946c510df7655c589e73b10e5a95030b8b76b8981aef9163f0da015e11e623c72a447d154800ea2ad60454f9afbe928d5887ff461

Download Submit
/storage/emulated/0/Android/data/org.polymorphicshade.tubular/cache/picasso/4da794c12a543a37ea19768855b93abc.0.tmp (deleted)

Filesize
6KB

MD5
af526e0d8979740be4b0be67db337b3f

SHA1
44ff37caaacbca0f713cc28bfa71e1706c1dd3c2

SHA256
65b3ff2b072b9acda585f776180265f7da87df612f7200df1a5790f85ec7cefd

SHA512
8986e1674d4abf51952dac3878698cd6761f6123f9fc8acc9be9cfd33465b8ff721b3a894c2ebd0d034dd6e648074db711536540dc25493aab59ffae08a7fa9b

Download Submit
/storage/emulated/0/Android/data/org.polymorphicshade.tubular/cache/picasso/4da794c12a543a37ea19768855b93abc.1.tmp (deleted)

Filesize
18KB

MD5
494d9a00249fb55d7cb6e8f6410eca0f

SHA1
d774366fb1d99991b5b8e7fbc42629f99ec0b06c

SHA256
01c22b9fb0bcea7c425bcc350ce1d6e12f5b3bcece9df4ed97e4a7001f1675ea

SHA512
fd1d8c62b9bbb11bd9e8808bb3d1bf4640a3afd93f0b029cde35f2e1f1fb025414d41db4be2c77723ea1f52e5d89762986d61f97589332a196916e6ef19e2eca

Download Submit
/storage/emulated/0/Android/data/org.polymorphicshade.tubular/cache/picasso/9334b5a8c87f999262ec9b6138d858b2.0.tmp (deleted)

Filesize
6KB

MD5
1d249f79468f2a3f43acc9a4c31db85f

SHA1
1765e0b06301169db5bcc5e753372bf21869ec4a

SHA256
8de2c7f5ca62dd8efe1f325aa53fb37ed1ec3448819bffa2bdb28948eb89dc9e

SHA512
878458daee3c8e71cf470e52a74e57caea90b3168e4a7f78663e0864ffc058480f408da9071d143d8f5a71854f5799e8ebfdf303b96a751f0e29a430257de704

Download Submit
/storage/emulated/0/Android/data/org.polymorphicshade.tubular/cache/picasso/9334b5a8c87f999262ec9b6138d858b2.1.tmp (deleted)

Filesize
15KB

MD5
418daa1a4964829a0e9670da3c2a3b50

SHA1
6de9d691b1fc3356f3db6d9d9f0765c1a2af6c8b

SHA256
ba21ece071610e78259e272b613bcc413bf2923176a15d9094ec5859ce4eccc7

SHA512
ffa469c46c66890a4e788bdc8a9a0dc870db615cb650e726037ae390e54e1ae2f2ac86f129664d533264a6959c6fbf536ecf845b58afb0927a288395ae93bfca

Download Submit
/storage/emulated/0/Android/data/org.polymorphicshade.tubular/cache/picasso/journal

Filesize
480B

MD5
f128ff63735056aeea1b4645902be18a

SHA1
2c6cc62ef28b50c870d33f1eeeda0664ef1e1d73

SHA256
9cb0a8124d57a216986f98dc73d8e655a0151ea58d178b3187375fb2702c16ef

SHA512
58304ea7348cc87c89aae7979d68f6089bdf0a43090538b7216940125b4b3c2eec4cd9847e4d9df84d4e878aa10d328007f6e116259c6d707d75d922e42ea89f

Download Submit
/storage/emulated/0/Android/data/org.polymorphicshade.tubular/cache/picasso/journal.tmp (deleted)

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
12KB

MD5
bdf3529e80318eb14e53a5bf3720c10d

SHA1
25c9ace4b1af6e80ebb2572345972c56505969ba

SHA256
bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

SHA512
48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

Download Submit