b9b7cc8a53d1eed5e8234b94517a2a8f288de46da80ba92275fb3f2e5047d11f

Analysis

max time kernel
47s
max time network
70s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
13/09/2024, 04:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

onstream-tv-latest.apk
Size

15.5MB
MD5

0b9fee3bc57c76c6813d10a63c1b8d38
SHA1

7196f608182de701570a81590422e7deb1d8a4f5
SHA256

b9b7cc8a53d1eed5e8234b94517a2a8f288de46da80ba92275fb3f2e5047d11f
SHA512

ea672c6f7c433636da0eef94b06d41b63a774cedb2478102ffcbd253a4992de5bd1d7a1445799c0983f80dc8a04f7cb57aee33e6d14d0e2e9cf7642df2825ee4
SSDEEP

393216:YOxr+Ph1IkvruRsq4BeU24o/sLWHo8K0e4RB:bx6DIkvrC40X+WIQ

Score

8^/10

evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.maertsno.tv
/system/xbin/su	com.maertsno.tv

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.sidecar.jar	4464	com.maertsno.tv
/system_ext/framework/androidx.window.sidecar.jar	4464	com.maertsno.tv

Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.maertsno.tv

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.maertsno.tv

com.maertsno.tv
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4464

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.maertsno.tv/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
84719b15f6f8ddd86b7ca25cc215edb9

SHA1
83ff1b339e9593d51785be38ea2b28fd8404075e

SHA256
32bd8161101cac99becd739e37f2e557bb7898c7f288cc4f150d5e9070b0f5a5

SHA512
7b8e8ee02f9e0da37d89027c23bbfce33441aba8380bd5fa46caca0c024b362571d46487b14df28586fa9958588048bc48f83732bfcf0a60b96cb07ae0e4e84f

Download Submit
/data/data/com.maertsno.tv/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
b4793ac9817023bf4607d7c80b9e54d5

SHA1
2eab2f5b80422065b200d2393cd9c96e0694efba

SHA256
280f3ca7945263e735d953ef4fc92e923724963cb37f4007b80ab2f9da3c79d8

SHA512
24d27bb949533c0210d42dadda4af718fbc0efad08041f351a75330353dc50899b3572c1f0344c95ebb59902e1313f48527faccb607a447d0e3b037fe32c623d

Download Submit
/data/data/com.maertsno.tv/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
d52d16fcd2eb61f130092e8d46711747

SHA1
53f27dbc4087ebb151bd32f95d5e8d6c6567a95a

SHA256
367ae14b5b070fdc60178cee16bd473292a4dc11fd5b4667e191e15df52eeae8

SHA512
b5b07d5fc12dbbac3d2352617dab4c0c26864b2e45b774a028061dc32959e3d21db8dc5c9462fcf1248f4dcabaf5fabb514097a3acda76b8630ddb9f651b0e78

Download Submit
/data/data/com.maertsno.tv/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
90248968fe9ad119ddf8ffa8e3e09091

SHA1
72ba181b2b0794bf2ce83535c08d58a4c0038ed5

SHA256
a4f54a2a858f24cb01f15b73f5f857573179527d1345eb26fa9cf77f04977434

SHA512
495ef8d24564f08268adc9aec6bd576134d5771aa9f571e15a61175bdf708149229243385be3d8ff1d86012b041b32c3dca794e3c17e5afce1bd4f1c4bc47a34

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db

Filesize
16KB

MD5
15ddc5e8bf7786b847cffd2b3bd2d559

SHA1
64389d0a4227cd146eb806bd6f1195dd967ed7b4

SHA256
48b850522ce8d5b21df7a5a49474a53232d1b67745e9b2dc1b0e9074e0214380

SHA512
d2d60e3cbe6b35d79cb34793a5ab3206ab8e29e87e7100e618807b29aedd1e7afd2b4951cacec105b7baae885ce675f39b4b461ebac622bef4cb4d2456cda5c6

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b4a5e5944c94032f280084bef70ea922

SHA1
ac6fc2f85aa9a2fb372b796aa504e7f4cdc900d0

SHA256
ed5352762b5fd039aacaa661515022f15dfb11c0a415edb46d64e39d1b4605f8

SHA512
c2b2c85259961f6d71df98cb1348df3be0d20ef35cde381124377f27fce7ac9e50c7084faac634188ba794794b7e7fdfc7acb075f43396e3c5cb051a2d778cf4

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db

Filesize
16KB

MD5
76037adbddcc4c6493c16307ffc733c3

SHA1
70877c62f128f91afdbb3124b5f48b2886ebe5a1

SHA256
eb36ca81478aaf9a810a58ba6c8ccea3aa54403bc1db609fea500ac11dda3dd3

SHA512
9e7afc71cd6d2d37e71f24adb4b60010e02d8101d5c776d821b2eed9cd0f1f131cf800b24d991d2a4b7ea61e8dea172de828fe88b2fa218522c6843efab44452

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db

Filesize
16KB

MD5
124c04a8008bb073052f815dddd877d0

SHA1
5b7c868b80feca7695e2b4d9d35c7cacb3c5154f

SHA256
5ce59123e4b8008969dca4a7793ba2482ebcbc84f7722d84b9fc01f4de345fcd

SHA512
560770f64444a19f88b15acd58d81ce0bc0365e143ed4066bd6798ca8f952f9c8f98a649bcf4a83be3957086eddad72d7008c8aef3fe0e727241a154d3333b44

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db

Filesize
16KB

MD5
92c6f8fea375931d985d63622bef2297

SHA1
a2b160f137d931600e68a6ce5ed0bd2ab934387d

SHA256
74a34edb9b02ef4644afd87cac736e2ed5a9e990f9a63f0338708cc82e4e6f64

SHA512
329744fdc46d016600bea0b30c03168d86a4c63b4e6349bfa70d47f2d507d8f9b1e51e362d026a254a97242ccbd647a43f226b76d13a9b0d1f0cadc2da7d9a5e

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
f420bbac19eb18f8155ed909751272eb

SHA1
5e2e19de670c3a585339e419333274b17f6c4a1c

SHA256
1926e4ec6c050c9dc53032cd6acc304e51bd417b7aede0197deaf78bba98206c

SHA512
7b396f95efaf34538e2e43b5108a767110f4a2731addec35aec347e333889e03d8bf306c2bce0b12350093dcea7ae903f2e81dd0df73e633393d21df78ced42f

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
479a9b674092f7c5368bd916382d9959

SHA1
4a28f92f5ed9eb1c9f7e7ce4c9ef52a0d52ed9a5

SHA256
aff1420552de5826804a906ef34f64692c448ce96c750dc3b2aa64715fecf01d

SHA512
3c183404759fcc151e77b81f978bc7bc51a8536abaeedbc7543fa2b5e9e00c768fa15bf4c4e9f7304ee943d9951acab00b4fd83af64bc1e144ab44da9c37c037

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
3c35bf34b092e9db164d316816414a03

SHA1
97e35627ee7ec1f245918da7eea7de8a9d2672f9

SHA256
53dd06a95a8bf2db58801e729c41597f91fd926432791d0411103e8d47850095

SHA512
99d8bce3d5b2cc685acd3315a59b3f18403368c86c643b695782be659d0ce4ac216da1ef8b39422418c6abb404ca242a108596a905c34bb3e6b76adde33ece92

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b7dac3f25437672e192487dd2029a34d

SHA1
b3fb431c1ec997b80965e48fd07a6ff0933acacb

SHA256
3b4f8ae812fe8c2df3d86e9d0241336b0f583fb1b8b654140a34b6182467d670

SHA512
c1f979b9be9bf22dc8b8ae92daf9e5793b65a743ec56b8b40e4355b3633189f277d7ce313a6f73e7fe1a9c017ae395e0e3442e6ed7c354a4ba3fd6c22673244e

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
013612531753b6d27bbbca041b86964d

SHA1
a5fbc8675f99b7a45aef5ace253466dd5b836091

SHA256
70a93ef1a7ef7c7765b9b6db578daffc043e6de70f3d5264b55d93cb79cd5d9d

SHA512
385988d01590c1ba188e7b30639b20c8582dbd515aaffdf9ce23aefe5599861ef9806f8ab2840ae1d05d00ab873a3f33c8486aef41052161277c07b6285e0b56

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
8309646bd62b6975de539ef80dced8e9

SHA1
30d2af860fbcaba3a50fd1dd1e8d0093f264594c

SHA256
91f6ed5a1779f0df1c6bb7a8ee01d91fa13e6d832614b5aee6096b3cc5efb244

SHA512
9f873787844f8dc737a8a289a3a0e1ba307e2fc29332a1e8ec4c07270b08bcf32483f9a98119342bb033f8f86b55a41c17c129d5f521ff42cb3acdbc89fb2c86

Download Submit
/data/data/com.maertsno.tv/files/.com.google.firebase.crashlytics.files.v2:com.maertsno.tv/com.crashlytics.settings.json

Filesize
711B

MD5
40c5218e265c9d79a0eadf5d64ed6c59

SHA1
bcdc2a72a11333605ec9ab4f1f857428c210feb0

SHA256
e46228f9b8d5efecfba2eb75da80bd4ed85ba85473e5f0ae7e142e00447cd20b

SHA512
5d56598e9689d33f9fa7c3b2093cc494c2ef8ac774ec14c14727990855fb8cbbc4398cef17e561489ce577732e7bcefbafc29478f4d8f265fb7c192fba8cad13

Download Submit
/data/data/com.maertsno.tv/files/.com.google.firebase.crashlytics.files.v2:com.maertsno.tv/open-sessions/66E3BD0803B30001117073B505709998/keys

Filesize
55B

MD5
5f532eefde1793b3d6f361effdc9d51d

SHA1
02487a9ba17b3648eaac764c533c27dfc269cf58

SHA256
3fa93c24b2098dc123bbb26543a3ab354e2e786017ab347f606f267aa762ae5c

SHA512
f1cf8298399a363179e0cb0ad1e76102f3a577d7de1fe6035ffbada482efdb035e69b601265804186e8e62c20fecbf56ccce065e02a2179fd78a4e29d08b53f2

Download Submit
/data/data/com.maertsno.tv/files/.com.google.firebase.crashlytics.files.v2:com.maertsno.tv/open-sessions/66E3BD0803B30001117073B505709998/report

Filesize
787B

MD5
c115f307b85727790393ef760b6f96cb

SHA1
568e3c00e8f057e5200a5551169181c2feaccc16

SHA256
bd5c06cc7914b1448ede17b900a45b37c07aa8bc23320d01f7f437f66d51fe01

SHA512
cd619e9699f220f30762f55039db5d4f3ee17636f43290e34137edf10d2f6bd6bf46c0cb8b3a09e2f67be16228e8f555b97c56bbf8a10414b7de56ea3f6e02bf

Download Submit
/data/data/com.maertsno.tv/files/.com.google.firebase.crashlytics.files.v2:com.maertsno.tv/open-sessions/66E3BD0803B30001117073B505709998/userlog

Filesize
188B

MD5
a72e983c141d868ab76f5ace456cae2c

SHA1
6cdae5c5cd5cedcbc26db66b2e643d2187231706

SHA256
09ae89b954dfcedcbf8e97bda0ebe41c923b198efa5808148a7cb6214b82405a

SHA512
9ea4cf3f647727097bcc0b5bc8c32bdf62e9c48ef64a5eddcb09e8bdb6f1f5221f98eac3aab4dcf981668e8065e4c72372990c0afdec53a6ab653e2f69d1d98c

Download Submit
/data/data/com.maertsno.tv/files/.com.google.firebase.crashlytics.files.v2:com.maertsno.tv/open-sessions/66E3BD0803B30001117073B505709998/userlog.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.maertsno.tv/files/PersistedInstallation327637754405772964tmp

Filesize
90B

MD5
ccea5dc7b025d7d08e1ec6e258e37e61

SHA1
89b43802a5a0bad797c561bcdf6aa10f576b06fc

SHA256
21ffeb52b31c0da028786e29b19eaa6ceca463797c7788b3f819084fb72182dd

SHA512
b46563c8ad9425eb586ea627f542adefe6175e9cb5d04998423beaa6c0f36f994872c50b8307bb71153ae881747e855a9eef2efe6553d6f38139a5daf09b76d6

Download Submit
/data/data/com.maertsno.tv/files/PersistedInstallation7726681676174812938tmp

Filesize
567B

MD5
eb3bd228d53180fff5be0e4d3833ee02

SHA1
9f86a3a87e89ba7e4d36722f00dfc7fe14b9eb14

SHA256
d5107e26d4a1e53075ef0ee7cacfcfa785341ffc5bd4ec116cf74bb21debfe97

SHA512
d543ec0e8a16cc51108cbb12f1334318c1022c016551409d8981d54817cb3f4398d30d45d5678f8c5fafc26fe9eb5d8c46a961307bbd65e5a34e4734ffe0f36b

Download Submit
/data/data/com.maertsno.tv/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
33B

MD5
35b51faac8b5af3886e70bb5a885dab1

SHA1
e6cb282da46cd4bf113e25c8573268578dcd11b6

SHA256
af5b3362ec35985974c6b73eeba53e5063861f2491252d61d8cd42168aa5ed6b

SHA512
6ad5e9766cc03a4436e1440b9e47c44da6c6440a3c94b1cc988f8c5680043cde6f7b7e02b2b4c71b25df4209c39ed099fb65fdde02a9f09464609a1abe6af8fa

Download Submit
/data/data/com.maertsno.tv/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
75B

MD5
944e6a5a08cb971370c65c06061f0ab4

SHA1
84d47725cc29bf167b782c702575bce4bf2ecc5b

SHA256
ba8f4af0e35f93cc15649f4c51969f5279421fc12deeafaddec5e5c48aa58dab

SHA512
bdc404233927a6a99160492d0b3e2cf00776d51b33612b8c9ecba395747b3572cf1790269fb199915aafe84c546d30e3259833c9d00af8c412823396882ca783

Download Submit
/data/data/com.maertsno.tv/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
121B

MD5
ffcbf87665a36fc21782400bd0537e79

SHA1
3dbfbdbfdcde953317b089f9a9fa0bbe50c698ee

SHA256
a21d3bf2cca0951e9e7b3fed43cafe9f89a4cf9d844c82279b260852d0ee473d

SHA512
7f98ac150c422eb4f1126d86501d0435817ceaa7eb5549e4d21a295d57be3d3fed4388cda782c084130c4ac8d57a4f225139a2e42e8a12b34cc1679140d16b57

Download Submit
/data/data/com.maertsno.tv/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
163B

MD5
dcf7d6c1cfd5e7b56074e3001577c78b

SHA1
b8eba89aee9f6688ecda6675ef8ff4998da0b141

SHA256
ba0830617929c78abca9391c2059f89c78049911f502ef5525d39341e4da2b91

SHA512
42d75be824d69de23d2e8605d60c3608db20ed5c059f5b67c63ca2845484c67150aea88a3aae36aae12a4ea266fb6b469d09f765bbcd444350d836ab83f7695d

Download Submit
/data/data/com.maertsno.tv/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
212B

MD5
f4f0676a41f1eb30d0a126ad5cdc818c

SHA1
ce82405aa36b8de3c6617208b7df854b092c94f9

SHA256
8c39c4663b7d7fd2bd34e39f57115ecd9d2b4c2dc3a5db83c35300ae833ab64b

SHA512
4d2b407aa1b966d7467778f439d86d86db8c66a6aacf5590211f334eab52744e4005bc509231d61f195a3cad48d8a5478ce9011ea9b9d93e96636a2db1018721

Download Submit
/data/data/com.maertsno.tv/files/frc_1:521702959726:android:5de416a4f4f37532ed547f_firebase_fetch.json

Filesize
291B

MD5
fa43dcaa0687cb7f831f7075c2a2a3cd

SHA1
db46bf3ffada2a801508fd853b54d4c7a1165b7c

SHA256
a069e7ae7a86b67a214e410994c5d40498b123d2e39fedbebd2047984c53b806

SHA512
ae88e4e9bd41c0672553168151a0c1386496d57f4883bbe7e94ab011831fc2858c685e90fe09997ac2462f5a3f247042792677565be3fae0a0bc604ced55dc92

Download Submit
/data/data/com.maertsno.tv/files/nwt.tmp

Filesize
1B

MD5
9e688c58a5487b8eaf69c9e1005ad0bf

SHA1
c4ea21bb365bbeeaf5f2c654883e56d11e43c44e

SHA256
dbc1b4c900ffe48d575b5da5c638040125f65db0fe3e24494b76ea986457d986

SHA512
fab848c9b657a853ee37c09cbfdd149d0b3807b191dde9b623ccd95281dd18705b48c89b1503903845bba5753945351fe6b454852760f73529cf01ca8f69dcca

Download Submit
/data/data/com.maertsno.tv/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
5e21367a9763d29361b7a7d1de619267

SHA1
4490656424274de6f63f93d482fc4cf4ece65190

SHA256
c33ba54c79c34b97d95178fc76c8266a05c9bac230681f237a33749bd52de002

SHA512
d2df84cc6e289f20d2c0f3325f8c4e38a0ef5daf9320d4bc5d514f286d14ed8b35fa8a54854f9131b34b914af8707b2b0e7ad97f94303ceb51f476afb0ca35fc

Download Submit
/data/misc/profiles/cur/0/com.maertsno.tv/primary.prof

Filesize
1KB

MD5
310af8dd13c6edf92a247fdbf8957dc6

SHA1
593d0a9d94207d20ac6739b423c2a517bf52eeec

SHA256
d76ff63049833a8a5316cfc3c40f5f0ec32cdadd111375128e590484b8c81767

SHA512
454204aa93ae6150afe41c482eabd51f59e67fc8396817b9a69e43a724ebad4f58fc175183eb069551944c663df9359761e8c3432c95c797a2326e4f229570f2

Download Submit
/data/misc/profiles/cur/0/com.maertsno.tv/primary.prof

Filesize
8KB

MD5
7dc85445badd32b8f82ca8841b22e09e

SHA1
7418e898c0ddb20880cfc87fd6d2b907ebbe154f

SHA256
6cead059f6ea956cc802f0d05d9288438b7fcd8e40069a02a61ab79e33e5cdc0

SHA512
2ee79782405d11928205d3bb6fd6c3fa9118cbfac408cafb0b94b8642435968f96bf4add96ae184f465488df0d40cfd187580d7994c21b578cc7a28daea6bcd6

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
12KB

MD5
bdf3529e80318eb14e53a5bf3720c10d

SHA1
25c9ace4b1af6e80ebb2572345972c56505969ba

SHA256
bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

SHA512
48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads