b9b7cc8a53d1eed5e8234b94517a2a8f288de46da80ba92275fb3f2e5047d11f

Analysis

max time kernel
20s
max time network
135s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
13/09/2024, 04:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

onstream-tv-latest.apk
Size

15.5MB
MD5

0b9fee3bc57c76c6813d10a63c1b8d38
SHA1

7196f608182de701570a81590422e7deb1d8a4f5
SHA256

b9b7cc8a53d1eed5e8234b94517a2a8f288de46da80ba92275fb3f2e5047d11f
SHA512

ea672c6f7c433636da0eef94b06d41b63a774cedb2478102ffcbd253a4992de5bd1d7a1445799c0983f80dc8a04f7cb57aee33e6d14d0e2e9cf7642df2825ee4
SSDEEP

393216:YOxr+Ph1IkvruRsq4BeU24o/sLWHo8K0e4RB:bx6DIkvrC40X+WIQ

Score

8^/10

evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.maertsno.tv
/system/xbin/su	com.maertsno.tv

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.extensions.jar	4322	com.maertsno.tv
/system_ext/framework/androidx.window.extensions.jar	4322	com.maertsno.tv
/system_ext/framework/androidx.window.sidecar.jar	4322	com.maertsno.tv
/system_ext/framework/androidx.window.sidecar.jar	4322	com.maertsno.tv

Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.maertsno.tv

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.maertsno.tv

com.maertsno.tv
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4322

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.maertsno.tv/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
c586f75c7f4102b25b7adc06347cbac0

SHA1
3d898fee6eec60daaf810a29ad0dff9f5bc75409

SHA256
dab663a92901b3d2d12dc6de94e270aeedc2648f71729609d03463e7d9e666f1

SHA512
95509c52e56fdd9ff7847278224d29d673023c8447bd9233e5fc5828c243642d10116d24e0bc45d938fb9157608020a574105d82ae48a87612bfa8ad93566e3b

Download Submit
/data/data/com.maertsno.tv/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
540c6eaa3e2ad9f26edea6adc78e79eb

SHA1
7151f4470c7ba2ace63e9c85700c3ca55d09b7df

SHA256
e7a79f6a6b306a0852ab54a819c8145976de6688d0aa58712074c298335cb9ae

SHA512
c5701039c7f685b9617991a9b2545dc5cc903386eea7e4f10f1f4d91a054120b0553a6396b450b58114981eb4c4eec144c79a1989397a9d35f6816d2de83a381

Download Submit
/data/data/com.maertsno.tv/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
b4912c5dbd2c19ef56cd89db86f8baa7

SHA1
81e94286bf0ebfa1b36ef33091722888f9b4bab2

SHA256
3e1da0f38cbf60015efd07d04e13663858cfdf18c9c9a205e818b7aabf037369

SHA512
79cab554c50d93717f32964a40dc2eb1b53ac0e5c1704674f601bed441580a3ce29365cb62dd4d35326fda76740fe9fb04e5a2ac764590b6b87f0fa32ae5f614

Download Submit
/data/data/com.maertsno.tv/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
63df9c139e3918e13ba895c1a75fb5f9

SHA1
4ad527a175e1c397e702df317aa33b9faa197b32

SHA256
4c345f7689c776cacef8deb671da0af0e75973bfb0289ba5ad166d3ad2d4714d

SHA512
d6c917df6ff59a63f49366ebc6d619a07e041ea755c26b07b1bfffe9e3a90c7b5d3c1ca46332fe3cb0bb37cc9f702c09c41186b834c9738d938b41f151ca9f4a

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1c3e5e6162351650d3c63b6b270e6bf2

SHA1
4b6713a800df79c8798e30b5dc301a64c7da2afd

SHA256
0d0d734afa6f9cb7641848b631dd512a503e2f3258ca5065fb64b506c92f4eba

SHA512
c862383d2de79da19a73ca2b480ab978d64a42b620a5775ba47a90b7e1161b4092ffb14d4db7897682dea703e6570a5f8f344dac73f0f0530fe3619433be0b38

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8e3ffca43ca7216d8976de502663feab

SHA1
21935985f4a02c74727b3e555b2652dfad3768c6

SHA256
71dd87f1ec1675407976ec532e9d035c982ead0aa007616d4e4b0a4def9a7a0c

SHA512
a99d09d9019dfe2d836912a05a7c0a3a4d193849cc9aaa6278eebe1e9687da9c9ffbe313f837c450ebc3c0f3e2c0205fba016e746ca53c3fecb693dd22afddf3

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f7a43909c95126e9caf8fca3b9f35530

SHA1
de5ad6f946464b25e8e52a58009e259d8ac1e6eb

SHA256
77539b57b2fc0ffe78b31c2bafe7585268a32d33052420f5729a95f98a09ec78

SHA512
27ad6d821484ea8f20bfb72803dea2ba7e0046cebf495a4fc506c6ea99911417efe62418fa16a6a0240da72e842ec0b7a5ca2429542055fc7aa415a8cb1c6638

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c637741a162aacec7d910cd1274533b4

SHA1
0301abdd497031e649433e373279c05cfd3c8848

SHA256
ca6b264a7da15ad464bcabcdac8210460c34048b16f77cb3d62f9af744a27798

SHA512
4841b4058b5d39b56244114489bba46d81654c3604e0e3a636f5cb315f10966b7861bc1075d9189da9319a58c65602ffa07f2b11330e017ff5290074d773bacf

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d0a7b23d30ccad355da0c4c1e21d6544

SHA1
1b4abfa5313362736f85ff391e82b0fa98432ec7

SHA256
6ad65e61a6530098cde17600a697cf9185c160e10805b618d1752e79805a8a91

SHA512
d79c4409f1add0bf257b204502b2f8ea15f0d5b9b9198fcdcbe90cef5ef21a2dd5b85e17a707066c4462358b12e1de861ccd099a3608c29cad82f612b96e1792

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
720f1cb261bb458994043cc09f3b682b

SHA1
7eebe532933a95932c7d1de71009ac73e0a927a0

SHA256
71435d8df9155a65e89e4d91b422b1430d4f523510300f9e5e1f38289600a67f

SHA512
65e863811f852a130a8800fae2fd2cfef4f19109f2c860ed458d4a4d25aa77eaaed6d9f2b56a1bf491810db5263c0ba5ba416ea30b0b0edcce7f9a22ac7aadb8

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
049782d845de541ae459a7f36b8bdc09

SHA1
7e98066ce98f3800566a67c8ccbe592dfe5b4363

SHA256
b24e17b0cafc7921692a2054db5661e381f3319827148cd643748a9a4f5de8f8

SHA512
cb14618a2dfaa85ac81965786d1d6eecc8217f041d1bcff6e8b993303dbad313dc5dfa37fac0eaa57e4ad01705e2c4c300e7941d56f108dae00739ffdc84c1cf

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
96ba07bf5acdb761d34cf46f62d9d826

SHA1
ae939e51731de1c6dfa28352197e74c9d83c0b6a

SHA256
c07284140d2746d92e0336718c313b8aaaa3d7985fd70786b61deed36c006080

SHA512
b81260bdb010269e0f936c0b13d684c60814a4d14bec6bc692ecaebc32bb6c503c9bdcc8d055dc696afdf75dc8264de51c35b2d2d16ecc8703aff7a1aaa4fe37

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
3aef730bf9c32fa73bc0d4995da79f09

SHA1
7a3329cbaea5d7196dfec6570abc527227f8ada9

SHA256
da91ea01b40e95e7542d6568f57b040bf379a79a95820e6733f2d735633d6051

SHA512
da5ba15860607d11f26f32d8d96976d4e52c1aaaeb559dee7910298b7828bc549c7c4310fbd36d9282fe9cfd87506a4ea90861857e2fbc127b5d6b8a4a52b0f8

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
308281549d72ac4c800735668999bad5

SHA1
a8da503936cd683228e617e3c8fdbe8cb2a91879

SHA256
a0d17651c1895feb7c260b1a3fb3f01cc841eb4a61d6c0fc6390befee67aa90d

SHA512
55dc02a20b018035698a5e28a82782163a7381764f070e523a628042805f5a37d2d8ca97551c02245464e43bf9eedba296a331810c8b87de74d8a8c3fd650b01

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b51598bbcd648a2a8ff14811a48280c4

SHA1
4942c5452a765582bd8317c4d8eb1d9676e7c86a

SHA256
b7e2626e63857c77be7dcfc6960bd7b16c4c6d316ac6b620798b92c6b048b9a9

SHA512
ecff7e2cf3ae8c7811bb503f30e5a4ff7729c458164559dc6f3ccbf688259b5a9f796a620a92e25d014e54f62b3fc31d659210dc7f916a1d318d86aefe82d9c4

Download Submit
/data/data/com.maertsno.tv/files/.com.google.firebase.crashlytics.files.v2:com.maertsno.tv/com.crashlytics.settings.json

Filesize
711B

MD5
1a1cbb8fea74578a03196ba0aab06547

SHA1
924f856b39af1dd44bce7b42205ab12abc37bfad

SHA256
68b12dcfa9bc618a12852164699f4badfe2699e65bef63b1374b446e7e7b762b

SHA512
4dc806296bbc00b16f8e3cf44c9e5ca9eb8085131f96e019f21ca15d72cd9b867f5c537cc0a11f6e769d727bcf147c36493ee8f1a48f8366953c5e0f083fb408

Download Submit
/data/data/com.maertsno.tv/files/.com.google.firebase.crashlytics.files.v2:com.maertsno.tv/open-sessions/66E3BD0901FD000110E2E67CEA407F73/keys

Filesize
55B

MD5
446f0030b696820030aa760349e39f00

SHA1
f7878802056c552c3f99eef7060b9f98b43cd320

SHA256
356a87cb852d51d7c161608d06513c8ed58ace4aa9423b5054fb7f5638dccbc8

SHA512
7624657ea3766ca7f83f2200a93df839a9b6f9e1f6811b690a11af07d8227a6bb49b1397d2f96d759487c922a3085afcd409acdc57641105e1249c155f560e7a

Download Submit
/data/data/com.maertsno.tv/files/.com.google.firebase.crashlytics.files.v2:com.maertsno.tv/open-sessions/66E3BD0901FD000110E2E67CEA407F73/report

Filesize
788B

MD5
c52d4bf38f05539163a040d5d19dd9eb

SHA1
159df250bca4c47e26a17e94b51e5b283d757bbb

SHA256
f031d987a33efa394be9f43b31658716052610a215cc5cd255b1c919f3abc375

SHA512
7b3e436fe9a421151d1e4ebe5046290f7edd18a05c62f91ee2f21820850348c6a2c6770a04f45497e829a54f2106d3cd531b89a4ef5010593d96798173d597ec

Download Submit
/data/data/com.maertsno.tv/files/.com.google.firebase.crashlytics.files.v2:com.maertsno.tv/open-sessions/66E3BD0901FD000110E2E67CEA407F73/userlog

Filesize
188B

MD5
544a182c21c1437a25cc32df48efa6bb

SHA1
1ec20e6d5d5a8e4745bee69eff1992aeb4dcbfcf

SHA256
18042a6cb8aa209cff7f76b2b8d8f43c861b28bdf128b4f707893b25218d991b

SHA512
711f64479a68a818b25f2ad312bf7d87ff410f9a2e45ec2188eb5e836dc32218fd135612d2768c5560ab487a9d3560baa85ac134f4ce7764f374e45375935c6c

Download Submit
/data/data/com.maertsno.tv/files/.com.google.firebase.crashlytics.files.v2:com.maertsno.tv/open-sessions/66E3BD0901FD000110E2E67CEA407F73/userlog.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.maertsno.tv/files/PersistedInstallation1845869193639429615tmp

Filesize
569B

MD5
b775d304edf0701321aeb00721f98614

SHA1
40f0863a552874b987fc520844d682792f03bde8

SHA256
e3d2d920df832976a2f1acee3b9d498a601df0b77fd569506471af78d4b3e670

SHA512
71d00afdb788da37698d70c1c8ee7ddc50754cbfcfc548e2f814a10811f8f823a64739b083e51ff6175ba8138488da7fbd1579202e973c09d6e9bbedd83a7dc4

Download Submit
/data/data/com.maertsno.tv/files/PersistedInstallation5321225916769587759tmp

Filesize
90B

MD5
c886f181e7d42d9a5cf3efdd0d7be447

SHA1
02d5177e5bdfa303a975e9f94e2d66ec752ec441

SHA256
c611a21a40de819131f33c3210777e0c8976e8c34b10df68c3461a2d2f2fa543

SHA512
b77c0f1a617961634cf4787e2b3f913f56713df9221130448a3cd573d01454ccba2468aa6a7f17cc14f3feef0bf75a1bc4afdbba397e9d37bb61bf151be59cf9

Download Submit
/data/data/com.maertsno.tv/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
33B

MD5
35b51faac8b5af3886e70bb5a885dab1

SHA1
e6cb282da46cd4bf113e25c8573268578dcd11b6

SHA256
af5b3362ec35985974c6b73eeba53e5063861f2491252d61d8cd42168aa5ed6b

SHA512
6ad5e9766cc03a4436e1440b9e47c44da6c6440a3c94b1cc988f8c5680043cde6f7b7e02b2b4c71b25df4209c39ed099fb65fdde02a9f09464609a1abe6af8fa

Download Submit
/data/data/com.maertsno.tv/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
75B

MD5
944e6a5a08cb971370c65c06061f0ab4

SHA1
84d47725cc29bf167b782c702575bce4bf2ecc5b

SHA256
ba8f4af0e35f93cc15649f4c51969f5279421fc12deeafaddec5e5c48aa58dab

SHA512
bdc404233927a6a99160492d0b3e2cf00776d51b33612b8c9ecba395747b3572cf1790269fb199915aafe84c546d30e3259833c9d00af8c412823396882ca783

Download Submit
/data/data/com.maertsno.tv/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
121B

MD5
ffcbf87665a36fc21782400bd0537e79

SHA1
3dbfbdbfdcde953317b089f9a9fa0bbe50c698ee

SHA256
a21d3bf2cca0951e9e7b3fed43cafe9f89a4cf9d844c82279b260852d0ee473d

SHA512
7f98ac150c422eb4f1126d86501d0435817ceaa7eb5549e4d21a295d57be3d3fed4388cda782c084130c4ac8d57a4f225139a2e42e8a12b34cc1679140d16b57

Download Submit
/data/data/com.maertsno.tv/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
163B

MD5
dcf7d6c1cfd5e7b56074e3001577c78b

SHA1
b8eba89aee9f6688ecda6675ef8ff4998da0b141

SHA256
ba0830617929c78abca9391c2059f89c78049911f502ef5525d39341e4da2b91

SHA512
42d75be824d69de23d2e8605d60c3608db20ed5c059f5b67c63ca2845484c67150aea88a3aae36aae12a4ea266fb6b469d09f765bbcd444350d836ab83f7695d

Download Submit
/data/data/com.maertsno.tv/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
212B

MD5
ea30170b70cc4006edc364661c5c6973

SHA1
c704132c59b2c04d7f4c7a62166755baac7ab40f

SHA256
cf0cf4b7abf33907fd524c20a8ae969959f730b1e89133a06acdfb43f24bcd4d

SHA512
92137aef28bc20fbd33e19245711c7c6fbc0dac04b0a2642eeb2f07b42187746bb82d746a1fe32d486b8f475c797f1aba9d08b58ec05bc2262ea22a31dd457fa

Download Submit
/data/data/com.maertsno.tv/files/frc_1:521702959726:android:5de416a4f4f37532ed547f_firebase_fetch.json

Filesize
291B

MD5
04d004c07a7c7984d0c14eca6df178f6

SHA1
48ed73c0180a047ea8da59ce0abfbe83f874963f

SHA256
f235f462c250db060f1e163373b758ac754b6fdb7eee06fedec65ba055c8e1c6

SHA512
8be86a550400155c5e5fbc502c15e4c71acc20832225350b1ec0040d432c2f434c09c4102f432765acbb48b7ad4ac0e515116ec725973afbb7f5c13c0ff09ec7

Download Submit
/data/data/com.maertsno.tv/files/nwt.tmp

Filesize
1B

MD5
9e688c58a5487b8eaf69c9e1005ad0bf

SHA1
c4ea21bb365bbeeaf5f2c654883e56d11e43c44e

SHA256
dbc1b4c900ffe48d575b5da5c638040125f65db0fe3e24494b76ea986457d986

SHA512
fab848c9b657a853ee37c09cbfdd149d0b3807b191dde9b623ccd95281dd18705b48c89b1503903845bba5753945351fe6b454852760f73529cf01ca8f69dcca

Download Submit
/data/data/com.maertsno.tv/files/profileInstalled

Filesize
24B

MD5
f9233a1c6a3f198845fb9972097b11aa

SHA1
d5148eef11a730100dd2b738096577a6fcecb078

SHA256
7adf429875aa8407a08aabb436195a82b0eb44d13f50fdd7c87f33458c2d6501

SHA512
defd6314655face11de912dd3ef16b4cddc8ab926e61fa466414d894a10f7d5b82008a468ab7e311c5f52453621dff9ea89c3ce4bdc9a3cc27c3c61de1663998

Download Submit
/data/data/com.maertsno.tv/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
6004c9612f5199e7788b3cb9f7486bc3

SHA1
f880d874b7c43c9e3d2ef9f2f364bb5d90be1df3

SHA256
434b6f089bb4fd0533b17efa118cfea30c545a61c84c1093af8f64639c23ba61

SHA512
76f0b82fbe395bc28dddd0be646136b0125eba80de95ad874e530d802905a676796901cce10225bf2fbea16af309d08b2321928430ab3d19ec2385b6ed4d09bf

Download Submit
/data/misc/profiles/cur/0/com.maertsno.tv/primary.prof

Filesize
1KB

MD5
198a1dd0cdfa53df1566975095b47c22

SHA1
238df7421e1ce865694ec433064421bc654bb0bd

SHA256
3d2938b67bb45ae54a4e18a385003a8d150b3939d1b6cfd4d4525ac95ca6dcef

SHA512
3e74f59be53ceb65a797b6aac5c1196984af907a2faf6598ff3d5ba78a47cf2408cbf43e15c5473f88238b03bfe6429f31ef29e4b30502b009fc708db8c10ee2

Download Submit
/system_ext/framework/androidx.window.extensions.jar

Filesize
123KB

MD5
3056e1bdb7d4e19789d0319eff484bd0

SHA1
6791ae47aa9466fe0bca27ad6643f846853bbee4

SHA256
8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0

SHA512
c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
25KB

MD5
29469324e59dfcc052f24b5af4e7b2c4

SHA1
10c1e17ac6f598037bb51baa07945663645de4eb

SHA256
9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a

SHA512
5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads