b9b7cc8a53d1eed5e8234b94517a2a8f288de46da80ba92275fb3f2e5047d11f

Analysis

max time kernel
47s
max time network
133s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
13-09-2024 04:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

onstream-tv-latest.apk
Size

15.5MB
MD5

0b9fee3bc57c76c6813d10a63c1b8d38
SHA1

7196f608182de701570a81590422e7deb1d8a4f5
SHA256

b9b7cc8a53d1eed5e8234b94517a2a8f288de46da80ba92275fb3f2e5047d11f
SHA512

ea672c6f7c433636da0eef94b06d41b63a774cedb2478102ffcbd253a4992de5bd1d7a1445799c0983f80dc8a04f7cb57aee33e6d14d0e2e9cf7642df2825ee4
SSDEEP

393216:YOxr+Ph1IkvruRsq4BeU24o/sLWHo8K0e4RB:bx6DIkvrC40X+WIQ

Score

8^/10

evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.maertsno.tv
/system/xbin/su	com.maertsno.tv

Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.maertsno.tv

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.maertsno.tv

com.maertsno.tv
1⤵
- Checks if the Android device is rooted.
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4241

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.maertsno.tv/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.maertsno.tv/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
7c6e78d2974f908cd98de65e977c3a33

SHA1
c3f964ef10ba39390f99ee4b5328c6cbda5b5760

SHA256
f73f76a563c5422b27d8b5e600e6a6b9a430bf831f04af08c71ff38b6247a033

SHA512
b1df11919dfc10f2688ef40f972931641a6673c8fd107f685b22f66b58e805060c2161befaa259fe36135eecb6331bea03c83bd6f783323a52909b88b3c32d5f

Download Submit
/data/data/com.maertsno.tv/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.maertsno.tv/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
ba39f0d9821170c36b6f2d65b3515400

SHA1
695a04e46b0f245fc1209ee7ac8466f96994ebda

SHA256
20a23d927af1d0bc7a81f2aa186960e74140d6d8fc1138eece3b97c45f3c18df

SHA512
bc3addea68e901b04d661fd9ebf1f37c51e5e0037ead3b8b145b8aaac5041f3bf492ccd092ce62f8746afcd6a13e7b8e8972c5b281fda1ceb69aa69ee498f64c

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db

Filesize
16KB

MD5
68fa62fadb4249b3795633b1df663847

SHA1
6a2b01cf19c3373fa03ef2be92a59714b1e56ecd

SHA256
4eb6e455feb7e53f8468de4cf0eacc4bf2f87c751ab4ed9c7c6d6a44ed394469

SHA512
01d1b46d98006fd6a82382292c9dafecf97faeb8c0258f0b6adf4c27eeac2ccdee9ea289e0668c54c5753ccf8f53cc21bb15671d9879758b63a103e993b10659

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db

Filesize
16KB

MD5
bcceaaa2129d24831fbb548351b54f34

SHA1
56e616486c1bdb57d4c8b7da445680ec4fb91080

SHA256
c7704ad969423622a6472d6c6334943c2e04ab0506b8b723a5e5b1fd24962a4a

SHA512
60ad603b484a6f862211e7adf6379b3fb7c8e3fb4557d32d1e485e9487ba7ccb9d5e7d2646f8ad44c50960519b790a9c345d06d298a5211481676989b8b7e4da

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e2de1fd3ee28d53fc32809cb71165d93

SHA1
0fca5f2a5423c8e658ac929a913c6dc537ffa413

SHA256
6bd9ac7026035190cb283bda38fb7d86fdc1b14f5571f4c4c225a6846e3580ee

SHA512
891cd5cdc0daf81c96cd1ee32fa5c7b47eef692a4681f8eabe6b330c1565b6684c2b8c4d03b7d48f7f27840290a11f901d7f5b6019177a51aa0121da51f90a45

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a4a95f0ffa549bc7342a44624126d35e

SHA1
90291385fa02cfb633096706f0d9f3fee05b4708

SHA256
6524dfc1a8a1edcc62b9ef68c50b4425ec9cce187d8046127d9d96b37119a913

SHA512
404e4e4d89e7553e534843ed03d55fb125568d94356456639ae3ec4f651d082339e942468f3340b5a184876a6f71f58942e087463e8c57fe16401a0643306811

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db

Filesize
16KB

MD5
07a145d9dcf3e4ebb7cd40108094cf3e

SHA1
b8c481af1e9fb90c75434c99170a64c79692f664

SHA256
4b3953bd34778279faf009052020857d3913883b107b4179835c82ab68d2f085

SHA512
963bb7440428e517cd8de23bfaab158ea376c6027d320d065baf85bcef7d9a3d93bc22fd3b419aae3ea3611ac34cdb1367d39711fac4722e9f1c8a7b3e7f5b34

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
5998efa9a842e6768a3a0dfc3c31b4c3

SHA1
0b7ce7d859115e2f07bb7dab024ab4bbd85ee063

SHA256
772d91be6d24fb694832394c3546a06e3ed60c8af77b10a9fc0dcab679612103

SHA512
2d85fbbadda6548629e33bedec2eb6e359f73701124551630f087f7d7ff0f779b572ad0d465b4a6fb29c7793754ab5c28db8a242d142d68b86c690576c4de162

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
a42c81a6c5c30b5f3a0e9dac62ccd521

SHA1
5b69a8dfcd7ea9c8e74e2456e1ce2ce1c90c9f65

SHA256
fb8c5e40d6c7466e282efc9b20c58f4c2c9bd791d8e807d449ca7e223978f8b9

SHA512
bc693e6aa5d9153bfd730e896b53c32a38e47dfdc9242c8d8a5331dca0ec0b323242fb74b1ababebb354bd319c25247f7a9d98353e71f1f0072dc335a43ee8f8

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
885d5adbd8deafcdd87348f02083cbe0

SHA1
408341898defa9d6f88342b895cb852c53b560ec

SHA256
05285b075986359febfd540c8cc7981e7cdd724872820424d92828f160d73f25

SHA512
3e257a5a421b35c7559a5346b00d605f5130c24ccadecb14bb25aa6501651a4fbc4d30300262a55c827cd3fa47d7df70c0fb4813ba7cb5ffac6358f551795622

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
83a8e8e43b7d3e69e64db0dd74c39758

SHA1
9dc35317fa7d9ed32e4f927e899f79bcbbbbc6a8

SHA256
10ae85692b7b10e7eac129103f7023973db2d714e094abd72479df53d8d37ef7

SHA512
48fb96bd4041c872ec53da90a43c24ce00c7a9835246b08fc830815f4dc94a76e5c397971a9788b854f86eb3b1651c52e3a1aa50ca5bbf1ef1d579fd6d5def31

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
2e9f73bca8276e56e853905a964f0685

SHA1
3ef873e913ab888f2807f9823a08429ffacf74da

SHA256
87b5f26055add8f93bdba072d11af4bbe3e85d102b6356d8c1ac301ee1fa035c

SHA512
95757e54064094d2dc91db681f5cb87338d4d4914856ea18aca557122ceea04e102cb688133aea36630652ef020b04e88971c2e9efd6d38456b5900f6063d7ab

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
90e59fac0920ef9fd11d8cfbf5759ba6

SHA1
ca506866a93fe2d41168a8cad352d6428dcaf8f9

SHA256
687372d0ddbb6a27429d38e12ecff98276a5d6e1e5bbb3bcb4899a6433597dd5

SHA512
bde582d272a1dd04ef852276873f3de1f0223a1919519fb3af80c56bcb268535c84c0ce40d2197bea86439e709c6aa7d441124d157ae0c9b98ea28d1d7f9483a

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
cb03e3da978bd8aa86a47214005348db

SHA1
4611ede0610dc96b1131952a4f9f362c7edd041a

SHA256
4e9b34fca78091a1fe21a3ff782ab5982732a79565326b7cedb594b5a5fc8fd0

SHA512
8655dc02fdf839aab3f0386fce0dacb5846d5797433b936b1ac33cc717e803db6628235af337ca64c9fbf3a30d341f8a198c5b2ba28869e5f089502c12296f8c

Download Submit
/data/data/com.maertsno.tv/files/.com.google.firebase.crashlytics.files.v2:com.maertsno.tv/com.crashlytics.settings.json

Filesize
711B

MD5
43e032fdea2b45f1d825fac5d86e5bfa

SHA1
1222b66348f367079a878a33dd4d3f4880901971

SHA256
59706ced1dd902fa48c4ffc21aa395b05f4e82b712c8954a51792879fa1fc3db

SHA512
79f10d377338c5623f5a487ed32606e5b6370442a25e50d9bc32cb507e90521bab132d8b703f2eee01842ad45a8895973f2cccdfe728c865dbb05bd37aa6c313

Download Submit
/data/data/com.maertsno.tv/files/.com.google.firebase.crashlytics.files.v2:com.maertsno.tv/open-sessions/66E3BD0800840001109164589CC02C72/keys

Filesize
55B

MD5
99c81c6ef2e721bc52537d7cdbd067b7

SHA1
f72974e492d0bafcac6d0876febc07f78e5871dc

SHA256
2aaa61d03107bcd92ce1ee0d65e99ff64f4be0f892ff77e251e9cdca76ff98af

SHA512
1b42e93239c49b3b424d6c2906cde7c54b18f1f772b13bc773434903ba19785eff2b4b8a0be3a589cd16a021fac6c6e82420894e2a6edfccb8031df9255e5b67

Download Submit
/data/data/com.maertsno.tv/files/.com.google.firebase.crashlytics.files.v2:com.maertsno.tv/open-sessions/66E3BD0800840001109164589CC02C72/report

Filesize
786B

MD5
e7d403fb420607256f4c607b8c260790

SHA1
f6ef6daba767ecefab4fe8ac2c7f5651d892e180

SHA256
af684aa7fd399cbdce9da65ef588fc93d324a485fd6db9156d6fcbd962b56dab

SHA512
e4b055402f3027a28a52e2a5f043faa379e89616cc77b4221d2a51f874d33b9c15653e9c6ff5af329f5c4d3f6b6801e2beb9f23955de81c040e8d40fbcc47765

Download Submit
/data/data/com.maertsno.tv/files/.com.google.firebase.crashlytics.files.v2:com.maertsno.tv/open-sessions/66E3BD0800840001109164589CC02C72/userlog

Filesize
189B

MD5
37227a47cc97665a6c14fe718006bc70

SHA1
a31228d946feda0d252843841d9036d802a7ad41

SHA256
2a563a5d82458deb3d17caab8baf12df58aad8f52c8cf2431eb6a6d6d37925ea

SHA512
6a95d0d95c7b39c9c0c7f95b65ea0e50c0a546fa8443c27cb858f12724f06480b9504ef316dec7a19dda871e288f427d203d435ee764ba34b626abd08f6d40c2

Download Submit
/data/data/com.maertsno.tv/files/.com.google.firebase.crashlytics.files.v2:com.maertsno.tv/open-sessions/66E3BD0800840001109164589CC02C72/userlog.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.maertsno.tv/files/PersistedInstallation8900619882839766241tmp

Filesize
90B

MD5
fb47e0b3d8d14127cc85d09c08db4a44

SHA1
c1a17fbeffd6b5f927041d11ea158c5dfdfbb112

SHA256
5b0734da7e3bb990be5a8b74eb22f889ba59d5aaab5ad018d238e29201ccf38a

SHA512
125b63a65b4c73c473c6318531993d1ae5d27e74363231f96ec143d84a0017454b8429856e652601e1d915d111dd3d6e9b4d400248773253e0929e7b640f2a75

Download Submit
/data/data/com.maertsno.tv/files/PersistedInstallation9116097734901578630tmp

Filesize
567B

MD5
5115bf7e3b2db5ed4453bbd0ce394725

SHA1
6074beb6d39fde4e24839e53ba866b69d2cd3e05

SHA256
23d2c04762739f47a9d9f40f78e4bb6af9ac3f2b3457a0e3ee1972739ad7012d

SHA512
c451585cdc3c500ef4b2d44404cb017adc4db3a2d4a86a5d68e55de4ec7a962449dd6d61f4365e7f4b9a459b2c7179af0e493abd2924c0d2ba955895c1d34fbc

Download Submit
/data/data/com.maertsno.tv/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
33B

MD5
35b51faac8b5af3886e70bb5a885dab1

SHA1
e6cb282da46cd4bf113e25c8573268578dcd11b6

SHA256
af5b3362ec35985974c6b73eeba53e5063861f2491252d61d8cd42168aa5ed6b

SHA512
6ad5e9766cc03a4436e1440b9e47c44da6c6440a3c94b1cc988f8c5680043cde6f7b7e02b2b4c71b25df4209c39ed099fb65fdde02a9f09464609a1abe6af8fa

Download Submit
/data/data/com.maertsno.tv/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
75B

MD5
944e6a5a08cb971370c65c06061f0ab4

SHA1
84d47725cc29bf167b782c702575bce4bf2ecc5b

SHA256
ba8f4af0e35f93cc15649f4c51969f5279421fc12deeafaddec5e5c48aa58dab

SHA512
bdc404233927a6a99160492d0b3e2cf00776d51b33612b8c9ecba395747b3572cf1790269fb199915aafe84c546d30e3259833c9d00af8c412823396882ca783

Download Submit
/data/data/com.maertsno.tv/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
121B

MD5
ffcbf87665a36fc21782400bd0537e79

SHA1
3dbfbdbfdcde953317b089f9a9fa0bbe50c698ee

SHA256
a21d3bf2cca0951e9e7b3fed43cafe9f89a4cf9d844c82279b260852d0ee473d

SHA512
7f98ac150c422eb4f1126d86501d0435817ceaa7eb5549e4d21a295d57be3d3fed4388cda782c084130c4ac8d57a4f225139a2e42e8a12b34cc1679140d16b57

Download Submit
/data/data/com.maertsno.tv/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
163B

MD5
dcf7d6c1cfd5e7b56074e3001577c78b

SHA1
b8eba89aee9f6688ecda6675ef8ff4998da0b141

SHA256
ba0830617929c78abca9391c2059f89c78049911f502ef5525d39341e4da2b91

SHA512
42d75be824d69de23d2e8605d60c3608db20ed5c059f5b67c63ca2845484c67150aea88a3aae36aae12a4ea266fb6b469d09f765bbcd444350d836ab83f7695d

Download Submit
/data/data/com.maertsno.tv/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
212B

MD5
0ae272f6eccf6d59aabfb7f727500f0f

SHA1
30b74a7083973dd30719e84543ddc4d2fff36a8b

SHA256
0d144c4368583a386d4f55c37f84d845ee1bceebfc1d625d63c3b9b6cf3e93f7

SHA512
1e0c561f949e43b98589fffa5c6c0ea6f6dd5d027617c476c7c9c395ad3ab2acffca6ed18bc139aa68290b0fc2cfa66e47623d95b99c3f7d830c5fb00b52a976

Download Submit
/data/data/com.maertsno.tv/files/frc_1:521702959726:android:5de416a4f4f37532ed547f_firebase_fetch.json

Filesize
291B

MD5
bfa6b91071d36a22ef6c88e6af45f0be

SHA1
30814f92b47ea85e29243936650f162f5cd35cfa

SHA256
724383cf7c6f6b5a428838af22884c8b1aab1c68904cae3105e4c385c5dabd42

SHA512
ed7fe82d12e2732d3ab9ae9d56e142ef05a12846da18135448c9aa3b426c8a88c55a4fb2c1cc78a7774138a60544f4744eff73db05fb2c97fb4a1e5a1eaec43b

Download Submit
/data/data/com.maertsno.tv/files/nwt.tmp

Filesize
1B

MD5
9e688c58a5487b8eaf69c9e1005ad0bf

SHA1
c4ea21bb365bbeeaf5f2c654883e56d11e43c44e

SHA256
dbc1b4c900ffe48d575b5da5c638040125f65db0fe3e24494b76ea986457d986

SHA512
fab848c9b657a853ee37c09cbfdd149d0b3807b191dde9b623ccd95281dd18705b48c89b1503903845bba5753945351fe6b454852760f73529cf01ca8f69dcca

Download Submit
/data/data/com.maertsno.tv/files/profileInstalled

Filesize
24B

MD5
124dc761ff0a19a50539b694bc88aa4d

SHA1
2abdbabf58da2c0d64469ff4efb3a2c3021928d2

SHA256
dbc0d710db7491409e766b3d0436dffa7a14e624393c8564c44f7861b2279eb4

SHA512
279e96377bff92bbeb1a5b1ef5c58c6d43a2c1f592d18398057c7ec97118386dfeb3dc718940c6a68143c61edba30be2ed4cbe6fa22952356685b958167680a5

Download Submit
/data/data/com.maertsno.tv/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
0c8a7849371860dee65d5e528c1f1e6d

SHA1
e7aca6b1bdddc20053cc7128b9fb2e6117f976a0

SHA256
d67a5569ca8bd63db429d5f88298af938fa05510c10efdcd35dee83851ec72df

SHA512
a200ad208ddce8f3d3558f859f61f0d380176edb7e083826fb254ac6ff0188beb17423cfb2846fcbb2291b576f7aff0a3b3dca667a9f192f0712de6dbd104600

Download Submit
/data/misc/profiles/cur/0/com.maertsno.tv/primary.prof

Filesize
1KB

MD5
310af8dd13c6edf92a247fdbf8957dc6

SHA1
593d0a9d94207d20ac6739b423c2a517bf52eeec

SHA256
d76ff63049833a8a5316cfc3c40f5f0ec32cdadd111375128e590484b8c81767

SHA512
454204aa93ae6150afe41c482eabd51f59e67fc8396817b9a69e43a724ebad4f58fc175183eb069551944c663df9359761e8c3432c95c797a2326e4f229570f2

Download Submit
/data/misc/profiles/cur/0/com.maertsno.tv/primary.prof

Filesize
9KB

MD5
473b286d8ec22c91b77008c76401e4d4

SHA1
e1a3571ea89ebe3b8cd70df4b7af154f4bf8ae26

SHA256
4e679b9561cf113aba7e12e0dd25c59d954240326023d5b3a9ccec7c2178045f

SHA512
3d3e86d535a14006f2a75abef6905cb30d43595684801a1e96f89998f6ece111e63816b268b422d84a1a446109dcb058400b8ba98df4bfa901468265a7803736

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads