b9b7cc8a53d1eed5e8234b94517a2a8f288de46da80ba92275fb3f2e5047d11f

Analysis

max time kernel
47s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
14-10-2024 00:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

onstream-tv-latest.apk
Size

15.5MB
MD5

0b9fee3bc57c76c6813d10a63c1b8d38
SHA1

7196f608182de701570a81590422e7deb1d8a4f5
SHA256

b9b7cc8a53d1eed5e8234b94517a2a8f288de46da80ba92275fb3f2e5047d11f
SHA512

ea672c6f7c433636da0eef94b06d41b63a774cedb2478102ffcbd253a4992de5bd1d7a1445799c0983f80dc8a04f7cb57aee33e6d14d0e2e9cf7642df2825ee4
SSDEEP

393216:YOxr+Ph1IkvruRsq4BeU24o/sLWHo8K0e4RB:bx6DIkvrC40X+WIQ

Score

8^/10

evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.maertsno.tv
/system/xbin/su	com.maertsno.tv

Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.maertsno.tv

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.maertsno.tv

com.maertsno.tv
1⤵
- Checks if the Android device is rooted.
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4250

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.maertsno.tv/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.maertsno.tv/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
350bf5f785030bd8376dc4a436594ac2

SHA1
27b2016b03e1454f018a86b070a3224dc35bd892

SHA256
cc26d10f4f9d54389fd4c34506da5243b3840cd8b3039ea3d72dd24be4fac74e

SHA512
443deadaa24bc11bce6d4db1cae74d6003ce756b7b4a5b752ff98c851a58449abe430f49b2ff2d561dc8c3856c1a9ae39d2d053dba565912908e614e8745b013

Download Submit
/data/data/com.maertsno.tv/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.maertsno.tv/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
aa2e78cf8b95630a96a3e9cba602bfb6

SHA1
14d0b25ba15bc30f4ac8afff7e7d93e3d023eb4e

SHA256
b972c5add232642e1d9733a638d8f498b2cad59e623433ef3b911f3485ecc9ef

SHA512
134ff5301b3b768ae1bf06e46915474ae783f1bcfe62310128c395eb30a8d857ab6fd122190ce651c5f093e95be94fb5b10a3f65b80b090cf9e5b433419f7275

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db

Filesize
16KB

MD5
302a2d0b22b199fe6995f703ccfd559c

SHA1
2dc755c80fa743a66255c38b0f355d6c436cca24

SHA256
98df05cc925b7ba004fc6009ec4fa25451eaaa806401d5f208dac7892148e2b8

SHA512
0cdbeb309fd118d9e338223ade48cfa4ac779c13d6daeac6bb8c7a8ef881b9ac403eedadb7639b2b1325a9945110f481a7084bb23b5de10b44c3899a72987d5f

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f0f33fc7c8509497a58a6715d34ed880

SHA1
323e60315d8aa93a4cde772fc3277b0a1cbd2d9c

SHA256
87a9cd7e2b25f2c6f275ec6d3bb156b0340c52f3c44cfaa5541db9e9169587ba

SHA512
dedf5a1867e58fa86d630aa9fba2af50c2b650994c2d45dcdb66e42e870e04aa10ff3313a2b5c89453c029f2695ec5ff57c26fec4555c26a4d53e4c400c75b4c

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e83fa0c0579768bf926a358617726d92

SHA1
e65570aecc3f9d37a8bc3e1d3d82a02eb5d4a83b

SHA256
f409a023f444fd427241ce164d338f99042b621ef9d7b48dc7a1ed179d7130ca

SHA512
fbbaa58a58f09c02e49543109e52d0703cfb6af97deaedcb16d406f6fb0cd8ce01ff82257b67e7e3ed71691829fd7055f21f87c3edce254c735442a3cd7727ec

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8d43d265eba69521b4fa70631730adc3

SHA1
2799b8694663e008acf94a928730cd4f79ee0e79

SHA256
8db25025ceaced459829e50fe911d501cf665d89067d3c2a42bf0af8200066a0

SHA512
919869adad456bc29f05db8512b1cf75485fe3fe46bb4dbd51b436f98d4ef927723eaaac539d751670c89dcf49dd35ac3401b5168dd504532a65fa2d718600b9

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db

Filesize
16KB

MD5
07a145d9dcf3e4ebb7cd40108094cf3e

SHA1
b8c481af1e9fb90c75434c99170a64c79692f664

SHA256
4b3953bd34778279faf009052020857d3913883b107b4179835c82ab68d2f085

SHA512
963bb7440428e517cd8de23bfaab158ea376c6027d320d065baf85bcef7d9a3d93bc22fd3b419aae3ea3611ac34cdb1367d39711fac4722e9f1c8a7b3e7f5b34

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
fbaf4b5a141de7110839ec4024fee035

SHA1
5ae471217645fff251e7477390e95db5a83396d5

SHA256
1897c6d22598a296e7941030574bcab52756db2580495a0b89edf4b6369a3a09

SHA512
abbd26aa27be021dd481908e012b92b5e472d5c92f49a59c87801d4b39e1346bed4e989dd1611a8e72b1f8da815cb694cabd2727e6f6835b345408321846979b

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
fd42bdd9a7f089cd70fafb13921c47fc

SHA1
303b84ba0092433a7d9497b8b58a0abb3a939a57

SHA256
37d449feaf83d7161cf433cb8868dd225c4582e13ea8bd526ad00076d4161a84

SHA512
9901be5850f90b6853163ae3c6b4534127f4b1e3ea5dea8fb0a5dd1e1429ad9a040609b979c29757750d9306a32b36930656d26f3f8a49b053cca500eb4acab7

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
c601fbce2c1074723045098e13b95efb

SHA1
4e8e17f6c4c44551e1b32425f8f91dcf1ea550c7

SHA256
d530653dac0584c459200c7d7f1cd1b375782bc705c71318010f65995afc5c39

SHA512
46d8d04d13f5b5db7935a9eaa6005a8a78cb150bfd272a8914b3ba3c531b54fb3fac499baf776ac511581266ba9116de73ca6e51ebc4d12102608d1c64b2e044

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
4ccbdd1f306b4068bafcdf6451e83358

SHA1
6562454b3e552c0a33c8404dcbcc2a277b269283

SHA256
3be83ffdd0441a8275676de068e07c86886a53499651f16dd9c605fdf2d697aa

SHA512
dab500eeef72d103d280e6a7f6d88caaa1c6cd5f2f51d7022356f751a69a268e8623d6ed87fc13db8bba25137a31520eb28fbe570b5df1e5a7aa13eb9d179c53

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
aee108bb9f0e22344eeb02da08bfd71c

SHA1
fdce4981105bc2d23f8edc2e0aac7bc1646f0040

SHA256
4fc1f65a9fb1c8342775a91f10424b331c81f46a5d79bcb3c306156e36c64605

SHA512
311dc1dd5b726c3829d513f502713d152179016fe332dd65751cfe8c3806d5951ad3939bc2fd9f3aacf24cb6901a700a368c0de5db7bd9c2d053c978aa5e6f40

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
404ad40e6950f18d4a5d19532a9d0460

SHA1
f98ec87cc253792e679b4cb4374976e463ecc126

SHA256
3d0f55d81c4badcde17b3fffb746d01447fd73a667ec1ac8acfb0ebfa1528af6

SHA512
438af34868fe57014a894bb530a1bdfeb0d94c87dcb80a9beb65d6b67ad1f9cfa737ddad9c7d61d8168dbf4ce3151bfa1e9e5fe60260fc053e901818a55278b7

Download Submit
/data/data/com.maertsno.tv/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
a55ec131eacf468352c323b93d72b72e

SHA1
e15ae91b7b122c97ac61058ceda9e2b635a1ee9f

SHA256
a83fc67dffa7f295e13d50bdb76bbe54388a615b8162c5695064057d95347524

SHA512
fc5af900cced5be7063b58afcaa6b8a54e132bcdc754c1c42a6fac7f5877cb98091948348ad98dcede39c1aa24c0b39f057d953ed33588c487139b97ff9ea1de

Download Submit
/data/data/com.maertsno.tv/files/.com.google.firebase.crashlytics.files.v2:com.maertsno.tv/com.crashlytics.settings.json

Filesize
711B

MD5
01e41a5247da424916136f37b250e0dc

SHA1
02c202646b6268302c16b41cff4fd6400601c024

SHA256
7c0557145c450c50b99af248c2758339786d2f88673c592a7bfb2c2c03b71588

SHA512
a1bd6e702726c47caafcced9c31b089578ed94ec1b447185d5ef2412b164149825b014a067fdbda534fe0a27be100405a457a8b31f81627add70eac5b5e0fa4e

Download Submit
/data/data/com.maertsno.tv/files/.com.google.firebase.crashlytics.files.v2:com.maertsno.tv/open-sessions/670C627702CE0001109AD40D4ECEDDB0/keys

Filesize
55B

MD5
f7ed29c9737b1bdfd2173f037f9ceb73

SHA1
50bf8efcb0b55b46a5cf0283148fa22803a5a725

SHA256
8aee16d98c4164a0804284db5904633eee13621bb09633abc86ef35f2be7b7dc

SHA512
fb7969fcd2de10a8aa3ea4dc61128eb5759480439709d5211fc502f5d9e42eb2e0372d7180a555605bea2cf080592c6f1ce6951391db00724f1f8e7b7976ff68

Download Submit
/data/data/com.maertsno.tv/files/.com.google.firebase.crashlytics.files.v2:com.maertsno.tv/open-sessions/670C627702CE0001109AD40D4ECEDDB0/report

Filesize
786B

MD5
47368aaa6da76d172d6412d10d97897d

SHA1
3bc2b9f9164908a5b79e573ebb2ec177a581cec3

SHA256
78fe7bff2285080d1717e9a9665dadc1b3100b9fdc0115e6be9d27ea1de3f393

SHA512
52d5751f7a29272804696c1ba9d00454ba5a71409b138a15698d0e290e05cbb7ebe22ae9435d6ace5bdc5c6cc1c891816b12631484277779703089229547ec3e

Download Submit
/data/data/com.maertsno.tv/files/.com.google.firebase.crashlytics.files.v2:com.maertsno.tv/open-sessions/670C627702CE0001109AD40D4ECEDDB0/userlog

Filesize
189B

MD5
784daf29d2ddc7f5696e03fd50d8f77c

SHA1
f64425f86877853b38d1505f8f760742b85e7482

SHA256
5be31dcd11a8b736667a37b7fae45f68e2c1daa4e2fcbcfd8cbcfe66812eaf65

SHA512
086fc762c5d4c1e4b6b5098f148408f4553e95c2ffb6d9c8374b901fc96069b39384bbe69c9f0792442d01328d49aad4806d918e0fef2babefd1e5d23715f7b6

Download Submit
/data/data/com.maertsno.tv/files/.com.google.firebase.crashlytics.files.v2:com.maertsno.tv/open-sessions/670C627702CE0001109AD40D4ECEDDB0/userlog.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.maertsno.tv/files/PersistedInstallation1516543019053623681tmp

Filesize
90B

MD5
46ac3e3014c861b12a5b68ac1616082b

SHA1
9387f303f94dfafac4c4c63320ace2a335e5a4b0

SHA256
29f4b7ce086026a1551fc7b3bf1d49b8ad7f18e568cf2f77c0d6dfc1a770b1bf

SHA512
901853712b11ffca89e65de296a07dcaa89e4b2354cb712d47793168efda7e902cf1c562b8fa658e871d34226cd15a5eb5446192bfbaf9f21f0014506a470701

Download Submit
/data/data/com.maertsno.tv/files/PersistedInstallation6015946341579668903tmp

Filesize
568B

MD5
dc791bd08e3421d6e92d982f8fbfce6c

SHA1
fd94eb4d9dc548099d2c29f9ed612d8995cfc0b5

SHA256
ceabe6f2dfd75e4f76eacc5500369f587100bba1ca0a852eba46713d1d0686ed

SHA512
24b7e76fe9dde94c477cd011de9d3ef86e3f425895b6c2603fbb9ca5161452820fd97f206775eecd5ae009063010d0291ed5ac411a1383f962aface80da54c68

Download Submit
/data/data/com.maertsno.tv/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
33B

MD5
35b51faac8b5af3886e70bb5a885dab1

SHA1
e6cb282da46cd4bf113e25c8573268578dcd11b6

SHA256
af5b3362ec35985974c6b73eeba53e5063861f2491252d61d8cd42168aa5ed6b

SHA512
6ad5e9766cc03a4436e1440b9e47c44da6c6440a3c94b1cc988f8c5680043cde6f7b7e02b2b4c71b25df4209c39ed099fb65fdde02a9f09464609a1abe6af8fa

Download Submit
/data/data/com.maertsno.tv/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
75B

MD5
944e6a5a08cb971370c65c06061f0ab4

SHA1
84d47725cc29bf167b782c702575bce4bf2ecc5b

SHA256
ba8f4af0e35f93cc15649f4c51969f5279421fc12deeafaddec5e5c48aa58dab

SHA512
bdc404233927a6a99160492d0b3e2cf00776d51b33612b8c9ecba395747b3572cf1790269fb199915aafe84c546d30e3259833c9d00af8c412823396882ca783

Download Submit
/data/data/com.maertsno.tv/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
121B

MD5
ffcbf87665a36fc21782400bd0537e79

SHA1
3dbfbdbfdcde953317b089f9a9fa0bbe50c698ee

SHA256
a21d3bf2cca0951e9e7b3fed43cafe9f89a4cf9d844c82279b260852d0ee473d

SHA512
7f98ac150c422eb4f1126d86501d0435817ceaa7eb5549e4d21a295d57be3d3fed4388cda782c084130c4ac8d57a4f225139a2e42e8a12b34cc1679140d16b57

Download Submit
/data/data/com.maertsno.tv/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
163B

MD5
dcf7d6c1cfd5e7b56074e3001577c78b

SHA1
b8eba89aee9f6688ecda6675ef8ff4998da0b141

SHA256
ba0830617929c78abca9391c2059f89c78049911f502ef5525d39341e4da2b91

SHA512
42d75be824d69de23d2e8605d60c3608db20ed5c059f5b67c63ca2845484c67150aea88a3aae36aae12a4ea266fb6b469d09f765bbcd444350d836ab83f7695d

Download Submit
/data/data/com.maertsno.tv/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
212B

MD5
5e8e0c6fb4379460ec0d1e8311657af5

SHA1
9092385447d345ee9bfac32840c545437ab300e7

SHA256
f703da08d5e9bdbeb14340f47f09e7d43f6bac511a5be69fad95037e06ca5cee

SHA512
cebddd2a7c381dfb1d1d3d004bdc2f0d6b62100a4b5b913a07c17b7b0e76b065c826cb99edc26c3ccdd68dadccb7e6e55b3d1403e0e1042c1bb307c27832bd08

Download Submit
/data/data/com.maertsno.tv/files/frc_1:521702959726:android:5de416a4f4f37532ed547f_firebase_fetch.json

Filesize
291B

MD5
ee4d7775d867c9a0db46cc76e53db93e

SHA1
e651c70217e5b3102899350e4226c3111ac1045d

SHA256
db9d1a358961dd7775b631131ce221658195c165095767fc1e4f275b2e5b295a

SHA512
1b20a32028c8d8d7eadf178935b6489f37d98edaf41f6aad6a27a5da5e43ce5367f571a947d27476bda29066e02b187db0584807baf4e384527e444e89173696

Download Submit
/data/data/com.maertsno.tv/files/nwt.tmp

Filesize
1B

MD5
9e688c58a5487b8eaf69c9e1005ad0bf

SHA1
c4ea21bb365bbeeaf5f2c654883e56d11e43c44e

SHA256
dbc1b4c900ffe48d575b5da5c638040125f65db0fe3e24494b76ea986457d986

SHA512
fab848c9b657a853ee37c09cbfdd149d0b3807b191dde9b623ccd95281dd18705b48c89b1503903845bba5753945351fe6b454852760f73529cf01ca8f69dcca

Download Submit
/data/data/com.maertsno.tv/files/profileInstalled

Filesize
24B

MD5
29f628d625899781e7ca24d9b59cb6e4

SHA1
c214101e89ab4678696f8b729fc9f01e807b4a1c

SHA256
ce6736175836a9c4402c79c592eb22011490f2dd34a4a7a09ce6d5a4b5706de7

SHA512
6eed7ab91cd5c22414ded056bda4c14e93311abc3bf5dff8ca23701a9b09b1834117f2387938424694c58802faba7cfdb1eac61731f3dc372bf8e2328364db95

Download Submit
/data/data/com.maertsno.tv/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
a34b439ba45a00ad224dacf2c775803f

SHA1
af2232063e39550e52ffce41bd98f2d997a4fe74

SHA256
92078199e80f62eb803e1c7a262f73f8bb7f3d5df862deb1f65c1c2f9d21eb58

SHA512
f3f1aefab7495ffb724b5527d35b7b1e414e3a129467b84a5eac472f05ad218f0949710ca07240c2bec4a0b69af72c84d8acb983be9c926d204ad7f1ae852290

Download Submit
/data/misc/profiles/cur/0/com.maertsno.tv/primary.prof

Filesize
1KB

MD5
310af8dd13c6edf92a247fdbf8957dc6

SHA1
593d0a9d94207d20ac6739b423c2a517bf52eeec

SHA256
d76ff63049833a8a5316cfc3c40f5f0ec32cdadd111375128e590484b8c81767

SHA512
454204aa93ae6150afe41c482eabd51f59e67fc8396817b9a69e43a724ebad4f58fc175183eb069551944c663df9359761e8c3432c95c797a2326e4f229570f2

Download Submit
/data/misc/profiles/cur/0/com.maertsno.tv/primary.prof

Filesize
9KB

MD5
3ae3dfe6c3758f82ac163f48d3b096fe

SHA1
c41e57663dec95c60e5cefdcf54e634df25af25b

SHA256
82243e6154a0cb0f9a8290bc6f9f4acae9f6784a918952a8d70847cf04c06572

SHA512
d9095c16f2dca108b0cefa8a96f69915e4e1a5ab4dd923b73b834ac77a5382ff2ecc3ea25c24264c2da7c53b32474dde43e808ab42d23ee716c478c9a1673c94

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads