6447b808a2a99cf9f932ca731524a81e994824544e39cc3631870f7e66f6ff59

General

Target

yJuHrRdFtA.apk
Size

218KB
MD5

a6247c862bfeb6e3083bf2a81193426a
SHA1

f4a4ad1efe413b48a21f85e7f9fd1f57d104408a
SHA256

6447b808a2a99cf9f932ca731524a81e994824544e39cc3631870f7e66f6ff59
SHA512

bc0f7557d56c5343dc4435173a77518e57264a6693dfe9948094fe0ea03ac669feadd0818f7ab7dab7a5f45e0ad6cde41b902a84847f00db1dc8853f4684d26d

Score

10^/10

obfuscation ransomware stealth trojan

Malware Config

Extracted

DES_key

Signatures

Removes its main activity from the application launcher 1 IoCs
stealth trojan

Processes:

jnuv.oaczs.vhxul

pid process

3543 jnuv.oaczs.vhxul
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.

Processes:

jnuv.oaczs.vhxul

ioc pid process

/data/user/0/jnuv.oaczs.vhxul/files/dex 3543 jnuv.oaczs.vhxul
/data/user/0/jnuv.oaczs.vhxul/files/dex 3543 jnuv.oaczs.vhxul
Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.

Processes:

jnuv.oaczs.vhxul

description ioc process

Framework API call android.telephony.TelephonyManager.getNetworkOperatorName jnuv.oaczs.vhxul
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

jnuv.oaczs.vhxul

description ioc process

Framework API call javax.crypto.Cipher.doFinal jnuv.oaczs.vhxul
Suspicious use of android.app.ApplicationPackageManager.getInstalledPackages 2 IoCs

Processes:

jnuv.oaczs.vhxul

pid process

3543 jnuv.oaczs.vhxul
3543 jnuv.oaczs.vhxul

ioc	pid	process
/data/user/0/jnuv.oaczs.vhxul/files/dex	3543	jnuv.oaczs.vhxul
/data/user/0/jnuv.oaczs.vhxul/files/dex	3543	jnuv.oaczs.vhxul

description	ioc	process
Framework API call	android.telephony.TelephonyManager.getNetworkOperatorName	jnuv.oaczs.vhxul

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	jnuv.oaczs.vhxul

Suspicious use of android.net.wifi.WifiInfo.getMacAddress 21 IoCs

Processes:

jnuv.oaczs.vhxul

pid	process
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul

Suspicious use of android.os.PowerManager$WakeLock.acquire 1 IoCs

Processes:

jnuv.oaczs.vhxul

pid process

3543 jnuv.oaczs.vhxul

Suspicious use of android.telephony.TelephonyManager.getLine1Number 59 IoCs

Processes:

jnuv.oaczs.vhxul

pid	process
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul
3543	jnuv.oaczs.vhxul

Uses reflection 64 IoCs

obfuscation

Processes:

jnuv.oaczs.vhxul

description	pid	process
Invokes method com.Loader.create	3543	jnuv.oaczs.vhxul
Invokes method android.content.ContextWrapper.getPackageManager	3543	jnuv.oaczs.vhxul
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	3543	jnuv.oaczs.vhxul
Invokes method com.Loader.start	3543	jnuv.oaczs.vhxul
Invokes method android.telephony.SignalStrength.getLevel	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3543	jnuv.oaczs.vhxul

jnuv.oaczs.vhxul
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Reads name of network operator
- Uses Crypto APIs (Might try to encrypt user data).
- Suspicious use of android.app.ApplicationPackageManager.getInstalledPackages
- Suspicious use of android.net.wifi.WifiInfo.getMacAddress
- Suspicious use of android.os.PowerManager$WakeLock.acquire
- Suspicious use of android.telephony.TelephonyManager.getLine1Number
- Uses reflection
PID:3543

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads