33f0b16d0b2bc411eb93da33f7881cdecfd3e702e286a7dc162d595b91b29d28

General

Target

etptswrnwz.apk
Size

205KB
MD5

49e476cff9f290882ce580b9e984e4d8
SHA1

af11706f6d5a8b352c11a1d0f89f2a25ace4cd73
SHA256

33f0b16d0b2bc411eb93da33f7881cdecfd3e702e286a7dc162d595b91b29d28
SHA512

b720475429c3ddb157c369d42a4af020e50ff9731580d28c6ce043e3e95332362bc5c46bd076fc947cc067d2de3309f76df4996e379a804c50f8f0f5d79e7864

Score

10^/10

obfuscation ransomware stealth trojan

Malware Config

Extracted

DES_key

Signatures

Removes its main activity from the application launcher 1 IoCs
stealth trojan

Processes:

k.bs.ogeil

pid process

4212 k.bs.ogeil
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.

Processes:

k.bs.ogeil

ioc pid process

/data/user/0/k.bs.ogeil/files/dex 4212 k.bs.ogeil
/data/user/0/k.bs.ogeil/files/dex 4212 k.bs.ogeil
Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.

Processes:

k.bs.ogeil

description ioc process

Framework API call android.telephony.TelephonyManager.getNetworkOperatorName k.bs.ogeil
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

k.bs.ogeil

description ioc process

Framework API call javax.crypto.Cipher.doFinal k.bs.ogeil
Suspicious use of android.app.ApplicationPackageManager.getInstalledPackages 2 IoCs

Processes:

k.bs.ogeil

pid process

4212 k.bs.ogeil
4212 k.bs.ogeil

ioc	pid	process
/data/user/0/k.bs.ogeil/files/dex	4212	k.bs.ogeil
/data/user/0/k.bs.ogeil/files/dex	4212	k.bs.ogeil

description	ioc	process
Framework API call	android.telephony.TelephonyManager.getNetworkOperatorName	k.bs.ogeil

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	k.bs.ogeil

Suspicious use of android.net.wifi.WifiInfo.getMacAddress 21 IoCs

Processes:

k.bs.ogeil

pid	process
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil

Suspicious use of android.os.PowerManager$WakeLock.acquire 1 IoCs

Processes:

k.bs.ogeil

pid process

4212 k.bs.ogeil

Suspicious use of android.telephony.TelephonyManager.getLine1Number 60 IoCs

Processes:

k.bs.ogeil

pid	process
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil
4212	k.bs.ogeil

Uses reflection 63 IoCs

obfuscation

Processes:

k.bs.ogeil

description	pid	process
Invokes method com.Loader.create	4212	k.bs.ogeil
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	4212	k.bs.ogeil
Invokes method com.Loader.start	4212	k.bs.ogeil
Invokes method android.telephony.SignalStrength.getLevel	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4212	k.bs.ogeil

k.bs.ogeil
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Reads name of network operator
- Uses Crypto APIs (Might try to encrypt user data).
- Suspicious use of android.app.ApplicationPackageManager.getInstalledPackages
- Suspicious use of android.net.wifi.WifiInfo.getMacAddress
- Suspicious use of android.os.PowerManager$WakeLock.acquire
- Suspicious use of android.telephony.TelephonyManager.getLine1Number
- Uses reflection
PID:4212

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads