84dace68c129c0babe472e1a14c3fc95e8349cc2854f536ff3e53b0a394cbd2f

General

Target

xbafaaflpk.apk
Size

204KB
MD5

4c976607cb1d0c0f3f082ef8dac8f22e
SHA1

98e053c1e63f17622e38d3798f5e65e544e9b490
SHA256

84dace68c129c0babe472e1a14c3fc95e8349cc2854f536ff3e53b0a394cbd2f
SHA512

1082f6c45b16e990b288a81aa974f73a669b331cc0a34ee7511ca3f45322ee9159dffafab520855620e8ffe744e25e9c8b228a58eb0bb8ee62b36e40dfef9e5d

Score

10^/10

obfuscation ransomware stealth trojan

Malware Config

Extracted

DES_key

Signatures

Removes its main activity from the application launcher 1 IoCs
stealth trojan

Processes:

d.avxebh.nxpr

pid process

3549 d.avxebh.nxpr
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.

Processes:

d.avxebh.nxpr

ioc pid process

/data/user/0/d.avxebh.nxpr/files/dex 3549 d.avxebh.nxpr
/data/user/0/d.avxebh.nxpr/files/dex 3549 d.avxebh.nxpr
Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.

Processes:

d.avxebh.nxpr

description ioc process

Framework API call android.telephony.TelephonyManager.getNetworkOperatorName d.avxebh.nxpr
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

d.avxebh.nxpr

description ioc process

Framework API call javax.crypto.Cipher.doFinal d.avxebh.nxpr
Suspicious use of android.app.ApplicationPackageManager.getInstalledPackages 2 IoCs

Processes:

d.avxebh.nxpr

pid process

3549 d.avxebh.nxpr
3549 d.avxebh.nxpr

ioc	pid	process
/data/user/0/d.avxebh.nxpr/files/dex	3549	d.avxebh.nxpr
/data/user/0/d.avxebh.nxpr/files/dex	3549	d.avxebh.nxpr

description	ioc	process
Framework API call	android.telephony.TelephonyManager.getNetworkOperatorName	d.avxebh.nxpr

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	d.avxebh.nxpr

Suspicious use of android.net.wifi.WifiInfo.getMacAddress 21 IoCs

Processes:

d.avxebh.nxpr

pid	process
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr

Suspicious use of android.os.PowerManager$WakeLock.acquire 1 IoCs

Processes:

d.avxebh.nxpr

pid process

3549 d.avxebh.nxpr

Suspicious use of android.telephony.TelephonyManager.getLine1Number 60 IoCs

Processes:

d.avxebh.nxpr

pid	process
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr
3549	d.avxebh.nxpr

Uses reflection 64 IoCs

obfuscation

Processes:

d.avxebh.nxpr

description	pid	process
Invokes method com.Loader.create	3549	d.avxebh.nxpr
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	3549	d.avxebh.nxpr
Invokes method com.Loader.start	3549	d.avxebh.nxpr
Invokes method android.telephony.SignalStrength.getLevel	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3549	d.avxebh.nxpr

d.avxebh.nxpr
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Reads name of network operator
- Uses Crypto APIs (Might try to encrypt user data).
- Suspicious use of android.app.ApplicationPackageManager.getInstalledPackages
- Suspicious use of android.net.wifi.WifiInfo.getMacAddress
- Suspicious use of android.os.PowerManager$WakeLock.acquire
- Suspicious use of android.telephony.TelephonyManager.getLine1Number
- Uses reflection
PID:3549

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads