7886433ed316d47a88323499397e698f560f75689c0c5ce93efb2fd1bc8ece09

General

Target

xcejgqilan.apk
Size

205KB
MD5

11f00bf6879962c2a47cf3ac941036ea
SHA1

8ce41bf486fede24004aadc8495c339c7ca06484
SHA256

7886433ed316d47a88323499397e698f560f75689c0c5ce93efb2fd1bc8ece09
SHA512

b49eb7e9aaba2bd8e599ece317a50945bf725b87bb3e62f273a21c31a28d9a0b46ad968691189e784960de624dd6903dd9eb5cb9bc587e79c4409272d4fc3500

Score

10^/10

obfuscation ransomware stealth trojan

Malware Config

Extracted

DES_key

Signatures

Removes its main activity from the application launcher 1 IoCs
stealth trojan

Processes:

rxio.gmssc.djvug

pid process

3547 rxio.gmssc.djvug
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.

Processes:

rxio.gmssc.djvug

ioc pid process

/data/user/0/rxio.gmssc.djvug/files/dex 3547 rxio.gmssc.djvug
/data/user/0/rxio.gmssc.djvug/files/dex 3547 rxio.gmssc.djvug
Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.

Processes:

rxio.gmssc.djvug

description ioc process

Framework API call android.telephony.TelephonyManager.getNetworkOperatorName rxio.gmssc.djvug
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

rxio.gmssc.djvug

description ioc process

Framework API call javax.crypto.Cipher.doFinal rxio.gmssc.djvug
Suspicious use of android.app.ApplicationPackageManager.getInstalledPackages 2 IoCs

Processes:

rxio.gmssc.djvug

pid process

3547 rxio.gmssc.djvug
3547 rxio.gmssc.djvug

ioc	pid	process
/data/user/0/rxio.gmssc.djvug/files/dex	3547	rxio.gmssc.djvug
/data/user/0/rxio.gmssc.djvug/files/dex	3547	rxio.gmssc.djvug

description	ioc	process
Framework API call	android.telephony.TelephonyManager.getNetworkOperatorName	rxio.gmssc.djvug

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	rxio.gmssc.djvug

Suspicious use of android.net.wifi.WifiInfo.getMacAddress 21 IoCs

Processes:

rxio.gmssc.djvug

pid	process
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug

Suspicious use of android.os.PowerManager$WakeLock.acquire 1 IoCs

Processes:

rxio.gmssc.djvug

pid process

3547 rxio.gmssc.djvug

Suspicious use of android.telephony.TelephonyManager.getLine1Number 60 IoCs

Processes:

rxio.gmssc.djvug

pid	process
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug
3547	rxio.gmssc.djvug

Uses reflection 67 IoCs

obfuscation

Processes:

rxio.gmssc.djvug

description	pid	process
Invokes method java.lang.ClassLoader.loadClass	3547	rxio.gmssc.djvug
Invokes method com.Loader.create	3547	rxio.gmssc.djvug
Invokes method android.content.ContextWrapper.getPackageManager	3547	rxio.gmssc.djvug
Invokes method android.app.ApplicationPackageManager.setComponentEnabledSetting	3547	rxio.gmssc.djvug
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	3547	rxio.gmssc.djvug
Invokes method com.Loader.start	3547	rxio.gmssc.djvug
Invokes method android.telephony.SignalStrength.getLevel	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3547	rxio.gmssc.djvug

rxio.gmssc.djvug
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Reads name of network operator
- Uses Crypto APIs (Might try to encrypt user data).
- Suspicious use of android.app.ApplicationPackageManager.getInstalledPackages
- Suspicious use of android.net.wifi.WifiInfo.getMacAddress
- Suspicious use of android.os.PowerManager$WakeLock.acquire
- Suspicious use of android.telephony.TelephonyManager.getLine1Number
- Uses reflection
PID:3547

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads