0cc3defcfeb3bc8dfdd9699417522479b866b84dbb4cf5a52f0202f70151b3f4

General

Target

arsezudnmo.apk
Size

206KB
MD5

63b113e6499161d359623320788c7376
SHA1

8ac1f83b21b1158081dcd6ff0bb9351cf0d3676e
SHA256

0cc3defcfeb3bc8dfdd9699417522479b866b84dbb4cf5a52f0202f70151b3f4
SHA512

4974971814f1f9843cee0742656ce2d4e66a5350a37e73176574cfff0ef00ed42983d42d765f21ad5cab6520086c3da265ec263efc20c48db0b8b1fd885433bf

Score

10^/10

obfuscation ransomware stealth trojan

Malware Config

Extracted

DES_key

Signatures

Removes its main activity from the application launcher 1 IoCs
stealth trojan

Processes:

seed.sgcne.vxrbr

pid process

3548 seed.sgcne.vxrbr
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.

Processes:

seed.sgcne.vxrbr

ioc pid process

/data/user/0/seed.sgcne.vxrbr/files/dex 3548 seed.sgcne.vxrbr
/data/user/0/seed.sgcne.vxrbr/files/dex 3548 seed.sgcne.vxrbr
Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.

Processes:

seed.sgcne.vxrbr

description ioc process

Framework API call android.telephony.TelephonyManager.getNetworkOperatorName seed.sgcne.vxrbr
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

seed.sgcne.vxrbr

description ioc process

Framework API call javax.crypto.Cipher.doFinal seed.sgcne.vxrbr
Suspicious use of android.app.ApplicationPackageManager.getInstalledPackages 2 IoCs

Processes:

seed.sgcne.vxrbr

pid process

3548 seed.sgcne.vxrbr
3548 seed.sgcne.vxrbr

ioc	pid	process
/data/user/0/seed.sgcne.vxrbr/files/dex	3548	seed.sgcne.vxrbr
/data/user/0/seed.sgcne.vxrbr/files/dex	3548	seed.sgcne.vxrbr

description	ioc	process
Framework API call	android.telephony.TelephonyManager.getNetworkOperatorName	seed.sgcne.vxrbr

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	seed.sgcne.vxrbr

Suspicious use of android.net.wifi.WifiInfo.getMacAddress 21 IoCs

Processes:

seed.sgcne.vxrbr

pid	process
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr

Suspicious use of android.os.PowerManager$WakeLock.acquire 1 IoCs

Processes:

seed.sgcne.vxrbr

pid process

3548 seed.sgcne.vxrbr

Suspicious use of android.telephony.TelephonyManager.getLine1Number 60 IoCs

Processes:

seed.sgcne.vxrbr

pid	process
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr
3548	seed.sgcne.vxrbr

Uses reflection 66 IoCs

obfuscation

Processes:

seed.sgcne.vxrbr

description	pid	process
Invokes method com.Loader.create	3548	seed.sgcne.vxrbr
Invokes method android.content.ContextWrapper.getPackageManager	3548	seed.sgcne.vxrbr
Invokes method android.app.ApplicationPackageManager.setComponentEnabledSetting	3548	seed.sgcne.vxrbr
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	3548	seed.sgcne.vxrbr
Invokes method com.Loader.start	3548	seed.sgcne.vxrbr
Invokes method android.telephony.SignalStrength.getLevel	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	3548	seed.sgcne.vxrbr

seed.sgcne.vxrbr
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Reads name of network operator
- Uses Crypto APIs (Might try to encrypt user data).
- Suspicious use of android.app.ApplicationPackageManager.getInstalledPackages
- Suspicious use of android.net.wifi.WifiInfo.getMacAddress
- Suspicious use of android.os.PowerManager$WakeLock.acquire
- Suspicious use of android.telephony.TelephonyManager.getLine1Number
- Uses reflection
PID:3548

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads