9b42ce8daebc808e7f2805443c93f44647badf32f0378d6267a2e6a18bd5c46a

General

Target

cwutqjvwcx.apk
Size

205KB
MD5

daaa6d12b45614c04ece14bca45578d6
SHA1

bd314cbb03a40a01e0d27a967d4238dafc6607d5
SHA256

9b42ce8daebc808e7f2805443c93f44647badf32f0378d6267a2e6a18bd5c46a
SHA512

dd25f8525cc097f1e116331cde41e6cd4cc931a01af2ec7caeb2fb775ee4ea4849212dc3821d47dbf415aa9c2a77f21aac15344c206930902e8f41856de3ae31

Score

10^/10

obfuscation ransomware stealth trojan

Malware Config

Extracted

DES_key

Signatures

Removes its main activity from the application launcher 1 IoCs
stealth trojan

Processes:

mk.qrg.ir

pid process

4190 mk.qrg.ir
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.

Processes:

mk.qrg.ir

ioc pid process

/data/user/0/mk.qrg.ir/files/dex 4190 mk.qrg.ir
/data/user/0/mk.qrg.ir/files/dex 4190 mk.qrg.ir
Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.

Processes:

mk.qrg.ir

description ioc process

Framework API call android.telephony.TelephonyManager.getNetworkOperatorName mk.qrg.ir
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

mk.qrg.ir

description ioc process

Framework API call javax.crypto.Cipher.doFinal mk.qrg.ir
Suspicious use of android.app.ApplicationPackageManager.getInstalledPackages 2 IoCs

Processes:

mk.qrg.ir

pid process

4190 mk.qrg.ir
4190 mk.qrg.ir

ioc	pid	process
/data/user/0/mk.qrg.ir/files/dex	4190	mk.qrg.ir
/data/user/0/mk.qrg.ir/files/dex	4190	mk.qrg.ir

description	ioc	process
Framework API call	android.telephony.TelephonyManager.getNetworkOperatorName	mk.qrg.ir

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	mk.qrg.ir

Suspicious use of android.net.wifi.WifiInfo.getMacAddress 58 IoCs

Processes:

mk.qrg.ir

pid	process
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir

Suspicious use of android.os.PowerManager$WakeLock.acquire 1 IoCs

Processes:

mk.qrg.ir

pid process

4190 mk.qrg.ir

Suspicious use of android.telephony.TelephonyManager.getLine1Number 59 IoCs

Processes:

mk.qrg.ir

pid	process
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir
4190	mk.qrg.ir

Uses reflection 63 IoCs

obfuscation

Processes:

mk.qrg.ir

description	pid	process
Invokes method com.Loader.create	4190	mk.qrg.ir
Invokes method android.app.ApplicationPackageManager.setComponentEnabledSetting	4190	mk.qrg.ir
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	4190	mk.qrg.ir
Invokes method com.Loader.start	4190	mk.qrg.ir
Invokes method android.telephony.SignalStrength.getLevel	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir
Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations	4190	mk.qrg.ir

mk.qrg.ir
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Reads name of network operator
- Uses Crypto APIs (Might try to encrypt user data).
- Suspicious use of android.app.ApplicationPackageManager.getInstalledPackages
- Suspicious use of android.net.wifi.WifiInfo.getMacAddress
- Suspicious use of android.os.PowerManager$WakeLock.acquire
- Suspicious use of android.telephony.TelephonyManager.getLine1Number
- Uses reflection
PID:4190

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads