Overview

overview

10

Static

static

Android APK

android_x86_64

10

Analysis

  • max time kernel
    603181s
  • max time network
    157s
  • platform
    android_x86_64
  • resource
    android-x86_64
  • submitted
    21-01-2021 07:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dmunuarcai.apk

  • Size

    205KB

  • MD5

    85c7d32662a8f2191531471ae02b3690

  • SHA1

    ea44213d2ef77600b550abc3f01722ed40e57704

  • SHA256

    a68d9cd4d49a5ea0a413901bb91d9f61c37504df8377c76213d8f59364d70cc7

  • SHA512

    fb9ad59bc5c6a2015d455607d9aaf87faa84ce509de1908a2036983d11deb40e2b67c7df2ebead2cae0881166304e652d316d9617cd154fe27647916eb54c129

Score
10/10
obfuscationransomwarestealthtrojan

Malware Config

Extracted

DES_key

Signatures

  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware
  • Suspicious use of android.app.ApplicationPackageManager.getInstalledPackages 1 IoCs
  • Suspicious use of android.os.PowerManager$WakeLock.acquire 1 IoCs
  • Suspicious use of android.telephony.TelephonyManager.getLine1Number 1 IoCs
  • Uses reflection 6 IoCs
    obfuscation

Processes

  • mydg.wsmic.rcpcw
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    • Suspicious use of android.app.ApplicationPackageManager.getInstalledPackages
    • Suspicious use of android.os.PowerManager$WakeLock.acquire
    • Suspicious use of android.telephony.TelephonyManager.getLine1Number
    • Uses reflection
    PID:3544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads