e609ac709a6b80b0ceb58c646735fc597db0483ff637e93acf9be028c07900d7

Analysis

max time kernel
4036832s
max time network
154s
platform
android_x64
resource
android-x64-arm64
submitted
09-06-2021 11:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

spo.apk
Size

7.8MB
MD5

31c636b5155f9c6bf71bd5c279947a88
SHA1

7bf98935db59ffbdedf2fc85a6d04901608c85bc
SHA256

e609ac709a6b80b0ceb58c646735fc597db0483ff637e93acf9be028c07900d7
SHA512

5694d4ac85defeb91c63b01d724239eb9207f981d54aeda93b940893bae6f56cddbf28e291130b802cf26f57a27a78dcbb8cbb9d1bde5be0a2121f9c6a902eeb

Score

7^/10

obfuscation ransomware

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 IoCs

Processes:

com.android.ktspo

description ioc process

Accessed system property key: ro.product.model com.android.ktspo

description	ioc	process
Accessed system property	key: ro.product.model	com.android.ktspo

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.android.ktspo

ioc	pid	process
/product/app/TrichromeLibrary/TrichromeLibrary.apk	3845	com.android.ktspo
/product/app/TrichromeLibrary/TrichromeLibrary.apk	3845	com.android.ktspo
/apex/com.android.art/javalib/core-oj.jar	3845	com.android.ktspo

Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.

Processes:

com.android.ktspo

description ioc process

Framework API call android.telephony.TelephonyManager.getNetworkOperatorName com.android.ktspo
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.android.ktspo

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.android.ktspo

description	ioc	process
Framework API call	android.telephony.TelephonyManager.getNetworkOperatorName	com.android.ktspo

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.android.ktspo

Uses reflection 40 IoCs

obfuscation

Processes:

com.android.ktspo

description	pid	process
Invokes method pkgflag.g.a.c.b.f.getDeviceId	3845	com.android.ktspo
Invokes method pkgflag.g.a.c.b.f.getDeviceName	3845	com.android.ktspo
Invokes method pkgflag.g.a.c.b.f.isNavigationBar	3845	com.android.ktspo
Invokes method pkgflag.g.a.c.b.f.getNetwork	3845	com.android.ktspo
Invokes method pkgflag.g.a.c.b.f.getNumber	3845	com.android.ktspo
Invokes method pkgflag.g.a.c.b.f.getOsVersion	3845	com.android.ktspo
Invokes method pkgflag.g.a.c.b.f.getResolution	3845	com.android.ktspo
Invokes method pkgflag.g.a.c.b.f.getSaler_code	3845	com.android.ktspo
Invokes method pkgflag.g.a.c.b.f.isTCall	3845	com.android.ktspo
Invokes method pkgflag.g.a.c.b.f.isWhowho	3845	com.android.ktspo
Acesses field pkgflag.g.a.c.a.text	3845	com.android.ktspo
Invokes method dalvik.system.CloseGuard.get	3845	com.android.ktspo
Invokes method dalvik.system.CloseGuard.open	3845	com.android.ktspo
Invokes method android.security.NetworkSecurityPolicy.getInstance	3845	com.android.ktspo
Invokes method android.security.NetworkSecurityPolicy.isCleartextTrafficPermitted	3845	com.android.ktspo
Invokes method pkgflag.cocknut.yummy.c.onEvent	3845	com.android.ktspo
Invokes method pkgflag.SmApplication.onEvent	3845	com.android.ktspo
Invokes method net.company.a$b.onEvent	3845	com.android.ktspo
Acesses field pkgflag.g.a.c.a.text	3845	com.android.ktspo
Invokes method pkgflag.g.a.c.b.j.setResult	3845	com.android.ktspo
Invokes method pkgflag.g.a.c.b.i.setCallUpdateTime	3845	com.android.ktspo
Invokes method pkgflag.g.a.c.b.i.setChangeNumberWhiteList	3845	com.android.ktspo
Invokes method pkgflag.g.a.c.b.i.setCallChangeNumber	3845	com.android.ktspo
Invokes method pkgflag.g.a.c.b.i.setChangeNumberBlackList	3845	com.android.ktspo
Invokes method pkgflag.g.a.c.b.i.setEnable	3845	com.android.ktspo
Invokes method pkgflag.g.a.c.b.i.setUpdateTime	3845	com.android.ktspo
Invokes method pkgflag.g.a.c.b.i.setReceiveBlackList	3845	com.android.ktspo
Invokes method pkgflag.g.a.c.b.d.getContent	3845	com.android.ktspo
Invokes method pkgflag.g.a.c.b.d.getCreateTime	3845	com.android.ktspo
Invokes method pkgflag.g.a.c.b.d.getPkg	3845	com.android.ktspo
Invokes method pkgflag.g.a.c.b.d.getVersionCode	3845	com.android.ktspo
Invokes method pkgflag.g.a.c.b.d.getVersionName	3845	com.android.ktspo
Acesses field pkgflag.g.a.c.a.text	3845	com.android.ktspo
Invokes method dalvik.system.CloseGuard.get	3845	com.android.ktspo
Invokes method dalvik.system.CloseGuard.open	3845	com.android.ktspo
Acesses field pkgflag.g.a.c.a.text	3845	com.android.ktspo
Invokes method dalvik.system.CloseGuard.get	3845	com.android.ktspo
Invokes method dalvik.system.CloseGuard.open	3845	com.android.ktspo
Acesses field pkgflag.g.a.c.a.text	3845	com.android.ktspo
Acesses field pkgflag.g.a.c.a.text	3845	com.android.ktspo

com.android.ktspo
1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Reads name of network operator
- Uses Crypto APIs (Might try to encrypt user data).
- Uses reflection
PID:3845

com.android.ktspo:remote
1⤵
PID:6273

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/apex/com.android.art/javalib/core-oj.jar
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.android.ktspo/app_webview/.com.google.Chrome.0JsiYE
MD5
f8fec2022c857508c3d142620730fd18

SHA1
23dfb4b8e04c1afe1e12219d66c1e9b45bed7022

SHA256
6fd64db5b169e30ab3930c25f36279b464a0a1b071dc98028ad1cb848346e19d

SHA512
51295387d2322fb66eb35860c09f09f9f994cdb8fa97797d741574bb0383ecfb0d6e86103d9dd3599bbb4daf9eb2f2d81705b1b72f44f999abecf13620e11155

Download Submit
/data/user/0/com.android.ktspo/app_webview/Default/Web Data
MD5
536e58581641e767a8bf8eca3b8cde9e

SHA1
750a88189322e36147068f1c585f02163ff3a388

SHA256
3ba04fa6622801be4e625176b175ff75caf19c8966c13418bf1433433eefa1a0

SHA512
498da0911c702bc683cf153ce9b66044642378eafb79bffe0afd7f7460bd12a4c9bb424e1606550d8bbfb25dede34b5ad6ad1f7ee698c8d5ff67208625612319

Download Submit
/data/user/0/com.android.ktspo/app_webview/Default/Web Data-journal
MD5
990652b3d8f2947bb9b1fc0cfe5872db

SHA1
967ac6fe8b6d5c5d3260eafb0fea6df97ca88c03

SHA256
ebc1fffca08372a54771f502d59b0cf84a90232194c9c2a1c07677adaf6d6da3

SHA512
f9e91c4a21fa67553e335e85a8c8ae78834c4626860fb5e06c5d24bbdf941bd21fad391fb044bd4c1c4b149ae3faac51cce240b779ad0836a7b4bbe4dffc428e

Download Submit
/data/user/0/com.android.ktspo/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.android.ktspo/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.android.ktspo/app_webview/webview_data.lock
MD5
f47919004b1451f047f91208b6ba3371

SHA1
f0f34dc90131b429318cf8816d56e01e136e0cfc

SHA256
9ae325df9c3c1c39becebe622277ab0117352d453e9b5f3122918b5e3ac7c0d2

SHA512
e1f7aec446776adb51809172ad558bfc49f97af044b86f1ffd20d263a454526c4de99c0fa780f1bc37b255f91700a84f2521ffa5a897adc26e131345a6ddc257

Download Submit
/data/user/0/com.android.ktspo/cache/WebView/Crashpad/settings.dat
MD5
c7c51283f8c9f6cab25ce47b30bccd5c

SHA1
edd151808767725fa2fa82b486192b95d81cd687

SHA256
b77b3e3b8067757cab090b9095b5b140e8ad1b3930330a76306755ccb8b82332

SHA512
9f224018ba908524915dff0cb6c51198ae7d17f235e5593b63be338a558a4c8fc4a4953dce8578e06e6a43b1efaf956426c80308d3d9bbf523443a3103735b0a

Download Submit
/data/user/0/com.android.ktspo/cache/WebView/Default/HTTP Cache/Code Cache/js/index
MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/com.android.ktspo/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.android.ktspo/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index
MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/com.android.ktspo/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.android.ktspo/cache/WebView/font_unique_name_table.pb
MD5
b18833d483828180924a6d4048fca1a0

SHA1
d7edde78cc26221c9455a87ca3eca8960b6673a8

SHA256
d9c4ea0a7c399884f8a908a33a4d675a64b557b50916e62ab96fa2213e6d4801

SHA512
11e6bf7e067884138dcd6908e311321a9eca1e4926323f49736f9dfdebd4b548064beacc356f78e3f32a99769109b154e145ef1162e6a9547aca878f0dd4ee7c

Download Submit
/data/user/0/com.android.ktspo/cache/files/test.wav
MD5
acefe7f06421ab14fb135a8890ed3780

SHA1
eaa4fed0ef77bb1dc0155e625a8d2732dc749ac0

SHA256
118196682df9622e94d4724b30b4267e9ee2a59823c138df5d6091c6d2df82cb

SHA512
8d51f9a366c35d0c8fdce6020b704d2d4339ce32bba3a83b21b6eb3e661a6103ad85e4d9a78f4e9d93e627fc83f461ab3168f55d5c49abc64528fa033961e171

Download Submit
/data/user/0/com.android.ktspo/shared_prefs/WebViewChromiumPrefs.xml
MD5
97ccd9a2b2063143df56b6937f961ca4

SHA1
5e78a91ae5df289ce83443cb7d5589dd3504fb5d

SHA256
248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd

SHA512
86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

Download Submit
/data/user/0/com.android.ktspo/shared_prefs/pre_value.xml
MD5
548231362c9db741e6acd702b8000e67

SHA1
d9851bacf4533efae700d9d0dadcb066c288677f

SHA256
10b4a3db98171f4f8062d8141c2a45731d6bdc650ecb22dd120d84a1c38c6bed

SHA512
1981000386fe1e66c2be4b1ed29931b6b4f20992b28fa0ccac3fc09c30d559b698408d47c5d121c7de592a9155ef7b9c984911fe2d652c964dcce500659367c1

Download Submit
/data/user/0/com.android.ktspo/shared_prefs/pre_value.xml
MD5
6e29732c93ff7291003af39f054c09f3

SHA1
3e4129cc5e8434c404229c0924ed583bd20da598

SHA256
acefca9ccfcbadc6bb834bf0f880de5b56a9a01cf9175aa03b49a53d67355f4d

SHA512
bf4e6a1f047a460d4fed6bd70560ee1f9847a4cffbcfe1604c0dbc8cc54a11784942fa0bf786421c2e52725e335fcfed3dc6c2845f9a1b944b68cab85874432c

Download Submit
/data/user/0/com.android.ktspo/shared_prefs/pre_value.xml
MD5
9bb39150d96528f84fde852f865d5e7d

SHA1
9978ffd2da4f4ba2db32896d90c9584bea9a33a3

SHA256
1ebcad8d0b09f6eea473450d64c7a15370b874aa0cdb479b9319c1767ba0ca97

SHA512
be79b151875f3f83d7922adcc5f172db27c14ed2ae085010ed2646c7a68dd3ac4d6487e2a5b5ca62beb345cebc9437d21c204d3b331d1646a3a5dfd17eae739c

Download Submit
/data/user/0/com.android.ktspo/shared_prefs/pre_value.xml
MD5
bda0ad9719ef4c2f94d1bea5796f56b4

SHA1
6b8d6d7661bd22d4fa5a780e77072a1d30e39a0c

SHA256
b8e441a5febd7d6e668843029fb28621095c5559d42f8165cc4c65394aa72f25

SHA512
0e54a647c79e287e91b0d78c8bb3404c65ff99523f9fc007edd6271bb9bbfc4a057efed7289524278690cff68fd764fa0c9853d0390cd64d22455f3af2e4c08c

Download Submit
/data/user/0/com.android.ktspo/shared_prefs/pre_value.xml
MD5
6012c79c7993e5cad3167f8453e9f070

SHA1
4c7e31b60371c94dd440501572dcaa29b0ac03a6

SHA256
89464607ea7ef9575c3257e5314924c49ee628d484a474b755b40bf30c2a6dca

SHA512
3d48fac40d33bc0efdb56bbf4a8fa7f6de28b48fa1f2bcd997c56186f0112a8f184e5d881d1f1132093040bae0aa52c143cab1260fa43a422c0416e16cfc8563

Download Submit
/data/user/0/com.android.ktspo/shared_prefs/pre_value.xml
MD5
4dc77fd825f04ac09978aadf772d73cb

SHA1
9bf108ec504735911dfb6ce11e65a047c7fb07f0

SHA256
dfbd988e6c69fc92e9ed90b19640e30f9114d60693deb471f6060dc3e9458612

SHA512
0d05cbb4850070fb0fe8d35be0b167a840b4d9709ec58c9a7319760ee8b62e45c797796b1db8aebbcaa765533f1ce0ef23ed201964afe3d75db2efbe0f39cfaa

Download Submit
/data/user/0/com.android.ktspo/shared_prefs/pre_value.xml
MD5
bf7c049c91232d159777eaae2748dcaa

SHA1
a3537f96997f97be3e5b036fcf59d7ef8e06cfbb

SHA256
85b3c24bca47047ea859b2581d9541e5b970487b579cd6ed3958f6af0e96b038

SHA512
a12f0e80d5a048fdf0297019a6c22e1d4f4dd1f8e16a294c6882336148e0711bce8470fdea279aa92b971a62d08f5055757fe65e11f055fa155862c747a6d075

Download Submit
/data/user/0/com.android.ktspo/shared_prefs/pre_value.xml
MD5
7f88e333c9135d3b30a747e7a2c72846

SHA1
4a8545b8aa4883d8e90cc2a8e0e0886479c274fa

SHA256
8707a6bbd1e8e1f8f23626788e87e3375403184fdca1dd75f43ab2c927af8638

SHA512
b9c6f1bec4305e0befb05526f3e1d47010690485999e38238aa35bcfab413c628c097ce5bb522c868d342b107bcd4bd3bf9fbeef050dc6cf5b3ecce72ddb4ef4

Download Submit
/product/app/TrichromeLibrary/TrichromeLibrary.apk
MD5
39528daeaf7245ec0be5c52098c44a95

SHA1
e10152848a684f53e9dc35c38d99ff0add509227

SHA256
4d59ccc291c4f9a6170a14baa457d50111354c8ee389043b6b40b08092da835b

SHA512
fa5ea98f323a05d2da2934021cd42f3791cb9c11a391ff0d026bf66a1af48f008c465f8eaa1580949c125cb758b16f47efece125919bda440876dbb843dc3e09

Download Submit
/product/app/TrichromeLibrary/TrichromeLibrary.apk
MD5
39528daeaf7245ec0be5c52098c44a95

SHA1
e10152848a684f53e9dc35c38d99ff0add509227

SHA256
4d59ccc291c4f9a6170a14baa457d50111354c8ee389043b6b40b08092da835b

SHA512
fa5ea98f323a05d2da2934021cd42f3791cb9c11a391ff0d026bf66a1af48f008c465f8eaa1580949c125cb758b16f47efece125919bda440876dbb843dc3e09

Download Submit
/storage/emulated/0/Android/blue/Log/20210609_error.txt
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit