Overview

overview

10

Static

static

8

Android APK

android_x64

10

Analysis

  • max time kernel
    377253s
  • max time network
    50s
  • platform
    android_x64
  • resource
    android-x64
  • submitted
    16-06-2021 20:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    85763589171b520806c08fd836010a4ca264ffa3dbf428cc4797fefa9136a189.apk

  • Size

    2.4MB

  • MD5

    cbd92757051490316de527a02ac17947

  • SHA1

    7827b55923e1ac65a4d58871ad7574406a8aad53

  • SHA256

    85763589171b520806c08fd836010a4ca264ffa3dbf428cc4797fefa9136a189

  • SHA512

    4eb62d367b2d498f83af84e38671649cf35b09058320be880e29992ab7cff0df4216820ffdd2b0ebccb37ea46a3a0b335f32955fa26e9cbf4189e76466fd6d88

Score
10/10
obfuscationransomware

Malware Config

Extracted

Path

/storage/emulated/0/Android/obb/README.txt

Ransom Note
hey Down! Seems like you got hit by CoderWare ! warning: take a screenshot of this place. If you lose the information here, you'll never get to us. and it would be impossible to get your dosys Don't Panic, you get have your files back! CoderWare uses a basic encryption script to lock your files.This type of is known as CRYPTO. You'll need a decryption key in order to unlock your files. Your files will be deleted when the timer runs out, so you better hurry.You have 10 hours to find your key When you pay >>> 500$ <<< to the Bitcoin address below, you will need to send a single as proof to our e-mail address, and if the receipt is correct, your code to decrypt our files to your e-mail address. It will be sent back to you via e-mail. But you have to be quick for that. Because you have 24 hours. If you do not pay within 10 hours, your files will be permanently deleted. And it would be out of reach again. If you don't know how to get bitcoin. https://buy.moonpay.io can quickly get your credit or debit card online from the website. Please type the bitcoin address shown on the screen in the wallet field on the website. If you try to shut it down by force, you'll lose your files. because if you lose your bitcoin address, you won't be able to pay. and you'll never get your files back. If you delete the application, it will be impossible to access your files. email: [email protected] bitcoin Adress : 336Fvf8fRrpySwq8gsaWdf7gfuGm5FQi8K telegram : @Codersan hey Down! Seems like you got hit by CoderWare ! warning: take a screenshot of this place. If you lose the information here, you'll never get to us. and it would be impossible to get your dosys Don't Panic, you get have your files back! CoderWare uses a basic encryption script to lock your files.This type of is known as CRYPTO. You'll need a decryption key in order to unlock your files. Your files will be deleted when the timer runs out, so you better hurry.You have 10 hours to find your key When you pay >>> 500$ <<< to the Bitcoin address below, you will need to send a single as proof to our e-mail address, and if the receipt is correct, your code to decrypt our files to your e-mail address. It will be sent back to you via e-mail. But you have to be quick for that. Because you have 24 hours. If you do not pay within 10 hours, your files will be permanently deleted. And it would be out of reach again. If you don't know how to get bitcoin. https://buy.moonpay.io can quickly get your credit or debit card online from the website. Please type the bitcoin address shown on the screen in the wallet field on the website. If you try to shut it down by force, you'll lose your files. because if you lose your bitcoin address, you won't be able to pay. and you'll never get your files back. If you delete the application, it will be impossible to access your files. email: [email protected] bitcoin Adress : 336Fvf8fRrpySwq8gsaWdf7gfuGm5FQi8K telegram : @Codersan hey Down! Seems like you got hit by CoderWare ! warning: take a screenshot of this place. If you lose the information here, you'll never get to us. and it would be impossible to get your dosys Don't Panic, you get have your files back! CoderWare uses a basic encryption script to lock your files.This type of is known as CRYPTO. You'll need a decryption key in order to unlock your files. Your files will be deleted when the timer runs out, so you better hurry.You have 10 hours to find your key When you pay >>> 500$ <<< to the Bitcoin address below, you will need to send a single as proof to our e-mail address, and if the receipt is correct, your code to decrypt our files to your e-mail address. It will be sent back to you via e-mail. But you have to be quick for that. Because you have 24 hours. If you do not pay within 10 hours, your files will be permanently deleted. And it would be out of reach again. If you don't know how to get bitcoin. https://buy.moonpay.io can quickly get your credit or debit card online from the website. Please type the bitcoin address shown on the screen in the wallet field on the website. If you try to shut it down by force, you'll lose your files. because if you lose your bitcoin address, you won't be able to pay. and you'll never get your files back. If you delete the application, it will be impossible to access your files. email: [email protected] bitcoin Adress : 336Fvf8fRrpySwq8gsaWdf7gfuGm5FQi8K telegram : @Codersan
Wallets

336Fvf8fRrpySwq8gsaWdf7gfuGm5FQi8K

Extracted

Path

/mnt/sdcard/README.txt

Ransom Note
hey Down! Seems like you got hit by CoderWare ! warning: take a screenshot of this place. If you lose the information here, you'll never get to us. and it would be impossible to get your dosys Don't Panic, you get have your files back! CoderWare uses a basic encryption script to lock your files.This type of is known as CRYPTO. You'll need a decryption key in order to unlock your files. Your files will be deleted when the timer runs out, so you better hurry.You have 10 hours to find your key When you pay >>> 500$ <<< to the Bitcoin address below, you will need to send a single as proof to our e-mail address, and if the receipt is correct, your code to decrypt our files to your e-mail address. It will be sent back to you via e-mail. But you have to be quick for that. Because you have 24 hours. If you do not pay within 10 hours, your files will be permanently deleted. And it would be out of reach again. If you don't know how to get bitcoin. https://buy.moonpay.io can quickly get your credit or debit card online from the website. Please type the bitcoin address shown on the screen in the wallet field on the website. If you try to shut it down by force, you'll lose your files. because if you lose your bitcoin address, you won't be able to pay. and you'll never get your files back. If you delete the application, it will be impossible to access your files. email: [email protected] bitcoin Adress : 336Fvf8fRrpySwq8gsaWdf7gfuGm5FQi8K telegram : @Codersan
Wallets

336Fvf8fRrpySwq8gsaWdf7gfuGm5FQi8K

Signatures

  • Uses reflection 6 IoCs
    obfuscation

Processes

  • com.android.preweb
    1⤵
    • Uses reflection
    PID:3577

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.android.preweb/app_Parse/installationId
    MD5

    a796935323ecf496fb50b28cde1d9681

    SHA1

    638d844be3992068a9f9bf0ff4b08d91d40be626

    SHA256

    a9a0bec0d56a6ca43f5d591df63b2f0d6aae74cb62c5270796050652ac7934e0

    SHA512

    01470fa04ad827bd9f5861fc9a3e965cfd1528c8a4442a61efd1fa175ce25ec1f150e4ff62dab5d15d256ec9bcc862a196fc48b29cc3fea173e465238db413fe

    Download Submit

  • /data/user/0/com.android.preweb/cache/com.parse/applicationId
    MD5

    16d828af742c2ae9372de707a536caf6

    SHA1

    72fa75fe8b3a3eeb908f6b47992ee00f2018c651

    SHA256

    1a77e4bd04ca97c8a3cccbc750100b2a0b061bf048db6efcb7c28a067dd97cf2

    SHA512

    9843613bbe2dd54aa49b3c69161efd799aa19ea6231d12e94f3123cb4014f08aa7ee712e0bb87040cd3115de192024005ea9ee1efb46fd537f1766d09d1d694d

    Download Submit

  • /mnt/sdcard/README.txt
    MD5

    b8bab8d885fea9266e3d0d0f0ba99575

    SHA1

    5aac8e6a60755bc5971020c8e551a0188e02e8d6

    SHA256

    6acce0a6cb03455177bd9ad848e9a6ae1bdcef00257c5e8143861ed2d6bf45d3

    SHA512

    f6f2d94956237e66688047737e9b1d1fccef8d3f9117a6a42ccba9f7119967184a3954c06bb5e607aaf147e401a30999f8b4f29032821cc23280e74263851057

    Download Submit

  • /storage/emulated/0/Alarms/README.txt
    MD5

    aa5c1f03bc9e0a01c2265293c7827a0e

    SHA1

    62b3145d6fb1e1ab28a9d1dc18e51c2e8ca6f612

    SHA256

    4cb821f852452098c4793977b88be0009a26ef91d89aed868b35b0f0c037940e

    SHA512

    266f7388223b3698e3c647b358bd03ee7e2b2b40b49fdce078f03eb8db8e76f2e8fbdf79f4ab51fbaacb82c7d051b7fa4bfeac2e26c3ec12a2d437b881192955

    Download Submit

  • /storage/emulated/0/Android/README.txt
    MD5

    aa5c1f03bc9e0a01c2265293c7827a0e

    SHA1

    62b3145d6fb1e1ab28a9d1dc18e51c2e8ca6f612

    SHA256

    4cb821f852452098c4793977b88be0009a26ef91d89aed868b35b0f0c037940e

    SHA512

    266f7388223b3698e3c647b358bd03ee7e2b2b40b49fdce078f03eb8db8e76f2e8fbdf79f4ab51fbaacb82c7d051b7fa4bfeac2e26c3ec12a2d437b881192955

    Download Submit

  • /storage/emulated/0/Android/obb/.nomedia.coderCrypt
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /storage/emulated/0/Android/obb/README.txt
    MD5

    aa5c1f03bc9e0a01c2265293c7827a0e

    SHA1

    62b3145d6fb1e1ab28a9d1dc18e51c2e8ca6f612

    SHA256

    4cb821f852452098c4793977b88be0009a26ef91d89aed868b35b0f0c037940e

    SHA512

    266f7388223b3698e3c647b358bd03ee7e2b2b40b49fdce078f03eb8db8e76f2e8fbdf79f4ab51fbaacb82c7d051b7fa4bfeac2e26c3ec12a2d437b881192955

    Download Submit

  • /storage/emulated/0/DCIM/README.txt
    MD5

    aa5c1f03bc9e0a01c2265293c7827a0e

    SHA1

    62b3145d6fb1e1ab28a9d1dc18e51c2e8ca6f612

    SHA256

    4cb821f852452098c4793977b88be0009a26ef91d89aed868b35b0f0c037940e

    SHA512

    266f7388223b3698e3c647b358bd03ee7e2b2b40b49fdce078f03eb8db8e76f2e8fbdf79f4ab51fbaacb82c7d051b7fa4bfeac2e26c3ec12a2d437b881192955

    Download Submit

  • /storage/emulated/0/Download/README.txt
    MD5

    aa5c1f03bc9e0a01c2265293c7827a0e

    SHA1

    62b3145d6fb1e1ab28a9d1dc18e51c2e8ca6f612

    SHA256

    4cb821f852452098c4793977b88be0009a26ef91d89aed868b35b0f0c037940e

    SHA512

    266f7388223b3698e3c647b358bd03ee7e2b2b40b49fdce078f03eb8db8e76f2e8fbdf79f4ab51fbaacb82c7d051b7fa4bfeac2e26c3ec12a2d437b881192955

    Download Submit

  • /storage/emulated/0/Movies/README.txt
    MD5

    aa5c1f03bc9e0a01c2265293c7827a0e

    SHA1

    62b3145d6fb1e1ab28a9d1dc18e51c2e8ca6f612

    SHA256

    4cb821f852452098c4793977b88be0009a26ef91d89aed868b35b0f0c037940e

    SHA512

    266f7388223b3698e3c647b358bd03ee7e2b2b40b49fdce078f03eb8db8e76f2e8fbdf79f4ab51fbaacb82c7d051b7fa4bfeac2e26c3ec12a2d437b881192955

    Download Submit

  • /storage/emulated/0/Music/README.txt
    MD5

    aa5c1f03bc9e0a01c2265293c7827a0e

    SHA1

    62b3145d6fb1e1ab28a9d1dc18e51c2e8ca6f612

    SHA256

    4cb821f852452098c4793977b88be0009a26ef91d89aed868b35b0f0c037940e

    SHA512

    266f7388223b3698e3c647b358bd03ee7e2b2b40b49fdce078f03eb8db8e76f2e8fbdf79f4ab51fbaacb82c7d051b7fa4bfeac2e26c3ec12a2d437b881192955

    Download Submit

  • /storage/emulated/0/Notifications/README.txt
    MD5

    aa5c1f03bc9e0a01c2265293c7827a0e

    SHA1

    62b3145d6fb1e1ab28a9d1dc18e51c2e8ca6f612

    SHA256

    4cb821f852452098c4793977b88be0009a26ef91d89aed868b35b0f0c037940e

    SHA512

    266f7388223b3698e3c647b358bd03ee7e2b2b40b49fdce078f03eb8db8e76f2e8fbdf79f4ab51fbaacb82c7d051b7fa4bfeac2e26c3ec12a2d437b881192955

    Download Submit

  • /storage/emulated/0/Pictures/README.txt
    MD5

    aa5c1f03bc9e0a01c2265293c7827a0e

    SHA1

    62b3145d6fb1e1ab28a9d1dc18e51c2e8ca6f612

    SHA256

    4cb821f852452098c4793977b88be0009a26ef91d89aed868b35b0f0c037940e

    SHA512

    266f7388223b3698e3c647b358bd03ee7e2b2b40b49fdce078f03eb8db8e76f2e8fbdf79f4ab51fbaacb82c7d051b7fa4bfeac2e26c3ec12a2d437b881192955

    Download Submit

  • /storage/emulated/0/Podcasts/README.txt
    MD5

    aa5c1f03bc9e0a01c2265293c7827a0e

    SHA1

    62b3145d6fb1e1ab28a9d1dc18e51c2e8ca6f612

    SHA256

    4cb821f852452098c4793977b88be0009a26ef91d89aed868b35b0f0c037940e

    SHA512

    266f7388223b3698e3c647b358bd03ee7e2b2b40b49fdce078f03eb8db8e76f2e8fbdf79f4ab51fbaacb82c7d051b7fa4bfeac2e26c3ec12a2d437b881192955

    Download Submit

  • /storage/emulated/0/Ringtones/README.txt
    MD5

    aa5c1f03bc9e0a01c2265293c7827a0e

    SHA1

    62b3145d6fb1e1ab28a9d1dc18e51c2e8ca6f612

    SHA256

    4cb821f852452098c4793977b88be0009a26ef91d89aed868b35b0f0c037940e

    SHA512

    266f7388223b3698e3c647b358bd03ee7e2b2b40b49fdce078f03eb8db8e76f2e8fbdf79f4ab51fbaacb82c7d051b7fa4bfeac2e26c3ec12a2d437b881192955

    Download Submit