Overview

overview

8

Static

static

8

WIFI.apk

android_x86

8

WIFI.apk

android_x64

8

WIFI.apk

android_x64

Resubmissions

23-04-2024 07:56

240423-js1dvseg4v 8

15-04-2024 17:56

240415-wh898seg9w 8

25-06-2021 19:13

210625-g3rlde4dqn 8

17-01-2021 18:18

210117-lzgtt5m89n 10

12-01-2021 14:53

210112-6aqfd4757x 10

Analysis

  • max time kernel
    1150945s
  • max time network
    163s
  • platform
    android_x64
  • resource
    android-x64-arm64
  • submitted
    25-06-2021 19:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WIFI.apk

  • Size

    2.9MB

  • MD5

    79ba96848428337e685e10b06ccc1c89

  • SHA1

    51b31827c1d961ced142a3c5f3efa2b389f9c5ad

  • SHA256

    854774a198db490a1ae9f06d5da5fe6a1f683bf3d7186e56776516f982d41ad3

  • SHA512

    ed0e788b735de1508eb387a20bff312094bb9b935c5b2d278391c01edf27550816515e60054b687f14ce04e7ccb7c46f0169a93df571abd623d4ee0b150f1f43

Score
8/10
obfuscationransomware

Malware Config

Signatures

  • Reads device subscriber ID 1 IoCs

    Uses Android APIs to read subscriber ID (IMSI on GSM devices).

  • Requests cell location 1 IoCs

    Uses Android APIs to to get current cell location.

  • Checks Android system properties for emulator presence. 4 IoCs
  • Reads name of network operator 1 IoCs

    Uses Android APIs to discover system information.

  • Reads serial number of SIM 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware
  • Uses reflection 64 IoCs
    obfuscation

Processes

  • org.xmlpush.v3
    1⤵
    • Reads device subscriber ID
    • Requests cell location
    • Checks Android system properties for emulator presence.
    • Reads name of network operator
    • Reads serial number of SIM
    • Uses Crypto APIs (Might try to encrypt user data).
    • Uses reflection
    PID:4107
    • org.xmlpush.v3
      2⤵
        PID:5738

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/user/0/org.xmlpush.v3/cache/e648569b
      MD5

      ba76e556409aa7bf4bcb3df464c583dc

      SHA1

      ad0738ddf836fbbc18684889e3ed52130500fb50

      SHA256

      d5b50bb7b0bed3964b51c2a3a0361ecfa74af38bc3dd626fee40780e1dd0ac45

      SHA512

      be1df1baab15847b692281664da466e9d1afbfc6a0da9cb079351e483e45685d2f0133a369eb2455c573c869866903ea3fff1bd8a7ff19a38d36678d64217151

      Download Submit
    • /data/user/0/org.xmlpush.v3/files/641ea378
      MD5

      d41d8cd98f00b204e9800998ecf8427e

      SHA1

      da39a3ee5e6b4b0d3255bfef95601890afd80709

      SHA256

      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

      SHA512

      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

      Download Submit
    • /data/user/0/org.xmlpush.v3/files/RANDSEED.001
      MD5

      b9dee727e7e4bf8f836111b109c1630b

      SHA1

      930a9a63eb2b5fa5a84eabfcdd83c6f35e94c432

      SHA256

      1ae4e00e38cd82c02cc53efd2d2fadb3132ee3967b4e882c68b90f0024e9a566

      SHA512

      09a1e522a4b85abe7bd9197d12e4b7561b958efe67a022f671c8bb332658077489fc590325316321e5d827ffbc0c89654d3ceed4f540cc8065e4c0d88d3406f1

      Download Submit
    • /data/user/0/org.xmlpush.v3/files/RANDSEED.002
      MD5

      20bc6f90aba6d964d2812c2bec42ffd2

      SHA1

      5d2c75c820a41b63ef9716a7018829dda12f7857

      SHA256

      8365469b93a5cea7c86f874121e42c710661142868bd5db92ce28e7cce7efda2

      SHA512

      5a52ea5de746d0939818a9c34932bd919751d58b3d10b6c762e807e9a3bb4c3b603375f18888ac9da7657bb9f9efa79cb44c8452c74fa79b7836bc9748dd31af

      Download Submit
    • /data/user/0/org.xmlpush.v3/files/d62bcba3c13fa0fac0df1a
      MD5

      d41d8cd98f00b204e9800998ecf8427e

      SHA1

      da39a3ee5e6b4b0d3255bfef95601890afd80709

      SHA256

      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

      SHA512

      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

      Download Submit
    • /data/user/0/org.xmlpush.v3/files/rmil5e
      MD5

      d41d8cd98f00b204e9800998ecf8427e

      SHA1

      da39a3ee5e6b4b0d3255bfef95601890afd80709

      SHA256

      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

      SHA512

      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

      Download Submit