41e17ab631293f4976a503e8aed4dc7f84a55e286b1e49b0b2e4d1432639c029

Resubmissions

28/09/2021, 10:20

210928-mc639abeg5 10

28/09/2021, 09:50

210928-ltx18sbfcj 8

Analysis

max time kernel
735146s
max time network
40s
platform
android_x64
resource
android-x64
submitted
28/09/2021, 09:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41e17ab631293f4976a503e8aed4dc7f84a55e286b1e49b0b2e4d1432639c029.apk
Size

5.3MB
MD5

1eb48628e6ad4c98953e2adc80736675
SHA1

e28d9daa3cd5ba16ef724e8dd1c02539d167dc52
SHA256

41e17ab631293f4976a503e8aed4dc7f84a55e286b1e49b0b2e4d1432639c029
SHA512

295887125e7a3f6ec9c7912fcf80112c060eb809883475c804a94c9b1973fa73d871a1e6ebd1a246d61778f455ecdf65512dd071247c1b3aae213841502483ba

Score

7^/10

obfuscation ransomware

Malware Config

Signatures

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.dkisngicdeza.ptma/wxqeouetaq/xhqlavxmdaffjam/base.apk.jtateug1.qgy	3682	com.dkisngicdeza.ptma

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.dkisngicdeza.ptma

Uses reflection 52 IoCs

obfuscation

description	pid	Process
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method m0.c.m2510c390	3682	com.dkisngicdeza.ptma
Invokes method s.c.f	3682	com.dkisngicdeza.ptma
Invokes method m0.c.m4a8a08f0	3682	com.dkisngicdeza.ptma
Invokes method i1.j.m57cec413	3682	com.dkisngicdeza.ptma
Invokes method s.c.j	3682	com.dkisngicdeza.ptma

com.dkisngicdeza.ptma
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
- Uses reflection
PID:3682

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads