41e17ab631293f4976a503e8aed4dc7f84a55e286b1e49b0b2e4d1432639c029

General

Target

41e17ab631293f4976a503e8aed4dc7f84a55e286b1e49b0b2e4d1432639c029.apk
Size

5.3MB
MD5

1eb48628e6ad4c98953e2adc80736675
SHA1

e28d9daa3cd5ba16ef724e8dd1c02539d167dc52
SHA256

41e17ab631293f4976a503e8aed4dc7f84a55e286b1e49b0b2e4d1432639c029
SHA512

295887125e7a3f6ec9c7912fcf80112c060eb809883475c804a94c9b1973fa73d871a1e6ebd1a246d61778f455ecdf65512dd071247c1b3aae213841502483ba

Score

7^/10

obfuscation ransomware

Malware Config

Signatures

Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.dkisngicdeza.ptma

ioc pid process

/data/user/0/com.dkisngicdeza.ptma/wxqeouetaq/xhqlavxmdaffjam/base.apk.jtateug1.qgy 3682 com.dkisngicdeza.ptma
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.dkisngicdeza.ptma

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.dkisngicdeza.ptma

ioc	pid	process
/data/user/0/com.dkisngicdeza.ptma/wxqeouetaq/xhqlavxmdaffjam/base.apk.jtateug1.qgy	3682	com.dkisngicdeza.ptma

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.dkisngicdeza.ptma

Uses reflection 52 IoCs

obfuscation

Processes:

com.dkisngicdeza.ptma

description	pid	process
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method com.dkisngicdeza.ptma.lega$a.m4ecef221	3682	com.dkisngicdeza.ptma
Invokes method m0.c.m2510c390	3682	com.dkisngicdeza.ptma
Invokes method s.c.f	3682	com.dkisngicdeza.ptma
Invokes method m0.c.m4a8a08f0	3682	com.dkisngicdeza.ptma
Invokes method i1.j.m57cec413	3682	com.dkisngicdeza.ptma
Invokes method s.c.j	3682	com.dkisngicdeza.ptma

com.dkisngicdeza.ptma
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
- Uses reflection
PID:3682

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.dkisngicdeza.ptma/shared_prefs/multidex.version.xml

MD5
8c600f1ba8715a1a3d1242a75cd188ac

SHA1
b0f284437b4972edbf9eefe85d57ed99252ee650

SHA256
11f8b8cfc9abe5dc0e22996e77c80addc1b4c1cef018bd6403a788f35ac9640f

SHA512
52a7458368109a801aa4f5053726a3f76c8679a78a3493f9872ad630dff519e6e7e9917c3f8db5bbfca92ec5e630ef90cdcca3def0b9123a14cac042e75e4752

Download Submit
/data/user/0/com.dkisngicdeza.ptma/wxqeouetaq/xhqlavxmdaffjam/base.apk.jtateug1.qgy

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dkisngicdeza.ptma/wxqeouetaq/xhqlavxmdaffjam/bbgldhjf.gunp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dkisngicdeza.ptma/wxqeouetaq/xhqlavxmdaffjam/tmp-base.apk.jtateug182091904791955498.qgy

MD5
42cf54b25c65fa479ccb2f3a91b6ef86

SHA1
64b3d5f59dda1d0dbc8b74c2d6f54116578d2d2a

SHA256
c84ff6f699a39b0552aaae7320a509ce7fe31f0c5bbf21eb79be5210913d6458

SHA512
e2a8ee812742f644363ff68add1f34a728cf622156c214251dddee8a43d8e301831644225e08c081919ce6adb7397d2e62c97a8d709d94e2631fb5a1239b6eca

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads