5a8c34d23931c33b1a0aa25b7c0bee786111db6fd053b88a5a152898bd8faaae

General

Target

5a8c34d23931c33b1a0aa25b7c0bee786111db6fd053b88a5a152898bd8faaae.apk
Size

4.9MB
MD5

4493edef47da202d59a2fd8c183caf2b
SHA1

c971a1c8ac0761abfff2220b0e1e07cb2f82a971
SHA256

5a8c34d23931c33b1a0aa25b7c0bee786111db6fd053b88a5a152898bd8faaae
SHA512

22a252b50f4bf936a29f407d711347b8d6816f61f38a1b6f725253c40876bb7503ceedf7830312ec3005e0a62f6c9fd6cd1037e364917aee745f6eb746374ae2

Score

7^/10

obfuscation ransomware

Malware Config

Signatures

Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.thestore.main

ioc pid process

/data/user/0/com.thestore.main/khzhhhxhno/chonbYvfkbcvlzh/base.apk.mhmhkck1.bgh 4250 com.thestore.main
Requests enabling of the accessibility settings. 1 IoCs

Processes:

com.thestore.main

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS com.thestore.main
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.thestore.main

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.thestore.main

ioc	pid	process
/data/user/0/com.thestore.main/khzhhhxhno/chonbYvfkbcvlzh/base.apk.mhmhkck1.bgh	4250	com.thestore.main

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.thestore.main

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.thestore.main

Uses reflection 64 IoCs

obfuscation

Processes:

com.thestore.main

description	pid	process
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows	4250	com.thestore.main
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4250	com.thestore.main

com.thestore.main
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses Crypto APIs (Might try to encrypt user data).
- Uses reflection
PID:4250

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.thestore.main/khzhhhxhno/chonbYvfkbcvlzh/base.apk.mhmhkck1.bgh
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.thestore.main/khzhhhxhno/chonbYvfkbcvlzh/tmp-base.apk.mhmhkck6824687992557192061.bgh
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.thestore.main/khzhhhxhno/chonbYvfkbcvlzh/vlgGGhpv.Ymhc
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.thestore.main/shared_prefs/Voicemail.xml
MD5
a4c7cd64f310ad8337d971ed2c32e9d3

SHA1
448b6e2e42ee2a5b8b7f4a5197e8e0d7039571bc

SHA256
01e3287aabd31bf073ca110edc4a37a1b1f4b6440be4c739f6f72f334cb533c4

SHA512
f5265df5bd91c7709801964ed88043be9669f9a819f940c25f22053162c45aa775b7a6e9c50a53c11ffd0201a62c04bc1389c811ca1b92c490c26cd0bd78e3f5

Download Submit
/data/user/0/com.thestore.main/shared_prefs/Voicemail.xml
MD5
cb52a0d4ea4db627b88e5604cf846548

SHA1
e172afec77ea87d7ab57f9ec8529442587161fa4

SHA256
bd14f9f7abab3c184569d4ba98339a069ed71411a74a47526546133142cd26ad

SHA512
304d0ead5b3ee4375c7b25961897f9fd55637dd73f0c0e1c502eae03bbb329ee81ab5c9ee93b3940970628edda843fd5ba32d9098bdca135e5e798efc09158cd

Download Submit
/data/user/0/com.thestore.main/shared_prefs/multidex.version.xml
MD5
c60a1453cce67bad226b6c5677561fc3

SHA1
c8ac8c838ba3df787f724fd13b78e1562dcb1121

SHA256
43c768aace9ad52778d06d4105bdccaceaa6e3fa31b2ca99f7a124886eefb3ea

SHA512
7bcb2462381310ce68769a896db17ba5a5febb12a485b766d723e69808d985b6613d72a6d170c90aa0607640152c6f45c56fa4ddf87e577001665bea9687fbf1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads