774bccd66ba08115f0daf2fdee167d04fd1b4a25b7fcf8736cbd4b5f3887b79f

General

Target

774bccd66ba08115f0daf2fdee167d04fd1b4a25b7fcf8736cbd4b5f3887b79f.apk
Size

4.1MB
MD5

7a46275abdb8ff7c29cea25a7dcd9911
SHA1

931887cbb7e69815095f85966c233e118039ed50
SHA256

774bccd66ba08115f0daf2fdee167d04fd1b4a25b7fcf8736cbd4b5f3887b79f
SHA512

d94761c7ad1b244a59007b3afd1b00fdadb36fa939bd85e8ea561e13b76c848430e22ef0974c470aab5ec19af145dc18114db774fd606577a78ec0cc295f52c9

Score

7^/10

obfuscation ransomware

Malware Config

Signatures

Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.baidu.searchbox

ioc pid process

/data/user/0/com.baidu.searchbox/Yfzjhhjpkv/bzxjopjhbhhbhjg/base.apk.jdkhjbg1.xbY 3678 com.baidu.searchbox
Requests enabling of the accessibility settings. 1 IoCs

Processes:

com.baidu.searchbox

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS com.baidu.searchbox
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.baidu.searchbox

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.baidu.searchbox

ioc	pid	process
/data/user/0/com.baidu.searchbox/Yfzjhhjpkv/bzxjopjhbhhbhjg/base.apk.jdkhjbg1.xbY	3678	com.baidu.searchbox

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.baidu.searchbox

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.baidu.searchbox

Uses reflection 64 IoCs

obfuscation

Processes:

com.baidu.searchbox

description	pid	process
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows	3678	com.baidu.searchbox
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3678	com.baidu.searchbox

com.baidu.searchbox
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses Crypto APIs (Might try to encrypt user data).
- Uses reflection
PID:3678

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.baidu.searchbox/Yfzjhhjpkv/bzxjopjhbhhbhjg/base.apk.jdkhjbg1.xbY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.baidu.searchbox/Yfzjhhjpkv/bzxjopjhbhhbhjg/shhjhpja.kvsg
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.baidu.searchbox/Yfzjhhjpkv/bzxjopjhbhhbhjg/tmp-base.apk.jdkhjbg6073073753599743744.xbY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.baidu.searchbox/shared_prefs/Voicemail.xml
MD5
b7ccae53aab321fdf3aa343e868aa337

SHA1
ed99dae17643479d0dd7abe1d9db1aecb29c917b

SHA256
ce3c8a6a87dfb61951069c22e11698dd40a80c65dd8c261d05c55947d5a8be77

SHA512
d12261465fab800953df52daddb313889d773e067f2f497f64f324d3ac15944ce8a11f88e6111cffb1039e042f3b66478dc45476d96de88a062dec1f06bf8e72

Download Submit
/data/user/0/com.baidu.searchbox/shared_prefs/multidex.version.xml
MD5
d4af69ec8a2319356bccc36b948e0e7e

SHA1
a1bf13d24b52b139051b60d6d6588b307a6b5964

SHA256
ae855e64c2d340889aed44136e270e15af13ec8349cabb6010c57cba6076899f

SHA512
9d8c2ed188780c8087c84bedec4fb7709b339543f3ae9523d8326da83ce2c028a9f771a4d05b3a8b60643c4a7f15f0432fbf64633b3dc2af769acb5ad50eac6b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads