filecoder | 924e8a1c0d7fba2b069b5ce514c45d0835c474a4ce146263cd1d27d405904420

Analysis

max time kernel
3194042s
max time network
146s
platform
android_x64
resource
android-x64-arm64
submitted
03/02/2022, 06:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

924e8a1c0d7fba2b069b5ce514c45d0835c474a4ce146263cd1d27d405904420.apk
Size

6.8MB
MD5

f07b8cc1e331ec181031a0d90fbffb85
SHA1

f31c67ccc0d1867db1fbc43762fcf83746a408c2
SHA256

924e8a1c0d7fba2b069b5ce514c45d0835c474a4ce146263cd1d27d405904420
SHA512

e2fdf39bdc5b3861b3185a575470e5612ec9a99047c2ef1ab499415872d007e6acf54b4e4fe155f27b905a6e8feb58bb44479b5080c5cf31266dded1541e3520

Score

10^/10

filecoder ransomware

Malware Config

Signatures

Filecoder.C
A ransomware family that spreads to other victims via SMS.
ransomware filecoder

Checks Android system properties for emulator presence. 1 IoCs

description	ioc	Process
Accessed system property	key: ro.product.model	net.south.seven

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	net.south.seven

net.south.seven
1⤵
- Checks Android system properties for emulator presence.
- Uses Crypto APIs (Might try to encrypt user data).
PID:5584

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads