Overview

overview

10

Static

static

7

2877b27f1b...50.apk

android_x64

10

Resubmissions

20-03-2022 22:30

220320-2e69csgffl 10

10-03-2022 18:07

220310-wqcw1achbm 10

10-03-2022 17:34

220310-v5qkzahdf7 7

10-03-2022 17:12

220310-vq77gahca6 7

10-03-2022 16:14

220310-tp5jhsbham 7

10-03-2022 16:02

220310-tgwawabggk 10

Analysis

  • max time kernel
    2843151s
  • max time network
    173s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220310-en
  • submitted
    20-03-2022 22:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2877b27f1b6c7db466351618dda4f05d6a15e9a26028f3fc064fa144ec3a1850.apk

  • Size

    2.4MB

  • MD5

    e39505e65aec6835f680c902e1c8f7d8

  • SHA1

    8b2984b8838067903ee3ff95d8a6823106216296

  • SHA256

    2877b27f1b6c7db466351618dda4f05d6a15e9a26028f3fc064fa144ec3a1850

  • SHA512

    19911ed73419450a03ad541f7164a5db05a93e2c63d894ab79fdc50409d77696bdc203155640361d5f12de1929f234d5b2da84ebf4c59306876d725221310887

Score
10/10
xenomorphbankerinfostealerransomwaretrojan

Malware Config

Extracted

Family

xenomorph

C2

simpleyo5.tk

simpleyo5.cf

kart12sec.ga

kart12sec.gq

Extracted

Family

xenomorph

Attributes
  • PackageNames

    com.android.vending

    com.google.android.gm

  • URLs

    https://homeandofficedeal.com/local/multi/com.android.vending.html

    https://homeandofficedeal.com/local/multi/com.google.android.gm.html

AES_key
AES_key
AES_key

Signatures

  • Xenomorph

    Xenomorph is an Android banking trojan that is seemingly tied with AlienBot.

    bankertrojaninfostealerxenomorph
  • Makes use of the framework's Accessibility service. 1 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.spike.old
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:7186

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.spike.old/app_DynamicOptDex/hq.json
    MD5

    2690b5434d844fcaa4527744faff8700

    SHA1

    2ec4338390f8bf65c7340257a149da66cb792593

    SHA256

    7cbcebcccb83e5dccd98a5ffef0aa16201e30f684cfa743bd91d459e5a1286e2

    SHA512

    87cc00acf8271f454dc756dd6247a207d793a4bb3e593850efac906e976bfc023ba6a9b27d2ca3f9a3d6a22ed94e8ca20db7bd4cf24180f73f2f6e075c032b86

    Download Submit
  • /data/user/0/com.spike.old/app_DynamicOptDex/hq.json
    MD5

    fde08886038bffc5923fa098cd55d0cd

    SHA1

    d6f8dbbdd2ded86081cb81e690f5402552ee5345

    SHA256

    dae52bbee7f709fae9d91e06229c35b46d4559677f26152d4327fc1601d181be

    SHA512

    93b05624b145e56e081e0771b1ec635df4cf6109087abc67dabe7055ef745003109047370fd42bab83424b7ee396fc6116419f4c255bbd1a794ec558fa7a9091

    Download Submit
  • /data/user/0/com.spike.old/app_DynamicOptDex/oat/hq.json.cur.prof
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/com.spike.old/app_webview/.com.google.Chrome.vp9amw
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/com.spike.old/app_webview/Default/GPUCache/index
    MD5

    6d7d499960179766cd4261d12dacc411

    SHA1

    e6f8553b0015e12b23cc551afe98763f3b1c9bed

    SHA256

    c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

    SHA512

    6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

    Download Submit
  • /data/user/0/com.spike.old/app_webview/Default/GPUCache/index-dir/temp-index
    MD5

    1e5f0052c5b46afa7840643845cbc5cb

    SHA1

    e82912cc7b8ace8e765e783ef33e6bb753b9e09d

    SHA256

    9f68bd5f364a81da61d4bb8cf977e2f6bbdc91d5df6e4c441b181ee9d022dee3

    SHA512

    e95b7cf03cb2cbc0ddab78c8ac8eaf41108963bc098a1811e706dc167c8f7303e3db9e9fda63190bf38b3a63af9a0cb05022f6d1225fcc24c9eff96325b7664e

    Download Submit
  • /data/user/0/com.spike.old/app_webview/Default/Session Storage/000001.dbtmp
    MD5

    46295cac801e5d4857d09837238a6394

    SHA1

    44e0fa1b517dbf802b18faf0785eeea6ac51594b

    SHA256

    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

    SHA512

    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

    Download Submit
  • /data/user/0/com.spike.old/app_webview/Default/Session Storage/000003.log
    MD5

    9f7eadc15e13d0608b4e4d590499ae2e

    SHA1

    afb27f5c20b117031328e12dd3111a7681ff8db5

    SHA256

    5c3a5b578ab9fe853ead7040bc161929ea4f6902073ba2b8bb84487622b98923

    SHA512

    88455784c705f565c70fa0a549c54e2492976e14643e9dd0a8e58c560d003914313df483f096bd33ec718aeec7667b8de063a73627aa3436ba6e7e562e565b3f

    Download Submit
  • /data/user/0/com.spike.old/app_webview/Default/Session Storage/LOCK
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/com.spike.old/app_webview/Default/Session Storage/LOG
    MD5

    eb85e9c29592de9f31ed325d527c4505

    SHA1

    557d528f85de6a9624fcd8538382a8115abdd216

    SHA256

    02b452930e695fa2d9110eab3c4471317caf55e40c457bb82e947f623615d249

    SHA512

    0864355774b25279ffff00fb686ef88469bf38a4433c0fff91b5c6dbd890592d033868ded41740ab67010de9c9fbaff7ec59dcecef69e84285f6aead7ee6b6ab

    Download Submit
  • /data/user/0/com.spike.old/app_webview/Default/Session Storage/MANIFEST-000001
    MD5

    5af87dfd673ba2115e2fcf5cfdb727ab

    SHA1

    d5b5bbf396dc291274584ef71f444f420b6056f1

    SHA256

    f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

    SHA512

    de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

    Download Submit
  • /data/user/0/com.spike.old/app_webview/Default/Web Data
    MD5

    a48cd9324b1f8754b07f00d863b840f3

    SHA1

    11c6614775b35a58f440971dfc87c8aaac6d6173

    SHA256

    8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420

    SHA512

    35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

    Download Submit
  • /data/user/0/com.spike.old/app_webview/Default/Web Data-journal
    MD5

    c373a7e7f21cf56661ac20a6858c6f7b

    SHA1

    263c60adc8632c598d30fb96bcb5a9bd0326bbac

    SHA256

    33e0ad1c84cd031c6b9c78ce4c782f166ceb04d7d0e2f6f93fc628ed724cb4d9

    SHA512

    170a4f34ff4dc3f99bb7132aa3ce29855e78f322a5071c571f657b608164da8e4dbbc67ef27a889470fabf5198b9aaeb5e6dfab11bdf0dd33b2adc9aaff80dfb

    Download Submit
  • /data/user/0/com.spike.old/app_webview/variations_seed_new
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/com.spike.old/app_webview/variations_stamp
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/com.spike.old/app_webview/webview_data.lock
    MD5

    0b1d90461679f5b16135d18a6fe41ed3

    SHA1

    830cb15e067f44d67763e5f7011c054eef2e0c5a

    SHA256

    1255d78d36279fd9182ffd5f30110e97ac9d765a9b70791df16d028794ab0ddf

    SHA512

    fe34a178a7196370d2f54b6aeadbb0b073ee582657d03679920cf6dd681a68c055021ad84ebc169c7325f5e357594e4c1e5a1cee30beed62d87d9a1bf6e547ee

    Download Submit
  • /data/user/0/com.spike.old/cache/WebView/Crashpad/settings.dat
    MD5

    46bae2e3761e000a44583e8b6a327810

    SHA1

    3c82d06e240051d5ef5ff2f700416663cd5a7924

    SHA256

    890221c02b77b9f120ad410d4997f49075b9a3844bf9ff9ef936c7a1aecc90e0

    SHA512

    109f198cf363fa04e6521673f16288626a60fe99c4576390a28f9faeb7624e8f4aa46189df833c19b69f95f1f222cb962a0aec629b9a04e600494aafd4af7422

    Download Submit
  • /data/user/0/com.spike.old/cache/WebView/Default/HTTP Cache/Code Cache/js/index
    MD5

    6d7d499960179766cd4261d12dacc411

    SHA1

    e6f8553b0015e12b23cc551afe98763f3b1c9bed

    SHA256

    c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

    SHA512

    6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

    Download Submit
  • /data/user/0/com.spike.old/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index
    MD5

    a9f64458f37957aeda392c161a5ba050

    SHA1

    64a291a40373c09f7a23663622c5fcd2ec8ba7f2

    SHA256

    facaadc311109518655367b690e997415f2331780ac7d53cab6f5aabc6f9e4ee

    SHA512

    993b6fa6cf6a8b276eb17868fbab4d6eaa1a90d9f14b1af5bcc386b9393d44388ff82b5bf0208b728fe8ee2f284d3bb4cdd595cb5786845799cca9b2959c9e8d

    Download Submit
  • /data/user/0/com.spike.old/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index
    MD5

    6d7d499960179766cd4261d12dacc411

    SHA1

    e6f8553b0015e12b23cc551afe98763f3b1c9bed

    SHA256

    c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

    SHA512

    6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

    Download Submit
  • /data/user/0/com.spike.old/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index
    MD5

    096c5a30a6ff03492d9a3fbf7c16341a

    SHA1

    129ad3567d883ada3d6e16381455e4313c5ace49

    SHA256

    09ac8c1690923093a151aaa8b6ec610e7a09831f56cfdd3316afb7f4cd7f1484

    SHA512

    a3aa389c2e66b97d133f111cbac2d65108d80acbf2563dc3d1e9484e91a56240f36a7a66e7ade3603d938d930472c3f232ffa0ead17ef5c5f2fd359a37f53c22

    Download Submit
  • /data/user/0/com.spike.old/cache/WebView/font_unique_name_table.pb
    MD5

    f080fa2a56ab5479d58063e5ea871447

    SHA1

    4b3fd57a98916fa5784305b76ba30af26b5253d9

    SHA256

    0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815

    SHA512

    8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

    Download Submit
  • /data/user/0/com.spike.old/shared_prefs/WebViewChromiumPrefs.xml
    MD5

    97ccd9a2b2063143df56b6937f961ca4

    SHA1

    5e78a91ae5df289ce83443cb7d5589dd3504fb5d

    SHA256

    248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd

    SHA512

    86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

    Download Submit