c8ddc3d253c1a4531b23d57f291647f3784cad1096d43fcedbec59990039c201

Analysis

max time kernel
3766953s
max time network
149s
platform
android_x86
resource
android-x86-arm-20220310-en
submitted
20-05-2022 06:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8ddc3d253c1a4531b23d57f291647f3784cad1096d43fcedbec59990039c201.apk
Size

2.1MB
MD5

9eaad66b57a0c6594de76a3799ed7842
SHA1

9717a4f9ad81ba3f2f25321c91f2e610c95742bc
SHA256

c8ddc3d253c1a4531b23d57f291647f3784cad1096d43fcedbec59990039c201
SHA512

b1e228ffff8f61f0b68ac73b8efc86ef0dff554c74b8c4129c92bc0381ad96d1f56bfe26e335f14503db795fc2d141c442d5e6d5844a40019592ddc467ff31c2

Score

7^/10

ransomware

Malware Config

Signatures

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/ji.qi.zuan.jia/app_cache/mycode.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/ji.qi.zuan.jia/app_cache/oat/x86/mycode.odex --compiler-filter=quicken --class-loader-context=&ji.qi.zuan.jia

ioc	pid	process
/data/user/0/ji.qi.zuan.jia/app_cache/mycode.jar	5170	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/ji.qi.zuan.jia/app_cache/mycode.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/ji.qi.zuan.jia/app_cache/oat/x86/mycode.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/ji.qi.zuan.jia/app_cache/mycode.jar	5144	ji.qi.zuan.jia

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

ji.qi.zuan.jia

description ioc process

Framework API call javax.crypto.Cipher.doFinal ji.qi.zuan.jia

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	ji.qi.zuan.jia

ji.qi.zuan.jia
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:5144

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/ji.qi.zuan.jia/app_cache/mycode.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/ji.qi.zuan.jia/app_cache/oat/x86/mycode.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:5170

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ji.qi.zuan.jia/app_cache/mycode.jar
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ji.qi.zuan.jia/app_cache/mycode.jar
Filesize
2.0MB

MD5
a4ec4cc3909199a65baa816d70c475e5

SHA1
32d8c5498320f464b7a10a573684ad18fe490efd

SHA256
c01abd3afdfd2ac538be7fc6b1a83606996f5098014009439c3af408edada383

SHA512
21d37a22b980a2b3a1e9cfb1bd3a21a2b70f0d3d95b7460a5ad9cfd73f965288d7b949bd64d8cd15b416bd378a61fc32d6b797b53bbb9b534247f60638e377d7

Download Submit
/data/user/0/ji.qi.zuan.jia/app_cache/mycode.jar
Filesize
2.0MB

MD5
a0ea9de1f180bb78b182e138b7f4b259

SHA1
f41997deed285c958cafb457824677389407cb7d

SHA256
d6f48549e52527201dc2a71ab1541a847bb60a09031cd82bbc8bc476e702cd0b

SHA512
8ef794111379fd73eddafc9ea86e733afd3aea7c3dde28c96523e865f9dff2a8355802708aea0e0aedbe4aa7c8de386b83f1797b45a901c33db8cd823ce5cfe2

Download Submit
/data/user/0/ji.qi.zuan.jia/app_cache/mycode.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ji.qi.zuan.jia/app_cache/oat/mycode.jar.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ji.qi.zuan.jia/app_cache/oat/x86/mycode.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ji.qi.zuan.jia/app_cache/oat/x86/mycode.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ji.qi.zuan.jia/app_webview/Cookies
Filesize
64KB

MD5
cb7543c4df600f2af58097cce0e334ba

SHA1
83cc92f38c27fdb4fa519b1ce2f37912f24af1f0

SHA256
64c022ae708f94ffde986e105d88f708884de325720bfb9925c4160a6d417233

SHA512
ad51cad0472327bd68aa2d791341cfafed58971752352537bb603ed18b15a3f9185e9150983a28ecd09606e8dcaef6d1c9d93213dd246ef7720f39842eb3d980

Download Submit
/data/user/0/ji.qi.zuan.jia/app_webview/Cookies-journal
Filesize
1KB

MD5
845c7e67c0c22cac391ce319f3dd397d

SHA1
0c302bb355c25b1832b58f4e38ca18f2b2f2df18

SHA256
21d9a76c9f1f43b98c60186015823381e3f082aba36170f7591f1833c8a1f7ab

SHA512
023a7d8c9b95c075e3ca8d9a1515e65912af33e0e6017e71492eee2d7de22c1d56f4cddb8f7a4f9e1409478e877bc1f8719b1de03f67c505bd27a86929ba8be7

Download Submit
/data/user/0/ji.qi.zuan.jia/app_webview/GPUCache/index
Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/ji.qi.zuan.jia/app_webview/GPUCache/index-dir/temp-index
Filesize
48B

MD5
ec0b21d54d8d27325663bbfb6bf46d7f

SHA1
2631a9219796e247161635bb400fb06930970bb8

SHA256
83527f144a5a780f4d896fde3234fdfe094562b62d6c703429e3efa9738cc74b

SHA512
61938eec1c6f076c6b96b53d754956bd80408aa28b149e3f88b4defa7a55ddb158b04839a0d843a9ca46ecec6d945ebd038f63dae6a37103fa3569ee76256e78

Download Submit
/data/user/0/ji.qi.zuan.jia/app_webview/Web Data
Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/ji.qi.zuan.jia/app_webview/Web Data-journal
Filesize
1KB

MD5
efcddd51311d269e545c446216de9cba

SHA1
20d6ab616bcfce4cc85f1c72249c24ea59d70073

SHA256
07310c9d079903915a4e7a397caa4154a28e0ff1b0d6cd6f37eaa3a970790f9e

SHA512
d5f431f38a6a505133bd775234498d783d3eca5242be6885f9a712a1b6f01f4c5df4cff4e71401d8b912ae13441ac4b8ff4b139834466a863445f94407f5776f

Download Submit
/data/user/0/ji.qi.zuan.jia/app_webview/metrics_guid
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ji.qi.zuan.jia/app_webview/metrics_guid
Filesize
36B

MD5
a9d7a09dd3499bcafea051cde2987001

SHA1
9993a1e0583b6289b1223595696a7b45fea93fad

SHA256
5fb946853b1e38c795d238f56c17e1278d371813eb8852d57229d6da18bc4577

SHA512
fce46d7a283a062ae39bcaa6243eb58d6e9b73828bf4847ee93882308936dbfdda64e1fc504ac4bfb94701a5166776bc3197d5ca0f9464ad5bad0eb4ca58847d

Download Submit
/data/user/0/ji.qi.zuan.jia/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ji.qi.zuan.jia/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ji.qi.zuan.jia/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ji.qi.zuan.jia/cache/org.chromium.android_webview/a04d5773e94423bf_0
Filesize
161B

MD5
02df77afce6343d2bd540dc3ab80f7d0

SHA1
2218134e36aa2cf3958376ef07e65e5301cb9aa8

SHA256
db5ef6ba92f90a57a4905f63b81c7408ec5f0c9e25f207df609baf4179bf3ffe

SHA512
40233679a912bb40d4f9dc74f26d40b9b81f6107a32572191016bc32783f16b3cc7df4eaf18b5106b2c68e005bae4cf3e816cfdf3ec94490d03031e281c9ec73

Download Submit
/data/user/0/ji.qi.zuan.jia/cache/org.chromium.android_webview/index
Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/ji.qi.zuan.jia/cache/org.chromium.android_webview/index-dir/temp-index
Filesize
72B

MD5
1c7ef306612ee8cf7237ad09573ad00a

SHA1
e8ac8f508f8b45ee6e4576d7635f1b2e94217046

SHA256
452d0a4f3424997a123a6e305e5fb9871816e0ab1980ba73fdddfb1943964413

SHA512
3573193ff8ad7ac5f9f43cda810298c5198526f049d58d7ec952135fc2be762103c377668c1e2856e0240470e42fab1114a02e7b34e29aab201bd8d52d175a4d

Download Submit
/data/user/0/ji.qi.zuan.jia/cache/org.chromium.android_webview/index-dir/temp-index
Filesize
72B

MD5
a50dd0b374e2c44cce69d4b0746f140a

SHA1
8c4c635d0374a69b0648161544a54c33a3e309cf

SHA256
d78968c79cb1f518e1ff1991900bf203b6ca69fed7b5c074afbc61a0180cc35d

SHA512
a12d850b050a93544b3307337ca83d072afa6992d300e2a0dd4280659b6b758f9a313d8c9503a7addc2bc02985cd0244117c5b50a40aefd5a6597a6379de9891

Download Submit
/data/user/0/ji.qi.zuan.jia/cache/org.chromium.android_webview/index-dir/temp-index
Filesize
48B

MD5
dd53b0126d135d126b1323152f9415f7

SHA1
e7f087ed11b50044b98abdee4593ca265ca9204d

SHA256
939068013e8b17c4b7a78e0707bab84ba21ec44240146700794bf8e34d999270

SHA512
5f9f8c3cc3e7cacc463ace1e7d8d138ed142efc90328130dc729006880ae69eb2a678f9539d82c5aff0a1c4a1a2b84a98062cd3359a7aeb9d2a4361612374cd2

Download Submit
/data/user/0/ji.qi.zuan.jia/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit