d2fadcc253c46dcd32dcb2c812a81033a3fe51921a5c0000a74f6874853668b0

Analysis

max time kernel
3843435s
max time network
170s
platform
android_x64
resource
android-x64-20220310-en
submitted
21-05-2022 03:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d2fadcc253c46dcd32dcb2c812a81033a3fe51921a5c0000a74f6874853668b0.apk
Size

3.8MB
MD5

06b4bef83608e71b25ebdf0e450339ed
SHA1

9eece1916ef37284fe4182241f058456219c9f79
SHA256

d2fadcc253c46dcd32dcb2c812a81033a3fe51921a5c0000a74f6874853668b0
SHA512

e825d0fb39e807f7fd5dec5cae8fb46a5df3e0280c2c40f6e9d4fb757c9533aaf06a573436ddb908fc92034695437c5958bb8a8137205f5f08bebc491c39e4a0

Score

7^/10

ransomware

Malware Config

Signatures

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

crossstitch.puntodecruzev

ioc	pid	process
/data/user/0/crossstitch.puntodecruzev/cache/1582435991586.jar	6167	crossstitch.puntodecruzev
/data/user/0/crossstitch.puntodecruzev/files/ghioghfg.ghiodfglfd.ghoigogd.exgqy.jar	6167	crossstitch.puntodecruzev

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

crossstitch.puntodecruzev

description ioc process

Framework API call javax.crypto.Cipher.doFinal crossstitch.puntodecruzev

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	crossstitch.puntodecruzev

crossstitch.puntodecruzev
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:6167

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/crossstitch.puntodecruzev/app_webview/Cookies
Filesize
64KB

MD5
9b23e6a88d5a95f155f205cb04b93cd0

SHA1
b62dccbbef087a0731f226b96d15d35d8aa5e5fc

SHA256
f2f3c3c0c7f085399a6f9a464c1ac30a59ceeb5a4b7026286fa5609e6e8ef857

SHA512
bce5f25d98e2e8296c4101b62082dcb6a43902f3431ff6f725e41be6b9aece76e887ef94c4818baf4da845708fd76fd51c37fb6915710c870647593868f27482

Download Submit
/data/user/0/crossstitch.puntodecruzev/app_webview/Cookies-journal
Filesize
1KB

MD5
28a0f608afe161aa93c068ced004dfae

SHA1
3c16461bccb1ff7216178716ddbc7c1a60118cc9

SHA256
23f36ba8a856340584ad946f4e72d373ef005929722b4a5ef16af337b75d64f5

SHA512
5bc2f55333131405222e2e674081ae6df6ff60bd5a4c13dd220b8d6ef75a2455e53d96d1d50de70eb9ab924b31a6e51abb7f598da19f6278f5c87c5eeca37f22

Download Submit
/data/user/0/crossstitch.puntodecruzev/app_webview/GPUCache/index
Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/crossstitch.puntodecruzev/app_webview/GPUCache/index-dir/temp-index
Filesize
96B

MD5
b7b6e4c67c7274c4ddabf21b7d60a8fb

SHA1
eb59efbfce7497c8ad0924ca63157884b0f62a05

SHA256
603be852ff7e2b6745ffc5c57a621ef0b023f457c573865270242785f9db43ec

SHA512
95a89b2e29918955159d86a5cc2b43d43d8cb31a14f23c59f7e89da7ccb7ef57bc0e59d329288cca62b98b9994c9a1d96e512b6d1b14224d47aa9d65033117f3

Download Submit
/data/user/0/crossstitch.puntodecruzev/app_webview/Web Data
Filesize
112KB

MD5
b663831f8cc130493476d94f2d7a5330

SHA1
043a1956ab8e40821d67043f8a9110a8eb36fb93

SHA256
c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

SHA512
e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

Download Submit
/data/user/0/crossstitch.puntodecruzev/app_webview/Web Data-journal
Filesize
1KB

MD5
ce47fde72e6f328059952e19904b0224

SHA1
a4fb32bdfca15b19ca8911005e086450721f6328

SHA256
cd0aa8dee0798492579a511e53db2ad6c3d849d695ddd891f1d8d0b4637bb660

SHA512
ca8f09e427b3736d38019e3ad8fecd6a2540737f231809d0f9daf0d88d91ccf5842c1afaaccbffae493a569c9f1eca1e35ca75b50428456894ce8a24eb83d493

Download Submit
/data/user/0/crossstitch.puntodecruzev/app_webview/metrics_guid
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/crossstitch.puntodecruzev/app_webview/metrics_guid
Filesize
36B

MD5
81e70516225f11f38cbd3f806c4713e4

SHA1
3016937bd5e1632d1807bac437794cd03d345a46

SHA256
5bfe6c78496cbdcbd2c544cb043efdea8d34d87d4c6eb08c9c407e304d9f4367

SHA512
22eab233ac559657516d9ab1fd73dd48bae8b4f0884f8ffa922b1b1340dd029235e1e57346819c3e1d38135bfdde22af75d9c835e3b50fc720f60437253bf584

Download Submit
/data/user/0/crossstitch.puntodecruzev/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/crossstitch.puntodecruzev/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/crossstitch.puntodecruzev/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/crossstitch.puntodecruzev/cache/1582435991586.jar
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/crossstitch.puntodecruzev/cache/1582435991586.jar
Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit
/data/user/0/crossstitch.puntodecruzev/cache/oat/1582435991586.jar.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/crossstitch.puntodecruzev/cache/org.chromium.android_webview/Code Cache/js/index
Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/crossstitch.puntodecruzev/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
Filesize
96B

MD5
fccc81b9a5d2db63220c6e30a9132aa1

SHA1
71a415f7acf65cb399036f192740ac8b11b96345

SHA256
1e6dfa410c2b45d5e2b816698ffb50b76c97dfcb9e08b86b2db7cbbb7db0c62a

SHA512
c2f8693d5f78d1361d6a9493e44a26dd924ab76e3226b6ef6c1ad54d4fb2004cbeaf7d50fa22b6b55300812eb7ecd09963eb54099143d94b72e4dbd0dc6b1dad

Download Submit
/data/user/0/crossstitch.puntodecruzev/cache/org.chromium.android_webview/f038e94cb33282ab_0
Filesize
400B

MD5
a62b20c6608b3694260e345c1d80b467

SHA1
ea6bec313d9a059a7f4e1e72bf8cfbae621846d8

SHA256
6da95ae1acbfb719cf6466b2e0cbf3379ce393df0f2f7061acfd4048ccd3a929

SHA512
f68c3bfae54b8f75d56a63cd823e99ce8c6472db38a5120508540b4ecd1a724f29156f93dca5a61939408c74312689c0fc58084d2e2240e584c87d5a3a4bdd8b

Download Submit
/data/user/0/crossstitch.puntodecruzev/cache/org.chromium.android_webview/index
Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/crossstitch.puntodecruzev/cache/org.chromium.android_webview/index-dir/temp-index
Filesize
96B

MD5
634ecb5afd03ef205b87280138d8067b

SHA1
f6079943968439ba13b60932510dc3db80f6132f

SHA256
675a924ec7703bedc8073cade72afa2350e4eca9fc8564014f6a598b3dd184d6

SHA512
b5aa7f7c51ce29a59e4377745080ca82458953f452383e5da3b928db9465dc8816b927ad787013b8e79715ae9552ecc6823b8496de9548d105e0eb5384130511

Download Submit
/data/user/0/crossstitch.puntodecruzev/cache/org.chromium.android_webview/index-dir/temp-index
Filesize
96B

MD5
30df17779c004b7047d42deb8d324573

SHA1
9bbbb58436c7217b2135603f6dcc26c278083687

SHA256
54f4cc289b4ab656ad5aacbfda17d5c0197a31f153a6fff17cdb56371f3811d2

SHA512
b3516eb2bbc654c5873f665669551bf5baa97faefb8ac2684749910aa2bdebf9cba6915d5ffd42216cb918a00a6ece6052949d17702f4d14434574abf8d14a13

Download Submit
/data/user/0/crossstitch.puntodecruzev/files/ghioghfg.ghiodfglfd.ghoigogd.exgqy.jar
Filesize
43KB

MD5
2b625b94707dd121139d64ec0b8787fc

SHA1
efa1020579bf6e10db232b1e208c192fd6d4cdc3

SHA256
20eb6389f4363c9a01fc3f00ca8172e8e8526c10f5bbf4e8ac0f6d9ffcf22145

SHA512
a58dddca413d9f277d1a9a1c9a7dd5819579b457fac9b84d0f20bba1dd2c9c2a035c505a092398319e830b1f46705dcbd92b843d2434a6c3fc4e1b57e4b8fa19

Download Submit
/data/user/0/crossstitch.puntodecruzev/files/ghioghfg.ghiodfglfd.ghoigogd.exgqy.jar
Filesize
114KB

MD5
575e6fc5f26e35b150e658f2fd9de5d9

SHA1
cad9c4415e01228d61090d81e9ca2044e7184f15

SHA256
bb9e71af485c00813616bd215feefde79a96f7d6be377ee04abbb495c9a8be0e

SHA512
e73eeb3298fd9c0bee3a939d02f87c3b66d6a5448a7cb54a33935f84c00ee6fea2962cf84b6918aa75ba3681d5c48a335ce1c53f6f3cedc64cd4f457fa4e31a4

Download Submit
/data/user/0/crossstitch.puntodecruzev/files/oat/ghioghfg.ghiodfglfd.ghoigogd.exgqy.jar.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/crossstitch.puntodecruzev/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
6ef709b8536878951e87c29a1518fc2b

SHA1
24376c70b00152501b3d98df61fa7db435339172

SHA256
10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

SHA512
96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

Download Submit
/data/user/0/crossstitch.puntodecruzev/shared_prefs/admob.xml
Filesize
133B

MD5
50afccc7392f2738caaf4d3b27fca0ec

SHA1
8559fb1e896b1a53230ac1d376176a88135bde21

SHA256
e834550f12140fe104eb0f1e4cc2fbb01aa6d041b65bf648a8efc87a329e849f

SHA512
4e5e0a9b3716092471e623122666bea61f2bcabc17f967ce09e3178fc4d65c867dc2d1ae2dce5c03423a775409ce73d6cd08aeebcedb7e92e791ba31eedb5b81

Download Submit