f7e172c7c9e8effcf066949f57d7fc63b5cf15f1ca5bad22ae5349338d838b5f

Analysis

max time kernel
3843478s
max time network
153s
platform
android_x86
resource
android-x86-arm-20220310-en
submitted
21-05-2022 03:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7e172c7c9e8effcf066949f57d7fc63b5cf15f1ca5bad22ae5349338d838b5f.apk
Size

16.3MB
MD5

caceac6566027ef0ede8df1c1d17fee1
SHA1

0894da92699ab8c1efac52fc86f172aca76d1bbc
SHA256

f7e172c7c9e8effcf066949f57d7fc63b5cf15f1ca5bad22ae5349338d838b5f
SHA512

9f690529bbafc98f5f529d95ba3e1fd3aee925f9bf68f6ec0902ba39c371ad7b01c20e552d79d831b3aeecc2e8cee7b61f6bf3ddd67b9def163565e8b91bb990

Score

7^/10

ransomware

Malware Config

Signatures

Acquires the wake lock. 1 IoCs

Processes:

com.rcomico.app

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.rcomico.app

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.rcomico.app

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/com.uge.jugeaug.shh/MKjz.zip --output-vdex-fd=47 --oat-fd=48 --oat-location=/storage/emulated/0/Android/data/com.uge.jugeaug.shh/oat/x86/MKjz.odex --compiler-filter=quicken --class-loader-context=&com.rcomico.app

ioc	pid	process
/storage/emulated/0/Android/data/com.uge.jugeaug.shh/MKjz.zip	5341	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/com.uge.jugeaug.shh/MKjz.zip --output-vdex-fd=47 --oat-fd=48 --oat-location=/storage/emulated/0/Android/data/com.uge.jugeaug.shh/oat/x86/MKjz.odex --compiler-filter=quicken --class-loader-context=&
/storage/emulated/0/Android/data/com.uge.jugeaug.shh/MKjz.zip	5218	com.rcomico.app

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.rcomico.app

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.rcomico.app

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.rcomico.app

com.rcomico.app
1⤵
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:5218

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/com.uge.jugeaug.shh/MKjz.zip --output-vdex-fd=47 --oat-fd=48 --oat-location=/storage/emulated/0/Android/data/com.uge.jugeaug.shh/oat/x86/MKjz.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:5341

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.rcomico.app/files/nials
Filesize
69KB

MD5
3af0ec12a99c9e704d63e20d9089322d

SHA1
ed2739f48bd2b7282202b98a94c0a055711ecb14

SHA256
225cf18f83a025e6a1663c295319d0b2ca814397800d16742221b3eb564b9444

SHA512
5f89c6eb73a18fa7f38db464581c976a7abaafcc860c6e6a5bcd717aebbecfb6d7e1e2b93580b8010a23c761ce1ac3b8fdb9f28a9e24b09a6b693caf603d1b55

Download Submit
/data/user/0/com.rcomico.app/shared_prefs/58A8019D0C679030.xml
Filesize
121B

MD5
0324705ebae2e30f106e512f73cb1267

SHA1
d5fb29734cee690f6347f8b40bf6912fbd70a223

SHA256
08e4371a70330bc67964790d115dab9083ef7d6483ac148188bef00511c4b6ae

SHA512
88514e942598f2bf87f811eae6ee30e854f23744b8b5516783d1cded03f651e6e94016632b4a0bfc9cac465c847b779ead59a5c9d4aeabc20a935d9b4a08ed2c

Download Submit
/data/user/0/com.rcomico.app/shared_prefs/58A8019D0C679030.xml
Filesize
185B

MD5
aa4698557cb0a6e4f02037f11aa0fea8

SHA1
9c22bc4f7fb31d10ed79ca52d14df06f9ea784b8

SHA256
eb5238299c817dec91bdedad0a6a2c259f1a155b533bfa86ffcc1618755db724

SHA512
5eb594ae04ece4ffcddd2a06a19a41ac0f5fb390fa99c36ef08e7c622fa30a56b693b1bd44d8f1e2164210d1ee49c45ae002fa6fb04d65423ff22fa3baa17797

Download Submit
/data/user/0/com.rcomico.app/shared_prefs/58A8019D0C679030.xml
Filesize
262B

MD5
73eed1870694f7ad73a26f13d0860cf1

SHA1
3ab00405a4098372ccc34bd63594aa2067ff1407

SHA256
45c16b17e24e3797bcb8871f26d52da623c2981029f2f9ff30a8de5449037fb1

SHA512
20eadef29b0526b4e1c1673855567251369c33315c96a6adfdd07923b13bcfefd3f197b38cc17f32ec9c78bd06b57e68242cdca970b23ba850c024489361e3c2

Download Submit
/storage/emulated/0/Android/data/com.tfd.itfdztf.rgg/oat/x86/ptbzk.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/Android/data/com.tfd.itfdztf.rgg/oat/x86/ptbzk.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/Android/data/com.tfd.itfdztf.rgg/ptbzk
Filesize
529KB

MD5
06f99e88aa658b5eb078649a8df527c7

SHA1
e9a091223d490029991a1a6cd6043a052defbf89

SHA256
1364a33b803fc8d580f582e4b0ad87eb4bfb8a608b732e6d974f99d5ea4ea8b6

SHA512
9a297c4bf09fee87a8cdca06259511f28961a34555e1f2f67f95ee98a111413011a4460bc6cbaa9fcbe6bff04e91ae18f4e415a59108a12ee7f03ad15f726905

Download Submit
/storage/emulated/0/Android/data/com.tfd.itfdztf.rgg/ptbzk.zip
Filesize
537KB

MD5
54cd4f4cfda9d8eff5ccd29db652047e

SHA1
74cab60f4f7294bc95be82d9698057e69d59a42f

SHA256
3efb577c44ac0f37f970fad2d72b5f462b9b17c2e26233e6f6d6ec717ceff4d6

SHA512
c2ae5cec15f81d4e9b36f0c876dcc9e2bccfcec9c2d5c9a0baa6fa54050723cba4561f7637a7cc0da1fb90a71b3e3dbaaa144a6340b99938264733d1876e4cb5

Download Submit
/storage/emulated/0/Android/data/com.tfd.itfdztf.rgg/ptbzk.zip.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/Android/data/com.uge.jugeaug.shh/MKjz
Filesize
572KB

MD5
e6b7abfb7829a2314b70169d1395beb9

SHA1
d24196ad347654ac6b75ed068f89d62babd4856b

SHA256
fd668cafffd6cd9698a70805f370b7660dd9657253ec5b17db36e8b555cd8c6c

SHA512
8820aa3bea401478766d40514d4f99efcb9ae9f0e54e0a6c0a74170273e95cc76fc40981d5be7c0f521b8e925cb183ae5fbe9c572b4a5ec0d23acf52d585e538

Download Submit
/storage/emulated/0/Android/data/com.uge.jugeaug.shh/MKjz.zip
Filesize
572KB

MD5
87221500c8f71797b4b858e5c366ad0b

SHA1
d16cc573273dac04ca07109624432d8bf201d558

SHA256
aae0bd209107154edfb91df90edfbe4df4fe17f4bfb0648d85e4ac09e0f1597e

SHA512
9a03d35980a29b5557e859b10cc0f69b6166a10956ae712daae8f95e4d9726dfc109fa582e0561c0805cea0fb0c3a6390abbc484c435f8fdf1e9b3c8e97fb443

Download Submit
/storage/emulated/0/Android/data/com.uge.jugeaug.shh/MKjz.zip
Filesize
48KB

MD5
4e075ce8df3d45ef6c80683dd14a4aae

SHA1
3030f4698bca0716a18942e50f9ce41c914e38d8

SHA256
ecc0ea4846690f578fc5ef0fd39be5c11d32239338e7c0e8e19001929ffb39f3

SHA512
c4fec16990267f9f274f45a5aaae44332aa9cb5f60dd000f4f2c8a0342e9c54dc7b2a135cd35bf51f4c5f605ffe950c12ec9ecb9bbe3a7faab6d0d38be6d6a2d

Download Submit
/storage/emulated/0/Android/data/com.uge.jugeaug.shh/MKjz.zip
Filesize
48KB

MD5
5e72fa1d9d30c54c2bd2f409b396e25e

SHA1
02110c80f422195e840fce930ba115c35f2f119d

SHA256
8769a7c4d05814444fe57557239459ae97905d30f7c7300fc27897e933fd5339

SHA512
fd16304c82e707d869e4934cf7ad9f227ffa05c462f615145fe889817d09d885ce1d11732f90cd22b91abd00e0a726af713990f917bd8625e98bf483ff6439b8

Download Submit
/storage/emulated/0/Android/data/com.uge.jugeaug.shh/MKjz.zip.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/Android/data/com.uge.jugeaug.shh/oat/x86/MKjz.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/Android/data/com.uge.jugeaug.shh/oat/x86/MKjz.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit