968491721aa61de04e864528ac573c9a716aed5ef152203b3a42e180c26bdb46

Analysis

max time kernel
3865163s
max time network
156s
platform
android_x86
resource
android-x86-arm-20220310-en
submitted
21-05-2022 10:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

968491721aa61de04e864528ac573c9a716aed5ef152203b3a42e180c26bdb46.apk
Size

2.3MB
MD5

e7cba1db2183e092ca643555a326984c
SHA1

175b2ae682986aea14944e3f43325b422f2ca908
SHA256

968491721aa61de04e864528ac573c9a716aed5ef152203b3a42e180c26bdb46
SHA512

578c6a12cfe7a1e5cc87e8d6b5593adb9aec31afbd4dea4908579925bcaac5e5fdabd0e9b44a0fbd832646397939326b07d35a5531deeb572bfbfae398751c40

Score

7^/10

infostealer ransomware

Malware Config

Signatures

Reads the content of SMS inbox messages. 1 IoCs
infostealer

Processes:

qbo.fhtj.jcfd.ymqt.aik

description ioc process

URI accessed for read content://sms/inbox qbo.fhtj.jcfd.ymqt.aik
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

qbo.fhtj.jcfd.ymqt.aik

description ioc process

Framework API call javax.crypto.Cipher.doFinal qbo.fhtj.jcfd.ymqt.aik

description	ioc	process
URI accessed for read	content://sms/inbox	qbo.fhtj.jcfd.ymqt.aik

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	qbo.fhtj.jcfd.ymqt.aik

qbo.fhtj.jcfd.ymqt.aik
1⤵
- Reads the content of SMS inbox messages.
- Uses Crypto APIs (Might try to encrypt user data).
PID:5070

/system/bin/sh
2⤵
PID:5129

cat /proc/version
3⤵
PID:5147

getprop
2⤵
PID:5169

cat /sys/class/net/wlan0/address
2⤵
PID:5319

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/qbo.fhtj.jcfd.ymqt.aik/databases/vdswservq.data
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/qbo.fhtj.jcfd.ymqt.aik/databases/vdswservq.data-journal
Filesize
524B

MD5
c48518da0f956b0916b44dcc5f82221a

SHA1
6075a95f4d08be4d15e505ab763354a4d6865917

SHA256
04d17aa1a2cd410fcbae6d92f5be266d15c60e82db1e7b07e1c31082560e752b

SHA512
4dd0f8c399286ac6789e9bd12c75926fcedadbde39b65575eac8e57fc55a284b74c0524b964b7922f9a36b2a139947dff4600c23f2527cd53e55071a4bd66928

Download Submit
/data/user/0/qbo.fhtj.jcfd.ymqt.aik/databases/vdswservq.data-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/qbo.fhtj.jcfd.ymqt.aik/databases/vdswservq.data-wal
Filesize
48KB

MD5
e529a5a1ce4e7c3520bd1dbb6be04864

SHA1
8756e7161bddd50fb47f14f7dac2143c7c2e2188

SHA256
5f5349e921bea2bbcef9d9caccd542aaad73c72d04810f4329211776b066afeb

SHA512
281797d1de8775cf9d10e59d320dbd7ab26f0bc7eb9ba9ba3bf73471b018fdcb1f664d39d3919be5e7e7f1dfc7f2d18c572b52aecb0ef8dd181b68e4c8c8c905

Download Submit
/data/user/0/qbo.fhtj.jcfd.ymqt.aik/files/files/dpi
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/qbo.fhtj.jcfd.ymqt.aik/shared_prefs/idle_pay_config.dat.xml
Filesize
110B

MD5
6a886a733de3bfd31dd9349b4fb76d0f

SHA1
3b76c9d1574bcb578c5020afd4ec0128570b06d3

SHA256
de84b5e5752cdc85a65e3c11e9b02d6a26f11ed95d5365a3bc707617fb81cf68

SHA512
9a916bb061bd9e0c84dbcad7fe86800d2684576f2b6aa1e314e85d5bb0d0f0f691f968b50af2726b625342f700f136e30729bc2e3baf11ff213459626b692e09

Download Submit
/data/user/0/qbo.fhtj.jcfd.ymqt.aik/shared_prefs/idle_pay_config.dat.xml
Filesize
158B

MD5
1bc05a2802c8c5e648b6c97b41f1e776

SHA1
1777d43750724e4cede9013d462d7b922d4b6c39

SHA256
41737d7981f16e55f65be159d82239737dfaa0fe05b72397939a50dd43004cb1

SHA512
c7e8d5fbbe4bfb5747c8f28305613767d51afa6c80446e4f85899ff4c99637be5f48e7e01f1b53deeebd4bf8936459978a6d4e002314cb41b27ca83c5714a7ec

Download Submit
/data/user/0/qbo.fhtj.jcfd.ymqt.aik/shared_prefs/idle_updata.dat.xml
Filesize
117B

MD5
54c1d7b07d56fa9a5af3e128271e3344

SHA1
a57aa9b4b57c8ac4e693468b956065b67a2cff4b

SHA256
3a3f384e34496dd5430ab374a5e1d12e8f11cf3ca1d74fce75966f7df309121a

SHA512
46bf7fa6cfd0459853dfc5dcdde448c42c248417106ab55fd418436328f9df0ad4ac3d7c7882989f0aee39a4373357d618d35aca65ba96d9a27e9bed3431af05

Download Submit
/storage/emulated/0/.nid
Filesize
36B

MD5
4796f0cb702f23902b0d3dc43e05cdd3

SHA1
ac8d7eb065367148dc552c63dd7000e3e1d48a9f

SHA256
79f7a270f679e6da075b17197c28a68c31ea17ab0cd59f6053a0f4d3a2d6c0f4

SHA512
649c12cf4d75377b2ac213b18c071c8d6f784b810484c53e47ba1c56ad7a4700ea5f3e1e00371a0792b88a264ccc3a3fe34049c91f93d7436d39a0879ae27dfd

Download Submit
/storage/emulated/0/.pudr/hn
Filesize
23B

MD5
3438c26a3f2dff6616b371c65452eea9

SHA1
bdb8b6020e514c31025748f621f7ae2191bbf19d

SHA256
41dbedf8313d3f847cf55b7ddd9c45b06edd78c3b63ce183782513d2a8dd93ff

SHA512
2541576c505ed494489bac6147bc182278d9984881b3d80ac2a5f0c58f569ba375f324f8159fbb11511fc42108237935536b7b7d6d4235e6e00803e9bec216b5

Download Submit
/storage/emulated/0/.pudr/wp
Filesize
24B

MD5
2119cd8239920061a59980a8c0f345b7

SHA1
aded761c0581f7b9260553fe0cad0e41af8461fa

SHA256
b781989953faaeec0fd42542d14cff9cc85f86b919b54403d95dd17c862c483f

SHA512
9ca203177d0f5939252d80c9a1896e19708f70c6925268f950a8a7e7f70ba3c3c5472fca6d4cf2beaaf90d42a47e2a99614a35fe5a9ca938997b9c4edd9be442

Download Submit
/storage/emulated/0/Tencent/ys/Loader/365admo.jar
Filesize
67KB

MD5
101488ebcdf41eb515b71989387753b4

SHA1
191ebb31b588d5a5e74e25bcd747d7c6e4422a8f

SHA256
04ff98499136acb2c9e5d3f9163bfbbed4be47f4da6fa0aacb295cb541b7ee3b

SHA512
86ee22273dd69bfc5a4200007020fa4bb0c8a19b828ff40c1b7ef60a43f692f487693c0e97a3dd487c2ec1a56b470cb23e37ac7517edd641cf22c08d2cd9f67b

Download Submit
/storage/emulated/0/Tencent/ys/Loader/ad367.jar
Filesize
68KB

MD5
03cb4d8d374a36e7a632a433bbfd07b9

SHA1
873e60d7d6ee5bab37c03bbbe6a81515f7feb41e

SHA256
0304d5f3d6f42dae9b8353e8601787a837efe40173ae80e9dddf11bf03a8635c

SHA512
4558db7ae95c0bdeb3df9f43aa08bc861a78231197fae85ec75fe20a3040df19e01d7cde3a27c6e454384ebe615407bf9e1ec23cd326c59983d867f8b2997611

Download Submit
/storage/emulated/0/Tencent/ys/Loader/admob1231.jar
Filesize
55KB

MD5
6441a1982965d2489968f531ac3ab2fd

SHA1
5bdfdbaa40f3d102f772f804a0b2ee669d950353

SHA256
55be9d94b664d8d57af94619305107dfd032b1bfee883b62c6ef83fb33c392cf

SHA512
661e54258c00bab72375349b020fd8db0306f132ca1bea9c2d08d2f50cc051c2ee25d938513c5059908caf007c45e1406bc0953cb8ec185bdd4f77800a69ba73

Download Submit
/storage/emulated/0/Tencent/ys/Loader/admob654.jar
Filesize
67KB

MD5
d2fd99ddb21573b8d143769a30e27edd

SHA1
b1f9275861d5deb0b646838bbc01b40c6c0c9574

SHA256
6ea3f58d2cd94c631c782420c1973098f074ef4be4e0e6e1453afb1496a8f312

SHA512
93dd80960903cef9759d8c1f14e1a641e52d9e0ab97ee058028a4c3d17c876a791b7f27c7083abd5c22a1195efb00ea98ccd366793ed65940d41fe4f68c0cc9b

Download Submit
/storage/emulated/0/Tencent/ys/Loader/an0416.jar
Filesize
54KB

MD5
4e8f1f07d3eee18eba5292dc29628a77

SHA1
53076abe721d4debd967ec62984c5a0013407ce3

SHA256
cdaa0f35791e96db188689230827b0a9891a583cb7f75578becc0f5e485b70b4

SHA512
f49ccd4f3fab4f9271b2ed847aa803324e24fb63fe2d70e831d79d1885615cadde0dbd3306ab9378e2705cee9f5c5aa09fadaee6cde41f2610c6446a943e2499

Download Submit
/storage/emulated/0/Tencent/ys/Loader/api20201223.jar
Filesize
42KB

MD5
6733482d84e6b4c4d9eddb33810ad3ba

SHA1
964bbf4490cf9c15080c10a04fc6cc3ec46a06f4

SHA256
e5ee725614f963661776e29a22b63fdd1e511d152932abb1e8dc925e0f8507b0

SHA512
3473ab59c29c0dc8e08ebb959f992f18ca4fda63425339551672e1b0a7c15ccc66a73451d7568637f12ee62a95d98157a290868972cb80e64666f61125884d3f

Download Submit
/storage/emulated/0/Tencent/ys/Loader/cf0218.jar
Filesize
54KB

MD5
76eab6a33c5e31aebf016351b2d14d98

SHA1
a62ff03191bdd68ff68d110d30fb9f836b3ffa09

SHA256
cfc482d0c589a69fe3d28ada4def426bb8bbf7e5d7c70cc84a9bf3b32ef82f39

SHA512
0894f356fa1a9b422029a63d245c995d0e0579dfd71df70b486555695b34ce3ab7ca03e73ee4611a1a42a4f1d80a579a4b195e190c2cec91dfd63d00749fdb69

Download Submit
/storage/emulated/0/Tencent/ys/Loader/cf1129.jar
Filesize
55KB

MD5
7c47f392f7fef53c554c21404c02cc07

SHA1
e2c5f640ed2c011044f1ec70fd34d2360b6fea22

SHA256
2bbd40e7fc76725607035407cf0a266da1ad0331007102daad5a0958d4600d2e

SHA512
51e2ffaba78c33a1e6703e4df5ccdf7d9baa26707507e6d33ff42bf2af186bda256aa0804e9a8a821f6b216b41a344ade8fde7fc6914d88693c4563610b8627a

Download Submit
/storage/emulated/0/Tencent/ys/Loader/cf1231.jar
Filesize
55KB

MD5
d5f0152dd69c32b93e9871ce852f41f1

SHA1
349e98ad51376e3494ecab5042626cfcd6c1fbc9

SHA256
3b7f05876c29add6d7320b8ade726411c7608386628445602dd4746cc021c1f1

SHA512
4ce60ba6ae25d6529d3665499f958720206b33f6f4f8a3a8c28515d6a28b4269853d9163edde25848439b8360280ad8a552158ea092b5a044235a51c622c1d01

Download Submit
/storage/emulated/0/Tencent/ys/Loader/la676_0507.jar
Filesize
43KB

MD5
fc64cd52612729ddd3ed3e527b941fc9

SHA1
d074ed68a265a5548834bed0a453ca8ed1d28c86

SHA256
7e0308354529ecea6ddc2b0ba39ebfdf5de0e241f7c7b7be39aa66c510799a9a

SHA512
54271ab0c459ce4e2041c6021784795b2cd7b274f16e072c4385b142ea552cf2d85154300cd3836e6c368621dd4d9193b02155e0f2cd403222d08b9f6275a6b1

Download Submit
/storage/emulated/0/Tencent/ys/Loader/wm0324.jar
Filesize
42KB

MD5
d6a102b1f38e420338303fe1a0843eb8

SHA1
48f7c0eef87aad8b759a464860907ff8cce7048a

SHA256
d0fd3bc61a10ba4b0c4484790fcedcae4276e850235f1b0afbedf9fe867b6d85

SHA512
06b5f04185614b98855215bd93c65e53628a7722d8b0ae80d683d290b9eccec8950d03fdf9abcba3c5c357d3bee956b6cd3109cb22d760bf705317a3212be56d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads