414f22419fbeff9ccd22942804f0c2923b13d7f62caa9c90a8b1552a756ff219

General

Target

414f22419fbeff9ccd22942804f0c2923b13d7f62caa9c90a8b1552a756ff219.apk
Size

2.3MB
MD5

889c507091e43d66a98abceab0ee8088
SHA1

d3cc6c40d8921e44220d640bbf577a87444e01fb
SHA256

414f22419fbeff9ccd22942804f0c2923b13d7f62caa9c90a8b1552a756ff219
SHA512

cc20c8ec7298f7ae052529637477a78d7e75501b0c3530bf8309cf0895006b102d442bf5d21e11339b02c36b7aad2bf8e334cdb6cdfafce7c5d72e50a238554f

Score

7^/10

ransomware

Malware Config

Signatures

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.rhmkpij.khjjvk.spvvr/files/box103.zip --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/data/com.rhmkpij.khjjvk.spvvr/files/oat/x86/box103.odex --compiler-filter=quicken --class-loader-context=&com.rhmkpij.khjjvk.spvvr

ioc	pid	process
/data/data/com.rhmkpij.khjjvk.spvvr/files/box103.zip	5103	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.rhmkpij.khjjvk.spvvr/files/box103.zip --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/data/com.rhmkpij.khjjvk.spvvr/files/oat/x86/box103.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.rhmkpij.khjjvk.spvvr/files/box103.zip	5059	com.rhmkpij.khjjvk.spvvr

Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.rhmkpij.khjjvk.spvvr

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.rhmkpij.khjjvk.spvvr

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.rhmkpij.khjjvk.spvvr

com.rhmkpij.khjjvk.spvvr
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:5059

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.rhmkpij.khjjvk.spvvr/files/box103.zip --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/data/com.rhmkpij.khjjvk.spvvr/files/oat/x86/box103.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:5103

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.rhmkpij.khjjvk.spvvr/files/box103.zip
Filesize
215KB

MD5
ea7b70b7e6dc2d5ced094408da03d480

SHA1
25ab4b93775dec7ba1f3d301487cc864150bfa64

SHA256
cb2e42d1a08b074c2dbeef44ae8fd79ea41c323532ddd947dc9babeee8e61f52

SHA512
bcc184d7321d657d6f3bff8749bcbe1a4ade67e5c85b12f7eede5b615caf4959ce2f8554af37bbcb756a16fb6ad1b8ad13cafb1966ee266f1af0a45b3fb9f1cb

Download Submit
/data/data/com.rhmkpij.khjjvk.spvvr/files/box103.zip
Filesize
215KB

MD5
e0eb1f920a386479a8554385659af550

SHA1
f4f8d3f4618eb2287f4483311fc0a91dc8cf41a9

SHA256
0d2800c904603d52ffc9e51c1b07c071f9c92551e3e6b1b3540ff113214deaaa

SHA512
81d8f5f08d1672cc89ae0e6e33ad5b22369ef7788d5f48500fbbf66dbdeafddf95e38d2084b603fe8841ad44b6f7b458dba933da1bc747d7374ebd2fda1adae0

Download Submit
/data/data/com.rhmkpij.khjjvk.spvvr/files/box103.zip.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.rhmkpij.khjjvk.spvvr/files/oat/x86/box103.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.rhmkpij.khjjvk.spvvr/files/oat/x86/box103.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.rhmkpij.khjjvk.spvvr/files/box103.zip
Filesize
99KB

MD5
bb0cf657c4d22833ad0a4faf5d922110

SHA1
86708ef50c5fd321184e1dcba1e22413a121e385

SHA256
31c730956e8e9ac870103e99bb6b2d230944fd044d06d90c0e94564da451c8ae

SHA512
c5f7a040ad492cd53054cef2501d19cdaed946d6b3cf98a10d5a93e284809602606bca5dd7dc8aae9a674cfe9dda2c6896c7e5427d3d0b115206a967d7feac7d

Download Submit

Analysis

Sharing