e38d7ba21a48ad32963bfe6cb0203afe0839eca9a73268a67422109da282eae3

Resubmissions

21-07-2022 15:40

220721-s4kl8agdh4 10

20-07-2022 04:04

220720-em11zscbgr 8

17-06-2022 11:31

220617-nmpsdsbgfp 8

Analysis

max time kernel
1906806s
max time network
151s
platform
android_x86
resource
android-x86-arm-20220310-en
submitted
17-06-2022 11:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e38d7ba21a48ad32963bfe6cb0203afe0839eca9a73268a67422109da282eae3.apk
Size

2.9MB
MD5

db253c49fa9375e6eaa7f23661c58554
SHA1

527141e1ee5d76b55b7c7640f7dcf222cb93e010
SHA256

e38d7ba21a48ad32963bfe6cb0203afe0839eca9a73268a67422109da282eae3
SHA512

e15c29a45813977896487240692c5286053ca4e63f8da92709e4ea56ec354a039fcd5fe8168076da9d2e718cd89704e117e4ea690f5102383253f94f24ac362d

Score

8^/10

banker evasion ransomware

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
banker

Processes:

com.androidservices.support

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications com.androidservices.support

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.androidservices.support

Requests cell location 2 IoCs

Uses Android APIs to to get current cell information.

Processes:

com.androidservices.support

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.androidservices.support
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.androidservices.support

Acquires the wake lock. 1 IoCs

Processes:

com.androidservices.support

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.androidservices.support
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.androidservices.support

ioc pid process

/data/user/0/com.androidservices.support/app_pi/pi_3cba 5082 com.androidservices.support
Reads information about phone network operator.
Removes a system notification. 1 IoCs
evasion

Processes:

com.androidservices.support

description ioc process

Framework service call android.app.INotificationManager.cancelNotificationWithTag com.androidservices.support
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.androidservices.support

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.androidservices.support

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.androidservices.support

ioc	pid	process
/data/user/0/com.androidservices.support/app_pi/pi_3cba	5082	com.androidservices.support

description	ioc	process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.androidservices.support

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.androidservices.support

com.androidservices.support
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Requests cell location
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
PID:5082

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.androidservices.support/app_pi/oat/pi_3cba.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.androidservices.support/app_pi/pi_3cba
Filesize
392KB

MD5
6b72cafaa2301583badd821337613585

SHA1
e1d5e8887175d184fb360fa2e8e961df1d47bacf

SHA256
b61befbb415d6af7da005ad5d12a06913f792df7a83dccf2ab1970f0e2e0a183

SHA512
8eff4bc5ab8ba1f7044766fa7ffefb82c53677c6d6aa331b21f0fc29c0693edc37aa00d6a9b43eb8c7624787642fa1141c7d6d53d5bf2715482d2915d9bdff7b

Download Submit
/data/user/0/com.androidservices.support/app_pi/pi_3cba
Filesize
1.1MB

MD5
64552c7387d8f64195bcd3f04719dfd8

SHA1
d480c2cc31dcb2c40dfb2f9c0f2de3a69814990d

SHA256
2c311fda021ccc6f879e89e4b1fa89f86d5088537166f0f2a64c8ef37fcade8f

SHA512
79e02d85f234216f326f793677a84a4b6be77131910e1adb56bfb5c09679ea185d9307b957f1e16e12e3c74dbc28335d7e22647bcc02df1d8ae1698b4604a84b

Download Submit
/data/user/0/com.androidservices.support/app_pi/pi_3cba.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.androidservices.support/app_vd/be17d937-aa58-4dd1-aaf1-a00d70712473___F
Filesize
163B

MD5
8bb0f09d8a25421965060c288eeb2cf4

SHA1
acc8118b0f3413cd5d5b6677f41e513f57e41abf

SHA256
b9719903408f21f43c48bf63af2bbdbcb0f69c832d4c4a5cabfe86b44b729321

SHA512
3616ac51fe7ddfded406b6941c6bd56f1c3304b2ce3b88a16867237d4da47cad05f05b3d1f55a1c4d3aaf30407671f4b14638e2c452cced8efcbe043c265ae5f

Download Submit
/data/user/0/com.androidservices.support/app_webview/Cookies
Filesize
64KB

MD5
cb7543c4df600f2af58097cce0e334ba

SHA1
83cc92f38c27fdb4fa519b1ce2f37912f24af1f0

SHA256
64c022ae708f94ffde986e105d88f708884de325720bfb9925c4160a6d417233

SHA512
ad51cad0472327bd68aa2d791341cfafed58971752352537bb603ed18b15a3f9185e9150983a28ecd09606e8dcaef6d1c9d93213dd246ef7720f39842eb3d980

Download Submit
/data/user/0/com.androidservices.support/app_webview/Cookies-journal
Filesize
1KB

MD5
0fc0b002d2783720ced04f124bf8e581

SHA1
6b2f677a9f4b8949cc7c06d49d02b46cf1439cb7

SHA256
ae668717ea96da09655df77a4c174e525f8815d742851d85639d421f3fb61fbf

SHA512
b2698dd42d4b8bf32f467fd1001982fabd55bfed7e566a315d9b0a55fe826319d1cd24a30dcf1f855353fddbab0dfee0cd9b1b9f352ed9951197b88b04e46c8f

Download Submit
/data/user/0/com.androidservices.support/app_webview/GPUCache/index
Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.androidservices.support/app_webview/GPUCache/index-dir/temp-index
Filesize
48B

MD5
d5a6f9381f0214cd7dea011dcd7d9bf2

SHA1
1eda0df9d0094a6577b2874980f825ba9d82ea62

SHA256
26deb3a3022db52459684e17c6af2b6218ff814cf81305f0fa551c76d7d2a091

SHA512
7c90e5f37651308ac1f123f27bcd04e337c2f8226396d1af7c4a807a123fc6f47a289f87c4e3782a14b34f0bd1c6a31eaca5a8d8c7f817c6771c1e359739cfee

Download Submit
/data/user/0/com.androidservices.support/app_webview/Web Data
Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.androidservices.support/app_webview/Web Data-journal
Filesize
1KB

MD5
28e5998221ad4141cedb56f524769428

SHA1
b6a4e42cbb0612a2880eea8633fb83ef3dd61631

SHA256
d64cd7da7ad33ebde7c5ad88377dfcc00dda45cf96873711ed72f1159e259115

SHA512
ddb8e4972e178120754e88d3639d13516cd21645355d9e6166357624d4c9367c245cc7146cfdcd9d37be26df4eec9915254c4298260413bc45542261954095d7

Download Submit
/data/user/0/com.androidservices.support/app_webview/metrics_guid
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.androidservices.support/app_webview/metrics_guid
Filesize
36B

MD5
5d293400437804b1742ecb351dec2396

SHA1
25fa0000bb010612c83cb1adf55aa5427a856d0d

SHA256
da8609704cbc2ced840be450f162c050c804066ce3c9104e919ee9d7a08c8100

SHA512
a79e8e245abc74fd5e94822a70280dfed029052273b293fb130291f38281b53be860b77572f0076a830ad27a5d0914b004977a8cc247f083880c91373073ad30

Download Submit
/data/user/0/com.androidservices.support/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.androidservices.support/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.androidservices.support/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.androidservices.support/cache/org.chromium.android_webview/77e371dbde913892_0
Filesize
120B

MD5
35340ddd7450297e868dea2dfc20bda6

SHA1
7adfcae40837950a3e579473e30f7793c8abf830

SHA256
cad5eef60009183c2a4b80358e751fccf675bbb7dc7485d06088c41fbd5da7a5

SHA512
06c0e466bc6c0bf8f643c2a2168450f032602a9384b51f6f2555fb0ece0dd334fb03c04b3485b90341910e604cebacc2dc4f8f35ff8f9a29d82b5f670e535f05

Download Submit
/data/user/0/com.androidservices.support/cache/org.chromium.android_webview/index
Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.androidservices.support/cache/org.chromium.android_webview/index-dir/temp-index
Filesize
72B

MD5
e826d6ebba0cad299aa34477d01a9580

SHA1
6dc7653d11c30afb0ed0e906643d4e7764192af3

SHA256
6958d787be146813370f566a7b012c9b1ef94690c224cc21190dd5f0ae818280

SHA512
ba5aa1e622c8bb98f358dae61bbbad04b95bebf94c4fa2286ad4683f65a777240aeccc771bd21c242e1e0d72dec774665090aeba223a42bf2a98f7d7bfe203ca

Download Submit
/data/user/0/com.androidservices.support/cache/org.chromium.android_webview/index-dir/temp-index
Filesize
48B

MD5
d3fed65761f9afcb4604cc06cec8bd20

SHA1
20beecb4fae6b768775a232a354c698096e89c05

SHA256
420e328a7d20a8b4af47067f614e5155e7f63a7109a86fdd82d4087850b10adb

SHA512
3a6289a0fd1abbee270c1a472d5b4dc09447761b1eceafc8cf4d9e17c5cb572df18acf90d20be55ecb733e061144260586a4c0d3bcaf800d069f06340affeec1

Download Submit
/data/user/0/com.androidservices.support/databases/com.google.android.datatransport.events
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.androidservices.support/databases/com.google.android.datatransport.events-journal
Filesize
524B

MD5
0ae5ca217ad64fedd86e9f818b51a43c

SHA1
521cedad23f6686336e6d5f9eb712e43ca2d61a8

SHA256
657d47bc98b9d60040b0cf2fd423468dd058c2204a4468347c1fae584d3f048a

SHA512
4633d68dd41169fe745b804cc7243240f596478ff5685245de19af9595817bfff6b6dea018c20958732c177da6d22306c4e093fd1701d95f203d0fa79a85a4fc

Download Submit
/data/user/0/com.androidservices.support/databases/com.google.android.datatransport.events-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.androidservices.support/databases/com.google.android.datatransport.events-wal
Filesize
52KB

MD5
455f58567d1b7cb3f51404f8d34fdd67

SHA1
56feacaec73fb3f354915ffdc6a7c48552e5e26c

SHA256
345d686d94441997497bb8a2fb7c3ccc1eb49056216cd5a0efb500a5ca00f2cc

SHA512
76beeda125a45efdac0501848f2ae0a369ee48204ff613fa2fd5601b5045fc80037fa1546c81ac64829a59ac60e9b0cad12853f6caac8cd7931e97c201a6bb1f

Download Submit
/data/user/0/com.androidservices.support/files/PersistedInstallation1361775984611152276tmp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.androidservices.support/files/PersistedInstallation981643962357073951tmp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.androidservices.support/files/generatefid.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.androidservices.support/no_backup/com.google.android.gms.appid-no-backup
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.androidservices.support/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/com.androidservices.support/shared_prefs/com.androidservices.support_preferences.xml
Filesize
125B

MD5
f4f7a1b9f1cdbd734cd3c1a9fcc9649c

SHA1
7baef8e641e80ff50ab8aa0c9553dda85516c2b7

SHA256
e858b6c91086733d03692610345170bcc72d7fa637cf7a7b29a6156c07c0a7dc

SHA512
0f5a419ba545f23e1f2cef55b9ff857f23bf72c68d53f9236f69f5aa972b41588fd85e55e9e5848c8ec049b89ac7d51b07907d4d030ababeab56e1ff9f525853

Download Submit
/data/user/0/com.androidservices.support/shared_prefs/com.androidservices.support_preferences.xml
Filesize
171B

MD5
c46c78da23f3d34fc453544d45694e6f

SHA1
edc2f0b4b07d807b0ec1eaeeaa1aefe2f6e23c53

SHA256
7fc2354f957c829467a9758edcaeb046c4b894c99e071b19f892a9ff1b3ae855

SHA512
ad2e0dfc447644089f6b9419045b961c48ea2a03d70841e9a27f801949ca40bd7e280b692e8a1019a05a11a74cd9d7242252c3409342e77bb9f6417f8591304d

Download Submit
/data/user/0/com.androidservices.support/shared_prefs/com.androidservices.support_preferences.xml
Filesize
302B

MD5
b5d7f336b7eaa7d762cd5eb42417553a

SHA1
4e186980ca7fd8d2422faad04b2e62c744695a0b

SHA256
e158cc41afec02706393d21add5ea1a28fce6dcaa57a850767ab4c1c8656eb7b

SHA512
dc3ed5f56102f905b42a6c1ca9626d383d1e324f25620b7a06aa44614ffcc99ada2eec60632d056c11296dca2ecd1ba5af4f6172ca3a84acc433c2300689df1e

Download Submit
/data/user_de/0/com.androidservices.support/shared_prefs/move_to_de_records.xml
Filesize
128B

MD5
0e777fa46dc7b378b14a465da934467c

SHA1
ab7497b8b32d70c9fc2a5203ab618920d0601253

SHA256
63b2de8ef589db15b161ed905df89532d0b8ecdaeccf08f4771a4a2206089eac

SHA512
f43b46b82842ea2823ebcef50b7677e44c18675b88596e7abc6c090759af93b784c81e74f0f43b7649fa36c5582dc33338c6eeb7f5ef42d8967ad81d54e601e6

Download Submit
/storage/emulated/0/.cache_db05e717695102a349f5e434e8ea8e80/.nomedia
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit