cfe5f6d189dd239a0680dc28a42dfd32f300f201e77bee56f1b906ac9e805b21

Analysis

max time kernel
3085219s
max time network
141s
platform
android_x86
resource
android-x86-arm-20220621-en
submitted
01-07-2022 03:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cfe5f6d189dd239a0680dc28a42dfd32f300f201e77bee56f1b906ac9e805b21.apk
Size

2.2MB
MD5

204faf1feffff0149e5f728b50a8a173
SHA1

164d6b688410cacacba974346337506c67e092ca
SHA256

cfe5f6d189dd239a0680dc28a42dfd32f300f201e77bee56f1b906ac9e805b21
SHA512

343e264cd1c351eda9dead25a4d75ab65ca5ae6a3231e7072d3aa12987ce06a2ea691bc57e8fa744f68ae76ce173878c74b821332f5b5d04dad2693ba96a879f

Score

7^/10

ransomware

Malware Config

Signatures

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/qin.gao.su.wo/app_cache/mycode.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/qin.gao.su.wo/app_cache/oat/x86/mycode.odex --compiler-filter=quicken --class-loader-context=&qin.gao.su.wo

ioc	pid	process
/data/user/0/qin.gao.su.wo/app_cache/mycode.jar	4722	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/qin.gao.su.wo/app_cache/mycode.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/qin.gao.su.wo/app_cache/oat/x86/mycode.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/qin.gao.su.wo/app_cache/mycode.jar	4640	qin.gao.su.wo

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

qin.gao.su.wo

description ioc process

Framework API call javax.crypto.Cipher.doFinal qin.gao.su.wo

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	qin.gao.su.wo

qin.gao.su.wo
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4640

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/qin.gao.su.wo/app_cache/mycode.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/qin.gao.su.wo/app_cache/oat/x86/mycode.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4722

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/qin.gao.su.wo/app_cache/mycode.jar
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/qin.gao.su.wo/app_cache/mycode.jar
Filesize
2.1MB

MD5
526591b0f18ae840cef62fcc1271ebf8

SHA1
c220e2212e284a3656688a404113ee3d3ad53b62

SHA256
15b62b2eee3ce26e70e969e98fc98e71be3537a8618608768a2c21602e201f2a

SHA512
4cdaf217f1cfdaee6af22209b368d21f8bd4358e1cfc1cab8cadc3aca4683f98d558e70b0f078cf685e4f2c7f100e3f1b5ee96e0482b6f48503148733a12ec1e

Download Submit
/data/user/0/qin.gao.su.wo/app_cache/mycode.jar
Filesize
2.1MB

MD5
7afaeb213fcf71ab3fb7811e3d793fe1

SHA1
782bcae16adce96e0421da427a7c264455ec9e84

SHA256
46740aec2921a2fb6e4659e269a07f67de817bc35f2743635345eab8af682d09

SHA512
70f74cf46918c4d4df062c2469e676b6bf95c02fd7f7e5900c110b08457655c4b7cad1ec098753dc5c13b4da3cb05806f2d6e37bd2a54ed877b30426dab2d92c

Download Submit
/data/user/0/qin.gao.su.wo/app_cache/mycode.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/qin.gao.su.wo/app_cache/oat/mycode.jar.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/qin.gao.su.wo/app_cache/oat/x86/mycode.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/qin.gao.su.wo/app_cache/oat/x86/mycode.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/qin.gao.su.wo/app_webview/Cookies
Filesize
64KB

MD5
cb7543c4df600f2af58097cce0e334ba

SHA1
83cc92f38c27fdb4fa519b1ce2f37912f24af1f0

SHA256
64c022ae708f94ffde986e105d88f708884de325720bfb9925c4160a6d417233

SHA512
ad51cad0472327bd68aa2d791341cfafed58971752352537bb603ed18b15a3f9185e9150983a28ecd09606e8dcaef6d1c9d93213dd246ef7720f39842eb3d980

Download Submit
/data/user/0/qin.gao.su.wo/app_webview/Cookies-journal
Filesize
1KB

MD5
7fcc28f6afe1ce8c491883e16fb2dc3d

SHA1
3cbd64c946e7a04819f94cc6a6eb1234893282b3

SHA256
24719244c5d337b559c0b3003309db253434f7c2c5b8e97924b364a7334aaf9e

SHA512
9f32e1ea791ccc9a49c9cd67283a699993f1e1dd95d062c2c7b456c49d89295be6d3087164ec04daccb367c4642cc7def5f1f72cd010fabf8929bf0181104655

Download Submit
/data/user/0/qin.gao.su.wo/app_webview/GPUCache/index
Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/qin.gao.su.wo/app_webview/GPUCache/index-dir/temp-index
Filesize
48B

MD5
4cca795f9b2e6266d2d7ee643f8b542a

SHA1
07ccae839cf4ac0728d948c8d010b46d0fbac3c9

SHA256
f07eb590ace8a188ea6485cb04224f435c84c52b922520f2968e23e8b3c73ca9

SHA512
e03cd803cf453873f6d461abc629c1fc3b8bc5cf1c200807ab0ab120dc74fa7ae2050a8cfa9d2fac848ff4e9b5d9999177e76e886a67a3818da72ab9079076c9

Download Submit
/data/user/0/qin.gao.su.wo/app_webview/Web Data
Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/qin.gao.su.wo/app_webview/Web Data-journal
Filesize
1KB

MD5
9f008b1f706ed6a026687fa013a857fe

SHA1
e7bc9a17c560f50b85f03e8a014298bb4417e2a5

SHA256
4d514cb755e891aa15db2b990dbbdfda611a6f3ca9950ef101fb34d92b092830

SHA512
fd408384ae4d929e289a2e2b3aa0c6defc19eb0e60e122c39560935feb070f27bbbe856e9f5fb6a9d1b07b1232b714f0b5a5fb93b20fbe397572c7ccc212ad9d

Download Submit
/data/user/0/qin.gao.su.wo/app_webview/metrics_guid
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/qin.gao.su.wo/app_webview/metrics_guid
Filesize
36B

MD5
4f8e2fc9d3d2cdc81a24fa3850a75ac9

SHA1
be4ad121960d4e120f2bb08c5f61e7a036cad540

SHA256
8f1cf3e7ed43fb9be7a6f327cdf9c452af71ecbab0afa1e13b86d2e7242817c5

SHA512
d7fcf718a605ca7b60ef30ea438034160da94d89369c8bad8128c23107699c443416d2ee497fc71b7a07e524e63d12e049f5e283fdb1977164f7e627942a2c00

Download Submit
/data/user/0/qin.gao.su.wo/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/qin.gao.su.wo/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/qin.gao.su.wo/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/qin.gao.su.wo/cache/org.chromium.android_webview/2fde5005b7166ed7_0
Filesize
120B

MD5
ba43e3d292db8738395f94d56ee7e5e3

SHA1
4c316f170e75c9b9f1609549ad64bd78f2ab42c2

SHA256
23726e94de48735b693369f05b35b784ab0e2acfce0f3865792eea9e1edd5230

SHA512
fd155d122d283b3eb09b42a131533ac445c91a7da336071fc2cf389796c4bf0c35f0aac55d429890e79336ff711c86721a625e1d2c8c8bffa546d41cd54ec753

Download Submit
/data/user/0/qin.gao.su.wo/cache/org.chromium.android_webview/index
Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/qin.gao.su.wo/cache/org.chromium.android_webview/index-dir/temp-index
Filesize
72B

MD5
f02eba4618e1bd76cfe9b30a7688684e

SHA1
8fc9d9e81cd19e50785de4233296d9e17dd61df4

SHA256
6fa8de879d88a72cd0c3cc901f245c45cdf74ab579fca15ba757111fc4fa6397

SHA512
200f192dcfa03b9e3d67a2fcfc13995a30a496ec251612c978d2bade6db02df39ea82a5291a7cd84ba62c08540cfe9cb3f470f5768e48d76538c3cfc230f3cfd

Download Submit
/data/user/0/qin.gao.su.wo/cache/org.chromium.android_webview/index-dir/temp-index
Filesize
48B

MD5
3601b529b09730fcef284bb94cb62369

SHA1
b4371d504c25b3737bfba64e31bcbfae123ddb4f

SHA256
d9316b4cac886d96e07c87753ca43a29256025697520e51fb004a22c3f7ae646

SHA512
1ad69c58c4bf348f75adb08245a4e927adb79840e003bb4dbbdb2162f37fafc1d5acad05de0bc1afccd2dcbfe25af8492f16b0ca685bc99b79d61bfb80e992ac

Download Submit
/data/user/0/qin.gao.su.wo/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit