a09c90550d5ce77b16e01fb08a3542e2c77a3d84546a1086b33b1737b019c0ce

Analysis

max time kernel
3092580s
max time network
15s
platform
android_x86
resource
android-x86-arm-20220621-en
submitted
01-07-2022 05:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a09c90550d5ce77b16e01fb08a3542e2c77a3d84546a1086b33b1737b019c0ce.apk
Size

105KB
MD5

9e57420abd7ac0491956bb0bd0044a9a
SHA1

3cf23a5d5b84fa8a239805228786e2c529a99d06
SHA256

a09c90550d5ce77b16e01fb08a3542e2c77a3d84546a1086b33b1737b019c0ce
SHA512

318126c8a126b57b20baa3c689097393d0eb1c5ef1644896b5026df1ac29046207ebf532524b40cf1c9a59abd35bbe44a1cd812e449cbee2d5e1bd0f85c7ef54

Score

7^/10

ransomware

Malware Config

Signatures

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.firsted.eddroid.app/files/100/1003/72361997.apk --output-vdex-fd=75 --oat-fd=80 --oat-location=/data/user/0/com.firsted.eddroid.app/files/100/1003/oat/x86/72361997.odex --compiler-filter=quicken --class-loader-context=&com.firsted.eddroid.app

ioc	pid	process
/data/user/0/com.firsted.eddroid.app/files/100/1003/72361997.apk	4808	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.firsted.eddroid.app/files/100/1003/72361997.apk --output-vdex-fd=75 --oat-fd=80 --oat-location=/data/user/0/com.firsted.eddroid.app/files/100/1003/oat/x86/72361997.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.firsted.eddroid.app/files/100/1003/72361997.apk	4518	com.firsted.eddroid.app
/data/user/0/com.firsted.eddroid.app/files/100/1003/72361997.apk	4518	com.firsted.eddroid.app

Requests dangerous framework permissions 7 IoCs

Processes:

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS

Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.firsted.eddroid.app

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.firsted.eddroid.app

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.firsted.eddroid.app

com.firsted.eddroid.app
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4518

sh
2⤵
PID:4625

/system/bin/sh /system/bin/pm path com.bala.bala
3⤵
PID:4758

cmd package path com.bala.bala
4⤵
PID:4789

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.firsted.eddroid.app/files/100/1003/72361997.apk --output-vdex-fd=75 --oat-fd=80 --oat-location=/data/user/0/com.firsted.eddroid.app/files/100/1003/oat/x86/72361997.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4808

sh
2⤵
PID:4837

/system/bin/sh /system/bin/pm path com.android.apps.feedback.lge
3⤵
PID:4874

cmd package path com.android.apps.feedback.lge
4⤵
PID:4921

sh
2⤵
PID:4970

/system/bin/sh /system/bin/pm path com.mobileapp.timeservice
3⤵
PID:5107

cmd package path com.mobileapp.timeservice
4⤵
PID:5190

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.firsted.eddroid.app/com.init.env/app_webview/Cookies
Filesize
64KB

MD5
cb7543c4df600f2af58097cce0e334ba

SHA1
83cc92f38c27fdb4fa519b1ce2f37912f24af1f0

SHA256
64c022ae708f94ffde986e105d88f708884de325720bfb9925c4160a6d417233

SHA512
ad51cad0472327bd68aa2d791341cfafed58971752352537bb603ed18b15a3f9185e9150983a28ecd09606e8dcaef6d1c9d93213dd246ef7720f39842eb3d980

Download Submit
/data/user/0/com.firsted.eddroid.app/com.init.env/app_webview/Cookies-journal
Filesize
1KB

MD5
f5064522a2c29cfd270a7d57301a3f91

SHA1
4c8c16331c66bd4ca33690dc77d73c531929b774

SHA256
0156e479cb91c85896cd254ec9a96b0aacee06707dfb35c73d7b9153a345ca32

SHA512
301d2d71ba261979db7dd764e5d26e8e2d31a7ead38835f445193866dd30cc3c947c43b4876e9e8adc878c981cb8107e4e53d3a13c42882a91fbbe5c5eadf52b

Download Submit
/data/user/0/com.firsted.eddroid.app/com.init.env/app_webview/GPUCache/index
Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.firsted.eddroid.app/com.init.env/app_webview/GPUCache/index-dir/temp-index
Filesize
48B

MD5
dbdd5dc9ee4d8b7982d3fc0dc4c377d0

SHA1
5c8ccf6198c46e0b8f272b6b0123135aa5219a4d

SHA256
2ee5831ac13945169dfe3c46faa420400fa9022c7bd3156162a80a34144d678b

SHA512
6fdd8f507829e3503748eac1599f009b662eeb9fac6e263899074ac002494975c28400a8d112f9ee37032ac8527bc26e5bc108824bf00e9d9a8f39b3ddb19540

Download Submit
/data/user/0/com.firsted.eddroid.app/com.init.env/app_webview/Web Data
Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.firsted.eddroid.app/com.init.env/app_webview/Web Data-journal
Filesize
1KB

MD5
53f777ed342345cf292bdfd84a253b11

SHA1
7c334abc831d4936f41b996c3abb56f7ea63db9f

SHA256
05a823ce0152e729712e5843d1bf50abfb432693af4d850bbfeb781b1adfc69d

SHA512
5acc8100befbdddc9fa368d88ac398e81fba46a650a7b8c9dccb0c09d6096a2fc1e57d1e8f16f81409f5aa8a492a67e083236abceceaa7e82bdc3bbe3c7261aa

Download Submit
/data/user/0/com.firsted.eddroid.app/com.init.env/app_webview/metrics_guid
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.firsted.eddroid.app/com.init.env/app_webview/metrics_guid
Filesize
36B

MD5
7311dff4609173f0cd4ceac93fb472ac

SHA1
ad169ffde42b3526e76a0dc9c8b6d9bf0f1b5690

SHA256
0cb4514ae7fffde18d983da075d1117d4114f88152868b1946754b5ad657362b

SHA512
98df697753e9912ada36f11054904061f676b5dada2a567018f29a1c6da145995c9555dfeb75cc74f8b5f14538bbb1f9bd99043faee6b513484668975799cf77

Download Submit
/data/user/0/com.firsted.eddroid.app/com.init.env/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.firsted.eddroid.app/com.init.env/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.firsted.eddroid.app/com.init.env/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.firsted.eddroid.app/com.init.env/cache/org.chromium.android_webview/818f74c0b01e4ccf_0
Filesize
208B

MD5
56a71d027a98b3fdef8735018f1f1f45

SHA1
33abdfcede56dddee0547eaa67193048c2fbf1c9

SHA256
0abb9be8d1e13be3633841d5dbd16f82b6533b12a86a35a5ece107a7c4d645b5

SHA512
b2f51ba58c6f81602da28c3b45f87d367131d454f24be51ca77ca54cc0526bafd421890dc89e5d346f5fd7d427ed4ca41f1fe22fcb2fc378f7460f235a182527

Download Submit
/data/user/0/com.firsted.eddroid.app/com.init.env/cache/org.chromium.android_webview/index
Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.firsted.eddroid.app/com.init.env/cache/org.chromium.android_webview/index-dir/temp-index
Filesize
48B

MD5
c5d8df984ac1f3be4eb1c1e35713304b

SHA1
0ae7ab63a00f4f54990ed7ea616762d1b5bdabee

SHA256
5dcc3eb5785b85a0d98e2c46039debbec42586f545038ab333979de08b184601

SHA512
c445841a5594853ae80ceaed818fd43dbfcde8a0d3ee87163b8a40a3133c317a62c431b87c64b305ef4d1e3806fa44f177f5b90c0506a5c5bfdc7f92ea9e2a74

Download Submit
/data/user/0/com.firsted.eddroid.app/com.init.env/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/com.firsted.eddroid.app/files/100/1003/72361997.apk
Filesize
151KB

MD5
9ee0b0d1eacaeed58a13e528cc84501e

SHA1
d197393bfe92fec6dde99bac65671b208ea66ef4

SHA256
3c05fc24d382079d8696326101e99834eb3ea6b889c864d025c3caa88b4b4ef2

SHA512
0df568678dc689fac500a5642d1c99b1990d30e3678b79385fbbd5c56bc363d2db724dbbdd92380cc0de13683585f532077f4c16f330616d9ef17efcc8bc2d12

Download Submit
/data/user/0/com.firsted.eddroid.app/files/100/1003/72361997.apk
Filesize
239KB

MD5
6f504d17ab39975e7bff74750f7f6f09

SHA1
b115aee60947edd48741acdd31241bf61b6dce7b

SHA256
348c28c2f3a6891aa2e7726162a9603a5819349802e6b25e3cb5ef14d6cde5b7

SHA512
74c58e31883962f9eb4df8b4e73177b0a943f3fafcf9700ea45bdebed14e90247ecfb4f745b9b79b5caad1c42164b690c71f7ef9e5fee7c7245bb1f7ecdc5a60

Download Submit
/data/user/0/com.firsted.eddroid.app/files/100/1003/72361997.apk
Filesize
239KB

MD5
0ef6062559d65d29a24337868026756c

SHA1
8ab106c211212258963f90a4c6a0c9b3a13e87e5

SHA256
658e7457c3e17b9d15e1480358206a3b9178ed5779c67382d808a274f76096d2

SHA512
2e1f6caecbb4509fdb2af6c896b33da0291470b4128a2b9f235eb579525139e7d7ea86a172129105b7f99b8b0dcc830f5c58f1105ebb25349772b589c0a9d41d

Download Submit
/data/user/0/com.firsted.eddroid.app/files/100/1003/72361997.apk
Filesize
239KB

MD5
6f504d17ab39975e7bff74750f7f6f09

SHA1
b115aee60947edd48741acdd31241bf61b6dce7b

SHA256
348c28c2f3a6891aa2e7726162a9603a5819349802e6b25e3cb5ef14d6cde5b7

SHA512
74c58e31883962f9eb4df8b4e73177b0a943f3fafcf9700ea45bdebed14e90247ecfb4f745b9b79b5caad1c42164b690c71f7ef9e5fee7c7245bb1f7ecdc5a60

Download Submit
/data/user/0/com.firsted.eddroid.app/files/100/1003/72361997.apk.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.firsted.eddroid.app/files/100/1003/72361997.apk.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.firsted.eddroid.app/files/100/1003/oat/72361997.apk.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.firsted.eddroid.app/files/100/1003/oat/x86/72361997.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.firsted.eddroid.app/files/100/1003/oat/x86/72361997.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.firsted.eddroid.app/files/100/1003/onlyjsauto202110290950.data
Filesize
151KB

MD5
9429af1df55e62ec627d74241f26577e

SHA1
37d3b2896dcf41f30c8a1886dfed0e462f42f866

SHA256
ecbb1273b6d26c46ce3e8d240fb112f559271da6d666c7aa5fd8f399f3d7c859

SHA512
36ddeead9300d632676e017820dd0ee276b99108457dc952897f5bfc81e2d3a31a6d305c055f3a267a9de8cd30c59fedcbc40ded6ab67104e0fda8623e5719b5

Download Submit