0892942b07717a4fdef6639d02c56ce6ddb8e599529d299facaeda1c0cb16808

Resubmissions

08-01-2023 07:12

230108-h1hy4sgd3s 10

30-08-2022 07:07

220830-hxmswsddgq 8

Analysis

max time kernel
3985935s
max time network
68s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
30-08-2022 07:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0892942b07717a4fdef6639d02c56ce6ddb8e599529d299facaeda1c0cb16808.apk
Size

3.6MB
MD5

4d291ffddce396d078d16f10c35d5e2e
SHA1

1d9727aaf55191c9876e7c4b376dc2a6dd027a06
SHA256

0892942b07717a4fdef6639d02c56ce6ddb8e599529d299facaeda1c0cb16808
SHA512

1157293368632554da526e7795b1761877333e9d8eba34ccb21a45305aa88d58781ab42e5a7dfcd279ed23cc6317c6edf0609a175927551919ef60994da02452
SSDEEP

98304:cN6uQZn8I4hoe+t+wgBxtxvAoJ+g2EtoAO2:cEcoft7kL1AdEtoA7

Score

8^/10

evasion ransomware

Malware Config

Signatures

Makes use of the framework's Accessibility service. 1 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.cwblsehgz.ochxfcflb

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.cwblsehgz.ochxfcflb

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.cwblsehgz.ochxfcflb/khkjgU8hgy/dga6oI6gbIHjs4j/base.apk.yakhfds1.hkk	4309	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.cwblsehgz.ochxfcflb/khkjgU8hgy/dga6oI6gbIHjs4j/base.apk.yakhfds1.hkk --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.cwblsehgz.ochxfcflb/khkjgU8hgy/dga6oI6gbIHjs4j/oat/x86/base.apk.yakhfds1.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.cwblsehgz.ochxfcflb/khkjgU8hgy/dga6oI6gbIHjs4j/base.apk.yakhfds1.hkk	4240	com.cwblsehgz.ochxfcflb

Reads information about phone network operator.

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.cwblsehgz.ochxfcflb

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.cwblsehgz.ochxfcflb

com.cwblsehgz.ochxfcflb
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4240
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.cwblsehgz.ochxfcflb/khkjgU8hgy/dga6oI6gbIHjs4j/base.apk.yakhfds1.hkk --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.cwblsehgz.ochxfcflb/khkjgU8hgy/dga6oI6gbIHjs4j/oat/x86/base.apk.yakhfds1.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4309

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.cwblsehgz.ochxfcflb/khkjgU8hgy/dga6oI6gbIHjs4j/base.apk.yakhfds1.hkk

Filesize
1.3MB

MD5
51e8c5c7c71dfb080e1eb97c793e9f98

SHA1
67d1a9b9e93c3bc1fbe999d1462604cfe9326d28

SHA256
091d72cb1cfc62b88718dd21dd2a9f3d830d5ab584404be8b046bbcdb450c6e3

SHA512
202041e305571dc80ea18a8968234c3e6353c52a81f8f37a66e625b39b8d5adfc74f7760a56a5adf1f621dfbb40b6d0f469cfb5b41aa61c90f660292fb5bc3be

Download Submit
/data/user/0/com.cwblsehgz.ochxfcflb/khkjgU8hgy/dga6oI6gbIHjs4j/base.apk.yakhfds1.hkk

Filesize
1.3MB

MD5
ec1169d8d6412e6cd1146dbb40833dc1

SHA1
9376b58dbf56de90045611b176f92ef65578dc67

SHA256
6d0e90239201e97f3a1711a2bd32e02cb6d242e078d9484db5188e45f0b15ea7

SHA512
d307036b4aa93bcc4b7a6069413fab6bb18e5ddc7a8a951715fb8872b97e47ba0ff42af8ee5f455edb20945fae686165b8ed00f14475f490dc80d37ef891746a

Download Submit
/data/user/0/com.cwblsehgz.ochxfcflb/shared_prefs/multidex.version.xml

Filesize
307B

MD5
dd397abb5402fa848f5f19ae7dd31a65

SHA1
31878a6a7d88748a405177f009f4259bb653bfe0

SHA256
a6d6189c9ccf7af20a35700922e3f7215e10ba82b14149dcab4cf045f1ec5f89

SHA512
76b3aff2de8856c0411ddc2a469b8a09bed41272317b53ff94c6d51e80bb066a16df893ba8c086899a4b4fb5dfee3746e9974adf521b01d7ca3e83d282b30aaa

Download Submit
/data/user/0/com.cwblsehgz.ochxfcflb/shared_prefs/settings.xml

Filesize
136B

MD5
c1a63b5ae58b62543ee749e603103150

SHA1
481fc83cd43b64f7bb6871477cfa88c97af47e99

SHA256
f7054481fb168942e5307f9ccc1c648e5aa512613b435de5c5cf6a17cec8411a

SHA512
ef685a6d98698ccd4cfada380738c7f4a7027fa79bb095a3f6770aa4b5f37549adb0180aadc39acf5bb73aeed1ce1230253fba3a4f5bde40df4d1de7ff36d87d

Download Submit
/data/user/0/com.cwblsehgz.ochxfcflb/shared_prefs/settings.xml

Filesize
180B

MD5
78784b514642e5910222b3f6371906dd

SHA1
831b712f1b0209fa95d81a3e6fcaca26397e4042

SHA256
fea6430b6d746edbc7404ed205be9183a3f29cedf81bb102bf743d9f40fa129c

SHA512
c0483d9c49a1c90cf020b38de59ab1fa7fa235bf29c3b0fd5abc29d38f2cf09bc6eafeada4a0aa40087fc792f54b70401539ad533b622e5bc69ac41c2fae05fe

Download Submit