d89442b664d78a93eb087fd0269c7a7277e75633dc1247d6c9cd39cb03ab7cd3

Analysis

max time kernel
337997s
max time network
136s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
26/10/2022, 11:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a2447364d1338b73a6272ba8028e2524a8f54897ad5495521e4fab9c0fd4df6d.apk
Size

9.3MB
MD5

4cf6b87bc3cf095e97445f1d657bec90
SHA1

c769b9da55e930d1ad4d8e68cbc612a9e7f8dd24
SHA256

a2447364d1338b73a6272ba8028e2524a8f54897ad5495521e4fab9c0fd4df6d
SHA512

42e5599f45fee2bf45c142a8ff1892592c1f29e58cccf5dfc6dedbf5781d61d332d07437294ee1531ab19c149d62db01f5d9c99e482e2ca41d71b6e96f52e376
SSDEEP

196608:3rmb2U1w7CttUkt3/yn/PDCyrzqDMm7lcqEfqMzFPcCEbooUDJl7F1hhuG:7vUxHyn/2oGDMmlcqReFPcCjowJJh8G

Score

7^/10

evasion ransomware

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 IoCs

description	ioc	Process
Accessed system property	key: ro.product.model	com.candlencom.candleprotest

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.candlencom.candleprotest/cache/1582435991586.jar	4174	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.candlencom.candleprotest/cache/1582435991586.jar --output-vdex-fd=55 --oat-fd=56 --oat-location=/data/user/0/com.candlencom.candleprotest/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.candlencom.candleprotest/cache/1582435991586.jar	4052	com.candlencom.candleprotest

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.candlencom.candleprotest

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.candlencom.candleprotest

com.candlencom.candleprotest
1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4052
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.candlencom.candleprotest/cache/1582435991586.jar --output-vdex-fd=55 --oat-fd=56 --oat-location=/data/user/0/com.candlencom.candleprotest/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4174

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.candlencom.candleprotest/app_webview/Cookies

Filesize
64KB

MD5
cb7543c4df600f2af58097cce0e334ba

SHA1
83cc92f38c27fdb4fa519b1ce2f37912f24af1f0

SHA256
64c022ae708f94ffde986e105d88f708884de325720bfb9925c4160a6d417233

SHA512
ad51cad0472327bd68aa2d791341cfafed58971752352537bb603ed18b15a3f9185e9150983a28ecd09606e8dcaef6d1c9d93213dd246ef7720f39842eb3d980

Download Submit
/data/user/0/com.candlencom.candleprotest/app_webview/Cookies-journal

Filesize
1KB

MD5
39ff22a57c6d55c8e1159ce2a4405c78

SHA1
5f35bff44738c676153c9011bdecc53c346e8b57

SHA256
6cceab5a998037754885ab5d1087a5e4d4d25b1013aad5dab17521933ec4c89c

SHA512
90e507812029d55826e53db5000aa9bc7b160b745f4f6dc104fa8fa036c5b23a44dfc5e60334c1d3ce05c977b12f7858551e1520dfdbc44a962e672140eb218a

Download Submit
/data/user/0/com.candlencom.candleprotest/app_webview/GPUCache/index

Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.candlencom.candleprotest/app_webview/GPUCache/index-dir/temp-index

Filesize
48B

MD5
6056f147b502e5aa4d9fdb852f21d3d8

SHA1
a8c923ded9c404bc22ca6f5fa4d461d5447614ac

SHA256
ffc58e7214220a22bb260e624cf7597ee2e63df3a99193c09a009d4745e92ae2

SHA512
a1bc0ee1ef1f1f34c379df1ad822555e5b61390dbe4867f1061f4c65c470dbbb5392fc01541672af50d84139e5c5b36c5b331a397b4bb30c1da74aaba261f937

Download Submit
/data/user/0/com.candlencom.candleprotest/app_webview/Local Storage/leveldb/000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
/data/user/0/com.candlencom.candleprotest/app_webview/Local Storage/leveldb/000003.log

Filesize
260B

MD5
74198a62fa6e354d2c3445da7aa94651

SHA1
ead67b8e316daeb00a74f27e143c4ce7ddd92781

SHA256
9a85e84697ef54a52a73d6ef9700967926c44be166fb0fb390162d4031dac1ad

SHA512
1fe20f20ea9a0af252b94f1706a1b9cda3ef70a5a7a977f7dc43e1934050504ba4862a80c86dd0f4bd00918546a4bc84f2cf4aa485fe67a9419251b14cbd8cc4

Download Submit
/data/user/0/com.candlencom.candleprotest/app_webview/Local Storage/leveldb/LOG

Filesize
70B

MD5
904ea37c5dec648d64bed8d7d1540f2c

SHA1
141470c6e83b1da1017591b3fc7c61f80bb6f9c5

SHA256
dfaa3dd5b5f10a6c50a2575a94272e9a9ab8137dee26744c7297cca0e4caaa09

SHA512
e61c98d0f701954f34d2faaab3b8853af6d5370b9e37bb6b00d632696eb69048012fbcd22b8a20a2e00e3c69786ff6ae03f75726db9aa1e6e1251af5788a50f6

Download Submit
/data/user/0/com.candlencom.candleprotest/app_webview/Local Storage/leveldb/MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
/data/user/0/com.candlencom.candleprotest/app_webview/Web Data

Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.candlencom.candleprotest/app_webview/Web Data-journal

Filesize
1KB

MD5
6e775507be8bc45a4865436c0395c547

SHA1
f400847603c7275c2fc825668d49b9c26a56581f

SHA256
c7fcc783e881479e50a3688d7427ab8dc3c009c640ab95df4e659a41614bfd53

SHA512
5a782f6f2b20eddcef576c47ccdb0426634d396c67bc832492b4b2c2e212824fb3ac4f0623734b9459b638ac93e04519214efbe429d655a9d320d761369c4960

Download Submit
/data/user/0/com.candlencom.candleprotest/app_webview/metrics_guid

Filesize
36B

MD5
591a95df3e92abaeac2c4a0373e9e5c8

SHA1
35b2fc74ee4b6cb50a3139502a85fc6dd9fe51cc

SHA256
7bf2a0300efc1cea1c36bad8c0fd0a685b8aa25f85cbd71ea43f8be494b4b6b8

SHA512
483e31ce724d81a672ca22b491928199bdf364eaee12643878c9243bf3c00ba5a72dfb9bc92906c0f73b69ab8d9975a42578ac9bbe416c85813651c06cb614bc

Download Submit
/data/user/0/com.candlencom.candleprotest/cache/1582435991586.jar

Filesize
20KB

MD5
2048eb6124a452540ee51dae4145aadf

SHA1
d05005b2cd7fe4cd652b0d7fd1bdac2c19d51451

SHA256
105c54b6fe3f25350e92187467761598e4c21d62b1091b77d091f65f3bd98864

SHA512
bb6cb3853dd2a5d0701e20607d4e153ae201268dd2e5e2d06cc2df208b3b4dc50132a4ab428251b1644d2399fcc717662438d082ff14203387bab8794109d44d

Download Submit
/data/user/0/com.candlencom.candleprotest/cache/1582435991586.jar

Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit
/data/user/0/com.candlencom.candleprotest/cache/org.chromium.android_webview/d3181535bbd3d1ac_0

Filesize
5KB

MD5
8fbe8af494189e2867da388843780e26

SHA1
3380675eb987cb1e3b54f07b73afebd81ecbd2a1

SHA256
3927a0c17faf31584ae7c83e97a8b7d8f3e00ff1c92322fb4850dce35bbb8de4

SHA512
e9460fed0b46ce6544b74cf40068ee3bcda6ef19a2370cf73f426d28255d467f428e55b0f4eabceac1ad1e7e24a302ec59860b24f6e4e585271bf66aba102f75

Download Submit
/data/user/0/com.candlencom.candleprotest/cache/org.chromium.android_webview/dfe6b2497a7513ba_0

Filesize
6KB

MD5
474b7a3dac9ab477119dc17bdc012323

SHA1
5e799bc7d677071fb0b892e7245bb868e8857d76

SHA256
59386b4322d85d0b4f4236dc5109c3bfd77756f2b063db2f1246173c051b161d

SHA512
7af493264d2e7ed079d054a71995a8053ecd039e98ababc4f52c0b6a17a66f876594456e579be840648b0b7bb1607d97f181c1400ac87375e7d01eaea9c4656e

Download Submit
/data/user/0/com.candlencom.candleprotest/cache/org.chromium.android_webview/f038e94cb33282ab_0

Filesize
123KB

MD5
820b2e14390dcd3ec56a70f997e57fcf

SHA1
1428f3bb9c3a496fade326f7ef46f14ba7bd36d2

SHA256
ea12499f50f5b9083b47bbe38bde71005d853207543e179dd554133ebbb3e03d

SHA512
f4005fa8e968de45518bf5929fc6001a4e714f6483442d1b0c46409f48669d50b3ed6200542d9db2c9a9c93d5550a79e6709c327f8575817d52cbd9f67f107b8

Download Submit
/data/user/0/com.candlencom.candleprotest/cache/org.chromium.android_webview/f038e94cb33282ab_1

Filesize
196B

MD5
f0c6671af85e123b7ff938896894b2e9

SHA1
167c776554bb34e3ce45f9d99390c2cb81d52c05

SHA256
36108670c91b05873c3e068544701f41fca6ab0b51ec1a038aeef22b317deca9

SHA512
eff871900d5ba90bdf213df35fbedb4694a537453de44a7b92b8f2fb402ac98bfa44218434d8facb3041600f5ea50ab4bb7353b7a8e3928a2536b5b179028511

Download Submit
/data/user/0/com.candlencom.candleprotest/cache/org.chromium.android_webview/index

Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.candlencom.candleprotest/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
72B

MD5
a6452636a1d71d2c929b99e5119e3603

SHA1
28543e2907d222ef046764e2aad7f712cdbec160

SHA256
edd2521fb9dbd4afaa33c58c0739c17d4312e28296424a07eb041135f30b18ba

SHA512
89e606109fa82c52d05610ae5d58b7a15c082990e7506fb9f8be675c86942e959eebdd55c9700bc18c461614f870085cd845e76617519dbb4a7b250e91d740f4

Download Submit
/data/user/0/com.candlencom.candleprotest/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
120B

MD5
df1a72a701ffc0464cf1ce65d23e247c

SHA1
2b530e1b07e8564051c298f12e194c2eab1e3655

SHA256
94c2fc92660715049a29fb709be229b472171d998d81719754d1e4457e12fa85

SHA512
305252704296f6decd5483db657fcd3d0bd8c7221af8c113b0f4d33df7fcb1489330d4bcdcf6168a691fa24899a9f19ee79d5028a5f52e1b8809180b8912e71a

Download Submit
/data/user/0/com.candlencom.candleprotest/files/._set.pref

Filesize
112B

MD5
2219d64763bf5e9e312271ba1725ef0c

SHA1
f954c38d2b70bbd62bec5f8a4b8f29617da38363

SHA256
7355f44c9231ed8f27f8499151c0e65035bf51305548a02176179accdd6cc723

SHA512
f0a3370a0e1d99f70ccb9501307a79387d2e082888d4e431c1cafab019d6829b24715b359bc9c961d2afa2575fbf14f7ad73180b1dc6b92060cfe37190f9ddd8

Download Submit
/data/user/0/com.candlencom.candleprotest/files/set.pref

Filesize
106B

MD5
1dfc04e9344c2537232bcc3cb691b845

SHA1
c14c46bcda5d736f53f456626739c4b0aa5d8ffb

SHA256
15a438ed9d13e05f1190344e168fa921b589cbf5562e72a23a894b6f4206c80d

SHA512
ccb8e716f9d02839e8cdd84a65c3a7d644d9adbeae5ca110a15b2479e0ced79daaebb3f1a0c8f1524461b843994939a6086fe46e6ce546b0592557dd16530fa9

Download Submit
/data/user/0/com.candlencom.candleprotest/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.candlencom.candleprotest/no_backup/androidx.work.workdb-journal

Filesize
524B

MD5
66a8665111ba7f9126d055fa08ada3c3

SHA1
d87b6baeeacbb550d707fd066e446a02f7907f9a

SHA256
5a353ce6721267a3b6c5e1774122158ead9a1354897339f970c6b3b7bab80199

SHA512
b05e250d66b08a45845d8903812f0545f18810dc906d6998a475879e920b75e6b583276e51347a42abdb6c8c207bbeac490c9fb304cd87d57320a82988be5182

Download Submit
/data/user/0/com.candlencom.candleprotest/no_backup/androidx.work.workdb-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.candlencom.candleprotest/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
43fecb4b09555163d03ee9738bbb5f9f

SHA1
18d7ca9e2c9bc234a3e6f36a690834e436b0bab1

SHA256
8680d79020ba7caa2666b479ab1dd0de0f4756607b5d96553101f683ec74b7d8

SHA512
b64697d1f05af138701c9b75e54dbbe573c2f30468be4a351e21f1dc992e89daee6d8e8154b02d8ad2c6b7d9032c8439695cd5bdca0e8fa3a93065e17f9e81c3

Download Submit
/data/user/0/com.candlencom.candleprotest/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/com.candlencom.candleprotest/shared_prefs/admob.xml

Filesize
133B

MD5
550df7508df6f48c64324c43f832f93f

SHA1
bb827f06b190c99917cd5a7a443d55afea7acfe8

SHA256
df44f91ddb2990a3d3c9ad118756c1bb2ba5618d2d9c25fa961760996b1595f2

SHA512
dd27911964c29de876d610d85eb3cd16a6668495e1b9a7fa273535ebfc2427baffe0a97198208a41e48273bfc7df41123a6d1264a32e493622bef25a72d7b01f

Download Submit
/data/user/0/com.candlencom.candleprotest/shared_prefs/com.google.android.gms.appid.xml

Filesize
2KB

MD5
cda4afb39a15640abaa03f53ff1dd237

SHA1
84ddbd8c9b74c14987f1f1e757f63870d1b02bb3

SHA256
96f55698516e7daee38016f4e1d690202e5c374203c0e822522ed3c0c72b67a1

SHA512
1e2b86e81c6acb1ba8e135b09fa1ddcfe4e5cfb60eb36ac16de4fb59ccce8b026fd0b63a22b7c340c306b1ccdb242c43c23cca399b2e39c6b5a90483c4a5e880

Download Submit
/data/user/0/com.candlencom.candleprotest/shared_prefs/com.google.android.gms.appid.xml

Filesize
2KB

MD5
9b5a76b340e0d9a3a63bee13c40f97d0

SHA1
4f263fe3046c302e539f9b187fb7a7028ac00559

SHA256
1daed44e80619c10aeb614ec5a79aea23447cc6f54c6a251e83314237659e177

SHA512
d35c4c71239694dbcfe816e7194cbc4829d4baa0601caa8aee69292da655477ba0f04ab4513c6bcd72d0a05a5d870d8fbe390b2547f5a0e29476637f7c09e236

Download Submit
/data/user/0/com.candlencom.candleprotest/shared_prefs/com.google.android.gms.appid.xml

Filesize
2KB

MD5
cda4afb39a15640abaa03f53ff1dd237

SHA1
84ddbd8c9b74c14987f1f1e757f63870d1b02bb3

SHA256
96f55698516e7daee38016f4e1d690202e5c374203c0e822522ed3c0c72b67a1

SHA512
1e2b86e81c6acb1ba8e135b09fa1ddcfe4e5cfb60eb36ac16de4fb59ccce8b026fd0b63a22b7c340c306b1ccdb242c43c23cca399b2e39c6b5a90483c4a5e880

Download Submit
/data/user/0/com.candlencom.candleprotest/shared_prefs/com.google.android.gms.appid.xml

Filesize
2KB

MD5
0e60691c6bdca9495fd41e644f360cac

SHA1
eb8752724b49f41d8e50ab004985cc931d126dbf

SHA256
f165db16f3bf6106a47fb58c5b69b8dfda79587c11cde0822a88cfa847dd3342

SHA512
8a290f65b58cdfc5cc51a744e6b38ecc3a88f18ecfb4cc00eca39a849215bb47e21279d382e420ccfe28560351d98e11d461b1e4ad1debeda89ca546c2d632d5

Download Submit
/data/user/0/com.candlencom.candleprotest/shared_prefs/com.google.android.gms.appid.xml

Filesize
2KB

MD5
686c44ebd332fd0b34c88896ba779f55

SHA1
3c11ce7b6f5c04d1ace3daa23228558b71c40942

SHA256
8ad2d729410b9c8c5052ac32156c44dd4036e971a282e814d64ca61203476ed2

SHA512
17a78580cc9e60c8e427cf2934f07bfb8d6702744d031d09d0dab2442ff4a33ae8c4c83125d6109de65a8eedd3fa587e46da44d6ea117acfccb7601fb2ed0948

Download Submit
/data/user/0/com.candlencom.candleprotest/shared_prefs/com.google.android.gms.appid.xml

Filesize
2KB

MD5
8f9ca11542c3fe40b8678d6e6284cef7

SHA1
7a7c215734277ce6e463f7c94233c45014cb6c55

SHA256
45c9a4d71b5169d1d8a4c14b731c980cf3eee8eaa806d8248720306f07ccd43c

SHA512
ddbf11db4f5c13a79c7a276be6ddf35a8d3017d94313f91b93dcbf5518a91859c8969f92762bd862ab25eb7df99e1be129800291b4272fc740e704bd50ac7a76

Download Submit