d89442b664d78a93eb087fd0269c7a7277e75633dc1247d6c9cd39cb03ab7cd3

Analysis

max time kernel
338076s
max time network
145s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
26-10-2022 11:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a2447364d1338b73a6272ba8028e2524a8f54897ad5495521e4fab9c0fd4df6d.apk
Size

9.3MB
MD5

4cf6b87bc3cf095e97445f1d657bec90
SHA1

c769b9da55e930d1ad4d8e68cbc612a9e7f8dd24
SHA256

a2447364d1338b73a6272ba8028e2524a8f54897ad5495521e4fab9c0fd4df6d
SHA512

42e5599f45fee2bf45c142a8ff1892592c1f29e58cccf5dfc6dedbf5781d61d332d07437294ee1531ab19c149d62db01f5d9c99e482e2ca41d71b6e96f52e376
SSDEEP

196608:3rmb2U1w7CttUkt3/yn/PDCyrzqDMm7lcqEfqMzFPcCEbooUDJl7F1hhuG:7vUxHyn/2oGDMmlcqReFPcCjowJJh8G

Score

7^/10

ransomware

Malware Config

Signatures

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.candlencom.candleprotest/cache/1582435991586.jar	4655	com.candlencom.candleprotest

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.candlencom.candleprotest

com.candlencom.candleprotest
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4655

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.candlencom.candleprotest/app_webview/Default/Cookies

Filesize
64KB

MD5
dfb2098ca7b3bf16d6f5f1e7d3839af5

SHA1
ebb7a8bc886062d77a4092bd306b77a0ce7a3e9d

SHA256
e4119d32577d7fc63b267cc23eb7a9bbfb12d238f23e08918c38838fe0181224

SHA512
fccec45399258eb98220b7f01b492a72b8b3d1254dec6e196e344d89a0376c6ee24534a31a6675c866d4a17256d3ac6823657eaf04e1d386757d0cbfc6597e50

Download Submit
/data/user/0/com.candlencom.candleprotest/app_webview/Default/Cookies-journal

Filesize
1KB

MD5
3d6752a704ce7dd94febe75ca0587931

SHA1
5710bc1fe014aaec1f9a719566abeacc8eab7754

SHA256
476209ef24fa936d0cd2a9b002a13f8bc4ee4af1b41ae2fde79d9670e8c1f4bd

SHA512
c8686088e6e3ad0f795de68cb256b3a34f1c2b67113e30c86840e140bfda87911fc30ecf2ff528afa8e0d0ff4ed91cc21c7c8983ae40ceac324e02190d3e2742

Download Submit
/data/user/0/com.candlencom.candleprotest/app_webview/Default/GPUCache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.candlencom.candleprotest/app_webview/Default/GPUCache/index-dir/temp-index

Filesize
96B

MD5
c58c1a6399b8c69f6d54f6cddd15cf7c

SHA1
97aad500c7fe928966e47288be1cbfd4dd053eb2

SHA256
87f3fa0f87cd058fba2f5d4abae0ec6c82c12884063183979dbefd545261e652

SHA512
fa0c8c29de4be7f94e317318e1f110868c0fbe730a6352ac79ef98eab74c3469500a5e07ebdedc1cf9868ed7c53eb45cd1e178188c7e1b1d29a4400d06ae06d8

Download Submit
/data/user/0/com.candlencom.candleprotest/app_webview/Default/Session Storage/000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
/data/user/0/com.candlencom.candleprotest/app_webview/Default/Session Storage/000003.log

Filesize
61B

MD5
9f7eadc15e13d0608b4e4d590499ae2e

SHA1
afb27f5c20b117031328e12dd3111a7681ff8db5

SHA256
5c3a5b578ab9fe853ead7040bc161929ea4f6902073ba2b8bb84487622b98923

SHA512
88455784c705f565c70fa0a549c54e2492976e14643e9dd0a8e58c560d003914313df483f096bd33ec718aeec7667b8de063a73627aa3436ba6e7e562e565b3f

Download Submit
/data/user/0/com.candlencom.candleprotest/app_webview/Default/Session Storage/LOG

Filesize
140B

MD5
f6adfc459bb64a5ad86e08c178e92d94

SHA1
beda08c94066b06fafb84396a62b60c695088c6e

SHA256
167584720e72bf6401b4e879ebcbf12a01dd8ab770d3f1b749fadcac89945177

SHA512
23c3173262b26eb29699855c8f6ac3255a992a47f573d7d0448f95aa0aa3069f0f3bfdd3065eaa5673c06ec5a2741260e578b9a079b37e5d513325f0ffce7ed3

Download Submit
/data/user/0/com.candlencom.candleprotest/app_webview/Default/Session Storage/MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
/data/user/0/com.candlencom.candleprotest/app_webview/Default/Web Data

Filesize
120KB

MD5
a48cd9324b1f8754b07f00d863b840f3

SHA1
11c6614775b35a58f440971dfc87c8aaac6d6173

SHA256
8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420

SHA512
35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

Download Submit
/data/user/0/com.candlencom.candleprotest/app_webview/Default/Web Data-journal

Filesize
2KB

MD5
89b02b018daa4b139deedef55748c9de

SHA1
d3eaa34f0597fb92c3d7e27cb2bde3ced0e6bb95

SHA256
4d459b66515992e411ea0861c9830317d46c98cfc770acf675fe1e8deb5b2b75

SHA512
1a76d9122575609f2d0853541e661d9bbf3a68892bd795c053c2f06e312a4ccf0024cf7ab60d9d862e7142de0ceef1aac2a06d63cb5892c2948792acfeade276

Download Submit
/data/user/0/com.candlencom.candleprotest/app_webview/webview_data.lock

Filesize
34B

MD5
ec5a258891aded7469a83ce62c11dac2

SHA1
a836375c2f6fa265940718d403394a5750be1304

SHA256
e8ba12807c7f0305be3f288a26d780c011cedf59ae9fb294449a0f79131a4d1c

SHA512
7e0edbcc16ec05d910b91f1afd8ee4c7ca2351407cfe2775ab78790264c852c28b086520d6a73488af4a6186695852b167345c065977bae468a09779eae23419

Download Submit
/data/user/0/com.candlencom.candleprotest/cache/1582435991586.jar

Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit
/data/user/0/com.candlencom.candleprotest/cache/WebView/Crashpad/settings.dat

Filesize
40B

MD5
b03f999a0db7b3c328813328febd5e01

SHA1
f43a7598bc66f17547e26430c7a0914d951ff152

SHA256
be36a82546820b0c7fbbc14ed0c944eaff5d2abf2c71de7ba25edaf4778a507f

SHA512
c63dc639debcd0f81b1d9492f86d63907665c4d65bb3349f10fd5db32d0438ef11ca4a8dfd62fde721a28d9c277309be0dc023b4252fce32d2f1bb6803c7f68d

Download Submit
/data/user/0/com.candlencom.candleprotest/cache/WebView/Default/HTTP Cache/Code Cache/js/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.candlencom.candleprotest/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

Filesize
96B

MD5
eca37405072023fbffbbcdfa31140b07

SHA1
af76d7056a2e9f7927757e3d9bbfc7de029dc0a8

SHA256
1abc7ac42b3af9f280f610458f59f3af426044bbc4697f39c4267d2a3d15995b

SHA512
1cb0f45bc0504b81c8b9fba5fa3e6b7cc6e06cbcd1d171c3aa5671531af462ea140cb3d419d755d8e04b7ba1cd087067915088ccb5f76c99a6a5c7eeef19a474

Download Submit
/data/user/0/com.candlencom.candleprotest/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.candlencom.candleprotest/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

Filesize
96B

MD5
45fc7be59b5dd3a80c68e6bd44bf4fda

SHA1
c95f79316fe9bbeb0dd9721cd1de55693fcc940a

SHA256
332a40e70b9d400e4b066b163245490e3b1d25b302f3c0d33a42dcc4a8eeceb0

SHA512
7491d1481235b962d55ce993a4f1a032f586c52d2100566f046af819c4fe0602df60de940a7dda0f77a80367805d62fc3b172b401811c3729adf55c7d7c07776

Download Submit
/data/user/0/com.candlencom.candleprotest/cache/WebView/Default/HTTP Cache/f038e94cb33282ab_0

Filesize
400B

MD5
a62b20c6608b3694260e345c1d80b467

SHA1
ea6bec313d9a059a7f4e1e72bf8cfbae621846d8

SHA256
6da95ae1acbfb719cf6466b2e0cbf3379ce393df0f2f7061acfd4048ccd3a929

SHA512
f68c3bfae54b8f75d56a63cd823e99ce8c6472db38a5120508540b4ecd1a724f29156f93dca5a61939408c74312689c0fc58084d2e2240e584c87d5a3a4bdd8b

Download Submit
/data/user/0/com.candlencom.candleprotest/cache/WebView/Default/HTTP Cache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.candlencom.candleprotest/cache/WebView/Default/HTTP Cache/index-dir/temp-index

Filesize
144B

MD5
f83c3b338c51f1d3322c33096b29de35

SHA1
4d971e8c04fcae164066b0fd6070e56cb8b75af9

SHA256
e9f9c07b465bd560e87c92188f4d8a3cd819ab7531f29888bcbcb2c5f0dd8702

SHA512
ab6557b1cfec4f7ab60c4bbf03658d3e22f1a3af9d699fc4ec902526711de593fbee8ea8731f1dd4c5dc4e195afbfe738225a4bc44c0dfe073f71d02cde6b899

Download Submit
/data/user/0/com.candlencom.candleprotest/cache/WebView/Default/HTTP Cache/index-dir/temp-index

Filesize
96B

MD5
2107fe9b53077865c5752ee5d5b45559

SHA1
4708d3d5b5465b90841b72685a95d9005888f083

SHA256
ddb4bc86338ab96934bf241e5042a84e99fec63fb926b99ecdc7b9caea7d29b8

SHA512
f5ed236950027ab91a971eed773e8cfc8fe24a3bf69c47a63199ab94ea7633316b4cf1f6acca2010af71dfb394334ac79646d354f637d91badfbb32c0e457850

Download Submit
/data/user/0/com.candlencom.candleprotest/cache/WebView/font_unique_name_table.pb

Filesize
57KB

MD5
f080fa2a56ab5479d58063e5ea871447

SHA1
4b3fd57a98916fa5784305b76ba30af26b5253d9

SHA256
0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815

SHA512
8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

Download Submit
/data/user/0/com.candlencom.candleprotest/no_backup/androidx.work.workdb

Filesize
8KB

MD5
e579a6b00eef1318f9166352228eba18

SHA1
76988896854f0139083e77862eea1a4846cf039f

SHA256
4b34cf505050facf47aa7936e4e7667e1969105665c632b3eefe7ecddf9a6935

SHA512
c47632e957d87727bf6504a82ca7a44d8da24d30cd997a0f449a96e4f97c656a1b4d9da3fcd827e2a48c59677688da0b872358ebd0f9369d898d1b8ec18d5699

Download Submit
/data/user/0/com.candlencom.candleprotest/no_backup/androidx.work.workdb-journal

Filesize
1KB

MD5
ae6a10c2842e6b97fb1d896473b09eb3

SHA1
2ee3e113ee5b2f15b073545bdd96304bf89ce855

SHA256
04c30fad56665551a3b5d16fd1b6e2becca6d55ffe038e368008d38dcb379b55

SHA512
c9a5cec2f89f18259dad5a71af728ceb7cc8b617a9bd25fd92aefb7bf56718aee2df21e8eb38bb0533f14c4c89abdf7f5d4af168a990d65f301c893a91b3ac37

Download Submit
/data/user/0/com.candlencom.candleprotest/no_backup/androidx.work.workdb-shm

Filesize
16B

MD5
4ae71336e44bf9bf79d2752e234818a5

SHA1
e129f27c5103bc5cc44bcdf0a15e160d445066ff

SHA256
374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb

SHA512
0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

Download Submit
/data/user/0/com.candlencom.candleprotest/no_backup/androidx.work.workdb-wal

Filesize
346KB

MD5
888c2b8a21458c3b6c28cdd5e25596c5

SHA1
2d9478002baaec1ca5e957fbee1ab5a3ee08702f

SHA256
1368fe182ee8dfeae30095ad9db04eab3cda70f47693e45f33f08efe15d67c04

SHA512
db4423881ac2bc7e5b047a58538fee022589651082ba1c04f9b2b04165d660af85351cf2e4b357489459a5f57887a53edcc526f2b3c804336b5a2bc48efceaf2

Download Submit
/data/user/0/com.candlencom.candleprotest/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
97ccd9a2b2063143df56b6937f961ca4

SHA1
5e78a91ae5df289ce83443cb7d5589dd3504fb5d

SHA256
248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd

SHA512
86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

Download Submit
/data/user/0/com.candlencom.candleprotest/shared_prefs/admob.xml

Filesize
133B

MD5
b751a621473e5acc5af9dfb6b9a6285e

SHA1
c4a46449c94a24311d60c1aa9f216a7f79ec5e6e

SHA256
ceb461ff088d9a162033352e01288ecb81fdbcdfde5ea29c8253e5cb67f85882

SHA512
76fea636ed5a97eba7ff654aa7ba84ead6f6c8f98a2bd63d7b35b6f6da6fc309a9eb7e276359e3aee931c9588752e6b82705d117ba3838c8de5c5b4c2113c168

Download Submit
/data/user/0/com.candlencom.candleprotest/shared_prefs/com.google.android.gms.appid.xml

Filesize
2KB

MD5
c3bae8cfe43156396414277cbacbf459

SHA1
ffe0eea18398ef532b1e89e7a27905d535175eb5

SHA256
da93cbed488bfebfe271904a93cd96b126e7e281768062ffe4cb7869115f4cea

SHA512
052bf8d3cb8ae841995c9478aeafa10663b71be0e3738de85837040041f2fc8358c4ec1119bfea3749e8da5a494edb16827a425d340f222a3356d6c3054fec5f

Download Submit
/data/user/0/com.candlencom.candleprotest/shared_prefs/com.google.android.gms.appid.xml

Filesize
2KB

MD5
dafe0447cb921364a40526927425f551

SHA1
e3b8cb412d668d7d7abe3728b4071613ee3be112

SHA256
a3ee8806185490818991be5a9168e64c80a5d0ce5e298248b3267fd7b28f6eef

SHA512
69f060405d8e5b5daf54d6742e2f3d850ee811c1994b9b7e59a9c7be298577e0ceda5afa385a61b41aafcb07eeccd16080a362994250a1509393738162225f4e

Download Submit
/data/user/0/com.candlencom.candleprotest/shared_prefs/com.google.android.gms.appid.xml

Filesize
2KB

MD5
c3bae8cfe43156396414277cbacbf459

SHA1
ffe0eea18398ef532b1e89e7a27905d535175eb5

SHA256
da93cbed488bfebfe271904a93cd96b126e7e281768062ffe4cb7869115f4cea

SHA512
052bf8d3cb8ae841995c9478aeafa10663b71be0e3738de85837040041f2fc8358c4ec1119bfea3749e8da5a494edb16827a425d340f222a3356d6c3054fec5f

Download Submit
/data/user/0/com.candlencom.candleprotest/shared_prefs/com.google.android.gms.appid.xml

Filesize
2KB

MD5
92f9cc9f633651ae19962bac05bb3e4a

SHA1
d8c0e1bd7b687551b420b96d71b2a92242acb0f7

SHA256
85cae9b099d3fe578da76a6333c0e60bd8292df4771092d2a2d029f2b3fea003

SHA512
22077c95079136b533b764e073013d06dd0a28b459e2bef5e7cd586d93cc97a1e498dd9313bd346d966d796a2080f93c7017b9a9b352d72b7d06c3edba404ad9

Download Submit
/data/user/0/com.candlencom.candleprotest/shared_prefs/com.google.android.gms.appid.xml

Filesize
2KB

MD5
c42bae4a797358ea8a4754d7fe02ebfd

SHA1
4bc2c3522fd2520daa2b4f4f665ee679c43fbc94

SHA256
14a1eb06cb1727735d0dea12eca673c9a4ce134f74e143bdf4da56aa4f9e1fd0

SHA512
387e71a25746383ea488a1854181465b98db5d94d446849eeb61d60372b3496af8eaffb50d018c52bb500e759e175b52d2bcd8b585ed4687da8b2e9f79b05273

Download Submit
/data/user/0/com.candlencom.candleprotest/shared_prefs/com.google.android.gms.appid.xml

Filesize
2KB

MD5
992a91f0bde7f33142ae8470e4350b45

SHA1
20e58e78139b8e59a24edc0a2766623684c8de88

SHA256
160707202bf6874be8b111af5a4939b23f5abb4339be6e611b4b49a4267cfb22

SHA512
d219fe87003826153d9977dcdbcfe5b597922970d4bede6d3498a43f96f3dae2cdfed87535e8dbcb771329ce91710c07ee74e9b743f8eb97b35d68b019a99ae4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads