furball | 68a1452172636b081873b9f7c1ae3794035c4ff50d5538b656caf07016b74d07 | Triage

Resubmissions

27-10-2022 16:01

221027-tgem5acff6 10

21-10-2022 10:54

221021-mzjlgagdd2 7

Sharing

General

Target

68a1452172636b081873b9f7c1ae3794035c4ff50d5538b656caf07016b74d07.apk
Size

6.7MB
Sample

221027-tgem5acff6
MD5

a4c47367783405929e887ee955e21357
SHA1

424e86bb95dd9c18a0c576ff09bfb78433968ecd
SHA256

68a1452172636b081873b9f7c1ae3794035c4ff50d5538b656caf07016b74d07
SHA512

be5e1aa9663495b264c127479c95dc369dc8c05ea00943706aac76004d930df5ed60300c215e0148260153ed2c40a7ad8e38d71a371e6fdbcc364bdfc5208ea1
SSDEEP

98304:a3T0gL6HG6n8ZfpBR4bZcXxGaABrk02+D9sYS//75jRVMNN7bL/NLycThT0A7i1P:a3T086H1S4bZ6G2LSunhMLhT0I6QpeJz

Score

10^/10

furball android evasion ransomware

Malware Config

Extracted

Family

furball

C2

http://www.firmwaresystemupdate.com/mmh

Targets

- Target
  
  68a1452172636b081873b9f7c1ae3794035c4ff50d5538b656caf07016b74d07.apk
- Size
  
  6.7MB
- MD5
  
  a4c47367783405929e887ee955e21357
- SHA1
  
  424e86bb95dd9c18a0c576ff09bfb78433968ecd
- SHA256
  
  68a1452172636b081873b9f7c1ae3794035c4ff50d5538b656caf07016b74d07
- SHA512
  
  be5e1aa9663495b264c127479c95dc369dc8c05ea00943706aac76004d930df5ed60300c215e0148260153ed2c40a7ad8e38d71a371e6fdbcc364bdfc5208ea1
- SSDEEP
  
  98304:a3T0gL6HG6n8ZfpBR4bZcXxGaABrk02+D9sYS//75jRVMNN7bL/NLycThT0A7i1P:a3T086H1S4bZ6G2LSunhMLhT0I6QpeJz
Score

7^/10

evasion ransomware
- Acquires the wake lock.
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

evasionransomware

behavioral2

behavioral3