d05fb8c6899c96d1519e46eaea848ead6a17c7ddd0e20228e83c1aa9f264011d

Resubmissions

08-11-2022 11:34

221108-npjddsfhgp 10

08-11-2022 11:33

221108-npafgsfhfp 10

26-08-2022 06:04

220826-gsvr9sgchl 8

04-03-2022 09:45

220304-lq3gjsfggl 7

Analysis

max time kernel
1456461s
max time network
166s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
08-11-2022 11:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Powerful Cleaner Antivirus_v1.9.apk
Size

14.1MB
MD5

60d9c2095ed150373a6b1fa0221d016e
SHA1

e09fd3dc9e6090aaafde5fadb9390646b633aabf
SHA256

d05fb8c6899c96d1519e46eaea848ead6a17c7ddd0e20228e83c1aa9f264011d
SHA512

76f3acdb856752fba8de87a9cc5dae337591b2ead6248879993da533f9ec0c227998df516622aec192a419721909526728c8d8ac35b3a654eb93762996cf3816
SSDEEP

393216:j9XnFH5macX7X52NWdXJq2TNhMXw6zpMrfum7h:J1ZqgY5D2qh

Score

8^/10

banker ransomware

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
banker

Processes:

com.pagnotto28.sellsourcecode.supercleaner

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications com.pagnotto28.sellsourcecode.supercleaner
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.pagnotto28.sellsourcecode.supercleaner

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.pagnotto28.sellsourcecode.supercleaner

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.pagnotto28.sellsourcecode.supercleaner

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.pagnotto28.sellsourcecode.supercleaner

com.pagnotto28.sellsourcecode.supercleaner
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Uses Crypto APIs (Might try to encrypt user data).
PID:4069

com.pagnotto28.sellsourcecode.supercleaner:BackgroundService
1⤵
PID:4259

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.pagnotto28.sellsourcecode.supercleaner/databases/dbytes.db

Filesize
24KB

MD5
a3eed6c44ab994f83c3422742860a6b4

SHA1
18b503b9fa67825c80cf4e48cefe1a4e92bd7992

SHA256
bb2c3deb111fd4ceef5b9173e946dc3e3d861c38b65c7a975a7ecabc15f85105

SHA512
693deb4a2c48dfdc1a7afd311abcef97953feb316ac17420ef7080a293228c15c77c7331d2195515ee4aa29a52f528d8431b6b5b91b47775f81e4476fe68ba36

Download Submit
/data/user/0/com.pagnotto28.sellsourcecode.supercleaner/databases/dbytes.db-journal

Filesize
524B

MD5
adbba9f94e58a443d5d382cfc28de743

SHA1
3092373c69382c1c2a1ab4d3337f7ddbe0be83da

SHA256
5d3e6596245350591cf1c51e3eb726722eb7a3eaee795f9bca3dd787d8ffb81a

SHA512
519906a6e30e370d69a81fe5c13c93b1f36bb8c6403f0d7f1d9788464cea9a026fa775090720b5831c1dc326b7d529290197c8625f2ff3723630e96020670f61

Download Submit
/data/user/0/com.pagnotto28.sellsourcecode.supercleaner/databases/dbytes.db-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.pagnotto28.sellsourcecode.supercleaner/databases/dbytes.db-wal

Filesize
40KB

MD5
8902d9501ea8502b9dad3aebc2043f54

SHA1
3a48630f4e43237f78370a09168fe38f53b485e4

SHA256
14daaa001f4cd35aecce2f61df7889ba75356065abe3c2c7f38ebba3de39068b

SHA512
fa319a32eb5632b3d2e5068ca5e00cd01d587c0b379e021ce66d01da08f6e2f96e865e68ef2db80a14b752cd97fc057f7150845217e7ef0730703db3563bc25d

Download Submit
/data/user/0/com.pagnotto28.sellsourcecode.supercleaner/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.pagnotto28.sellsourcecode.supercleaner/no_backup/androidx.work.workdb-journal

Filesize
524B

MD5
ad9e664e106417cbdcef97fe634c9c6d

SHA1
ec71162d965a64fe0b23cf84efac639857e1f557

SHA256
5425af690ea2b591bea6bdc49621cceb52cd296b73b6ac6352b222d40a68d719

SHA512
b8520f9d6c3b83a642a7f5480af169717b60029595e3cda79af2fe6f4f5901e79636a185e90c0a028817a878d74502bed8466ac7cf40877c8960345d4657ea7d

Download Submit
/data/user/0/com.pagnotto28.sellsourcecode.supercleaner/no_backup/androidx.work.workdb-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.pagnotto28.sellsourcecode.supercleaner/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
0e63ea7be598a7bfa22b3699ac986673

SHA1
d108c7cca74b951527cb476af31d21a4d398f527

SHA256
e5aa8c64c606925f05006d9ee2d8d6e567919083f1423ec797e544d0f56f014c

SHA512
735ce29463e75cb8bd208bf496cae274e57bcebf89095583dfceacc9fba9361b805e92dd5395263252b7bc14e7aad7a1f92b5f93bd98567a876580e9723d33a9

Download Submit
/data/user/0/com.pagnotto28.sellsourcecode.supercleaner/shared_prefs/com.pagnotto28.sellsourcecode.supercleaner_preferences.xml

Filesize
129B

MD5
3a83b7b7ff21843370ab5a041b8af24e

SHA1
e4812b6be072a4c7164e578197f2105cc18de2aa

SHA256
eb82708e02a0c99005aa6ea5b4bdbf169ac196dc4ccf20f0a21cfb5a0b5c492d

SHA512
c85a44f529a337e7b286268ed5cb05320c52b396c285d62b29b7e5b3fe9fdb167abd3b31e313b701dd66342dc477f1bef15530fefef5e2b352ade92d32cbcc1c

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads