4f1822817690d89943e7e57468ab4366e360772c0adce67bf74a7224b3732dee

Resubmissions

08-11-2022 11:39

221108-nsq8eagbfj 10

26-08-2022 06:04

220826-gst6qshce8 8

18-11-2021 07:55

211118-jr5l7aehg4 7

Analysis

max time kernel
1460443s
max time network
166s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
08-11-2022 11:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4F1822817690D89943E7E57468AB4366E360772C0ADCE67BF74A7224B3732DEE.apk
Size

4.2MB
MD5

beae001d3bbdcf7a05c053e6773f9796
SHA1

126733f5903afb06a47a59600366fec2dcca45db
SHA256

4f1822817690d89943e7e57468ab4366e360772c0adce67bf74a7224b3732dee
SHA512

0885d5887b59e6d151b570647ae40b5dd3504facd65d73d4ba66098ea7d731cabed36593b06297c5f100bd8b87e695528c2deffa9066ae5b6b20862d161e5f46
SSDEEP

98304:RwYcdN9tr46+WcK3Ts22fm95RmOnn6iFPC/yNhzfrPEt:SYeN9tr4Xl+Ts2B58Onn6i46Nw

Score

8^/10

banker ransomware

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
banker

Processes:

com.esqftazog8dbotp2fx.fihbgevw2svjeq0d

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications com.esqftazog8dbotp2fx.fihbgevw2svjeq0d
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.esqftazog8dbotp2fx.fihbgevw2svjeq0d

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.esqftazog8dbotp2fx.fihbgevw2svjeq0d

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.esqftazog8dbotp2fx.fihbgevw2svjeq0d

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.esqftazog8dbotp2fx.fihbgevw2svjeq0d

com.esqftazog8dbotp2fx.fihbgevw2svjeq0d
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Uses Crypto APIs (Might try to encrypt user data).
PID:4240

com.esqftazog8dbotp2fx.fihbgevw2svjeq0d:BackgroundService
1⤵
PID:4282

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.esqftazog8dbotp2fx.fihbgevw2svjeq0d/app_webview/Default/GPUCache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.esqftazog8dbotp2fx.fihbgevw2svjeq0d/app_webview/Default/GPUCache/index-dir/temp-index

Filesize
96B

MD5
3839faf1da417aa0bdc3f5b4fd935ece

SHA1
d4e0a8d37e1695f573247d4ec37bc55c093f823a

SHA256
9b1390c4920ace4f0223cbc8fa3b22f2c7fcdc0ba2c00a3f5391f523a0c558e4

SHA512
13d0762f425eec09a90f78d022c7a5b4f7281440f1829834c7998f9d32c29d1bae9d8007fbb1d4f22e474973e2e169bb78fe3d81fc63ffdcfc23159854f7e415

Download Submit
/data/user/0/com.esqftazog8dbotp2fx.fihbgevw2svjeq0d/app_webview/Default/Web Data

Filesize
120KB

MD5
a48cd9324b1f8754b07f00d863b840f3

SHA1
11c6614775b35a58f440971dfc87c8aaac6d6173

SHA256
8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420

SHA512
35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

Download Submit
/data/user/0/com.esqftazog8dbotp2fx.fihbgevw2svjeq0d/app_webview/Default/Web Data-journal

Filesize
2KB

MD5
1560d06f15e464ab83125a7f72bc54e8

SHA1
c61e3b39973ae6898d0d46d5b22cc941231ba167

SHA256
7a202d198ba568fd816229f47c04f31eecc3e5c1954f249535481601e8bcbd7f

SHA512
415831c967c2833b6e0b21ba213b1da232fe8e6acf77a70eaece2c72f23160a821bf4ab8dfd1319ad1df3edb1d6c3b120d39c18569dae45ff028054e81eb3f2e

Download Submit
/data/user/0/com.esqftazog8dbotp2fx.fihbgevw2svjeq0d/app_webview/variations_seed_new

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.esqftazog8dbotp2fx.fihbgevw2svjeq0d/app_webview/variations_stamp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.esqftazog8dbotp2fx.fihbgevw2svjeq0d/app_webview/webview_data.lock

Filesize
45B

MD5
57ebe18c33912448fb8e55192100eb78

SHA1
207380cba35ce9dc2231da58efca3c949287202f

SHA256
7b7b5467f69990409c468b57cbee3630228d7429a6485080b019655de0272848

SHA512
56af05eea2bb135f313513d1726ddc478b1d1d392e1080eea14604952a37b6cfed77e7163e82ae0ece00d838cc54af0953bfbd49c79f6bb63923882a60b14ded

Download Submit
/data/user/0/com.esqftazog8dbotp2fx.fihbgevw2svjeq0d/cache/WebView/Crashpad/settings.dat

Filesize
40B

MD5
957d7b5e0b49c4765fa3c53dd609dcdd

SHA1
b4af067b2f0bde2f286dad7e1c74f71a2a2f85f1

SHA256
eea932a4fc8155fe1db710f10cd072f24c790aa22c6f137abb9f6990304ed898

SHA512
b50eebed7c5f27a51100ae92d76e65a04130701c0c31ce75a0e182cde845a1e73deb98561e75fe857a6c34e18be5d75bae7d9b3524df8b4324f870cbf44fb516

Download Submit
/data/user/0/com.esqftazog8dbotp2fx.fihbgevw2svjeq0d/cache/WebView/Default/HTTP Cache/Code Cache/js/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.esqftazog8dbotp2fx.fihbgevw2svjeq0d/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

Filesize
96B

MD5
14901e3888ab89e4aa41ba128cbead24

SHA1
65a3030f6966e1c9d60fc4b211d631b64c955915

SHA256
a5b9869e7a1f18f6ddba915a9726f650c2f5e4c34913d7a0321619b9eaaab51d

SHA512
8ed69b5f7df18e21f6c431337e12c33e9b3e696c70e10358d53ea709d5430eacd7f19200782d25ec9e4527888992542b96302afc8208e34d79c1ef83d2782bb9

Download Submit
/data/user/0/com.esqftazog8dbotp2fx.fihbgevw2svjeq0d/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.esqftazog8dbotp2fx.fihbgevw2svjeq0d/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

Filesize
96B

MD5
2fbb3969838280d683124a3a43aeffa7

SHA1
206c88b05b5381444f13c89ac2921fd8ec0bab35

SHA256
bd461078b4cde99a497d46a91f60e201c9fa7e44e50c4ea127b8e2a5d1a32110

SHA512
b29f6fc513b3a292a9203d3e5ab7f42bf15d7755d3461559c5b952f3efe932d31ff18af99db3d55e559d91e99c7636deffa23753d1b2dd95b28c76046f14d8b6

Download Submit
/data/user/0/com.esqftazog8dbotp2fx.fihbgevw2svjeq0d/cache/WebView/font_unique_name_table.pb

Filesize
57KB

MD5
f080fa2a56ab5479d58063e5ea871447

SHA1
4b3fd57a98916fa5784305b76ba30af26b5253d9

SHA256
0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815

SHA512
8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

Download Submit
/data/user/0/com.esqftazog8dbotp2fx.fihbgevw2svjeq0d/databases/database.db

Filesize
112KB

MD5
0f275fb145ad1f5d76492a6faf468644

SHA1
dbbda86d192e28b842b4d8ae3037ce6f3bf1a4df

SHA256
c61904e9965f7dcf542ed299dccf7b05fb4931a3d8a19b2a469015e76911be6f

SHA512
bc0264008e8aff9db0812e05c5c6e81777accb5564029313006e2e388c3d7c18ae639012925f1303c6ef322e9346ddb74f4db54b010ba989914c862ee6f2a2e7

Download Submit
/data/user/0/com.esqftazog8dbotp2fx.fihbgevw2svjeq0d/databases/database.db-journal

Filesize
1KB

MD5
d6beeca9207764b35819b8bc6678f5e1

SHA1
81ddb090bdde3ddfd47e864d59c5086d6b3fb7b2

SHA256
70e563b50d787499f1585326318eb03dae507e7abc3481902a98d4887a316f33

SHA512
269f43ecba69ed3572cca888912f7009a33fdef4985d4743a6f728702423db492f505f0a6bcd2591044c960ff7cc96a63f1ea45277f458e5cbd96bf54e2df9e3

Download Submit
/data/user/0/com.esqftazog8dbotp2fx.fihbgevw2svjeq0d/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
97ccd9a2b2063143df56b6937f961ca4

SHA1
5e78a91ae5df289ce83443cb7d5589dd3504fb5d

SHA256
248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd

SHA512
86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads