3850634efa35431443321f9f79691a9ddff9d78eab6cfb9bb10223ac32c19c67

Analysis

max time kernel
2708219s
max time network
139s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
22-11-2022 23:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3850634efa35431443321f9f79691a9ddff9d78eab6cfb9bb10223ac32c19c67.apk
Size

2.0MB
MD5

a07fbf2819d3e0803e8b980a7d1123db
SHA1

737fd5d3b6dd5bc0ece1fa77bfbea02fc5087e80
SHA256

3850634efa35431443321f9f79691a9ddff9d78eab6cfb9bb10223ac32c19c67
SHA512

0e7fd704539cb6512e22db39b7a74af0a751a9b17d87258bb0aea1ad0ed7a4c6aea3231b34b727ae26a2fceb618fd51ad3caf00b95acb2d6c9a3f2c008c632e1
SSDEEP

49152:bmUwWsgSvWJX/MeqlcufijAa9H1Sep1NOQTkWcgc8N2N3:R/MWFjqlcENa9VTvjTkWcgc8N2N3

Score

8^/10

infostealer ransomware

Malware Config

Signatures

Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.

Processes:

com.st.ppplay

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.st.ppplay
Reads the content of SMS inbox messages. 1 IoCs
infostealer

Processes:

com.st.ppplay

description ioc process

URI accessed for read content://sms/inbox com.st.ppplay
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.st.ppplay

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.st.ppplay

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.st.ppplay

description	ioc	process
URI accessed for read	content://sms/inbox	com.st.ppplay

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.st.ppplay

com.st.ppplay
1⤵
- Requests cell location
- Reads the content of SMS inbox messages.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4086

/system/bin/sh
2⤵
PID:4246

ls -l /sbin/su
3⤵
PID:4309

ls -l /system/sbin/su
3⤵
PID:4364

ls -l /system/bin/su
3⤵
PID:4384

ls -l /system/xbin/su
3⤵
PID:4467

ls -l /odm/bin/su
3⤵
PID:4498

ls -l /vendor/bin/su
3⤵
PID:4518

ls -l /vendor/xbin/su
3⤵
PID:4536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.st.ppplay/databases/app_download_record

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.st.ppplay/databases/app_download_record-journal

Filesize
524B

MD5
8e658fb5ffb128726148133d4e6d4c65

SHA1
9840d7a0d9a3d31831237fd1e3ab0b4bd6e82309

SHA256
2ee0ea78ae4e95f8391f0c77a274b9b0aafe26d6574d6706b23ded3701735289

SHA512
d8b33df79e620a5190f308ca18d337c94184da3623aa36982bb606044b6f1d1fdc3606cbf4f09ce0088c8544602faee60b041e67fd2ff4ddb865feae8c589cd7

Download Submit
/data/user/0/com.st.ppplay/databases/app_download_record-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.st.ppplay/databases/app_download_record-wal

Filesize
36KB

MD5
62106400fccb65b08a7ef8929963d6f7

SHA1
18a3dfe0b191c388cf2089be9bb3a3ff2e69e3fb

SHA256
b294f73e65736854c4362a1ac9303179fa58fd061a5a507d23e0086ef91ab338

SHA512
65cedc0d1bea9225190279ba7bf32aca42899576df4ca5ce8d64d7e97c616d170d089e1d7e8631bb656a0b1f1904447293085487ada65ef2a973e6739b1fee23

Download Submit
/data/user/0/com.st.ppplay/databases/qy_db_pay

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.st.ppplay/databases/qy_db_pay-journal

Filesize
524B

MD5
8fb459adfbfda2c88a186d2ae774af5b

SHA1
58612adb00ac753651364b080afb23550d9e8a07

SHA256
1b0c2e25902c91b9b73539c907f723046e80b7ceaa2a26cb6118368d86da3a70

SHA512
56d346f8153d2a24079580a8b83187382f9bd7fa53009aa72c67ea229e50d633b9b29323bc8e8753c3825d4392e13805c17ee15c168498cef004ec34ad9d91fd

Download Submit
/data/user/0/com.st.ppplay/databases/qy_db_pay-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.st.ppplay/databases/qy_db_pay-wal

Filesize
64KB

MD5
b732d4e09ab09839d34d0c2e5fbeb7a5

SHA1
525e76a05b677b98b60b59d28e37d34fc560e5ee

SHA256
1eff514c2ffdafed760cd5f11b2a3663edbb8d18db6741b8f91fc7bdda1e984b

SHA512
ae3106e6fd45d08a70034303185fffdb1c3da14ee36c80acf9169cf5b724bba60b73e708d0b3825d1f64bdb43de6d913c8d56a045f2edc89e732b245d43d64c0

Download Submit
/data/user/0/com.st.ppplay/databases/sy_pay_record

Filesize
40KB

MD5
f19b264c4a120e89e14611a976535b80

SHA1
964eabf503943d09088ead27c7e51f1d79bf53c7

SHA256
c8d924d5810871ab3e914da8b57b6c55b8a671edbb272f0c8befdc5c7c3eb028

SHA512
c0adaecf99041036fecf1dd93cfe2e7699e222a38816a378e0da6b4d7c16d3f2caf448b4ff5ef1e6204cdc233953192a2a2c467a63351c5aad1fdf7ae743f3c6

Download Submit
/data/user/0/com.st.ppplay/databases/sy_pay_record-journal

Filesize
524B

MD5
4fb1e5f5f91f95ae4c9d68f08dae84ca

SHA1
ff6f79c07ff9352844c7bebbd390ab324adbca18

SHA256
87a61f988902a1cc37670b018e7c30eb3c32c8cf96b45e20b43de9576bd24bbd

SHA512
acf7bdce0501c4945ceb583508108c5f243c590b293267f0214eac4ad8f18c5a8b36eaa774ee5e2ef2c07beb1f712e7595ebab872dfce0a3b78ba89fed90cbe3

Download Submit
/data/user/0/com.st.ppplay/databases/sy_pay_record-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.st.ppplay/databases/sy_pay_record-wal

Filesize
48KB

MD5
8ee5a2aafd3cc318eab0e304d4467042

SHA1
c6d42a17117dd5bf7931b545a227b03f45c6a909

SHA256
3cdad231d3432319e9dd172120512684bf3f811e87f00d4015d0658b6f7084a5

SHA512
0aceb9dc68b4916c2009ffbcc355b7915560687b17166b6c940342421b8605646126aa58840209ade5ac632802cd2c747aabe4da8cf43fc693fc70e6c13b4926

Download Submit
/data/user/0/com.st.ppplay/databases/video_record

Filesize
88KB

MD5
fc845a680461d6872021ef8db2bf8711

SHA1
a12c09241708e4367e125a324cc8cde42a87e9ff

SHA256
76600f5583e24d6d239f3c4043edb0e0b3e1f1983df263503567b5743d18e570

SHA512
b73cfecc51fd7e5b5309b05992a118d0dbabe94a65413a9574b87586b098360cd92c9200e267a7853c88a6f5e92fd59a9242fc093236c060002e175602004fdb

Download Submit
/data/user/0/com.st.ppplay/databases/video_record-journal

Filesize
524B

MD5
01cd7d80c93631223cb02f74c70d970c

SHA1
4561231408f6fed92144cbb0d97fa40be1e0074d

SHA256
1fa2744d4e0419d6b2c0b18af082b131a8ef48183a5b4f17d0d853f63a0a526f

SHA512
40476c0b56520ef736d4072501a5507d5ededab82886a45648445b385123ff83cc343ff38b965ab28e4c5c43777d5ab4213cab806472590f28996088bd6c01be

Download Submit
/data/user/0/com.st.ppplay/databases/video_record-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.st.ppplay/databases/video_record-wal

Filesize
96KB

MD5
60be5500fea8410d184487ae969c17ac

SHA1
33abc17af7c3b6a286409d2cd0cae2ad985ca181

SHA256
4095662d0f3c9ecde35e591a3448bc9142babec2c3c97128f5da6d3783f1a575

SHA512
279a16edcc06951125803f43ef693fd1cd55bee780892cb8c6f04ea23ccf2e453d306a75e3eb177ac5924edd8596b2a8776f405f79588243841eec154d731ae6

Download Submit
/data/user/0/com.st.ppplay/shared_prefs/APP_START_TIMER_INFO.xml

Filesize
117B

MD5
3b9dccc6fc453764fa9b664339e2214a

SHA1
2822996b649e86acb7fee346b92910dbc747a975

SHA256
8e244e8d0a8753bd1e30a4daa1c0be6910b236e39d664f6f9e45f919b554d239

SHA512
51cf2e9a3e198eb221d4c002343f539b8620faba6bd2c5f459f754ec1a68823869eaa06071d4fba113084b3a63a6248d93615a27c66e703356f161e558d9b9aa

Download Submit
/storage/emulated/0/Android/data/com.skymobi.pay.app/plugins/com.skymobi.pay.opplugin_V2014.apk

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/syAdAssets/AdPlan.apk

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads