a8f12cb370d5634277a7141a8979dfa27d931ef2d6619fad8eca3022e00c141a

Analysis

max time kernel
2697337s
max time network
143s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
22-11-2022 19:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8f12cb370d5634277a7141a8979dfa27d931ef2d6619fad8eca3022e00c141a.apk
Size

6.9MB
MD5

fd6476927d8b4ff397a2903390b1feec
SHA1

3fa5cf111c12600cdcac2946de98db6af8aa5f68
SHA256

a8f12cb370d5634277a7141a8979dfa27d931ef2d6619fad8eca3022e00c141a
SHA512

50b741ce0a79cae2f28ad4ae621319fe352adecb8339b8e82719967c6103c8f808d9100c7e4dd0f699016166a2238defd03c3b46594f5c2ca3958d792deae777
SSDEEP

98304:ogsBb3H5va6PnxrN7S17c89M3Ik9imFcpJ4Ednf4U8BAapeRytcp1e+fLFsiSlS8:ogEt9lNuK3b0r1nv8OapeAtKmzcpg

Score

7^/10

ransomware

Malware Config

Signatures

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.xygame.wb2/files/.83616674/d.jar --output-vdex-fd=54 --oat-fd=55 --oat-location=/data/user/0/com.xygame.wb2/files/.83616674/oat/x86/d.odex --compiler-filter=quicken --class-loader-context=&com.xygame.wb2/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.xygame.wb2/files/.83616674/apps/43.jar --output-vdex-fd=57 --oat-fd=60 --oat-location=/data/user/0/com.xygame.wb2/files/.83616674/apps/oat/x86/43.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/user/0/com.xygame.wb2/files/.83616674/d.jar	4201	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.xygame.wb2/files/.83616674/d.jar --output-vdex-fd=54 --oat-fd=55 --oat-location=/data/user/0/com.xygame.wb2/files/.83616674/oat/x86/d.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.xygame.wb2/files/.83616674/d.jar	4100	com.xygame.wb2
/data/user/0/com.xygame.wb2/files/.83616674/apps/43.jar	4241	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.xygame.wb2/files/.83616674/apps/43.jar --output-vdex-fd=57 --oat-fd=60 --oat-location=/data/user/0/com.xygame.wb2/files/.83616674/apps/oat/x86/43.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.xygame.wb2/files/.83616674/apps/43.jar	4100	com.xygame.wb2

Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.xygame.wb2

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.xygame.wb2

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.xygame.wb2

com.xygame.wb2
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4100

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.xygame.wb2/files/.83616674/d.jar --output-vdex-fd=54 --oat-fd=55 --oat-location=/data/user/0/com.xygame.wb2/files/.83616674/oat/x86/d.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4201

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.xygame.wb2/files/.83616674/apps/43.jar --output-vdex-fd=57 --oat-fd=60 --oat-location=/data/user/0/com.xygame.wb2/files/.83616674/apps/oat/x86/43.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4241

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.xygame.wb2/databases/g.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.xygame.wb2/databases/g.db-journal

Filesize
524B

MD5
2dd21dd088a1b1839ed1c85e0d8fc6f8

SHA1
56b21d0a8ec373bfbac53e6cc8547a0b6b5a4592

SHA256
1eb2f72d6d52244edf9bc1600469fe50e06b994b3de9e380dbd75c515fe6a81e

SHA512
74c49212e6d48a9ec39896d7b25e2f0f23da56492f34047758cca0e2327bca42f3f64637d7e23aaef40b2828a47b113c494e375ceea85fe09240b26671adb9a1

Download Submit
/data/user/0/com.xygame.wb2/databases/g.db-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.xygame.wb2/databases/g.db-wal

Filesize
48KB

MD5
16708534de053fa961f66f397cc88c17

SHA1
4d0968bd0e704c5789e9d740167a30a2f344c8e6

SHA256
f10361726f4fdfba28fb07e0a04f60fc4b7f2d93fbf234bddc4ae3d361792fe2

SHA512
fecfc4c297fbe528a7ec5e8790aeccbff38d4b06d4c73f0a03b589b9783083bf613f83a649ba798a43d2f81d68f4aff4f8a5b5337fdbc9ed520b45b3f0c99409

Download Submit
/data/user/0/com.xygame.wb2/files/.83616674/apps/43.jar

Filesize
37KB

MD5
a3062261659608f2e2b77fa4bf4c7875

SHA1
6558025f781ae880ec4f263214b6e059f3073853

SHA256
7cc3c5aeaba1f6b9dd9e368403018e30be57a1a73d5d22e0955e04e9a45c89e3

SHA512
c4759187e302464baa298971a84027237d80ca4215656bef0ffa0e49629dfeaf081b64fb6824c4cbb71dba8e6a751cb706cc07558e2cec20d6d0d42a0baa3355

Download Submit
/data/user/0/com.xygame.wb2/files/.83616674/apps/43.jar

Filesize
81KB

MD5
648b0d8cb1677294aa7b75991927738b

SHA1
504ac50b4410e0b180f21ef4617acf328598fc12

SHA256
95b72a130e0e669cc451b802164ad5de46d86659b3023c31682947dd7e02e67b

SHA512
8cd7f98d61feafe5fdfd7efc02fb679f73a66c333e1e5a8a29a23252be77ecb6f0647e7e2e307e2c5d94314196787ca932515ba0c291ea3bb3b4b2460a06f0b6

Download Submit
/data/user/0/com.xygame.wb2/files/.83616674/apps/43.jar

Filesize
81KB

MD5
055f5995c27e3737a62f96cda8a3531c

SHA1
3490583065c530c7c94889040b19016eca8024ac

SHA256
0cf4307923702e67e6f3d4fd03a340eec5133ffb8860d3a7e475658374fcf5c6

SHA512
263ce91dd9d8589870fdf479f089ede1afa84a465148b4d99ee3b727225d3cd9f4dc47855ba12e906306c92ab2223c2938d56d4939dbf7602e0fd20d2dec0402

Download Submit
/data/user/0/com.xygame.wb2/files/.83616674/apps/43.jar.x86.flock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.xygame.wb2/files/.83616674/apps/oat/43.jar.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.xygame.wb2/files/.83616674/apps/oat/x86/43.odex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.xygame.wb2/files/.83616674/apps/oat/x86/43.vdex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.xygame.wb2/files/.83616674/d.jar

Filesize
28KB

MD5
29e838df6939472a220dcb699807d904

SHA1
5fea8adf1f0f40f289dec69c2745af8b19db4620

SHA256
181da4fd0eea7ffbf2f2e6d5f1a6bd6935178d928d8a013b119dfdabb81f271c

SHA512
3014a0bbc8f9ed39be1b11bde3351cc47a4d0c6a8e20ed47407a36c8c8d49679d16931f07a4d33d1ff0e15970ca9d48e4695e148649600ad30ba2966702805b2

Download Submit
/data/user/0/com.xygame.wb2/files/.83616674/d.jar

Filesize
60KB

MD5
b2161cedb6ce3180c43f5b0389d7b70c

SHA1
0f77162925863defe225a93c73fc3282c68203f3

SHA256
fd2fedb4f47759e5f2f8a5fd9aaea920693df6b2d35ecc741c69de950371d412

SHA512
c95db8ba4ec0f6f7f51890f08aca14bd70ef4bed4658af9a62abe7a3a5e8eb3568883d2911d85d50c6d3c006b58ddb443163c05571abc65f724b3f7a8ec22b2a

Download Submit
/data/user/0/com.xygame.wb2/files/.83616674/d.jar

Filesize
60KB

MD5
e3742354cad176d15a9e9527ce5a00f6

SHA1
b2a3f85e4a2dd366a11ae22f16cb428d0654d5bb

SHA256
8d4f9ccdad05c7f2a018453d22474ad1c74dd40ad6c0245327df3694d4533b18

SHA512
66a1d92cc77fc3fe2f84686335177953d0d317411330d6dc2471074c8f0c01ac1bbec8b1b5bd5b6905e2af408127dc0e4cd4e850ee25b9306ee98a6466c9e57c

Download Submit
/data/user/0/com.xygame.wb2/files/.83616674/d.jar.x86.flock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.xygame.wb2/files/.83616674/oat/d.jar.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.xygame.wb2/files/.83616674/oat/x86/d.odex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.xygame.wb2/files/.83616674/oat/x86/d.vdex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.xygame.wb2/files/mobclick_agent_cached_com.xygame.wb2

Filesize
121B

MD5
b1c9eb22d3d2ea53a24308884f11df4c

SHA1
b52ea9a33863dda557c3d049067f6a69585e673c

SHA256
25fcb11ea3b7c1bb9c617c3c1ddf0cd796dedb48ad206a592de460c307b4a268

SHA512
9bb98d45bdead68ff81c583ff8245f74955d7a622b32fed95703d2db1f3f22bf0d786feb70cbe1a9b923f6f816ceba4c090725f2917b3bbfc530483ae6b6792e

Download Submit
/data/user/0/com.xygame.wb2/files/so

Filesize
78B

MD5
bbf70de0f4a68e1adee716d59e589045

SHA1
4a916e523973b8079094fd493209b1a48a77630b

SHA256
1317c5f6230d5a95cbddfd297a9590c3ed53da2ad28db914d7312110ffb2f4d4

SHA512
235d16a7f66c120bb552c9fd88f7fdc4afc579741aa463c87fd45df933725f9f65b4a8fe537c60d65cd028cd0be37e1c6249e6ac7fd73e910e612a05677dc4e1

Download Submit