b5a2efa986f1e143d80be46995ab91bdff3cee1ca17f19b38222de7c4226ce1b

Analysis

max time kernel
2775273s
max time network
164s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
23-11-2022 15:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5a2efa986f1e143d80be46995ab91bdff3cee1ca17f19b38222de7c4226ce1b.apk
Size

1.6MB
MD5

a52ff18b7677432d274f28bdb766cf57
SHA1

281d6161ae3631c25b24f23b5a52d107540a8c43
SHA256

b5a2efa986f1e143d80be46995ab91bdff3cee1ca17f19b38222de7c4226ce1b
SHA512

b41dddaa201ed614bb9efb9ef67ae0dd5b70d19bb6f9d596ae46710f73714c2e78f7f870aa8dc74bed64937b7383fe1644fb5a73776c9cec93cf42bfd3b7febd
SSDEEP

24576:T4yfMMDZWG4iGjTGbx0ECAEokpJ4K9mLbM6qq5MLlIa5N+qMYayebwQSsMWl61gE:v0M0/aqyjeJygU5uXYqydSLWlFkn

Score

8^/10

banker ransomware

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
banker

Processes:

com.android.cbdm

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications com.android.cbdm
Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.

Processes:

com.android.cbdm

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.android.cbdm
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.android.cbdm

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.android.cbdm

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.android.cbdm

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.android.cbdm

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.android.cbdm

com.android.cbdm
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data).
PID:4398

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.android.cbdm/files/TDtcagent.db
Filesize
152KB

MD5
badcedeb2bee26683a3198e90dd235e2

SHA1
b49033eb7cd4ecd818c00148aaf0375edec94bd7

SHA256
b64def9001dd923c68a91c1ecc7e89eab460107f2b60ccfa3de3ebc6dad5ef83

SHA512
7897961f8269c07a5160830538d02854066b4da3a9e0123ab9bc684dc1ff5889fb5c9157bf0269bad9d26ec64f7a0f53eaa5f6ee4fddad618aeb7665e90941c8

Download Submit
/data/user/0/com.android.cbdm/files/TDtcagent.db-journal
Filesize
1KB

MD5
b3e009981154c70819b0bc59c3bdae4f

SHA1
7dddb69c289739a6918e2c73a50a1181b9e9e87b

SHA256
d42826d5bd07a238f071d18568ff573fbe8fea8a87edd80e64f391b3c2438954

SHA512
78cce2b4a28521821d89f196eaa7f159526be371e5f833aad981a3883d45b6f1bbd2911626e79fef6e2f7b46091224a0619b231fb2cce235ae5ef344fda52e7c

Download Submit
/data/user/0/com.android.cbdm/shared_prefs/Params.xml
Filesize
127B

MD5
6c1ba3c1d2482c6d2d139f1b98cfe81c

SHA1
826d52f8dd4fbf441456f92dfd7b4498854ee90f

SHA256
fdce2f472746fd16148555fe47bb5d9409fc92b48d23d65dc26f3ea7e0354261

SHA512
98d61f776bf9a91738cf7f241c362e2e9a240130375874e4ac2ee215fc0f56faa458077a7b52c2bbd6bfc934be297b1acb6a655b116e3e5a737a07610979e9f4

Download Submit
/data/user/0/com.android.cbdm/shared_prefs/Params.xml
Filesize
184B

MD5
89a7224368d9483ae3d54da3b6dacf5f

SHA1
0f18244bbad51082d2c75ef3a3a70d91cecc65d8

SHA256
0b62d65ba1387085aadc1bc87ec8f95d6920f49fb88379e1766e6c799afb73db

SHA512
97520e1544dcdc5c06a89d47eb351679b0948b1aff455dcd5f8663e681f7b8d5173281561f86dd3013e690bf2e64a870c42fb39b4a3a8eafb8f80bf54ddd45ce

Download Submit
/data/user/0/com.android.cbdm/shared_prefs/Params.xml
Filesize
253B

MD5
55ddf744fe3f96ef9533b97f5b7fbc16

SHA1
8eec720f968efc049abcca842d8212ebc14ee7b3

SHA256
669014c67a27da7795771574e4bc05a714250d451ed60510394fc866e502deb1

SHA512
7c012d33376426a693810c23ddb07ba7c873ca70228f8934ffbc89a1ed598ca82a6bb09dd85ebd4bc42fa62b9e04c565702c9e945224f8401be5ca23afa638b1

Download Submit
/data/user/0/com.android.cbdm/shared_prefs/Params.xml
Filesize
307B

MD5
57189978099adf7435e3215a8e8e21b2

SHA1
83841f5894422a3360e6178697e2acce5ab2b3aa

SHA256
42997dedecaefb65e82f5fd2554a992332f0efaf18b3af58ce6f1b9f2100d6e8

SHA512
ea874aa97808e3764f5da23ff455e2dfa1ee007dcf797aec4aacd045deb960664b4b6ce8c316b6162cef70b9fceda14c21dce12a26a4293390859b4203a94930

Download Submit
/data/user/0/com.android.cbdm/shared_prefs/com.android.cbdm.InitActivity.xml
Filesize
131B

MD5
c80308f0f303505ad5c8183d47171e93

SHA1
b630f3dcb7a979d6c15ca60901dc920b0042b136

SHA256
5b6a113122e4b1926e7feaf5af06f9d211ae0e1933a16758c759e3df20601a4b

SHA512
926e7eeba4802b23f1c9fad309a49b1e95748b504fc7b62127520ed9efd4851d871b4a779b5e97442ebdd9674f4acb4da5ea94af7491aa9d94e7bc24f1f436b1

Download Submit
/storage/emulated/0/.tid
Filesize
32B

MD5
b3a2a916a2381abf723aeabfdd24956d

SHA1
3f6a79097933c76b92d2e6a7f11847906af44668

SHA256
c466f74f20320bd49f07ee155f13879879fcf143ab24f3ee4c03c03c8482cc9b

SHA512
3420901016d4b8659d7485c6f4307c4eed5d5b8c2bed5a714bca6b46f9a412e479184a541481cfc65466cc68a09162935280b3533c18f878283bb0ee217d5848

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads