Overview

overview

7

Static

static

7

fbbecd1e57...2e.apk

android-9-x86

7

Analysis

  • max time kernel
    2791818s
  • max time network
    132s
  • platform
    android_x86
  • resource
    android-x86-arm-20220823-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
  • submitted
    23-11-2022 19:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fbbecd1e5796ea53f7c6597e7745c0df798442613ae7941df10cb818898e582e.apk

  • Size

    481KB

  • MD5

    8aafe420b4e2d00e1f85a0374787a0e1

  • SHA1

    283579190345db13963c73ba48467a6306840547

  • SHA256

    fbbecd1e5796ea53f7c6597e7745c0df798442613ae7941df10cb818898e582e

  • SHA512

    df80c0c12b6a697de496d6640c9b10db7c40dbe69ed07ae0e6d8b83ed07c17d1baa80c283add45eda87965291a362e78a862e474d7a38ca96feac289db263860

  • SSDEEP

    12288:04oL05B0Wh3f18CGMMwpHSckLa7BLoszVzIBt4bS:rs05BVh396MMEHSckW+aEBt

Score
7/10
ransomware

Malware Config

Signatures

  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.coolsnow.smartroot
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4061
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.coolsnow.smartroot/files/yj.jar --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/com.coolsnow.smartroot/files/oat/x86/yj.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.coolsnow.smartroot/files/oat/x86/yj.odex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.coolsnow.smartroot/files/oat/x86/yj.vdex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.coolsnow.smartroot/files/oat/yj.jar.cur.prof
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.coolsnow.smartroot/files/yj.jar
    Filesize

    76KB

    MD5

    7819019e65e2290e45ffa2e03f18e2aa

    SHA1

    0e57bf61cbc29aad28e24994dbf334639553d44c

    SHA256

    0f0ddde14883dc122b00413b07a7f5f1b2045b2147491823ff1e9aa93fe7dbc5

    SHA512

    37ad468026515af703a2a5eb5ee7a8edc1361642362436585bc6ba443d0e8b770d1cf0599a7513bac37b30711b29195c50c56b6a2adafddbd762db181a3da53b

    Download Submit

  • /data/user/0/com.coolsnow.smartroot/files/yj.jar
    Filesize

    207KB

    MD5

    7945b2ac0009acc5f201bff7b2244149

    SHA1

    71805e9bd8c3ed0fdf5707fcb8b3b3329981cbce

    SHA256

    9c2d462e1a6e969c359cd0ceac26e265694add63f0ccb96cbab1bbbad66c656b

    SHA512

    beb99bbfd7f097c62fb8fe71416d7c91de0a6e51ada2c8b7f3384ba31745cf42ab4d13f0f304744fc8fe70933bc084fcd00124d28d4038cffed10459cf1a462e

    Download Submit

  • /data/user/0/com.coolsnow.smartroot/files/yj.jar
    Filesize

    207KB

    MD5

    21380b03abc8c6b08d086f3940ae7b1f

    SHA1

    4fc95635195d3087dd6fd0578c8378efedf9dc79

    SHA256

    594d40639906f304122ac7bb6d78cc9308859a6fbed393e2ace2bcf52057b2fc

    SHA512

    b99149f3ab1c96efbd3b6a424383fbd6e677030a3185b256cc1d27bf745f5933a898fe84c8635091a9848583593b652dee8eb1b4db2c68bf28a240a5e0476c1d

    Download Submit

  • /data/user/0/com.coolsnow.smartroot/files/yj.jar.x86.flock
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit