41500d30189f1bbd25ea3c2839372cfcff71cd5fce3600e5e2f81616365f35ba

Analysis

max time kernel
2941826s
max time network
160s
platform
android_x64
resource
android-x64-20220823-en
resource tags

androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
submitted
25-11-2022 09:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41500d30189f1bbd25ea3c2839372cfcff71cd5fce3600e5e2f81616365f35ba.apk
Size

5.9MB
MD5

1a2180b48353c1061d8d95731e285875
SHA1

05eae57548163ac58ea12412917022c8b59422fd
SHA256

41500d30189f1bbd25ea3c2839372cfcff71cd5fce3600e5e2f81616365f35ba
SHA512

8130b14518ab1826af4b572d8f99b3f76a53a24a77203fea5725e72f7750ebfb34f4778a80720755c03361aa6ba067bb5d4d3e62f93860cdab5aab778798f565
SSDEEP

98304:8udd7abyWXwPOWbVI/GmfXM0+6bI/BWmIateAO1I/X0I/2JiJgpF6JvOcy6cl9z:vdRyyWgPjbVIOmfXT+SIRIme/IcI5Jgz

Score

7^/10

ransomware

Malware Config

Signatures

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

neisl.eisnt.coti

ioc	pid	process
/data/user/0/neisl.eisnt.coti/app_idjgq/classes.jar	4769	neisl.eisnt.coti
/data/user/0/neisl.eisnt.coti/app_idjgq/classes.jar	4769	neisl.eisnt.coti
/data/user/0/neisl.eisnt.coti/files/com.dksjfoa.kjfosi.dzu.jar	4769	neisl.eisnt.coti

Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

neisl.eisnt.coti

description ioc process

Framework API call javax.crypto.Cipher.doFinal neisl.eisnt.coti

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	neisl.eisnt.coti

neisl.eisnt.coti
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4769

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/neisl.eisnt.coti/app_idjgq/classes.jar

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/neisl.eisnt.coti/app_idjgq/classes.jar

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/neisl.eisnt.coti/app_idjgq/classes.jar

Filesize
167KB

MD5
243b927976360fcb7db89dc4037fc47d

SHA1
61b13a9d77cdde85ae1a605e0f0be8891a916011

SHA256
aad1b1ec17e75280b176c7dbd22f619f4390da8580b50ca88262f4e34af67969

SHA512
7d9c1982eb5719432eebe580dec9711b6fdee00366c1a80787fcc7bc3dc2e8d16078ddc16aa7c0abbc527f8a5d5742cb6860fa06368e46344992feff1d992193

Download Submit
/data/user/0/neisl.eisnt.coti/app_idjgq/classes.jar

Filesize
167KB

MD5
243b927976360fcb7db89dc4037fc47d

SHA1
61b13a9d77cdde85ae1a605e0f0be8891a916011

SHA256
aad1b1ec17e75280b176c7dbd22f619f4390da8580b50ca88262f4e34af67969

SHA512
7d9c1982eb5719432eebe580dec9711b6fdee00366c1a80787fcc7bc3dc2e8d16078ddc16aa7c0abbc527f8a5d5742cb6860fa06368e46344992feff1d992193

Download Submit
/data/user/0/neisl.eisnt.coti/app_idjgq/oat/classes.jar.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/neisl.eisnt.coti/app_webview/.com.google.Chrome.69QUib

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/neisl.eisnt.coti/app_webview/Cookies

Filesize
64KB

MD5
9b23e6a88d5a95f155f205cb04b93cd0

SHA1
b62dccbbef087a0731f226b96d15d35d8aa5e5fc

SHA256
f2f3c3c0c7f085399a6f9a464c1ac30a59ceeb5a4b7026286fa5609e6e8ef857

SHA512
bce5f25d98e2e8296c4101b62082dcb6a43902f3431ff6f725e41be6b9aece76e887ef94c4818baf4da845708fd76fd51c37fb6915710c870647593868f27482

Download Submit
/data/user/0/neisl.eisnt.coti/app_webview/Cookies-journal

Filesize
1KB

MD5
7d563d6792bf0b59587466df9c67d303

SHA1
77780bcb63bf482c1f3560bf87f27d7065b1f799

SHA256
9718b008f3ecb7c6373beac771710d04a0400776b8cf7d2ecb962ca562763a81

SHA512
3765de93271f1a43fc31e1a3a625c7e81492027308c637cc42ffaccc4cd906c928c98befed0b8bea567595dfba63e1251bc11fdb07d5f2c594509f3c4fc33b32

Download Submit
/data/user/0/neisl.eisnt.coti/app_webview/Web Data

Filesize
112KB

MD5
b663831f8cc130493476d94f2d7a5330

SHA1
043a1956ab8e40821d67043f8a9110a8eb36fb93

SHA256
c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

SHA512
e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

Download Submit
/data/user/0/neisl.eisnt.coti/app_webview/Web Data-journal

Filesize
1KB

MD5
5dd914865e70486aeaecdd85d08ad81a

SHA1
ece8742b15eeecb6f146851b8948160dc64c409c

SHA256
d1c93bffd6dd1cb50c16163a3549ea210ca6d782ac5119219b0cda2ae2aa74b8

SHA512
ce429ae3381fadf3f14d8dace6918de6db91a275d1c154462d65ad44ec1c3b6b8bb6bb25a9610733e23da52cb7f9e7c7dea399d03a0584966d0ee43c462e3c32

Download Submit
/data/user/0/neisl.eisnt.coti/app_webview/metrics_guid

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/neisl.eisnt.coti/app_webview/metrics_guid

Filesize
36B

MD5
fcc7199a5993d890d8c42cdfa42eda0d

SHA1
8ca0d3750afae5ebb86c058e7a1ff558ad6620c9

SHA256
546fbf2b40264278e2db212a9fbbbc86d0af28cb8b514fd1b2024ae49bd0d953

SHA512
8658f4c2d0c7ec7ad4bc1acfda0e3de463b4824249784fd7d5aea4c7f8f83286516e0830b8584d3ac37a9d9998e9940abbb4cdfa6a370cc2478bea745c8eec3a

Download Submit
/data/user/0/neisl.eisnt.coti/app_webview/variations_seed_new

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/neisl.eisnt.coti/app_webview/variations_stamp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/neisl.eisnt.coti/app_webview/webview_data.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/neisl.eisnt.coti/cache/WebView/Crashpad/settings.dat

Filesize
40B

MD5
60abf648695964c0692fc800376e4248

SHA1
5617d3063edbe4b0ae3a51c167434cb29f9ca209

SHA256
40906c9b5772b00af1537ec0173c436ba1a17a071f0d244164563a00c8d9e13d

SHA512
73212b0c63249b4008e4dea558a484cbdfc7ff0033fc5a7579f7a41a144a9da89fbeaadb29bc15e8f9f9f7753aed6b6147729453282170307717a789c53e3b5e

Download Submit
/data/user/0/neisl.eisnt.coti/cache/org.chromium.android_webview/Code Cache/js/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/neisl.eisnt.coti/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

Filesize
96B

MD5
65e4af98db478d716754e2ed615e68fe

SHA1
dde05098c6ae7f35528c2e5cb056d8f0e2b43e24

SHA256
3bcd19014744a540729bc964b9c395142b0fd6cfaaca6c90b041b4d12c6bd566

SHA512
33c6b3324d6f01348ffbbf61f4b89a7b66c56eb6db3b2ef10ab06b3fcf4cda4bba71d382427b877178632d32bde23481c4e496226340184b6e6564acfc30080f

Download Submit
/data/user/0/neisl.eisnt.coti/databases/dbwofqg

Filesize
336KB

MD5
5a6ba7b09b1289aa304020a134f3b4f1

SHA1
5449275b372c81bef330dbae1214fb01bae18888

SHA256
326f759b21d5dfea1c65c74fe972d62926893e5ce56b660cf4504838eea34f1a

SHA512
29b75edd5f0b71d727a460433f9562001f6f8da7c51dd0c7cb57cea8702582d26ed2fef400c93b79a6bdf40d157ead64f372d051b7c69d59c7f891271c7aa1c6

Download Submit
/data/user/0/neisl.eisnt.coti/databases/dbwofqg-journal

Filesize
1KB

MD5
899138b54de7d541a7a907b6a0cc1de3

SHA1
2f8e3ea2e784d618eb61fc31e8f8c0aeb75cf508

SHA256
76c5c408f50eb1dbd0da173abfa82bbd4db923285321288ed124ef13d78358fc

SHA512
d3de6451a7261bd188014cc949e74c47a75d60c3a8b8a7b6b20b99c4b42a2281ede12accf6609ed47e19aea367dac9b531d3e9d3f25a14d4945043ec4f2f9cf1

Download Submit
/data/user/0/neisl.eisnt.coti/databases/zeiasw_analytics_v4.db

Filesize
120KB

MD5
320c846c0d4148776da1e01c78635856

SHA1
7534db089a2d6ae8d47ac90e1ba84d9c77fbc254

SHA256
a8b33bcc34bc2fdb88ca1f3db91c63e125f84b25ef1dabfe2ac2843cad67718f

SHA512
7e6889fe1dd90fabce06d7414664860f11a0fb96f7e58e0bb57a0d2ebc812cd0a744570e618429f6f41a92db253940eda9b04e252e658291c9b02ade69b2595c

Download Submit
/data/user/0/neisl.eisnt.coti/databases/zeiasw_analytics_v4.db-journal

Filesize
1KB

MD5
c8276c719ea178a8cf76688e94421093

SHA1
ef8d5b310bd4fb04e6547f735a37a565799d6373

SHA256
1e0c981eabd2b858e4e9762f3eb3af56f57fd12b7073a5711350987c2af40967

SHA512
5e2d5a0497ee593b584157f76310c9cf710cc78ba047ef1b05ceeb2689584170177517c8eb7641d06c1f6b6ff0eea908e78a8d517791f4daccbbe1338421afff

Download Submit
/data/user/0/neisl.eisnt.coti/files/com.dksjfoa.kjfosi.dzu.jar

Filesize
216KB

MD5
9277cd1ace40714b53b369d0f5f20c86

SHA1
e4d8dbb822e2c1794f578c3d311450e9e75bd8d8

SHA256
4c1444f7f2c88ab2ee1a4380e04164025962a81dde04a0d7cfb7a77eb3639591

SHA512
e387177752d0eda99ea858da494150706748d110ee634befaeaf8a9e043a58099266f89ceec9f9b709ad63799198797651f28e37e04b31455de91688cb1a63c4

Download Submit
/data/user/0/neisl.eisnt.coti/files/com.dksjfoa.kjfosi.dzu.jar

Filesize
420KB

MD5
f8034db424b7b9c7f86a2686a1336b23

SHA1
cfabd7a9fef2a242f7dd9dc6c847ce1c45c53c98

SHA256
55e9d5b8ff6810b49227233cf9141909a93a0ff5b16d58a0ee79b089bbb60980

SHA512
4818891f9a3a9006b45561505f2b14c2a0edf24938e602b927aa1035e5d75409b24fa090f0c04e7b089eab674a32a5dec2947e0d46df91ec25505465cee006b1

Download Submit
/data/user/0/neisl.eisnt.coti/files/gaClientId

Filesize
36B

MD5
1b6c051f40386d8c2c01d914242791a5

SHA1
6b2d09dd7ab0d0a5ffa434b09d169fba0ccf7770

SHA256
b7d59716e3bd104d3dbc990b1e0f8fa0e0fa5c86d2cdd28ad8718bc7b1efb832

SHA512
cea38e89f7e7f488939851cf453a3c7800403ac8f69a6d1d2fb88dcd2c5685dad32a45666c845d12c018986d84a5e09854bcbdd3651c6248bda65da7625363a8

Download Submit
/data/user/0/neisl.eisnt.coti/files/oat/com.dksjfoa.kjfosi.dzu.jar.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/neisl.eisnt.coti/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
6ef709b8536878951e87c29a1518fc2b

SHA1
24376c70b00152501b3d98df61fa7db435339172

SHA256
10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

SHA512
96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

Download Submit