41500d30189f1bbd25ea3c2839372cfcff71cd5fce3600e5e2f81616365f35ba

Analysis

max time kernel
2941820s
max time network
149s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
25-11-2022 09:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41500d30189f1bbd25ea3c2839372cfcff71cd5fce3600e5e2f81616365f35ba.apk
Size

5.9MB
MD5

1a2180b48353c1061d8d95731e285875
SHA1

05eae57548163ac58ea12412917022c8b59422fd
SHA256

41500d30189f1bbd25ea3c2839372cfcff71cd5fce3600e5e2f81616365f35ba
SHA512

8130b14518ab1826af4b572d8f99b3f76a53a24a77203fea5725e72f7750ebfb34f4778a80720755c03361aa6ba067bb5d4d3e62f93860cdab5aab778798f565
SSDEEP

98304:8udd7abyWXwPOWbVI/GmfXM0+6bI/BWmIateAO1I/X0I/2JiJgpF6JvOcy6cl9z:vdRyyWgPjbVIOmfXT+SIRIme/IcI5Jgz

Score

7^/10

ransomware

Malware Config

Signatures

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

neisl.eisnt.coti

ioc	pid	process
/data/user/0/neisl.eisnt.coti/app_idjgq/classes.jar	4524	neisl.eisnt.coti
/data/user/0/neisl.eisnt.coti/app_idjgq/classes.jar	4524	neisl.eisnt.coti
/data/user/0/neisl.eisnt.coti/files/com.dksjfoa.kjfosi.dzu.jar	4524	neisl.eisnt.coti

Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

neisl.eisnt.coti

description ioc process

Framework API call javax.crypto.Cipher.doFinal neisl.eisnt.coti

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	neisl.eisnt.coti

neisl.eisnt.coti
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/neisl.eisnt.coti/app_idjgq/classes.jar

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/neisl.eisnt.coti/app_idjgq/classes.jar

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/neisl.eisnt.coti/app_idjgq/classes.jar

Filesize
167KB

MD5
243b927976360fcb7db89dc4037fc47d

SHA1
61b13a9d77cdde85ae1a605e0f0be8891a916011

SHA256
aad1b1ec17e75280b176c7dbd22f619f4390da8580b50ca88262f4e34af67969

SHA512
7d9c1982eb5719432eebe580dec9711b6fdee00366c1a80787fcc7bc3dc2e8d16078ddc16aa7c0abbc527f8a5d5742cb6860fa06368e46344992feff1d992193

Download Submit
/data/user/0/neisl.eisnt.coti/app_idjgq/classes.jar

Filesize
167KB

MD5
243b927976360fcb7db89dc4037fc47d

SHA1
61b13a9d77cdde85ae1a605e0f0be8891a916011

SHA256
aad1b1ec17e75280b176c7dbd22f619f4390da8580b50ca88262f4e34af67969

SHA512
7d9c1982eb5719432eebe580dec9711b6fdee00366c1a80787fcc7bc3dc2e8d16078ddc16aa7c0abbc527f8a5d5742cb6860fa06368e46344992feff1d992193

Download Submit
/data/user/0/neisl.eisnt.coti/app_idjgq/oat/classes.jar.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/neisl.eisnt.coti/app_webview/.com.google.Chrome.Tntx5B

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/neisl.eisnt.coti/app_webview/Default/Cookies

Filesize
64KB

MD5
dfb2098ca7b3bf16d6f5f1e7d3839af5

SHA1
ebb7a8bc886062d77a4092bd306b77a0ce7a3e9d

SHA256
e4119d32577d7fc63b267cc23eb7a9bbfb12d238f23e08918c38838fe0181224

SHA512
fccec45399258eb98220b7f01b492a72b8b3d1254dec6e196e344d89a0376c6ee24534a31a6675c866d4a17256d3ac6823657eaf04e1d386757d0cbfc6597e50

Download Submit
/data/user/0/neisl.eisnt.coti/app_webview/Default/Cookies-journal

Filesize
1KB

MD5
63fde6448f437aa18be67588e54d5a01

SHA1
4648dd585b941ca13a0bcf631c7cc4c2f78f6afa

SHA256
12aaba178af61b38d42191c0513894fa14c57f0c1aabd0419c1f9c4ded38eea1

SHA512
55be631acc8b023d3abea347b851d1e0475017f2c5c585299d8ca94583e8013b10951af02fcd3318f6993ca0d8187158c54bf5456e8124c5dabf13c054424c61

Download Submit
/data/user/0/neisl.eisnt.coti/app_webview/Default/Web Data

Filesize
120KB

MD5
a48cd9324b1f8754b07f00d863b840f3

SHA1
11c6614775b35a58f440971dfc87c8aaac6d6173

SHA256
8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420

SHA512
35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

Download Submit
/data/user/0/neisl.eisnt.coti/app_webview/Default/Web Data-journal

Filesize
2KB

MD5
185e38848dcdec823eefd11af50030b0

SHA1
360cb4815567e3bcc8617f8b8ac8a897d344a14a

SHA256
0705d63a80fcc34d504256cf91576df03942cbbafff2c0a23c3af8087eabf933

SHA512
2c921ec2c38b2d128553dc9eacd38de06384e17c2f6329aec5f6d026aa36310a42f9836e39bf1083e0f8eccd37b10850037555fe06f85ff22ec76668d1a6ed87

Download Submit
/data/user/0/neisl.eisnt.coti/app_webview/variations_seed_new

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/neisl.eisnt.coti/app_webview/variations_stamp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/neisl.eisnt.coti/app_webview/webview_data.lock

Filesize
22B

MD5
c86b785d4d05b5270cceabfe6f111c0a

SHA1
25860c6efbb55ebc5ee76c47190feb2a7f29ddc9

SHA256
ee443b5fe70f7c756bc10ebb28931274d4e97a45c02d2c6c877455ad15447dc6

SHA512
3bc6afca6485602bfd521412b9fe73105a2a9f087fa41166fa35b277975903e741e4c7928ee55bd70d4908127c489fe60c00014d17e95691c2e30bdc167736ab

Download Submit
/data/user/0/neisl.eisnt.coti/cache/WebView/Crashpad/settings.dat

Filesize
40B

MD5
3b43f3c9ba0dfe327ce27baaed6ab38d

SHA1
24f0f5408ae3500cd7258d566bc29acf7a900a1b

SHA256
343f06413fc2333c17f6ec3185e8f977980d633036029f61246b5442c9e23a7b

SHA512
e08f5ada86f45c57b237c7ac6bfe95cd7c1e33a7260190ae46cdefdb9d84b62a2f2f340f87a362551efa95a6ba2470cd65cbc5ef12f2db16d0dbbf4a02aebea2

Download Submit
/data/user/0/neisl.eisnt.coti/cache/WebView/Default/HTTP Cache/Code Cache/js/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/neisl.eisnt.coti/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

Filesize
96B

MD5
f837af73612748e91fd8fc6a2e85e133

SHA1
20b5dddd39bfa4bbb39ca31befc40e1e6a8e4170

SHA256
b1230bffa4501fe524607b64c0ca50f9ba721b8eec516b5858c7912d31afab5b

SHA512
737b19a8ff8171554a3081e8e6e78e95b02d0b05b8d4c3270ad247402a0a0964e1af9ea7049abfe194129176f85a22feafe8067626460f7033398e3bc36375b3

Download Submit
/data/user/0/neisl.eisnt.coti/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/neisl.eisnt.coti/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

Filesize
96B

MD5
069414c3bdb52a183f1742d117ec0bba

SHA1
1943eeb74644891bb791a9b37ffa939ec9c3f1bb

SHA256
0bd772be1bdf6cd594a40329611bc61fbe9e4ed2ade747e759d69c95f972ff60

SHA512
19630064a3514dbb8635b954a455709ae93e0682d179815425cc6477f11de7efd1a05f2cebba8d951f1bd5461879a1526f632fee1a8868988940e7929581ea38

Download Submit
/data/user/0/neisl.eisnt.coti/cache/WebView/font_unique_name_table.pb

Filesize
57KB

MD5
f080fa2a56ab5479d58063e5ea871447

SHA1
4b3fd57a98916fa5784305b76ba30af26b5253d9

SHA256
0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815

SHA512
8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

Download Submit
/data/user/0/neisl.eisnt.coti/databases/dbwofqg

Filesize
336KB

MD5
851e8f8bd026233bcb01ba9fdee4c1ef

SHA1
a253b141bbfad083a2f643fa542040899e71476a

SHA256
a88f9929ea482d5c43b31afe835fe4768a99e76d723578e3065e2f353c42c125

SHA512
ecefd920d3bef7f9ce8bbe5415a3b9b50a9ab22c9f8c90c735cf567f0ed1ff25ded0de40eeb7c37ef846da3fa8c39aa89440beed5784bea51236aff3007e0ea6

Download Submit
/data/user/0/neisl.eisnt.coti/databases/dbwofqg-journal

Filesize
1KB

MD5
fe5229f7a9d82fc7c8627140d1e69678

SHA1
ef41960834b5bef56c56a9d2f1483fc9bb3f2b0a

SHA256
36865323a02b8445ecc18a63e21ea6c13868f0a94192146c66d9acdf082665bf

SHA512
d418358dae76a76617b855cb6363e09baa1917978101a76b15a9b16f6b9bd762ec010902e908b8a1e0d68975e84dc63cb2193dc04a2c2a46e9c0b94046b63d94

Download Submit
/data/user/0/neisl.eisnt.coti/databases/zeiasw_analytics_v4.db

Filesize
120KB

MD5
05fcc56c6da20a9faf7692f29ef8183f

SHA1
6c73cde1222bdc30ae71b53f1ef91831843dcc53

SHA256
abc3326616e20a61b6e8d69439d403bb32a8a104dba48e80e614cc4975ff9156

SHA512
2fb4f6ec608319a4be27b5fa5cae1f4528a752a07092a0d57898dd8cabe23fe546509adde79a5721d086df0ed616ff18e6e1f591c57eba2a42addf0ba28dadaf

Download Submit
/data/user/0/neisl.eisnt.coti/databases/zeiasw_analytics_v4.db-journal

Filesize
1KB

MD5
80320a9fb6c85bfc7ace86a9ddeb08fd

SHA1
2fd0aa561ed3ff3f9a8c8b2e0aee802581354106

SHA256
b5914dde3dc6cfc22bb1a3623af97e88ee7ceafa408eb3107aff3e4e2336d9dd

SHA512
3aa7d7d60423aa116cfc10ec3a77996ad02a550defb10463cb1ab5954649075ccb8c2f200efea928e85d3b6b6b0e245298aced743177cdbd69a24746e6194b66

Download Submit
/data/user/0/neisl.eisnt.coti/files/com.dksjfoa.kjfosi.dzu.jar

Filesize
216KB

MD5
9277cd1ace40714b53b369d0f5f20c86

SHA1
e4d8dbb822e2c1794f578c3d311450e9e75bd8d8

SHA256
4c1444f7f2c88ab2ee1a4380e04164025962a81dde04a0d7cfb7a77eb3639591

SHA512
e387177752d0eda99ea858da494150706748d110ee634befaeaf8a9e043a58099266f89ceec9f9b709ad63799198797651f28e37e04b31455de91688cb1a63c4

Download Submit
/data/user/0/neisl.eisnt.coti/files/com.dksjfoa.kjfosi.dzu.jar

Filesize
420KB

MD5
f8034db424b7b9c7f86a2686a1336b23

SHA1
cfabd7a9fef2a242f7dd9dc6c847ce1c45c53c98

SHA256
55e9d5b8ff6810b49227233cf9141909a93a0ff5b16d58a0ee79b089bbb60980

SHA512
4818891f9a3a9006b45561505f2b14c2a0edf24938e602b927aa1035e5d75409b24fa090f0c04e7b089eab674a32a5dec2947e0d46df91ec25505465cee006b1

Download Submit
/data/user/0/neisl.eisnt.coti/files/gaClientId

Filesize
36B

MD5
9a543fc950d7f97746412ff3360fe871

SHA1
9d4c3e32f6bbb317638022d0dfb22559e0c26229

SHA256
7ebe2ed106ee719eb5ef4f3bcd00d9303e6626c384e7e457ecfbc37e5a9fa579

SHA512
e7719182a1aa08e16b72f0029ad83a975d1df53d5d6cad7e0f28ca5a9f93bee628857657d1d771766090d2da1787b69c5b529d9e9701e454247c3f8b1ffc1857

Download Submit
/data/user/0/neisl.eisnt.coti/files/oat/com.dksjfoa.kjfosi.dzu.jar.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/neisl.eisnt.coti/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
97ccd9a2b2063143df56b6937f961ca4

SHA1
5e78a91ae5df289ce83443cb7d5589dd3504fb5d

SHA256
248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd

SHA512
86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

Download Submit