54cda5369660312d06d75b34cd4333457a4cc9b5239d615f45db54e2ed02f4e7

Analysis

max time kernel
2942003s
max time network
155s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
25-11-2022 10:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54cda5369660312d06d75b34cd4333457a4cc9b5239d615f45db54e2ed02f4e7.apk
Size

4.6MB
MD5

b45fa7f5250c25d999da645a498ac026
SHA1

85efc4e36a8c20e3216be0277e44407015578478
SHA256

54cda5369660312d06d75b34cd4333457a4cc9b5239d615f45db54e2ed02f4e7
SHA512

d96533a5c4053cbbf6b1b85da4fb0ad6ff851c672db8e3bb5a576201f7f51e58aa8bcbc51cb3b439634fb2d753b5986aac2f1759c990524c1c49dc3cc3d1fa84
SSDEEP

98304:xB/7jU4RFtmNMFK9UFZJOFtwC3xFfBLPvsUncTCPh+RHmEPH5mf:xBc4QNIwUFZJaDhF5js4cmyfhk

Score

8^/10

evasion ransomware

Malware Config

Signatures

Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.

Processes:

com.artsplanet.pesoclocklitefree

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.artsplanet.pesoclocklitefree

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.artsplanet.pesoclocklitefree

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.artsplanet.pesoclocklitefree/files/brews.hyt.wfer.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.artsplanet.pesoclocklitefree/files/oat/x86/brews.hyt.wfer.odex --compiler-filter=quicken --class-loader-context=&com.artsplanet.pesoclocklitefree

ioc	pid	process
/data/user/0/com.artsplanet.pesoclocklitefree/files/brews.hyt.wfer.jar	4197	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.artsplanet.pesoclocklitefree/files/brews.hyt.wfer.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.artsplanet.pesoclocklitefree/files/oat/x86/brews.hyt.wfer.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.artsplanet.pesoclocklitefree/files/brews.hyt.wfer.jar	4096	com.artsplanet.pesoclocklitefree

Reads information about phone network operator.
Removes a system notification. 1 IoCs
evasion

Processes:

com.artsplanet.pesoclocklitefree

description ioc process

Framework service call android.app.INotificationManager.cancelNotificationWithTag com.artsplanet.pesoclocklitefree
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.artsplanet.pesoclocklitefree

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.artsplanet.pesoclocklitefree

description	ioc	process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.artsplanet.pesoclocklitefree

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.artsplanet.pesoclocklitefree

com.artsplanet.pesoclocklitefree
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4096

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.artsplanet.pesoclocklitefree/files/brews.hyt.wfer.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.artsplanet.pesoclocklitefree/files/oat/x86/brews.hyt.wfer.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4197

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.artsplanet.pesoclocklitefree/app_webview/Web Data
Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.artsplanet.pesoclocklitefree/app_webview/Web Data-journal
Filesize
1KB

MD5
0403353e68b67198be6a00484e44a959

SHA1
275678fa54e5bb8b7cbdee1356702593aa91e8c4

SHA256
5c21572c85bae0ebbc842d9ab8093d826d496b219ef3d67fe89705e7b3063633

SHA512
cc13ccabe3ad29058ca45f8f59acb9e393ac7589ea6d3fcd18841b84f6ad4f49dbd1437af3fb9254e067b6fb3c5dd2f97670e55043d284cc106565dd12c55d60

Download Submit
/data/user/0/com.artsplanet.pesoclocklitefree/app_webview/metrics_guid
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.artsplanet.pesoclocklitefree/app_webview/metrics_guid
Filesize
36B

MD5
707e367ec88c4206451a6a6138408f5d

SHA1
96f0c02496aee0f339009045d6a82bb0747bb9ed

SHA256
bcb1365f29f6f5fb0983266914c4837bd1117371ed3059c1f42aaf829caaf874

SHA512
a6c664023bdac9278920b5bd99a0daab85128bc70f6f11104ae8c66030d0680911d1b5fe81eeee5b2539e779a09bc3bab6cb49d4cafa959db5a1a5620133149b

Download Submit
/data/user/0/com.artsplanet.pesoclocklitefree/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.artsplanet.pesoclocklitefree/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.artsplanet.pesoclocklitefree/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.artsplanet.pesoclocklitefree/files/brews.hyt.wfer.jar
Filesize
216KB

MD5
e2fd482b4554db4051460458529fb09e

SHA1
6a1163ab52e5dc9dcfee7fac7e283089dc1616e7

SHA256
252654ac814c2e618a14c33e0fe23bfb06c89ab99534f78bcf895a534fba9272

SHA512
8aeb2a2f223a5a0e3a195fc0f9ebe399f5b3d83866e78283230daacbbff86e244da500ddbc14c2726f9e8fcd5f74b1cd2b928132537dcce51a745f70c7844afb

Download Submit
/data/user/0/com.artsplanet.pesoclocklitefree/files/brews.hyt.wfer.jar
Filesize
421KB

MD5
6761e3d933e8f6f1e6051dc22d8b4d3f

SHA1
b0b5e4853493aed30dcd71f8dae42ee2c34a25cf

SHA256
6c15672b9a6c0dc5b86d936da408c4535367530bc5c70eb99c489bb43b09c4bb

SHA512
1f5ac5c7292ecab0cdbb1c6071014c9ca7857047b06f867ff270517261fa65683f56ca8e8f51af1506e9e5197349fa4cb729e36b2d213d887ba727a27811ebd8

Download Submit
/data/user/0/com.artsplanet.pesoclocklitefree/files/brews.hyt.wfer.jar
Filesize
421KB

MD5
82dd84333c519cf97806339a5f05b1ac

SHA1
d85c4cdc8b73526dc860b5e6df4a2125bfa77fe3

SHA256
768b9a242306b1560837b3a0ef1a93773617fcc80d4b9333306d4be5bad9a8a2

SHA512
87b3286157bea723384720fcb4f06d9f47a2fdc3eae76c5fa68877c44de9927f0be1c9ff80bb273805f1b34f936f02d3869c1e977a6d2718646527ec1579f900

Download Submit
/data/user/0/com.artsplanet.pesoclocklitefree/files/brews.hyt.wfer.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.artsplanet.pesoclocklitefree/files/gaClientId
Filesize
36B

MD5
cd99934110a7b4a4763c1851007bd865

SHA1
e1081d8b7d16f798e9486b19505e76670ac4ecbb

SHA256
852ef106c5796818012635b66f379756705ead0eb596341e4165f0c07bfcaf86

SHA512
94bd190abd2c115826eca680672bf6b88563b913bb7851a9143f184550e03301bdba3eec529d53c991d9af3bb3f47369e9315c3a06e3a7baace9f3f674db42f0

Download Submit
/data/user/0/com.artsplanet.pesoclocklitefree/files/oat/brews.hyt.wfer.jar.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.artsplanet.pesoclocklitefree/files/oat/x86/brews.hyt.wfer.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.artsplanet.pesoclocklitefree/files/oat/x86/brews.hyt.wfer.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.artsplanet.pesoclocklitefree/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit