b400c984a30288fb9722e17de289414916eef25a77b06e0184e44928e27103a9

Analysis

max time kernel
2949913s
max time network
134s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
25-11-2022 11:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b400c984a30288fb9722e17de289414916eef25a77b06e0184e44928e27103a9.apk
Size

2.5MB
MD5

6c1f28063bbbf063c84122ac3238be1a
SHA1

6c4047f27e536f28f49867b15c419d3b26d5584d
SHA256

b400c984a30288fb9722e17de289414916eef25a77b06e0184e44928e27103a9
SHA512

c64347fed2624bf6e3ba427739db974a6d3d65883672fdbeb7c406d59ec76bbd79cb21d078ef117e1c9682165215541224a0e2f6fa762035c6f787f7a13eb629
SSDEEP

49152:+d/potxAIhtJ1npOV9JjQ4WylFnCS4gwqT8vCyDc6jiew38eEV3Q+I:y0xAIhtbng9JjrWgFnCSHWxwiiey8N1I

Score

8^/10

evasion ransomware

Malware Config

Signatures

Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.

Processes:

com.main.gm30

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.main.gm30
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.main.gm30

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.main.gm30
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
evasion

Processes:

com.main.gm30

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.main.gm30

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.main.gm30

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.main.gm30

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.main.gm30

com.main.gm30
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data).
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:4044

/system/bin/sh
2⤵
PID:4148

ls -l /sbin/su
3⤵
PID:4252

ls -l /system/sbin/su
3⤵
PID:4327

ls -l /system/bin/su
3⤵
PID:4358

ls -l /system/xbin/su
3⤵
PID:4385

ls -l /odm/bin/su
3⤵
PID:4415

ls -l /vendor/bin/su
3⤵
PID:4435

ls -l /vendor/xbin/su
3⤵
PID:4453

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.main.gm30/databases/mydata
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.main.gm30/databases/mydata-journal
Filesize
524B

MD5
2187512b9e0b510ab9d12c4aef13f9f8

SHA1
9b054eb12f806ca46aba6a4606eda8afaac94fa4

SHA256
f95b06f405bdb52bcfea28f093763d26205ca4b01ae011703e0d038300e07bc3

SHA512
4a8108b7653a7eb856e6d62103c9d466451134fc42a5628e6381c70a1b726e097238ae177b4cc10010fca4b91b8c1d0841a65d284a7fcd3fb6eac665a815b3d8

Download Submit
/data/user/0/com.main.gm30/databases/mydata-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.main.gm30/databases/mydata-wal
Filesize
68KB

MD5
9947b6624624af911277c87ba4654e28

SHA1
8633682940e1f66e42a761a33508ac2c6ead6aea

SHA256
60231f14893b6ec2a142ea6ca8bd339fb3fecb1ca2b08b0e576468cde57c66f8

SHA512
d7b2631f177acd2026bb04f526ed3b578fb21a8a7404536fd3de65baa10a1a60f73d6a12377d78d32bc7c42e52581f7c901a232a5cf48001eccde979766c5c97

Download Submit
/data/user/0/com.main.gm30/files/.imprint
Filesize
848B

MD5
b6e611fd990792d1f101c43f5b12d52f

SHA1
070297bbdd8e1e725ed6e11b84252f141b21a9f3

SHA256
d3df5486b9ca5a718cfd8fc6f2f3c4ed9122637ec71123c1929781a363717cc7

SHA512
267b6744ffba40ef0bd26e4bc89004f41df329d269fbde0d12c1e4524ce181ae7e837bfa5489b9e5ba48f2ff32409af34dbd0e21472fd02d3e3bdd59840fe29d

Download Submit
/data/user/0/com.main.gm30/files/umeng_it.cache
Filesize
211B

MD5
19cc878f56a28a0b524e713c08e1b570

SHA1
0b08f466c64da510b8f52e939eab98598af302dc

SHA256
53e43a3a3e20d494f23d00f9ef968d7cbc0a1847b76fb87ea764e613eb006f13

SHA512
6bbcf0ee869ec4c7cee72c09cac5242df4ea2c07040a38011433fd66371d42091435edb3db862d447c991660139641b2e3783ad1b5a888defa7593880234a422

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads