02ad9327bce6a0558fc9451eddac678846454bf92ad840d2387831d11b802889

Analysis

max time kernel
2950037s
max time network
154s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
25-11-2022 11:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02ad9327bce6a0558fc9451eddac678846454bf92ad840d2387831d11b802889.apk
Size

2.6MB
MD5

412618759e88ad1d9f27132f3123ca71
SHA1

9357d591d70c8b847d9c9bc253691527e0b2df2a
SHA256

02ad9327bce6a0558fc9451eddac678846454bf92ad840d2387831d11b802889
SHA512

9ef56b41a576fd4d0692dfcb994386aa4ee2cd952b68e30082820e1d55bae1df7d55a4137f98d3ff10d56911c88455125cf4900f13e2c18c67bc11e0618473df
SSDEEP

49152:GiuIV0wTSUSzE3IcKh8USsZerSEgmr7xbyJQOog3dyWBu//HHIsBIyisaKsvG9tD:GiuIV0wTX3IcKKUdeOmr7xbkQ5gMtHHh

Score

7^/10

evasion ransomware

Malware Config

Signatures

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/vn.soo.zalochat/cache/1582435991586.jar --output-vdex-fd=126 --oat-fd=127 --oat-location=/data/user/0/vn.soo.zalochat/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=&vn.soo.zalochat

ioc	pid	process
/data/user/0/vn.soo.zalochat/cache/1582435991586.jar	4300	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/vn.soo.zalochat/cache/1582435991586.jar --output-vdex-fd=126 --oat-fd=127 --oat-location=/data/user/0/vn.soo.zalochat/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/vn.soo.zalochat/cache/1582435991586.jar	4094	vn.soo.zalochat

Removes a system notification. 1 IoCs
evasion

Processes:

vn.soo.zalochat

description ioc process

Framework service call android.app.INotificationManager.cancelNotificationWithTag vn.soo.zalochat
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

vn.soo.zalochat

description ioc process

Framework API call javax.crypto.Cipher.doFinal vn.soo.zalochat

description	ioc	process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	vn.soo.zalochat

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	vn.soo.zalochat

vn.soo.zalochat
1⤵
- Loads dropped Dex/Jar
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4094

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/vn.soo.zalochat/cache/1582435991586.jar --output-vdex-fd=126 --oat-fd=127 --oat-location=/data/user/0/vn.soo.zalochat/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/vn.soo.zalochat/app_webview/Cookies
Filesize
64KB

MD5
cb7543c4df600f2af58097cce0e334ba

SHA1
83cc92f38c27fdb4fa519b1ce2f37912f24af1f0

SHA256
64c022ae708f94ffde986e105d88f708884de325720bfb9925c4160a6d417233

SHA512
ad51cad0472327bd68aa2d791341cfafed58971752352537bb603ed18b15a3f9185e9150983a28ecd09606e8dcaef6d1c9d93213dd246ef7720f39842eb3d980

Download Submit
/data/user/0/vn.soo.zalochat/app_webview/Cookies-journal
Filesize
1KB

MD5
540da87c39c220f493fd59ff1d369698

SHA1
ca0b1f9469d9bacfb05d8efe70843f5430d39f4b

SHA256
d3116f544501bc576f3ecdb2bf6638a43f65d4fdc3b46c9a0aed801dff22fecf

SHA512
665c422274af08c2fecf84cac575da2ce2b3f4ac087dc71ee39cdd59f5fd2bc0ffb6924b7cc768fc54ea4098646061fdd8bb8e9587afbd4089b9e9944d0c8b44

Download Submit
/data/user/0/vn.soo.zalochat/app_webview/GPUCache/index
Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/vn.soo.zalochat/app_webview/GPUCache/index-dir/temp-index
Filesize
48B

MD5
a0ea7e7cdb172c05d5275e8f5f989fc7

SHA1
6065be42b56b996e976a442871355e5aeb932013

SHA256
aae3b0cc7fa50e87aad8c4bd3d978644a37b14cda521817b3fd5b44fcf5ec5b1

SHA512
024a08b468649d465b5b2c83c15f61a7e62a205e28afb25d6d829b5b1be8dea24ebd7587308b20bbd894cbde9a958af57bf0089229da6181c870aeaf42ebf601

Download Submit
/data/user/0/vn.soo.zalochat/app_webview/Local Storage/leveldb/000001.dbtmp
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
/data/user/0/vn.soo.zalochat/app_webview/Local Storage/leveldb/000003.log
Filesize
261B

MD5
60ea758fcf3880119fbad4f91c6cbb9a

SHA1
eb8b1631cd93f41c657bed14a54de765de1def11

SHA256
962edcf28e565bba078ae60a919a56e8199ffa02bca254f4578a1c77f1cc09e3

SHA512
270b6dca6af43724906809a0e61364c96c525c4c781d0c98cf13924b0f34597b36e6b8a41303eda8198e19361b6263a9e0918631873005510c3408fd44b6e8f4

Download Submit
/data/user/0/vn.soo.zalochat/app_webview/Local Storage/leveldb/LOCK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/vn.soo.zalochat/app_webview/Local Storage/leveldb/LOG
Filesize
70B

MD5
910e3db4ee74621f0c8a2057c311fedf

SHA1
9b62dfd77cc6d6a62ce401f299ed89947c4da577

SHA256
9ed92683fb13cd9429bf3797936b0a5858a4bf5e6abb02400fb0762a2bdd8cc7

SHA512
af9775ad038ea1253de26826266e21345e78bee12d8ccd2bcfa2b4885deb1a67b42285f792526698ed3b908030f6d2eabee3b0be5e4f39a37a18007d2520be9b

Download Submit
/data/user/0/vn.soo.zalochat/app_webview/Local Storage/leveldb/MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
/data/user/0/vn.soo.zalochat/app_webview/Web Data
Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/vn.soo.zalochat/app_webview/Web Data-journal
Filesize
1KB

MD5
fb80a2c073886a483aa7d48b11793935

SHA1
c52656a555bea0228c71e07e0b6a096d64a299fa

SHA256
38df2d86ff76e4f7815efaaf4271af857b8af279d73b8f99ac84fe86ba14c9d7

SHA512
6b82edf9e102f372efa853b1adb8f756567b37e7c364c92b1f7f758d813bb172a14eef0f8b92640fb33d93b99f9220c092cea32392f1d4d34f1602f40d8237b3

Download Submit
/data/user/0/vn.soo.zalochat/app_webview/metrics_guid
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/vn.soo.zalochat/app_webview/metrics_guid
Filesize
36B

MD5
2076067ae3ad2cf2b192827cfb05d3cd

SHA1
fcf021edd93bfe3c78d91bd72568627bc8a5c55e

SHA256
9c9bb00ebc1e272e9329946a76a82e24f6d2d1ccb6ee7ddd86647767e3cbf0c4

SHA512
275462dff568070a675aa61e48313909b809a6f69d9a46cb2ea9cbec602c5f3dbf9fa99d6f868c4c7d93e38815e54fa6d98f322193858a9804f14906c1718aae

Download Submit
/data/user/0/vn.soo.zalochat/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/vn.soo.zalochat/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/vn.soo.zalochat/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/vn.soo.zalochat/cache/1582435991586.jar
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/vn.soo.zalochat/cache/1582435991586.jar
Filesize
20KB

MD5
2048eb6124a452540ee51dae4145aadf

SHA1
d05005b2cd7fe4cd652b0d7fd1bdac2c19d51451

SHA256
105c54b6fe3f25350e92187467761598e4c21d62b1091b77d091f65f3bd98864

SHA512
bb6cb3853dd2a5d0701e20607d4e153ae201268dd2e5e2d06cc2df208b3b4dc50132a4ab428251b1644d2399fcc717662438d082ff14203387bab8794109d44d

Download Submit
/data/user/0/vn.soo.zalochat/cache/1582435991586.jar
Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit
/data/user/0/vn.soo.zalochat/cache/1582435991586.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/vn.soo.zalochat/cache/oat/1582435991586.jar.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/vn.soo.zalochat/cache/oat/x86/1582435991586.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/vn.soo.zalochat/cache/oat/x86/1582435991586.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/vn.soo.zalochat/cache/org.chromium.android_webview/75aad0ef03ae2d91_0
Filesize
135B

MD5
286069ec2e9a5133ed9a161e9b310ea2

SHA1
a09c8f086a8a51fadb7db4329b086d34dfe207eb

SHA256
588ce8ab1b9139f165f25763df88056c7eadd9f6e8c9ed1ea50536eaa63e6234

SHA512
5fb064bf7502ec8b01ad914f6b9feb284e999e08437647248a61eab9cbfe61bd7b9c6a060418b2ea3639bcfa89704baba25281c1039f99b5fb5fd30f50032677

Download Submit
/data/user/0/vn.soo.zalochat/cache/org.chromium.android_webview/c41101269af94bb0_0
Filesize
5KB

MD5
b42836b5dd687f1e597bef500c72654b

SHA1
4deaae769406ddbf789b6cd59cc1d25aecde3d6a

SHA256
494437b22a50e40f85ba0c5117d983ffeaaa9b2d766dea0d007a84caf0872db3

SHA512
3d64712c7cfef8b05b8e10dde4a7714c983aaff8acd45218ed3d82fe69b478d98776284d7187411038888fc45495886ac49c75c1606907054c15655e4742bb3e

Download Submit
/data/user/0/vn.soo.zalochat/cache/org.chromium.android_webview/f038e94cb33282ab_0
Filesize
123KB

MD5
bde7aa12a09e89dfa798ab00451870f8

SHA1
98cc4ea22ab07cb3bee9d48535724096ab368152

SHA256
95f4d467c9900c2b563e9fe2c17766815e57c99fccfd2fd50739d351ed5e6936

SHA512
f11426a17e98ce1aac5cd4ef7520c8e0f99d75219cfef49ce60b3a39af9a25cc4527f7a09b3c675fd273fb1b94269d28f49d81ad3c536595a0b692bff56a0525

Download Submit
/data/user/0/vn.soo.zalochat/cache/org.chromium.android_webview/f038e94cb33282ab_1
Filesize
196B

MD5
8e6c857ad239f4df199940265e7370f6

SHA1
f733cbe9f72f3db3c3b6f7d03e1b202db2615a2f

SHA256
b906803d1f373395526c2aef36481b824805d627127a9c553910c5eeaa9611ef

SHA512
e8a62f6ddcb25909b4bcd859a3ba6394bc9ba0f967592f330427b89216e6ba3eb41fc2a7e7b807d64961b42136dd6d61d0ed524ff468bcb73594fa413d6400d1

Download Submit
/data/user/0/vn.soo.zalochat/cache/org.chromium.android_webview/index
Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/vn.soo.zalochat/cache/org.chromium.android_webview/index-dir/temp-index
Filesize
72B

MD5
7cfebfb892443a48ba4fc4e24cb4b493

SHA1
cfaadead218cc649aa07e6642184ef157b65d960

SHA256
bac39cb81693afaf0b8e38e8faec9c4e79519f8a1bbad5eaac89f802fc3b2d9f

SHA512
0e4dd12190b998b5fea9d3b8dfcd515975eafa44bb1a3766c1d2d4428e1ad9252b5cf43ede0ec2947881d21ee9158381ac1a907c740533451eb1815c84d02f6f

Download Submit
/data/user/0/vn.soo.zalochat/cache/org.chromium.android_webview/index-dir/temp-index
Filesize
96B

MD5
61e3447a14dce99469b089c23b2960ba

SHA1
65dd7ab2beb8ee6451316c416c54b35f99c530a6

SHA256
37fdb4412124449e497abac16f7a0e750da9ffc7a04012a9b08e41acc9fc1806

SHA512
c8ecc5c4cd0d023b93a0f29df0dc142538b40d49058b2f7043a787d1147dd2fb9500a442301079283fa82cf55ef6f305a24f84f0641c9b9ea1d7f555256a1d84

Download Submit
/data/user/0/vn.soo.zalochat/files/gaClientId
Filesize
36B

MD5
bca0d5da10e466c534e4fea446996d2c

SHA1
fcf015e13954032c2ec88a92514d94b4fe946118

SHA256
d0b5ec55241e271ed257ff6c6c8c0de003cb2ffc8f2fd7d76f98fa35de9b5476

SHA512
6a58c23b369c3449549ca77a2a8b6ab5e8a188899d2318124855fe836d82a7dd8ad2dbcbb831334dd65926ed4c09bcafb4a9b3c19dcc9631a3f5b3950caf60e8

Download Submit
/data/user/0/vn.soo.zalochat/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/vn.soo.zalochat/shared_prefs/admob.xml
Filesize
133B

MD5
9ae1f92f5a6f89d062d733851e4b41a1

SHA1
251233b5737083becf791e09c2a821692d42fa2a

SHA256
748c3e21861085066c6e6d68ab5f1a0cc5258670d033f375c789128cefb1cf4a

SHA512
89302974ebac217b5657ee170b802a2d873cb6845bee7a3eb4ad601ef73d403994d2a103e335523ed1253120d976f64a8024d2feaa3dd9c6a95a5fa1425b99ca

Download Submit