a3571b97204f78463191f8c71694e63fcef6fcf2833d022a33067274bbf033c3

Analysis

max time kernel
3018688s
max time network
159s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
26-11-2022 01:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3571b97204f78463191f8c71694e63fcef6fcf2833d022a33067274bbf033c3.apk
Size

3.0MB
MD5

7b610e9eda1b25f2e84d85777285cc5d
SHA1

45b0083a030f22fec40ccebfca3b15ba5440b0a9
SHA256

a3571b97204f78463191f8c71694e63fcef6fcf2833d022a33067274bbf033c3
SHA512

69928e15db5a558f0fa4b6e48696eb65455ee9a9b1960b31c335154a81dfa1b0a651390d0de064299748359cefc3bf6a7ae21cee66cdd20e750fd852b7f36ee8
SSDEEP

49152:dVw4oKNRI/iwHku27d7/UV+lKtzvOAkYWTVzkC0Wxzq4kVHkDqN2JtT:dVw8i5HnuBMIKNRahTtIT4qq

Score

8^/10

evasion ransomware

Malware Config

Signatures

Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.

Processes:

com.yongrun.app.sxmn

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.yongrun.app.sxmn

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yongrun.app.sxmn

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Sonnenblume/res.apk --output-vdex-fd=75 --oat-fd=76 --oat-location=/storage/emulated/0/Sonnenblume/oat/x86/res.odex --compiler-filter=quicken --class-loader-context=&com.yongrun.app.sxmn

ioc	pid	process
/storage/emulated/0/Sonnenblume/res.apk	4498	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Sonnenblume/res.apk --output-vdex-fd=75 --oat-fd=76 --oat-location=/storage/emulated/0/Sonnenblume/oat/x86/res.odex --compiler-filter=quicken --class-loader-context=&
/storage/emulated/0/Sonnenblume/res.apk	4048	com.yongrun.app.sxmn

Reads information about phone network operator.
Removes a system notification. 1 IoCs
evasion

Processes:

com.yongrun.app.sxmn

description ioc process

Framework service call android.app.INotificationManager.cancelNotificationWithTag com.yongrun.app.sxmn
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.yongrun.app.sxmn

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.yongrun.app.sxmn

description	ioc	process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.yongrun.app.sxmn

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yongrun.app.sxmn

com.yongrun.app.sxmn
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4048

cat /sys/class/net/wlan0/address
2⤵
PID:4305

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Sonnenblume/res.apk --output-vdex-fd=75 --oat-fd=76 --oat-location=/storage/emulated/0/Sonnenblume/oat/x86/res.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4498

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.yongrun.app.sxmn/app_Sonnenblume/sf_idle.ini
Filesize
12B

MD5
0a996632e07b79c51fdcab41fc9e90a8

SHA1
a719ff169a3f75db5e0452648b3548947e029929

SHA256
a0403e12c1f78e0612f29ee790f8ee4a1640764ccc625602440569c247c28903

SHA512
d69a24b224c060c8a7ec12b6ca08365b8c430a09aa3190406dccc860ea33e1922d132492a69c719ac20dc61537b7f581286b77de948f556cb33b712311cae55d

Download Submit
/data/user/0/com.yongrun.app.sxmn/app_webview/Web Data
Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.yongrun.app.sxmn/app_webview/Web Data-journal
Filesize
1KB

MD5
3d33620e8a84a82b6f4364141769d4c8

SHA1
f5c8ce0ef23a008bd68cf1c404e5339139dd7f35

SHA256
cf331ae5e71ce45c2da3f94f471315b9e1a11e8659e8bc12f75617fa37bc4014

SHA512
b9aae87b8990a9259972cabee8b60ac2f03805d9fcf6c58cfb42689fe1492a3aaa46a2e1dc81b568bcecf039857273cf8fc998373e191c21892d520b3c32ad19

Download Submit
/data/user/0/com.yongrun.app.sxmn/app_webview/metrics_guid
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.yongrun.app.sxmn/app_webview/metrics_guid
Filesize
36B

MD5
7d418953e9628a138c3fcd89fb69b249

SHA1
947445f4e509966fe83a51d847b151d77301e98c

SHA256
17b32d9ca716ee1804ad4b436112bacb9dff6a9bcd35b125d3b8ad2e3ff1267c

SHA512
074c9fbaf88a4926d7fe81d9aeb43887e38efa1e2c12d327928e40d18c3265998a71d565689693bc0beff0493e84706f7151666340909b89c7da03479bca1680

Download Submit
/data/user/0/com.yongrun.app.sxmn/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.yongrun.app.sxmn/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.yongrun.app.sxmn/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.yongrun.app.sxmn/files/__local_last_session.json
Filesize
108B

MD5
b4795cde81f43263abafe3d9248b500d

SHA1
faf7b4f19dccf52a64a2e2ef11410423e3d85eae

SHA256
a1b8a13f0407b821b2a1013d50ae1fec059b15801dd33a0467631f4056367ae5

SHA512
edb6afb2cfc64fc59b7934a32a51bc5655a47d9656603a1ad902ce3d29cbc5e21ff4ea1703378336e50746c6224130bfb6a238c7b6df2ac5bd9f1f7a306825c7

Download Submit
/data/user/0/com.yongrun.app.sxmn/files/__local_stat_cache.json
Filesize
25B

MD5
2d805b13f2f28dc3ca9bbcc000f49bb5

SHA1
9eac165b4d81258fd3967cde5cc53b53b1dabcb1

SHA256
c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19

SHA512
5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0

Download Submit
/data/user/0/com.yongrun.app.sxmn/files/__pasys_remote_banner.jar.tm
Filesize
121KB

MD5
843e0c15ef16f500cb9a01c29fb6dbac

SHA1
1528d33d7215e12b86aad74bfb86687fdb470f94

SHA256
29f097aca80bc71b4bece40543f7a825edc76d5aeda07ccc93b606bafd43d102

SHA512
af9049776fdf554a4f534934baaa93e07f9ec335884e35a34b93cc57eee74388108429c2c1ee7854e79d438fca14f72bd165e961ad65b1fcb1d283e31de21b81

Download Submit
/data/user/0/com.yongrun.app.sxmn/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/com.yongrun.app.sxmn/shared_prefs/com.upay.billing.saveddata.Main.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/data/user/0/com.yongrun.app.sxmn/shared_prefs/settings.xml
Filesize
118B

MD5
8d02977fbc0a1d20a385d8a102110991

SHA1
6c7209bd67ad59c25e863dda1efb2cb85a05d739

SHA256
d033862df85b24a5738e5a33926be9e50609487e7aa3c7e464b56110b77ad96d

SHA512
7d0234b4303c67294c676f87e15c7595870c62a87d4dc8fe061a369c9b3950a109ac0f401faaad9f47e8f1d8bbee831eddc93c93d2dfde6b2f58a3da9cc4d1ce

Download Submit
/data/user/0/com.yongrun.app.sxmn/shared_prefs/settings.xml
Filesize
256B

MD5
f5144003d1d30162aa023514a9fd20f6

SHA1
6aee8ccbcabd72eaad80db242225a5f24348a728

SHA256
a1836bb548efe95cf47cd8659220848a015336f1e24c8f61329cf1e25265383b

SHA512
3605eb063912c2ead1ce1ecca2feeb764ac314560b503ff07587679859354ba7b79fc7120b634af318149f1c13365c996267393cc777f05e6f5127d20de6a70e

Download Submit
/data/user/0/com.yongrun.app.sxmn/shared_prefs/settings.xml
Filesize
300B

MD5
f6dd01894db9cdf70d8415d3ed857ff3

SHA1
33b77c24d193026d75716e3078452e0df3b96061

SHA256
482ac4fd2f55fbeb1bd26b9b80171b4563dafdef560e7224fa2b6b607a23b211

SHA512
18f9f4d770dd302d44dd699eeed919ae684855a89644ff6469e28ccbda0165f5f53cd5f2e4e4112d65fd11efec6c4de446624271ab30e1ab27f9d44468203682

Download Submit
/storage/emulated/0/Sonnenblume/56DB236FDC604D32DF902EBE46EAF5EC
Filesize
384B

MD5
bdab503a983fdc9ee4db720fba7906ad

SHA1
d8d697cd6afa5f34d5d7c68c7abb2b53908feb99

SHA256
e6855f63ce7386acca29d16c329ec0fc1c8d93f6a3e75eb1b6f84acce9af0784

SHA512
435e4584004ba148ff0dfc2846e7486862e672620490cff04544c7edee24c5f32af402e1019966ee7c4ae8ee802fa90340d18541492c59ee1bdb70016bfad7be

Download Submit
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2
Filesize
317B

MD5
6cd74d797bb88fc1a5a47bbf1ef1bcb6

SHA1
327808debb3bd3b059ca7330a76b2952420c3a11

SHA256
777202e77ec1a9e7da93d323a492f87f8832b4a1ea1fcc14814920d3d5398f56

SHA512
fd3ac96618a92f6312b166bb826753e4b33d1fd373704356dc0c0fdddae2760dc2ec3106ac53f456adb1a2e2accfbf4f9ee41dffb1cd33af929739d086f0d8fe

Download Submit
/storage/emulated/0/Sonnenblume/apayment.db
Filesize
40KB

MD5
999895a7cc41f2074c425f7402b3c496

SHA1
db664d8feba2e22656a3065b678ffadc853f88e3

SHA256
f856dfc2416679c7f7f3f5ba8765a4398497627b10a01f8e20d34405d0d54341

SHA512
02f720bb67cf2b51bfb99b093ac91e227297af1fee5b10859a3f54a76669d93956d9c4e08f5aeddf342dc06aebb4fe5e27cc1eb2d84f880804f83d3fe7b8face

Download Submit
/storage/emulated/0/Sonnenblume/apayment.db-journal
Filesize
524B

MD5
02c43628c1dcce02242ed6fb67585ec9

SHA1
49440491c66bbec8a42b3b40a68ac5cb87cb2a2f

SHA256
9c6a2067ff2744c4c466fa512ef9b0163e3294ecd758279fcb8e7ff0de7dd481

SHA512
d6c0fdf028d1becbcddbfc97b70f05418f74769aa1a1642c03e20c83db0b564765b280966d67224b6c26b90d4dfe04776a71b75682a599eccbf6c6b82437a17c

Download Submit
/storage/emulated/0/Sonnenblume/apayment.db-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/storage/emulated/0/Sonnenblume/apayment.db-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/storage/emulated/0/Sonnenblume/apayment.db-wal
Filesize
48KB

MD5
aceda9bac4c3e56ea15f664e3510c94e

SHA1
a63f67f1419313b6beb44507c9c0436500f0371b

SHA256
df7e586c962c054664b8691c6137f7b4e07424ee0537b2d3898e72e8b0d73cc9

SHA512
6f52782e167f2d3d5c82c37c4c30a2b72d188de179994feacbecf48157983c9896ad1700dd6331b7c77ae221c716f5f8d3b1e7931ed4b84c69a4a11a994230a3

Download Submit
/storage/emulated/0/Sonnenblume/apayment.db-wal
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/Sonnenblume/oat/x86/res.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/Sonnenblume/oat/x86/res.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/Sonnenblume/res.apk
Filesize
277KB

MD5
d57df49fd837a35cb5ea4dea5018ef05

SHA1
828780e0a37f6397fc62b6c8b5d1a6c4dfe29722

SHA256
f56431275335c4cf6467ef63cd73f18a443b79b247099e356792e0b26a5412ea

SHA512
49ec784a2800691070220b3c9498a27e7f47cc287970e5238b4965b05bed0fc34ee493ca910c852f8e079883315640b25b1015d60599ddbe8ec3a9f5988fffc9

Download Submit
/storage/emulated/0/Sonnenblume/res.apk
Filesize
277KB

MD5
505d71ad9581b55562c6dd98b6a6d59b

SHA1
d996469c6939a3fd1c563b03cc62a6e1858eadcf

SHA256
e86cf35145aaa50ee3b32d84fe1c2844946b05d08f397ae2b5b393db731cec53

SHA512
2c6f151c57e021b43d4c6695a6c04e1d7430d2571f3ba1a3d00ce2599842e88aa9f83cac052bf16e0f131323707a7cbb06bcf3f90c4cb555f7911ebf47429808

Download Submit
/storage/emulated/0/Sonnenblume/res.apk.u
Filesize
125KB

MD5
bd2a6d80ead23fe3efc53afc04787c82

SHA1
76b990eecfc20592d88de1a85aea29c4c4ae75d6

SHA256
7ab3a6ee77fb8be8f9d257f072eca4a8dc6922b6f061813f06bc88952556a1b4

SHA512
b3eeefe1dcf105b3b1aa73c83d06edd10dba3579fc95e9255c2c68bbcd3f3b22c4d4a61f0bd5b148542351ac7e338d550d0425a472589a80683faf3986c280e3

Download Submit
/storage/emulated/0/Sonnenblume/res.apk.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/Sonnenblume/sf_idle.ini
Filesize
12B

MD5
0a996632e07b79c51fdcab41fc9e90a8

SHA1
a719ff169a3f75db5e0452648b3548947e029929

SHA256
a0403e12c1f78e0612f29ee790f8ee4a1640764ccc625602440569c247c28903

SHA512
d69a24b224c060c8a7ec12b6ca08365b8c430a09aa3190406dccc860ea33e1922d132492a69c719ac20dc61537b7f581286b77de948f556cb33b712311cae55d

Download Submit
/storage/emulated/0/baidu/.cuid
Filesize
89B

MD5
f4658b93ab3704368c000e8d5afe45b8

SHA1
1af9c6a25a801a73236d55f387674386cd77a3b6

SHA256
10205ef978a92a0d9a2fe4c9804c6a28bb15ed53cfd10348daf6c9101d2bab6e

SHA512
3a557d0eedcdfb763aae89739b009e6c9e393ac9b3fb2d54d8f768fbbf0b20e039e35bb8e1df2c961c6b528dad822ce38b990cb779b1bcab8240b75e1ce6ab34

Download Submit