06bd97deb8ffad39178f63920d081c88e507f13782f3aaceac02be252d046fb9

Analysis

max time kernel
3080401s
max time network
49s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
26-11-2022 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06bd97deb8ffad39178f63920d081c88e507f13782f3aaceac02be252d046fb9.apk
Size

1.8MB
MD5

48eae2e689e87ca4b32136d6022e9a9c
SHA1

f68e74a7833fb0bcaddd8c7f78b04d9624dae971
SHA256

06bd97deb8ffad39178f63920d081c88e507f13782f3aaceac02be252d046fb9
SHA512

244038e1ed02f93945d435fa40dc435c1f3ba1eb53ecaa15c507a2b7b6c2cf3b1951a5678e06c67a6676a39158f2ba2f2e4734de31643839d82dc87f461df6ea
SSDEEP

49152:G4UubVS1ajDu533LWcThB/d9T+x0pUVjKQiQCllw7CiHlOdDHB8molg3L:tUubVgWDc33KAhB1I2pUsQiQCllfhXoK

Score

7^/10

ransomware

Malware Config

Signatures

Acquires the wake lock. 1 IoCs

Processes:

com.sex.position.superman.advanced

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.sex.position.superman.advanced
Checks Android system properties for emulator presence. 1 IoCs

Processes:

com.sex.position.superman.advanced

description ioc process

Accessed system property key: ro.hardware com.sex.position.superman.advanced

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.sex.position.superman.advanced

description	ioc	process
Accessed system property	key: ro.hardware	com.sex.position.superman.advanced

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.sex.position.superman.advanced

ioc	pid	process
/data/user/0/com.kingroot.master/app_ttmp/t.jar	4651	com.sex.position.superman.advanced
/data/user/0/com.kingroot.master/app_dx/do.jar	4651	com.sex.position.superman.advanced
/data/user/0/com.kingroot.master/app_dx/do.jar	4651	com.sex.position.superman.advanced

Requests dangerous framework permissions 11 IoCs

Processes:

description	ioc
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Required to be able to access the camera device.	android.permission.CAMERA
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

81 ipinfo.io
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.sex.position.superman.advanced

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.sex.position.superman.advanced

flow	ioc
81	ipinfo.io

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.sex.position.superman.advanced

com.sex.position.superman.advanced
1⤵
- Acquires the wake lock.
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4651

sh
2⤵
PID:4898

sh
2⤵
PID:4941

sh
2⤵
PID:4985

sh
2⤵
PID:5027

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.kingroot.master/app_dx/do.jar
Filesize
15KB

MD5
f7fae58e12330e2351b9ca95f0685f87

SHA1
6c3e8614ffed7b09793015ba8ab79db058bf4af1

SHA256
d832410ba9400a60fd8b6cff8ce635f46d570f692f5060faca0526098e7b571a

SHA512
afdac6a1ffed6e0fb1434f4499ed2e7bcbb45a4583f2ef54704707fbe8941743df2ea5db68b007ac3916cf48564fa7ccc4b244ebaa16c27c5428115b46062e88

Download Submit
/data/user/0/com.kingroot.master/app_dx/do.jar
Filesize
34KB

MD5
9b2fca6ae1b6463f5d4ead087b5e6587

SHA1
848b97f6ad5f27cd8c84cf74637af73f0b34789d

SHA256
4b10e73c9957fea2ddd846eebf8e13197f86160f95951b67a97a408ba4306b42

SHA512
d0fb7d2b9f842ea80bd914bc8800987ab9892ca9708224ef24a9f65932eb2aa97b593c3f6d1a7fce712c82da285c655e6f40ada19516497158603b3f99450716

Download Submit
/data/user/0/com.kingroot.master/app_dx/do.jar
Filesize
34KB

MD5
9b2fca6ae1b6463f5d4ead087b5e6587

SHA1
848b97f6ad5f27cd8c84cf74637af73f0b34789d

SHA256
4b10e73c9957fea2ddd846eebf8e13197f86160f95951b67a97a408ba4306b42

SHA512
d0fb7d2b9f842ea80bd914bc8800987ab9892ca9708224ef24a9f65932eb2aa97b593c3f6d1a7fce712c82da285c655e6f40ada19516497158603b3f99450716

Download Submit
/data/user/0/com.kingroot.master/app_dx/oat/do.jar.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.kingroot.master/app_rtt/SettingProvider.apk
Filesize
24KB

MD5
4d014a5e8129647cd75e05866e89ce63

SHA1
cd0f98d39cff89dc6a48980bccf13b095e25752f

SHA256
c05b4cecea7cacd30e875644b5bf4a29db608611e4c6b03f313e925e4d6f19e9

SHA512
4e044da13f08ac08150072e3a7f7c6839e50614b94ba40bebaead83f3864be5e3d9224a8e9f2047b89c698be9617f014908ca7a2b16cbd160ab5d6f93397345a

Download Submit
/data/user/0/com.kingroot.master/app_rtt/dtlrt
Filesize
68KB

MD5
1df194c96e813ebe22f02fc4938e7e48

SHA1
6016ddcfa641e5f114091599fda9e5cb0a79e02e

SHA256
0ebf055b0518543611f4a3c19c25147eef3a7a11a0088ce8f00f3a46d5782458

SHA512
153cacfc901b197a428cb4af9d4020e09dca033ebe46a4718a067b6c62c24d999ac0d9190c02181ecd623dadeac0b16087a10e5c6b120910fe7398971e5d5957

Download Submit
/data/user/0/com.kingroot.master/app_rtt/etlrt
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.kingroot.master/app_rtt/nis
Filesize
21KB

MD5
62c3cf862f30d0d06ae94113386db837

SHA1
c2247bfa1201db8e68f5ef61ad0dce21edc2a781

SHA256
93f15ffd1a95787751e874352376ac71d96ae9c8d3b7828835796510cce66b95

SHA512
7293716c464c0c5a5f3e94c6854e45954c63c32765ed0b1437ccf404cf49829cfada9918c5b40e42e300fd2d43e7ec14353fe96b13fd2eb6514ce0e87f0a1981

Download Submit
/data/user/0/com.kingroot.master/app_rtt/r1
Filesize
27KB

MD5
c27e59f0f943cf7cc2020bda7efb442a

SHA1
c72596d5db85c791757c7eacd030d11ca96ed1e4

SHA256
2389246bc2687dcbacb4fa592175393cb3e1b0322bc52380eb744a095f4fa7dc

SHA512
17d6fc29dfc525b06f0038e159ac5411d4a085bd613239465382c21d560faa820fe25c99fd7a1bc52207a7aa45755bae2e4faf02b813d76142785805582c6806

Download Submit
/data/user/0/com.kingroot.master/app_rtt/r2
Filesize
13KB

MD5
368df668d4b62bdbb73218dd1f470828

SHA1
566e3fd17b4d984785e8a513bccad7fee33e3da3

SHA256
03b1913aac00dfc09269678e6b272aa1c6bee6edaef68fff22ceed57f0fd9c1d

SHA512
9375c5c7430736195a62da522b2c31c675bb2cd280c0f3b52c9574b137a016306ffd5190ffaa1a05f2b70f00129a56424de47aee804354a91ed7afe6818bc49d

Download Submit
/data/user/0/com.kingroot.master/app_rtt/r3
Filesize
17KB

MD5
fb8449d1142a796ab1c8c1b85c7f6569

SHA1
c381e2aba0c023dd322b2bf1222f9404d61e12bd

SHA256
1427926697bd6b766eee626c41129503df9f436692d5e88ad62e259daf5293b3

SHA512
165392d72d8337ff0eb86539f6ba8b27c621a1b0bd1c57e5f72bdf957734d0d557bf8e6003a1cbe6c1438f379c1d82ca101cafccad38183ba122517f1ae0957c

Download Submit
/data/user/0/com.kingroot.master/app_rtt/r4
Filesize
13KB

MD5
04dd488783dffcfd0fa9bbac00dbf0f9

SHA1
3d6f71f4cc7562b813364b70950c577b04541627

SHA256
4fc98a1df9db3598b4c490273ed961e0fce819fb021bb77d277324cefb7851e6

SHA512
b914b97daffe3c1da68294ae6cfa72e107e393a45ef49e7b7f989b9297de7548f5eb8236e0b0d9cb343a4a372ba8d03e8e856a1fe40269d589292d6ccd93a373

Download Submit
/data/user/0/com.kingroot.master/app_rtt/rsh
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.kingroot.master/app_ttmp/oat/t.jar.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.kingroot.master/app_ttmp/t.jar
Filesize
104KB

MD5
c76b4c615a6be8670e68f00a36e038e4

SHA1
771f645a59e0d8c8623d62c5e15b219b6dc8baa6

SHA256
d8358f897aa498032a706a0eb846419ffb7c9d9e055007a9f9ebfba7cda149d4

SHA512
ea90c5fb93d150f3de42779efac8ce80afb03e833eb839fa85968ea7ff519600f580b324d009c17d8667d2f4a88a7c421c96d7eba31001b93ddae4fea862fda1

Download Submit
/data/user/0/com.kingroot.master/app_ttmp/t.jar
Filesize
104KB

MD5
3040c40b063f22c33d98489460100bc1

SHA1
0edf4f33579ecf1e641557442f9739bb78418064

SHA256
19b9bcd5925ba2b0fd7a4110d9c27ba93f85e36dfc29aa4f1167ee35f13d105f

SHA512
c8c5ab838d9b3e7e568500cbbe20f6111d07f454e5aa4b19fecd280511f899bc8fb8c3491afcc4dc6afb1263c99e5467cfb67db9312a4253d419a853e205213a

Download Submit
/data/user/0/com.kingroot.master/app_ttmp/t.jar
Filesize
250KB

MD5
15ae69a75d62bea24c6692b49eec1129

SHA1
0553cda03040782db315bb973dbbc0b4d12ccc43

SHA256
89d4a2b347eeb0c09379803f3df4e36a0d4be30dafc2974f7f0a8eeb25e812e8

SHA512
173b688fbe5ef107b4764361fa216fd0cfb3531d1d711dcde64bbc1116b28feacf77a951aa6d62dca6a4ec6d0becf5bae1a26e1ef816ca13c134747747bdae84

Download Submit
/data/user/0/com.kingroot.master/app_webview/.com.google.Chrome.DWlmuz
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.kingroot.master/app_webview/Default/Web Data
Filesize
120KB

MD5
a48cd9324b1f8754b07f00d863b840f3

SHA1
11c6614775b35a58f440971dfc87c8aaac6d6173

SHA256
8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420

SHA512
35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

Download Submit
/data/user/0/com.kingroot.master/app_webview/Default/Web Data-journal
Filesize
2KB

MD5
9e77361a70b5b86386af2fa0711065d3

SHA1
3b9f3cabf8d30f38d9e3c071963a3ce125a87bdc

SHA256
b3a6750edc8609d86e95dd7396c3b6d05127c0bceb8001a5f98539dfb09b5410

SHA512
cceb3a5218388de08b1c4039ab3703f822e26958f47d8d682f8425efe56e8bdac16093c128e31dd5110f7862cfef9fa7d943a7773780a256a084b87c3b6a2d5b

Download Submit
/data/user/0/com.kingroot.master/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.kingroot.master/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.kingroot.master/app_webview/webview_data.lock
Filesize
40B

MD5
0d679fd9a75dbac0686b8d6a20ae91ba

SHA1
bf0e777fac6b5d814bcec9c6a1f72e9ce407819a

SHA256
f0d9c06c016c156d16393862fa148287cb82cd1cbaec779c830790f3aef493f4

SHA512
ff148295418fa73a0dd4ced5841948ba829b124fda31725352a811a24136666b1c659f2c07b0a3f51eb439d6dfc7fff94803aa60d42905cc219c4f2a36ff28b4

Download Submit
/data/user/0/com.kingroot.master/cache/WebView/Crashpad/settings.dat
Filesize
40B

MD5
639c0f6177b07bc0bdc23434417d1494

SHA1
fbdbb2ac502aafef9b556de81839e5e428bb892b

SHA256
8ae02c72efdcfaa2337d9e2dddf43b77745408ae22dd43d28730658a2e26a8ba

SHA512
17949dd18827920b69f8575d65983b01341a1019375f5e782ce117acbafaed4804d69b221e0a4e65f4e7447f3ba99c6fd2acf6d19fe4221b92d26119e8010011

Download Submit
/data/user/0/com.kingroot.master/cache/WebView/Default/HTTP Cache/Code Cache/js/index
Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.kingroot.master/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index
Filesize
96B

MD5
918f5c9163e34d872b1ae5f66f8c7149

SHA1
5eed01c1cac51966fcc741dcafd1f7f1247ceacf

SHA256
c6e268a25ea37d77197dbd375341ee793c92e558b673a9c3564274f69cc9f6e9

SHA512
15f667a75d70e0b1bfe799e7ba512cd5bec2274c3552b5694fa464ca05db161396044ce4558f278a88dbdbbdc327982a3276adc345255e5aea456dbac79b04f3

Download Submit
/data/user/0/com.kingroot.master/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index
Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.kingroot.master/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index
Filesize
96B

MD5
918f5c9163e34d872b1ae5f66f8c7149

SHA1
5eed01c1cac51966fcc741dcafd1f7f1247ceacf

SHA256
c6e268a25ea37d77197dbd375341ee793c92e558b673a9c3564274f69cc9f6e9

SHA512
15f667a75d70e0b1bfe799e7ba512cd5bec2274c3552b5694fa464ca05db161396044ce4558f278a88dbdbbdc327982a3276adc345255e5aea456dbac79b04f3

Download Submit
/data/user/0/com.kingroot.master/cache/WebView/font_unique_name_table.pb
Filesize
57KB

MD5
f080fa2a56ab5479d58063e5ea871447

SHA1
4b3fd57a98916fa5784305b76ba30af26b5253d9

SHA256
0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815

SHA512
8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

Download Submit
/data/user/0/com.kingroot.master/databases/content.db
Filesize
303KB

MD5
ffb1c532e56eab317ecef4e0768a13c5

SHA1
cb8c1cf85ed07a35765e593cbf9bf6a2c58c9453

SHA256
de3a7a84ae471ace55a13aed71e16cda21bbc84879ca0b0b30d86241cf3acfc5

SHA512
951dad43f10a14ddaa16055870319a39b15584b150b3a9501154fadf62fe74880b7c450c665a515abf8f26441ca5a34d0a6704ad591a57428c68e40acfd5e39a

Download Submit
/data/user/0/com.kingroot.master/databases/sdkdb_data
Filesize
184KB

MD5
9793717d87c884f9872aafda24a4abc5

SHA1
40b678676080aab5bf1601a37bf1a39679c8e7c6

SHA256
db0e0a128cf45d4e01b72aeef34fb10ac6b27833882f478f198c25798bc70f55

SHA512
dc0d771df5774314d3094e2b95afa0c40e495f4227004996b233fe1f944dab16022ffc1f312c415cb81411ca1c9be06b9b7b907d761b65f6a0486f4ac0abb55b

Download Submit
/data/user/0/com.kingroot.master/databases/sdkdb_data-journal
Filesize
1KB

MD5
cb8420effda7cc4318c97e76e4a79e68

SHA1
8911643187974e31baaa6d4d77dfc6bffa95e7b0

SHA256
8eacc5d43a4a80e88382753fc4277b06e14513b68b89172f71c7f259830e5057

SHA512
438d9e1d8900c2d4a60800162dca267621747c04aca7a3bc8433dbfa1720753e227560924047c739fccda109064d00067359a0cebf42c2554ba982360dd86c01

Download Submit
/data/user/0/com.kingroot.master/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
97ccd9a2b2063143df56b6937f961ca4

SHA1
5e78a91ae5df289ce83443cb7d5589dd3504fb5d

SHA256
248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd

SHA512
86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

Download Submit
/data/user/0/com.kingroot.master/shared_prefs/com.kingroot.master_preferences.xml
Filesize
102B

MD5
9af6bcb4adb779dcfbfce6b7d5f01a27

SHA1
b1e2aa5e8ce6932ef476b21d2dea55342c8b140e

SHA256
a4818e00394d2669170436df0e93990f081d1daa471283e84aa1d8731b3b59c4

SHA512
f28f7779e5accbec7ed974b48f4b7c5b8883962c207696d9f1d5166475c1bcc8d2e3afe1114042672f87d4538f240339b18f11607a1764bcc879fcd74428ec83

Download Submit
/data/user/0/com.kingroot.master/shared_prefs/com.kingroot.master_preferences.xml
Filesize
146B

MD5
e5f4ffd677f2720637a608c726e8275a

SHA1
48b677a2306fc455b02c6d025253947fd3a52902

SHA256
770b88248cccbd51f8c7604620b3f958477a5ac6da6ddbe79733ea8e22237b4d

SHA512
7949d20060aee5681e911a83d66a2be7dae62c5f2fdd9fc4d4700ff73d6d9d4633cc0b929f26714bea4c54280f9fd5954bfcfd8dc2037801a038aaf72c24c43a

Download Submit