ae445b298ee5d7fb0b7e35bf3819ce3a7766fce6639fe0422b7caef87e0a7346

Analysis

max time kernel
3093626s
max time network
146s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
26-11-2022 18:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae445b298ee5d7fb0b7e35bf3819ce3a7766fce6639fe0422b7caef87e0a7346.apk
Size

929KB
MD5

651fe7d5aabaaaf6eff9bb38a386df30
SHA1

82f4e03809f74eae48536a631f8283d77de2d558
SHA256

ae445b298ee5d7fb0b7e35bf3819ce3a7766fce6639fe0422b7caef87e0a7346
SHA512

1026d3ec68a7d0949d83b4dd6d9ee78ae9559a18bc5502966faa19f4f075fbb177857e560858dead8c59c1cd8b580f297cf7cd0bfe42fcdce9a83911fc47b59b
SSDEEP

24576:uJuJA6A9Pycp0Hb9GIVfBP1wjMs9KXatI3K0:BJKj4bdVfV1EM2KSk

Score

7^/10

ransomware

Malware Config

Signatures

Acquires the wake lock. 1 IoCs

Processes:

com.rwrt.trwfg

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.rwrt.trwfg
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.rwrt.trwfg

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.rwrt.trwfg

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.rwrt.trwfg

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.rwrt.trwfg

com.rwrt.trwfg
1⤵
- Acquires the wake lock.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4041

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.rwrt.trwfg/databases/DD.db
Filesize
24KB

MD5
b6e72c0aa36915aee5125aee6571ea57

SHA1
d67e6fa8999d98ad4b24ab4396226cb09889d0f2

SHA256
1e5595568d67754cc2be6dcc26146eba61250b62e637d377e6507ffa97fdd378

SHA512
06cb0872439e0773d0bc1ccb0bb54642f24fbcc0d01865c9e425394ed1a398b24a6d836f5c197d03220dff55b61844e3a95d0345f64114ece427379975c53f3f

Download Submit
/data/user/0/com.rwrt.trwfg/databases/DD.db-journal
Filesize
524B

MD5
631afdabeb94111fbdce8c5a237fc2ed

SHA1
6eaed11d0cae8f298b37a37418a9dbb37754405d

SHA256
1b6c61154d992a120f95a5a92cdfeb0f58b4d010682c6a8654b021c872ad4725

SHA512
5be608bcfc78e29554428e198c07d7184762c25c6db3611c09cac335bbb9594c88eac47b9c73044c588806ee91a199c582b4518ad0108de34c19bad0853fd92d

Download Submit
/data/user/0/com.rwrt.trwfg/databases/DD.db-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.rwrt.trwfg/databases/DD.db-wal
Filesize
40KB

MD5
1be68d30fecc3d452b04c610cb3d8a60

SHA1
49548382d4a1af473666e414fcbabec1de7aeaf5

SHA256
03b10abdaab8b267c8a3b689235c61979b6d48aea0f9203a89acbfcad9932921

SHA512
91cefc6e6a438b9ad55da49372084b223f3a786f37c383096f7b581b826693b7860d9b7d4616742988c895e7187e66fea5dc0d53fb6cd0c437be5d3112e89479

Download Submit
/data/user/0/com.rwrt.trwfg/databases/flyou
Filesize
20KB

MD5
319da30c3ea15d66f322f38e1f1b1f7f

SHA1
8424cadc6f67ae141efd14037868f09f565087de

SHA256
9fb707f4a62ba29258c7e91e666c3eb5d8bbd85f99cbecaa0ea4c4e2d1f83a58

SHA512
f09046b05aaa51eeb2fce94b5603a5f1641c950160a7fd98bdab784ac765501b512a3eb890021c754edfb26fa58279dfdb0d7024b398e44b23b5ce7fca707822

Download Submit
/data/user/0/com.rwrt.trwfg/databases/flyou-journal
Filesize
524B

MD5
99f4f6c23e315996173f4fdcfd052f50

SHA1
488ade12832a1e92ddad145018f8123ea543414e

SHA256
ae23648a9c47fb953d7a79073646a2a4f90be31114a864757806206e9dd1515e

SHA512
a47542ba8a20c79f71571a003f33b5e092ccd17a0bec7d4cd3130cfef46758531a4fd26f813d3e999c03c01abcabfae493fb35b886a3ed772e0a90de239dab8a

Download Submit
/data/user/0/com.rwrt.trwfg/databases/flyou-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.rwrt.trwfg/databases/flyou-wal
Filesize
28KB

MD5
efffcafb13c2e60593a229180144a1d7

SHA1
9fa413670aaf6ff99a7738812547d639cd0af3a8

SHA256
bdc4fbbee4b937f9f9a6df3ee6b8e954e7169fe64f97ba01d1cda2b89338d83f

SHA512
41709597d64158ff1a1f5be50b8edb05c15a9d37b7d0bbee35562ae420be71ebdd8cef9025336790f921e78af53905c47ad0543678aff838f3a23ea7beca0131

Download Submit
/data/user/0/com.rwrt.trwfg/files/.imprint
Filesize
915B

MD5
0491447ab363c6a46908d477dcd7016d

SHA1
e9aa29cc4e44c98b7ca974dc4bbb1d01ccf705b8

SHA256
f3bc850ec5505c84249db59c49ab37991d67b8bdd2c0cab14a0ec69deb487262

SHA512
1d0f8240e2816a8258b989eaa1974dc1b440ea3b96703435f9ad2ff3a24ccdf8d202d0f540cff08d971704dc94e4e6509c598b57b821016cfc79e95a8a5c686c

Download Submit
/data/user/0/com.rwrt.trwfg/files/umeng_it.cache
Filesize
310B

MD5
d0a1cebb6b1d8fccaed23c5f88a9d429

SHA1
f90ba5b069ce14c25ca288ee37d94ada6d779859

SHA256
13fad11ea6b9f37ced8d16255492fd4637663d2d2422ac331e2f8ad8ac24fba0

SHA512
461433f96a17b22cfde966eea985018081e5ee1371a973e47bb6c2161e1ff340dc5d695e9707301df4b56fe7c4005dd2c00475b5b97c0bcdc257d66208f42510

Download Submit
/data/user/0/com.rwrt.trwfg/files/uu_data/8SGi2j11Xi44bWqDzCUmxw==
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.rwrt.trwfg/files/uu_data/IUzhXZvxBeEWBpe7_sDyGw==
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.rwrt.trwfg/files/uu_data/TfwdHX6qHv0AkshSW_kmmg==/abeeVY-sxrT_5Jvt/WTB5FH1FFA9bBxYF.zip
Filesize
314KB

MD5
a3a867d4fe62b8386111dc17f94d5e6b

SHA1
deed2cccd55953d19e64eff436cd801c8f9250b7

SHA256
9faff43a69374f41f2b8700dad45e735b946415ab56083f52648adb214405146

SHA512
9c123cb361b9df51e9e6f20fb3cc742bae1e8bcade36d4dda6fa7e3eebebf24b71928e680cbb9f1f8eab75234e024378f2dc6ea2875f13d4940c961fd413317c

Download Submit
/data/user/0/com.rwrt.trwfg/files/uu_data/TfwdHX6qHv0AkshSW_kmmg==/abeeVY-sxrT_5Jvt/WTB5FH1FFA9bBxYF.zip.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.rwrt.trwfg/files/uu_data/TfwdHX6qHv0AkshSW_kmmg==/abeeVY-sxrT_5Jvt/oat/x86/WTB5FH1FFA9bBxYF.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.rwrt.trwfg/files/uu_data/TfwdHX6qHv0AkshSW_kmmg==/abeeVY-sxrT_5Jvt/oat/x86/WTB5FH1FFA9bBxYF.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.rwrt.trwfg/files/uu_data/V3Ro3erFjOIwZKru947bPA==/data.dat.tmp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.rwrt.trwfg/files/uu_data/o_S6HoFxxEqDcmoce0N1vQ==/IvGAmCpxv64bLBwKxzNOZg==
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.rwrt.trwfg/files/uu_data/o_S6HoFxxEqDcmoce0N1vQ==/KIAuQU2EWH0=.zip
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.rwrt.trwfg/files/uu_data/o_S6HoFxxEqDcmoce0N1vQ==/fMwBszcpKUCQ_gjZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.rwrt.trwfg/shared_prefs/MvSdkJar.xml
Filesize
129B

MD5
3bbe244c9800da080a4e7c6a06d51b65

SHA1
c2e37aa19cc54a01f050187ea7159790016a0563

SHA256
2912338ccb9c33041eb7add94d85526155400be8e9052de4f9519d0ef90be4e3

SHA512
c88e533f9d9a92fc5e2acdfdf317c7a239fb7ebca11415089f625a265322b5eef6bc2503a9b0946622195f7bc89cfad6723b6221ae2002c8dfe0f74fa2782971

Download Submit
/data/user/0/com.rwrt.trwfg/shared_prefs/MvSdkJar.xml
Filesize
185B

MD5
d3d506625352883293147e77d10d11da

SHA1
2b50dd8e8c22fa414e111b413a7b1b0399ba2f21

SHA256
7a160b3dab1ba12a92d51a770a6917dfee4f58b88b4305930aaab94d342d4a42

SHA512
c51e272ffd689586d7a5662cb6b04496162d97cd7002c0f82e07a2c9ac0e6beec529fb93d3e2fc9446eb894ce04e9396ccb87c9f55e28bea38dcd6a62b5405cb

Download Submit
/data/user/0/com.rwrt.trwfg/shared_prefs/MvSdkJar.xml
Filesize
230B

MD5
2f17e606b09b7dda2e1f786ff23ef18f

SHA1
1df578d392c957dac68c6953f6b55eb851778876

SHA256
d9b86313d1d6b3def3753b9428b27c2456707a93bc74c9895ce570d4ac186b85

SHA512
679887c5596ad84a4e5035a9c183dedafa8a359d1c8de6b8b523dd138c1933992e1135da1e3242b25e3b741689cee601933312272f9e406dc440655d02e9be5f

Download Submit
/data/user/0/com.rwrt.trwfg/shared_prefs/SMS_Listen_Manager.xml
Filesize
147B

MD5
2f86b4cfe90767fd884bbd3a4f606780

SHA1
7332ca6caf7240dc91f88453bf97167695877c9c

SHA256
bce4d9f7024a0882cc167f5229b81d1331efc31dbd771860008d31abf4d7355a

SHA512
793a58d20a26546a7514081e0e040c2020ed099d09ddd5be08fec1253bb1ce23e09aaff1abde4ec5cc25dd5c960bf46ce53d14eacf2584cae58027345251ad22

Download Submit
/data/user/0/com.rwrt.trwfg/shared_prefs/SMS_Listen_Manager.xml
Filesize
178B

MD5
7c9ce46a2c3b2866ef0e269c3df8a3cb

SHA1
18f1a7ef4f39602f0796291f6a3fe3f07a4d54de

SHA256
3006875a45cb5bdcd8b0b46318fc2d174cd163627ef0cf9997c6b7aff8cb1a4a

SHA512
f3336cbfd22fcd45cdf139d87dcfb5e65e24bc783c54aa42342c1fb2695e382f22e5b5096560f20860e0ab7d02f2bdb982b7b2f7c282fc7f2e25a34d32c2213e

Download Submit
/storage/emulated/0/Android/data/com.rwrt.trwfg/cache/imgbackup/journal.tmp
Filesize
44B

MD5
9d6d58e6136e80d95b7076ef196d40ff

SHA1
8cbe6a846d4468bab26eaf21308fecc0c648b217

SHA256
2d116812987bc0817133f5d03f00065f87f613c2d45b00f799f477741e50631e

SHA512
2455c75cd8ddd258d95a9dc855054d2b5912733c94c9108726e52856a81c2736f89217e6df2a0a540bf368cb737f7f80952b9f91e18c34450a859f94d0ba13c5

Download Submit
/storage/emulated/0/com.rwrt.trwfg.start.times/com.rwrt.trwfg
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads