5cdef2ec7e8495d8ab9532c17e3488ed5f9620173bc87d2e7d9908f2f0d5e715

Analysis

max time kernel
3092541s
max time network
132s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
26-11-2022 18:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5cdef2ec7e8495d8ab9532c17e3488ed5f9620173bc87d2e7d9908f2f0d5e715.apk
Size

1.4MB
MD5

d2113159c467b88e5027a0ae39396e75
SHA1

5e06dc53386e3040212df6d8529e3a08b310aae0
SHA256

5cdef2ec7e8495d8ab9532c17e3488ed5f9620173bc87d2e7d9908f2f0d5e715
SHA512

9cddcb036dc7b26b9097bfdcdca0b0d23344974785d37d1efd69d50f0d1a239716ea9b8bf322b3e25ff3269ca1b1bcf3239722306434171ad7db3d5badb13d9f
SSDEEP

24576:udxKhrrK6zzShet+ayxTYo/KMyy8d7TXDbPRrC61fP2+9qj9aQgN5BdJLIy:uWJC0+ayWR5DDbPJ399qIrdJky

Score

8^/10

infostealer ransomware

Malware Config

Signatures

Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.

Processes:

com.iapp.mmapp.x

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.iapp.mmapp.x
Reads the content of SMS inbox messages. 1 IoCs
infostealer

Processes:

com.iapp.mmapp.x

description ioc process

URI accessed for read content://sms/inbox com.iapp.mmapp.x
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.iapp.mmapp.x

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.iapp.mmapp.x

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.iapp.mmapp.x

description	ioc	process
URI accessed for read	content://sms/inbox	com.iapp.mmapp.x

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.iapp.mmapp.x

com.iapp.mmapp.x
1⤵
- Requests cell location
- Reads the content of SMS inbox messages.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4029

/system/bin/sh
2⤵
PID:4117

ls -l /sbin/su
3⤵
PID:4170

ls -l /system/sbin/su
3⤵
PID:4263

ls -l /system/bin/su
3⤵
PID:4342

ls -l /system/xbin/su
3⤵
PID:4388

ls -l /odm/bin/su
3⤵
PID:4426

ls -l /vendor/bin/su
3⤵
PID:4463

ls -l /vendor/xbin/su
3⤵
PID:4501

/system/bin/sh
2⤵
PID:4191

ls -l /sbin/su
3⤵
PID:4278

ls -l /system/sbin/su
3⤵
PID:4321

ls -l /system/bin/su
3⤵
PID:4363

ls -l /system/xbin/su
3⤵
PID:4406

ls -l /odm/bin/su
3⤵
PID:4438

ls -l /vendor/bin/su
3⤵
PID:4476

ls -l /vendor/xbin/su
3⤵
PID:4509

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.iapp.mmapp.x/databases/DD.db
Filesize
24KB

MD5
b6e72c0aa36915aee5125aee6571ea57

SHA1
d67e6fa8999d98ad4b24ab4396226cb09889d0f2

SHA256
1e5595568d67754cc2be6dcc26146eba61250b62e637d377e6507ffa97fdd378

SHA512
06cb0872439e0773d0bc1ccb0bb54642f24fbcc0d01865c9e425394ed1a398b24a6d836f5c197d03220dff55b61844e3a95d0345f64114ece427379975c53f3f

Download Submit
/data/user/0/com.iapp.mmapp.x/databases/DD.db-journal
Filesize
524B

MD5
123a84d04d5bce97eba7fcd7ae570e6c

SHA1
d443166e9c07a9be92b46955808f267ba2268d54

SHA256
3b90913ce32fc48b56c153815f19858a746fbec88eaa338b084eb582a4efdd87

SHA512
34cc5d5b4badda0eaba820ccca7089fb0478b631de23126169ffe3a5839f923c1728f23609f51e960ded830f4bf8c73f857faf785a464e653e74964f013e9b3a

Download Submit
/data/user/0/com.iapp.mmapp.x/databases/DD.db-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.iapp.mmapp.x/databases/DD.db-wal
Filesize
40KB

MD5
81fbbef682c26ceb180422efa4841d14

SHA1
b8ba1915b88ccb91c020fadb855e24cc9667c04f

SHA256
18298095f3ab76b4e802b7ac2a31be1ea32a4b041408b721c6b296223737f1c5

SHA512
1882d1deae3d6bd5ae646c95fbaabdee8b3f74bebabffa0c8576bc991be479a5a53ca670e7922768bbd2d8c6849651bd083efa876a4bd870b0e0ebdfedaff2fb

Download Submit
/data/user/0/com.iapp.mmapp.x/databases/mydata
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.iapp.mmapp.x/databases/mydata-journal
Filesize
524B

MD5
fe21d910ec6f8b254c758902367bdc2a

SHA1
4fe87ef350ab7adfbb16b0c57d2f16ac10763646

SHA256
ce36058c0e80bbf329caca3e5f97b7414c46b6f5cd0ca081e229510f5094cdca

SHA512
1f00f74d4d8d64397b0a0fc9824cd9b9dc128964572272aebac80df2d2aadb8ff70b73e47e15127cb686afeee0562843051e8b9a144ca94a6fd29b2f7fe6da7e

Download Submit
/data/user/0/com.iapp.mmapp.x/databases/mydata-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.iapp.mmapp.x/databases/mydata-wal
Filesize
68KB

MD5
765c42ef1b4f59717779dfcd453b936d

SHA1
b7ab12fde8b4b2eb09f6d37385d50d276c9bdee1

SHA256
d432d1e93ebe4fbbfd1214511228f7256ec1c5546d8c5e7ce76b50c55d42eadc

SHA512
826f17156cca69ab06fbfdc28d88aa1d8cad6a0e7d4419fedfc69638a7134caf5e598430b713f275c9975161007021f92609086ef126de9d423f0c3066fbc1e3

Download Submit
/data/user/0/com.iapp.mmapp.x/databases/qy_db_pay
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.iapp.mmapp.x/databases/qy_db_pay-journal
Filesize
524B

MD5
dd88b98a90d97eaf0d0d25b3280d5254

SHA1
9f7eae726a2fba4d41de943bbee6457231e15307

SHA256
63e9c9453d8b86832770ab606ac7d7ae60a066bce666c79b1989c699dbf100d8

SHA512
e04f9cb69b18d03e83b857764dfc1bc1bfb231d9dfab11372c1764976fe999dd7ba208c9f3f50a4efee28c3c81c4f0cbb1bcc2586d744ce6e69c5105b5311371

Download Submit
/data/user/0/com.iapp.mmapp.x/databases/qy_db_pay-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.iapp.mmapp.x/databases/qy_db_pay-wal
Filesize
64KB

MD5
153f9283dea057ee1222c02698bc2410

SHA1
908f5ae059a6aaed17c49e6ee1665e90acc45304

SHA256
960e7eba36823944619d7b4c149816b95186a66e85d372594afd55ab1f191cae

SHA512
2550276932d6b75a6fed7e8d2b9c9faec64c1a06c2cad2cd47f0fa0bfabe0c9c3027ebf706e8c919dd2d6163d114b81efa7832c81bd387fdeb784b5b88e479a5

Download Submit
/storage/emulated/0/com.iapp.mmapp.x.start.times/com.iapp.mmapp.x
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads