5cdef2ec7e8495d8ab9532c17e3488ed5f9620173bc87d2e7d9908f2f0d5e715

Analysis

max time kernel
3096164s
max time network
147s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
26-11-2022 18:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5cdef2ec7e8495d8ab9532c17e3488ed5f9620173bc87d2e7d9908f2f0d5e715.apk
Size

1.4MB
MD5

d2113159c467b88e5027a0ae39396e75
SHA1

5e06dc53386e3040212df6d8529e3a08b310aae0
SHA256

5cdef2ec7e8495d8ab9532c17e3488ed5f9620173bc87d2e7d9908f2f0d5e715
SHA512

9cddcb036dc7b26b9097bfdcdca0b0d23344974785d37d1efd69d50f0d1a239716ea9b8bf322b3e25ff3269ca1b1bcf3239722306434171ad7db3d5badb13d9f
SSDEEP

24576:udxKhrrK6zzShet+ayxTYo/KMyy8d7TXDbPRrC61fP2+9qj9aQgN5BdJLIy:uWJC0+ayWR5DDbPJ399qIrdJky

Score

8^/10

infostealer ransomware

Malware Config

Signatures

Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.

Processes:

com.iapp.mmapp.x

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.iapp.mmapp.x
Reads the content of SMS inbox messages. 1 IoCs
infostealer

Processes:

com.iapp.mmapp.x

description ioc process

URI accessed for read content://sms/inbox com.iapp.mmapp.x
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.iapp.mmapp.x

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.iapp.mmapp.x

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.iapp.mmapp.x

description	ioc	process
URI accessed for read	content://sms/inbox	com.iapp.mmapp.x

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.iapp.mmapp.x

com.iapp.mmapp.x
1⤵
- Requests cell location
- Reads the content of SMS inbox messages.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4583
- /system/bin/sh
  2⤵
  PID:4630
- - ls -l /product/bin/su
    3⤵
    PID:4666
- - ls -l /apex/com.android.runtime/bin/su
    3⤵
    PID:4694
- - ls -l /apex/com.android.art/bin/su
    3⤵
    PID:4713
- - ls -l /system_ext/bin/su
    3⤵
    PID:4731
- - ls -l /system/bin/su
    3⤵
    PID:4750
- - ls -l /system/xbin/su
    3⤵
    PID:4770
- - ls -l /odm/bin/su
    3⤵
    PID:4789
- - ls -l /vendor/bin/su
    3⤵
    PID:4811
- - ls -l /vendor/xbin/su
    3⤵
    PID:4831
- /system/bin/sh
  2⤵
  PID:5052
- - ls -l /product/bin/su
    3⤵
    PID:5070
- - ls -l /apex/com.android.runtime/bin/su
    3⤵
    PID:5088
- - ls -l /apex/com.android.art/bin/su
    3⤵
    PID:5106
- - ls -l /system_ext/bin/su
    3⤵
    PID:5124
- - ls -l /system/bin/su
    3⤵
    PID:5144
- - ls -l /system/xbin/su
    3⤵
    PID:5162
- - ls -l /odm/bin/su
    3⤵
    PID:5180
- - ls -l /vendor/bin/su
    3⤵
    PID:5198
- - ls -l /vendor/xbin/su
    3⤵
    PID:5216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.iapp.mmapp.x/databases/DD.db

Filesize
96KB

MD5
cb766f12b7e454f99d76f66164df482d

SHA1
d6967f55cf8871911770d91219cacb653f376d61

SHA256
9482eb871e52958d9dae66f33865291d6008a8085c1bbdb57255b7a0ee30a94b

SHA512
ef160edb7f35433e84da8203f81887e53feed46c574bd73600dff426b5dd968d89781057cd3a8daefb24b3d6f2eedc242eb2b920a7cf9c4faef16e0e11c962bb

Download Submit
/data/user/0/com.iapp.mmapp.x/databases/DD.db-journal

Filesize
1KB

MD5
beebcc96a350a56e0ae5562a8ceee84b

SHA1
c8d3d9d70764904413f1453d39fd4f1f09ee3d2d

SHA256
ce80c8cb312ffd81170943bc882fbbaf9fa8c4c5857b929c1f9a6738cc97e5f9

SHA512
b36fae3b1534937caa4e436db97c4187ec1fedfd05b0ca7e42bf8d462ac9599cd44d0263614abdc7f045a0d12db72ece50780c1f9aa49ddae74deb5e6dc5063b

Download Submit
/data/user/0/com.iapp.mmapp.x/databases/mydata

Filesize
176KB

MD5
c2a15cc4b5f00470438ac967488c40a9

SHA1
2c8533329ad6a5c01a06421e493ab0be59a484bc

SHA256
2ded9b6cd6698584fa9533c9810f76f9fa049be167c21a46ca89ca7054a1d4b6

SHA512
bc428e491af8655925968c3f859fab8ccf0a881e0aab06c5462a48e5bdef3a9de3e268bcc1b8258385cda97807ef2e87109a76fa7493d104acbe15ed30ef451c

Download Submit
/data/user/0/com.iapp.mmapp.x/databases/mydata-journal

Filesize
1KB

MD5
146d0e9325a05a235f91c9ac2e4e898e

SHA1
9009bf2231bfac3251c3519e64f59a6f5009c234

SHA256
fef7e3ac3756313493786b28d964584aa654e6b86aaba92b2d90d65a69b94663

SHA512
f11bcae2ca3eae4124bb13262d6312e2c3836593c5f26a92aa58b80fa4dbfe98a554d7f463b1bd5fbeb6698a2ae97573fc81f47de036dfc0deccc005e59ab3ed

Download Submit
/data/user/0/com.iapp.mmapp.x/databases/qy_db_pay

Filesize
168KB

MD5
3dbdd71b7184aa9bbd05197adc2b3bd1

SHA1
fa92cd705a58ac57a67143258515b7160b7cbf49

SHA256
cc7d843512eac0ebc8a2016e766073ec5f9d87e32b09b7bb532c2cd8ce27fd96

SHA512
0dfc9931154f29cea28c5070cc4c0d3df2d6b4518f79988711d127d672b4fab654fe4a798ce53a18a8efef8813b98203150d963b005b2965f111c73e97427aa2

Download Submit
/data/user/0/com.iapp.mmapp.x/databases/qy_db_pay-journal

Filesize
1KB

MD5
ff3303c2184302c05ca75d8840830f06

SHA1
554cee4d5ba6ccb12091a6ad3062552e77f2fdf3

SHA256
3423fe4feb6bdfcad0bfb009e25c1570883f4ba68279059f638248e56ec71c62

SHA512
75205b674ee789c9387330235d4baafccc3a5f245d19e7aaf71b8a04c10878b9912efa28f2644d64163698134422913e24857f5af5a5e53fa0aaa0bf812d9041

Download Submit
/storage/emulated/0/com.iapp.mmapp.x.start.times/com.iapp.mmapp.x

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads