6f0ee30cd2305542130c98933c7ce2b37f5d3ceec1fa91d4d21f1ff54168692a

Analysis

max time kernel
3096041s
max time network
163s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
26-11-2022 18:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f0ee30cd2305542130c98933c7ce2b37f5d3ceec1fa91d4d21f1ff54168692a.apk
Size

1.3MB
MD5

0f19cd277d0ed86b025dc0e3abcfdaba
SHA1

9090f8094990816d0cc9557dee49ce57ee369ae1
SHA256

6f0ee30cd2305542130c98933c7ce2b37f5d3ceec1fa91d4d21f1ff54168692a
SHA512

3ffbf3e2d4bd1632fd81c28980bdd36b47b31c090de0614cb62ae89226d3c121f5050aee4caf988e4f3c810b46bbdeb7e21a02643cb4d2714b24e41ab7d0b4bb
SSDEEP

24576:TdxKhrrKE16K9QysaPTTZKvtyCdgTXSr9MSP38BCB7KnjamYi+O8:TWJXtsaP66DSBMvCBGnKi+j

Score

8^/10

infostealer ransomware

Malware Config

Signatures

Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.

Processes:

com.iapp.mmapp.x

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.iapp.mmapp.x
Reads the content of SMS inbox messages. 1 IoCs
infostealer

Processes:

com.iapp.mmapp.x

description ioc process

URI accessed for read content://sms/inbox com.iapp.mmapp.x
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.iapp.mmapp.x

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.iapp.mmapp.x

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.iapp.mmapp.x

description	ioc	process
URI accessed for read	content://sms/inbox	com.iapp.mmapp.x

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.iapp.mmapp.x

com.iapp.mmapp.x
1⤵
- Requests cell location
- Reads the content of SMS inbox messages.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4402

/system/bin/sh
2⤵
PID:4697

ls -l /product/bin/su
3⤵
PID:4715

ls -l /apex/com.android.runtime/bin/su
3⤵
PID:4733

ls -l /apex/com.android.art/bin/su
3⤵
PID:4751

ls -l /system_ext/bin/su
3⤵
PID:4770

ls -l /system/bin/su
3⤵
PID:4788

ls -l /system/xbin/su
3⤵
PID:4810

ls -l /odm/bin/su
3⤵
PID:4828

ls -l /vendor/bin/su
3⤵
PID:4846

ls -l /vendor/xbin/su
3⤵
PID:4864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.iapp.mmapp.x/databases/DD.db
Filesize
96KB

MD5
cb766f12b7e454f99d76f66164df482d

SHA1
d6967f55cf8871911770d91219cacb653f376d61

SHA256
9482eb871e52958d9dae66f33865291d6008a8085c1bbdb57255b7a0ee30a94b

SHA512
ef160edb7f35433e84da8203f81887e53feed46c574bd73600dff426b5dd968d89781057cd3a8daefb24b3d6f2eedc242eb2b920a7cf9c4faef16e0e11c962bb

Download Submit
/data/user/0/com.iapp.mmapp.x/databases/DD.db-journal
Filesize
1KB

MD5
fd92b5e174f7bd4bbea55b8e1839bd38

SHA1
8c1b554fb85fbf92f63bb3cc12dc54969743e444

SHA256
8c6b74ee502366fe98ba5145239c829c32d1a45b376a0c086f931ebc676c0665

SHA512
9e8c2c197a718565d5ca9bfa15c77209fd2c8703bdbeace8465a1dcaac70275ed1b3862dc0c6204d7332b7b87f473312a78a97f9eda50fdaa096ccbd4d8cb706

Download Submit
/data/user/0/com.iapp.mmapp.x/databases/mydata
Filesize
176KB

MD5
c2a15cc4b5f00470438ac967488c40a9

SHA1
2c8533329ad6a5c01a06421e493ab0be59a484bc

SHA256
2ded9b6cd6698584fa9533c9810f76f9fa049be167c21a46ca89ca7054a1d4b6

SHA512
bc428e491af8655925968c3f859fab8ccf0a881e0aab06c5462a48e5bdef3a9de3e268bcc1b8258385cda97807ef2e87109a76fa7493d104acbe15ed30ef451c

Download Submit
/data/user/0/com.iapp.mmapp.x/databases/mydata-journal
Filesize
1KB

MD5
f8bbbd7ee05065ef64acc793ac4102bf

SHA1
0a5ec511f1fcbd48f36f39cea88480d163da4413

SHA256
dc04f04cfee5c13f825be3062181039d808a5d58f960d61232b8bda56722287b

SHA512
7de0a485351ff78d355c951f78759e21eb837df8b8e4047634368d3c49aeaa192481d591a8669a365643c7d35dda04a39ad45bef2ffd62cb881dc24d0d0a57ef

Download Submit
/data/user/0/com.iapp.mmapp.x/databases/qy_db_pay
Filesize
144KB

MD5
6f798bef6f176f1f411a50c510204f70

SHA1
798c7c2b3aa45633aa440d3bfc0b97b780007645

SHA256
108caf47d232f9b8183038d11eccb940d12c03b55ce3e06bda4dcf0e3fd5d125

SHA512
ab35acb037acbbd177595dd867c79c414c2f190f5b94bb3213e5e130fed84be0994079da9de0a803c222c06a77141e9ad5085a47e6611811c00a410f0fdcf910

Download Submit
/data/user/0/com.iapp.mmapp.x/databases/qy_db_pay-journal
Filesize
1KB

MD5
6a4344eca670e2f27b06f537fe2389b3

SHA1
658ff6f90c881bba4eca85966b567289b86cffe6

SHA256
89cd03c72f82251525a1b401aff114cb881bbccacc1decf05628dfc76d7241fc

SHA512
c6bfde4329b0fa037bea10bbc74d6f1d5b226ec1a47b95a251f9654ff3fbab2f47c86f0d7adea19bc2609b6e391d2f8cdb7833b2502728d3bd8a26daa0e9d256

Download Submit
/data/user/0/com.iapp.mmapp.x/files/mobclick_agent_cached_com.iapp.mmapp.x
Filesize
123B

MD5
561285fe31d06cce0a98a56314db0063

SHA1
09b2111fd7ffd0485f1960ac3afca23b49382bb0

SHA256
46e693b6892920bfc33731512ebf607d3542b74034cb1bcfa42240276a576211

SHA512
e52bc1fb94942e38bb31f9d91a57e91bddc9bcaaf268731109a1708022d0356df5ae64a115584a45f7f88745c6b863c869acdf64352ee25357ea354d790f95ea

Download Submit
/storage/emulated/0/com.iapp.mmapp.x.start.times/com.iapp.mmapp.x
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads