7704259605a615167de264b9e6664db098c098b2d4d69caeda53cc1c635e8468

Analysis

max time kernel
3096071s
max time network
155s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
26-11-2022 19:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7704259605a615167de264b9e6664db098c098b2d4d69caeda53cc1c635e8468.apk
Size

1.7MB
MD5

640960039dc458b222603a8a0b8d01ee
SHA1

ca4a4f3e16e0886f84e30d1037dd8a666bd52fd5
SHA256

7704259605a615167de264b9e6664db098c098b2d4d69caeda53cc1c635e8468
SHA512

721ca0c35760a48dd2f72ab9c448e1392d69fbdcfb8b1024e4ec8091e156ff34a385ed79e911471a38ef38cbed7d15b088eeedd669414dec15bb71ce38d0e0d3
SSDEEP

24576:e0MDR0MdF1QYBWdE+iTr3194cLEjzPRVKUZC5ZvCdfVTX0p0uobZZz+FE01NoSJJ:W0MdVJgCmzPtCzadfVDJuobZZS7oS1

Score

8^/10

evasion ransomware

Malware Config

Signatures

Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.

Processes:

com.fry.lky.dsf

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.fry.lky.dsf
Acquires the wake lock. 1 IoCs

Processes:

com.fry.lky.dsf

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.fry.lky.dsf

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.fry.lky.dsf

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.fry.lky.dsf

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/data/com.fry.lky.dsf/syssetting.config.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/data/com.fry.lky.dsf/oat/x86/syssetting.config.odex --compiler-filter=quicken --class-loader-context=&com.fry.lky.dsf

ioc	pid	process
/data/data/com.fry.lky.dsf/syssetting.config.jar	4075	/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/data/com.fry.lky.dsf/syssetting.config.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/data/com.fry.lky.dsf/oat/x86/syssetting.config.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.fry.lky.dsf/syssetting.config.jar	3968	com.fry.lky.dsf

Reads information about phone network operator.
Removes a system notification. 1 IoCs
evasion

Processes:

com.fry.lky.dsf

description ioc process

Framework service call android.app.INotificationManager.cancelNotificationWithTag com.fry.lky.dsf
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.fry.lky.dsf

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.fry.lky.dsf

description	ioc	process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.fry.lky.dsf

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.fry.lky.dsf

com.fry.lky.dsf
1⤵
- Requests cell location
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
PID:3968

/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/data/com.fry.lky.dsf/syssetting.config.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/data/com.fry.lky.dsf/oat/x86/syssetting.config.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4075

/system/bin/sh
2⤵
PID:4289

ls -l /sbin/su
3⤵
PID:4436

ls -l /system/sbin/su
3⤵
PID:4599

ls -l /system/bin/su
3⤵
PID:4678

ls -l /system/xbin/su
3⤵
PID:4746

ls -l /odm/bin/su
3⤵
PID:4787

ls -l /vendor/bin/su
3⤵
PID:4808

ls -l /vendor/xbin/su
3⤵
PID:4827

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fry.lky.dsf/oat/x86/syssetting.config.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.fry.lky.dsf/oat/x86/syssetting.config.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.fry.lky.dsf/syssetting.config
Filesize
412KB

MD5
5f0f04bca1cbe4446c1c6e28197f9800

SHA1
707349c1f27ee4658a2d99c4f6328c9c4c7ebece

SHA256
204c21b5cec5748796f0b0a76a847d143cf83494528eb3734ac817342e4cb2aa

SHA512
aa763174bbe65c10aa65d44f1d50341471576e762558f51e0ff41178f20ce88c9e6b8bba7cce8cd882c9b97f7f1e1e0d5eb276161448b22704e3ef9d0c21c225

Download Submit
/data/data/com.fry.lky.dsf/syssetting.config.jar
Filesize
412KB

MD5
b1ff84fb850cb526446d2f532848e4ad

SHA1
906b935257ea639048bb24639e97feb6f5793149

SHA256
fbed6cd15c11b1077669966dd958fb6ac34294dabde84f7703587c2add431a82

SHA512
e653167daf81482469c186deae3470c1857c49c09affa195dd4b088085fc1d5e8d132ea866b4571236d73b5880012d64320b04d6ad01386ed8909b91af30fe6d

Download Submit
/data/data/com.fry.lky.dsf/syssetting.config.jar
Filesize
1009KB

MD5
df31ac88c8431a264f13dbeda12d9023

SHA1
917a1244496d2fc2da046fff2a1084b790f4736b

SHA256
0b903053a01a397530f478cf1fcb097f41d135a18d0c51b6a48be655b1c647ea

SHA512
ec9a9f02135dfefb572f9b161bca768d3470691bfbafb4b07ad6ab7dc03195f6cc85838bb130e9032ec5978a5be56bf182177bf9e4a5d87d5324f73c61f28c96

Download Submit
/data/data/com.fry.lky.dsf/syssetting.config.jar
Filesize
1009KB

MD5
df31ac88c8431a264f13dbeda12d9023

SHA1
917a1244496d2fc2da046fff2a1084b790f4736b

SHA256
0b903053a01a397530f478cf1fcb097f41d135a18d0c51b6a48be655b1c647ea

SHA512
ec9a9f02135dfefb572f9b161bca768d3470691bfbafb4b07ad6ab7dc03195f6cc85838bb130e9032ec5978a5be56bf182177bf9e4a5d87d5324f73c61f28c96

Download Submit
/data/data/com.fry.lky.dsf/syssetting.config.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.fry.lky.dsf/app_webview/Web Data
Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.fry.lky.dsf/app_webview/Web Data-journal
Filesize
1KB

MD5
dd7b3bea9c99ac41b27b9be9231228c4

SHA1
83149a7a2cbb7ec0eb02f9f7f1c609cb6afe9a70

SHA256
93b99f927a0712edec015d7db79f44f4fae6649a64a530e5abddc7886bd1a18a

SHA512
eab800af15650c182801017738a5aa80f1a535f31edeb02c724a033873bf63dea70568af94c6ce691ce3587a1c2b1ef281272ede706f4d77269eefdc64f4877d

Download Submit
/data/user/0/com.fry.lky.dsf/app_webview/metrics_guid
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.fry.lky.dsf/app_webview/metrics_guid
Filesize
36B

MD5
625f66c6601fc86c16b099810f797556

SHA1
a9cd2d988fb4fb9bb86f50d0ba30b5573a2fbc91

SHA256
ab5847abccc1d31060cc67a469728ddbbd21b6e8363923275bfc149faf48dcdd

SHA512
739d5084bb52a33c6ef12d514f23299a15c739bcf4e87a64c6bbe501b6fe877fc3e753a64a390c4ee34abd746590007e248ea8db93a0ba3c7f8050ab2abc8e4a

Download Submit
/data/user/0/com.fry.lky.dsf/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.fry.lky.dsf/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.fry.lky.dsf/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.fry.lky.dsf/databases/DD.db
Filesize
24KB

MD5
b6e72c0aa36915aee5125aee6571ea57

SHA1
d67e6fa8999d98ad4b24ab4396226cb09889d0f2

SHA256
1e5595568d67754cc2be6dcc26146eba61250b62e637d377e6507ffa97fdd378

SHA512
06cb0872439e0773d0bc1ccb0bb54642f24fbcc0d01865c9e425394ed1a398b24a6d836f5c197d03220dff55b61844e3a95d0345f64114ece427379975c53f3f

Download Submit
/data/user/0/com.fry.lky.dsf/databases/DD.db-journal
Filesize
524B

MD5
7ae3a3e25aaed25cdae4a4e2a7438598

SHA1
0e5568396fe3ae89b8ae50fc602c5a9c95d1be9b

SHA256
7981eb44f3a38dfdcb1aa6c611b9934cb6db56d3e754cc6790dc7e5bf0c03af4

SHA512
2cd77ff25298644131e46f99e76fc1c6656ddee045192a1b3e106c25b4e3ce84b4906660f00d86322050cb8fc6df43a3100999f2919f2c4ad139ea25769e908b

Download Submit
/data/user/0/com.fry.lky.dsf/databases/DD.db-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.fry.lky.dsf/databases/DD.db-wal
Filesize
40KB

MD5
4c788930369ac08e0a01705d367cb361

SHA1
0712e495bb9ad40d9e7be30dd9557d9dcafc4000

SHA256
4bc4e6971f7de3c23c953455325d6ef171f2c7dc137912548f97b8a8b2caf466

SHA512
a40a0ae31bb6ffe6682d792aa32e37047508853537b9be6cbfdbafb6f22c3c7c3e226f2dfcacef7b33c1812080fbc0d7914c435b97140bdc901aa3e295fd97d9

Download Submit
/data/user/0/com.fry.lky.dsf/databases/qy_db_pay
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.fry.lky.dsf/databases/qy_db_pay-journal
Filesize
524B

MD5
96b3e40f815ac5595598db24213d9cb5

SHA1
5a3ad2655251be77933053a73f85e82b705b06c9

SHA256
72e7a1bde0bfb504dcf51cbf01724c4eeaf23f113b3f0db260a4ab304d1b48d3

SHA512
c506f3b1acee13466779bb37a502d5e0511c77e21d35ff84ed02e866068f944fa33e0c5a217d41e4ad4e0912de484987efeb691c35d3f2d70d17ffa35fabb2dd

Download Submit
/data/user/0/com.fry.lky.dsf/databases/qy_db_pay-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.fry.lky.dsf/databases/qy_db_pay-wal
Filesize
56KB

MD5
139dd851e7e3d847f110a25702c59f2b

SHA1
574ae606cf6a5778bcb1fe32f628f96ce82f496d

SHA256
f080fe25f7c97b92f1ee07f0534e77e98cf13863ce44d0f0a29ec345628c4817

SHA512
b78633257e260b4b80a5605cd8a2475b33930fdb9033f1680e604ac3de3065ba743755d6c7250f36c6379d51c323feb1e126113aa4258422bc6c4746ac9bc9aa

Download Submit
/data/user/0/com.fry.lky.dsf/files/.imprint
Filesize
909B

MD5
0e89fd8425674c405b4c4d1bd3ba86c3

SHA1
6de6ad0b62bcf624b8eca8a0206bb39a552d84fd

SHA256
660ce9f5920cd51b180fff2773f156e7cbbb6fbf30340b8e87c22edc988bbf83

SHA512
c730824897eaeadcfc5e418089282c76668c8ae5bc38dd44f45c22c4f2e44f87823ffd2a62139329af8033915d9e9f045a97f513bf717bb440b86aeb3e460287

Download Submit
/data/user/0/com.fry.lky.dsf/files/umeng_it.cache
Filesize
310B

MD5
8fbefd176e5b938c7c426aae2a2e2148

SHA1
65cb6bb7568773418a4a399fa16b4850b96a06a9

SHA256
ca4dcb40fbed073d1e36b001c8c796c24f2c73e7b6370bed0fc7508e4a6b2e1b

SHA512
d01351089e3ba3da05630c06fd932a04f6d2c916c110ee33958edb2e3e7cecc210aae78d9baa543a5c481a7055727d6338582cd934ce8f4c458e75267860a3a7

Download Submit
/data/user/0/com.fry.lky.dsf/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/storage/emulated/0/com.fry.lky.dsf.start.times/com.fry.lky.dsf
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit