d4d1c7c0bc5e2247f3cdcb43b031c5419723583ce3fb50a5faf2cc49033aca98

Analysis

max time kernel
3106768s
max time network
132s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
26-11-2022 21:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4d1c7c0bc5e2247f3cdcb43b031c5419723583ce3fb50a5faf2cc49033aca98.apk
Size

3.4MB
MD5

3251dce4a97e586fcc043de2457bde22
SHA1

73d591524c4695e472a6d9b5cfd2f2ffa2bafc00
SHA256

d4d1c7c0bc5e2247f3cdcb43b031c5419723583ce3fb50a5faf2cc49033aca98
SHA512

f033aa4d783bc3045b326370b088e5e16d6a8181c7b70e721080a4091a616b7d8fd7cfc8a09a08dd3c62a319a689c891ddf74c3a23af2779af30bf7d9d8d35bc
SSDEEP

49152:+OwQCeW8WeZM1R17+TQiYejzPp0fdWvUOQ6P0ept7F4zNHt/JQhGakFz7hLOwPh:+nz8tYTevyfdiPwNHB6hGZ7ZOwJ

Score

7^/10

ransomware

Malware Config

Signatures

Loads dropped Dex/Jar 5 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/t.jar --output-vdex-fd=69 --oat-fd=74 --oat-location=/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/oat/x86/t.odex --compiler-filter=quicken --class-loader-context=&cc.taosha.beautify.easylocker

ioc	pid	process
/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/t.jar	4204	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/t.jar --output-vdex-fd=69 --oat-fd=74 --oat-location=/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/oat/x86/t.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/t.jar	4054	cc.taosha.beautify.easylocker
/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/t.jar	4054	cc.taosha.beautify.easylocker
/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/t.jar	4054	cc.taosha.beautify.easylocker
/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/t.jar	4054	cc.taosha.beautify.easylocker

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

cc.taosha.beautify.easylocker

description ioc process

Framework API call javax.crypto.Cipher.doFinal cc.taosha.beautify.easylocker

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	cc.taosha.beautify.easylocker

cc.taosha.beautify.easylocker
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4054

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/t.jar --output-vdex-fd=69 --oat-fd=74 --oat-location=/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/oat/x86/t.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/oat/t.jar.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/oat/x86/t.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/oat/x86/t.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/t.jar
Filesize
100KB

MD5
2475237d726fc5343ee657b1fbee32ba

SHA1
927429d61814ddfcbac10ff96da3fd963abb72fc

SHA256
a370548e2fb0f9ac10454cc4dbb33176942349d6b6a86a1e5dd4c2dbd968ba56

SHA512
521a3839da556cfb0088bf89ef49ca579629db6084ed19e509ff692bc8d25e6e275fc9e241345c3762e5202a257a1c758b33666eac796d47e806435db88ee7a4

Download Submit
/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/t.jar
Filesize
100KB

MD5
58a402bf441dc83256a7589b2f220e2f

SHA1
450d0815439db5e1033fee024003fdcc788fb378

SHA256
4691d23640e38334bbf60b286999f230808e7150dd29c50ff83aa26917a1e862

SHA512
807ffa3dcc516e87714ca6a95c88d730df60ddfe9fb188e51774bc80661d4afda06d2bd5e30710f6837d12b2d0c84658d2b34b9b9e50bd3f126fe0422ff9ff95

Download Submit
/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/t.jar
Filesize
100KB

MD5
2475237d726fc5343ee657b1fbee32ba

SHA1
927429d61814ddfcbac10ff96da3fd963abb72fc

SHA256
a370548e2fb0f9ac10454cc4dbb33176942349d6b6a86a1e5dd4c2dbd968ba56

SHA512
521a3839da556cfb0088bf89ef49ca579629db6084ed19e509ff692bc8d25e6e275fc9e241345c3762e5202a257a1c758b33666eac796d47e806435db88ee7a4

Download Submit
/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/t.jar
Filesize
100KB

MD5
58a402bf441dc83256a7589b2f220e2f

SHA1
450d0815439db5e1033fee024003fdcc788fb378

SHA256
4691d23640e38334bbf60b286999f230808e7150dd29c50ff83aa26917a1e862

SHA512
807ffa3dcc516e87714ca6a95c88d730df60ddfe9fb188e51774bc80661d4afda06d2bd5e30710f6837d12b2d0c84658d2b34b9b9e50bd3f126fe0422ff9ff95

Download Submit
/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/t.jar
Filesize
100KB

MD5
2475237d726fc5343ee657b1fbee32ba

SHA1
927429d61814ddfcbac10ff96da3fd963abb72fc

SHA256
a370548e2fb0f9ac10454cc4dbb33176942349d6b6a86a1e5dd4c2dbd968ba56

SHA512
521a3839da556cfb0088bf89ef49ca579629db6084ed19e509ff692bc8d25e6e275fc9e241345c3762e5202a257a1c758b33666eac796d47e806435db88ee7a4

Download Submit
/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/t.jar
Filesize
100KB

MD5
58a402bf441dc83256a7589b2f220e2f

SHA1
450d0815439db5e1033fee024003fdcc788fb378

SHA256
4691d23640e38334bbf60b286999f230808e7150dd29c50ff83aa26917a1e862

SHA512
807ffa3dcc516e87714ca6a95c88d730df60ddfe9fb188e51774bc80661d4afda06d2bd5e30710f6837d12b2d0c84658d2b34b9b9e50bd3f126fe0422ff9ff95

Download Submit
/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/t.jar
Filesize
100KB

MD5
2475237d726fc5343ee657b1fbee32ba

SHA1
927429d61814ddfcbac10ff96da3fd963abb72fc

SHA256
a370548e2fb0f9ac10454cc4dbb33176942349d6b6a86a1e5dd4c2dbd968ba56

SHA512
521a3839da556cfb0088bf89ef49ca579629db6084ed19e509ff692bc8d25e6e275fc9e241345c3762e5202a257a1c758b33666eac796d47e806435db88ee7a4

Download Submit
/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/t.jar
Filesize
100KB

MD5
58a402bf441dc83256a7589b2f220e2f

SHA1
450d0815439db5e1033fee024003fdcc788fb378

SHA256
4691d23640e38334bbf60b286999f230808e7150dd29c50ff83aa26917a1e862

SHA512
807ffa3dcc516e87714ca6a95c88d730df60ddfe9fb188e51774bc80661d4afda06d2bd5e30710f6837d12b2d0c84658d2b34b9b9e50bd3f126fe0422ff9ff95

Download Submit
/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/t.jar
Filesize
236KB

MD5
b40fca0d677c66b44cc4f3cad28010c4

SHA1
9ed04ac33336fc88f90e47844b45b691e8cebae2

SHA256
482806fb39f56c8372e19949f0c84f7c5129f05f728af1f0abbaa1bb17440b42

SHA512
94b5716af725d6b723db567fbb45f2cc5eeab9cb0bdc89682f5e161a4964bb4ffeb8ce4751d897a6b37ff38fad5124dad597622fea499ab48cc7ecc78cf07f4b

Download Submit
/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/t.jar
Filesize
236KB

MD5
b40fca0d677c66b44cc4f3cad28010c4

SHA1
9ed04ac33336fc88f90e47844b45b691e8cebae2

SHA256
482806fb39f56c8372e19949f0c84f7c5129f05f728af1f0abbaa1bb17440b42

SHA512
94b5716af725d6b723db567fbb45f2cc5eeab9cb0bdc89682f5e161a4964bb4ffeb8ce4751d897a6b37ff38fad5124dad597622fea499ab48cc7ecc78cf07f4b

Download Submit
/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/t.jar
Filesize
236KB

MD5
b40fca0d677c66b44cc4f3cad28010c4

SHA1
9ed04ac33336fc88f90e47844b45b691e8cebae2

SHA256
482806fb39f56c8372e19949f0c84f7c5129f05f728af1f0abbaa1bb17440b42

SHA512
94b5716af725d6b723db567fbb45f2cc5eeab9cb0bdc89682f5e161a4964bb4ffeb8ce4751d897a6b37ff38fad5124dad597622fea499ab48cc7ecc78cf07f4b

Download Submit
/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/t.jar
Filesize
236KB

MD5
b40fca0d677c66b44cc4f3cad28010c4

SHA1
9ed04ac33336fc88f90e47844b45b691e8cebae2

SHA256
482806fb39f56c8372e19949f0c84f7c5129f05f728af1f0abbaa1bb17440b42

SHA512
94b5716af725d6b723db567fbb45f2cc5eeab9cb0bdc89682f5e161a4964bb4ffeb8ce4751d897a6b37ff38fad5124dad597622fea499ab48cc7ecc78cf07f4b

Download Submit
/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/t.jar
Filesize
236KB

MD5
01e459080532a69b06b6413648650817

SHA1
422e17f8e1c4c1774504940dbd74b1c04ecaa596

SHA256
30c187d96906796c47567bcc158b07f734e9dc5dd60fb722fa70d13390bfaeb5

SHA512
9422e343990f5c54b5dede89ca6c26fb39f43dd9f7bcfe0909416dd58e4b9e8edde95bb0eb26fea046422b92a9a66e020971a2e4c080688871ce471369dcd469

Download Submit
/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/t.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/t.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/t.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/cc.taosha.beautify.easylocker/app_ttmp/t.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/cc.taosha.beautify.easylocker/databases/local_wallpaper.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/cc.taosha.beautify.easylocker/databases/local_wallpaper.db-journal
Filesize
524B

MD5
837cdbbf11d07836336af7b82646f6da

SHA1
2a903e79e9b31027643e7e2af33c3c0bc7a4e7ad

SHA256
d2e70c2c9fa1cc9b4a048c9419139a0f1b2306eadf49bfcc94616ce8a218f273

SHA512
957ce07f8ce7f2fab2fc271675f4422be6e1103cd59850179747459e9220dae861a460ae301fbac5f6c5e657a90e21570ab74f6c4a67cebbf7c5eafddf6b6c61

Download Submit
/data/user/0/cc.taosha.beautify.easylocker/databases/local_wallpaper.db-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/cc.taosha.beautify.easylocker/databases/local_wallpaper.db-wal
Filesize
28KB

MD5
3184834bfedd4ae1216bba1dc1efaf63

SHA1
225c8217bfd5ed419ff8f05799816d5b390adff7

SHA256
7b1eb03bcd28e1e5ffc58ed1ba8ec770af6913c9554f6fdc30dcd9a7b405192d

SHA512
c0578f78767a7984797b17e47c0d5764f647b2aa11b690b3def9632cca5b0fefaae5d0dde8736ff5c473be9d994ca019f903d50c13051975681556658d93abcd

Download Submit
/data/user/0/cc.taosha.beautify.easylocker/shared_prefs/notification.xml
Filesize
106B

MD5
7cd95e8e55c9bffa6f1e21ab93b7abe5

SHA1
15e3a275dca4e4f4da50a93930f4ee16dd685140

SHA256
5d5b54ae1573e08e28aaafad07c2710bd979e1a4f022601902e43d59a1bc9384

SHA512
4c109eb5fd00347369a8d7bffaa8e76a3545b4cdef6a3151372b88352c121c9421ce0e2d3706b1cbf654a887f5e2a9d8f4d444602d16884cde9fc9190f8ff9d9

Download Submit