f6a95b10976f65adf5dbbdb40f2e7fb01fc34731d7a1170b10b9611b12484690 | Triage

Submit
Reports

Overview

overview

7

Static

static

7

f6a95b1097...90.apk

android-9-x86

7

f6a95b1097...90.apk

android-10-x64

7

f6a95b1097...90.apk

android-11-x64

7

Sharing

General

Target

f6a95b10976f65adf5dbbdb40f2e7fb01fc34731d7a1170b10b9611b12484690
Size

865KB
Sample

221126-zvkdesdg99
MD5

fa7c2adb64d96df30451a0614d9f7023
SHA1

727085127342eaa1fd98978b1c7c58a5de2c229e
SHA256

f6a95b10976f65adf5dbbdb40f2e7fb01fc34731d7a1170b10b9611b12484690
SHA512

3eb431e6db83ad02e3570991511652a423f7624b8e43393d1507556aed7580c4b3c97a37706e506be8e20448371b48cdabd197e20c0202a229b519d67b620b28
SSDEEP

24576:4UuckfQo5RmT3AK1J/bYR6S8/uC4k9P8cTd9Z:79kfQonmcKXbS8/u49P5

Score

7^/10

android evasion ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f6a95b10976f65adf5dbbdb40f2e7fb01fc34731d7a1170b10b9611b12484690.apk

Resource

android-x86-arm-20220823-en

evasion ransomware

android-9-x86

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

f6a95b10976f65adf5dbbdb40f2e7fb01fc34731d7a1170b10b9611b12484690.apk

Resource

android-x64-20220823-en

android-10-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

f6a95b10976f65adf5dbbdb40f2e7fb01fc34731d7a1170b10b9611b12484690.apk

Resource

android-x64-arm64-20220823-en

android-11-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  f6a95b10976f65adf5dbbdb40f2e7fb01fc34731d7a1170b10b9611b12484690
- Size
  
  865KB
- MD5
  
  fa7c2adb64d96df30451a0614d9f7023
- SHA1
  
  727085127342eaa1fd98978b1c7c58a5de2c229e
- SHA256
  
  f6a95b10976f65adf5dbbdb40f2e7fb01fc34731d7a1170b10b9611b12484690
- SHA512
  
  3eb431e6db83ad02e3570991511652a423f7624b8e43393d1507556aed7580c4b3c97a37706e506be8e20448371b48cdabd197e20c0202a229b519d67b620b28
- SSDEEP
  
  24576:4UuckfQo5RmT3AK1J/bYR6S8/uC4k9P8cTd9Z:79kfQonmcKXbS8/u49P5
Score

7^/10

evasion ransomware
- Acquires the wake lock.
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

evasionransomware

behavioral2

behavioral3

© 2018-2024

Terms | Privacy