f398cc0bf642c3d2592c893a2e14b2e4ffe04a7eb0e60cb414d527cd5f0c6aad

Analysis

max time kernel
3227941s
max time network
128s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
27/11/2022, 22:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f398cc0bf642c3d2592c893a2e14b2e4ffe04a7eb0e60cb414d527cd5f0c6aad.apk
Size

1.2MB
MD5

71b724e61b63bfcc364b9950428a0721
SHA1

58655008efa896251cef645b67d82fe4b1cf3282
SHA256

f398cc0bf642c3d2592c893a2e14b2e4ffe04a7eb0e60cb414d527cd5f0c6aad
SHA512

b503a13322c44ae63a7ee6bc0dd2545ae894407f3390223086fc548aaaf94811c054d3e8bbed505a19c18db59eb2e79f311902e8134d6809213482f8211266aa
SSDEEP

24576:R1gMCk9KQaNHbLcWt+hfDIYQvcO2500m84Q8V7AgNOwn6BleYkGXf4v:zOkM3FvahLjSyi1Q8xAKOgWleYkGXf4v

Score

7^/10

evasion ransomware

Malware Config

Signatures

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/storage/emulated/0/.tpservice/com.t304.ysbgpk/download/jar/mkugjw_12002_5052.jar	4223	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/.tpservice/com.t304.ysbgpk/download/jar/mkugjw_12002_5052.jar --output-vdex-fd=57 --oat-fd=48 --oat-location=/storage/emulated/0/.tpservice/com.t304.ysbgpk/download/jar/oat/x86/mkugjw_12002_5052.odex --compiler-filter=quicken --class-loader-context=&
/storage/emulated/0/.tpservice/com.t304.ysbgpk/download/jar/mkugjw_12002_5052.jar	4090	com.t304.ysbgpk
/storage/emulated/0/.twservice/tvohnu_2001_2003/tw.jar	4410	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/.twservice/tvohnu_2001_2003/tw.jar --output-vdex-fd=95 --oat-fd=96 --oat-location=/storage/emulated/0/.twservice/tvohnu_2001_2003/oat/x86/tw.odex --compiler-filter=quicken --class-loader-context=&
/storage/emulated/0/.twservice/tvohnu_2001_2003/tw.jar	4090	com.t304.ysbgpk

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.t304.ysbgpk

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.t304.ysbgpk

com.t304.ysbgpk
1⤵
- Loads dropped Dex/Jar
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4090
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/.tpservice/com.t304.ysbgpk/download/jar/mkugjw_12002_5052.jar --output-vdex-fd=57 --oat-fd=48 --oat-location=/storage/emulated/0/.tpservice/com.t304.ysbgpk/download/jar/oat/x86/mkugjw_12002_5052.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4223
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/.twservice/tvohnu_2001_2003/tw.jar --output-vdex-fd=95 --oat-fd=96 --oat-location=/storage/emulated/0/.twservice/tvohnu_2001_2003/oat/x86/tw.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4410

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.t304.ysbgpk/app_webview/Cookies

Filesize
64KB

MD5
cb7543c4df600f2af58097cce0e334ba

SHA1
83cc92f38c27fdb4fa519b1ce2f37912f24af1f0

SHA256
64c022ae708f94ffde986e105d88f708884de325720bfb9925c4160a6d417233

SHA512
ad51cad0472327bd68aa2d791341cfafed58971752352537bb603ed18b15a3f9185e9150983a28ecd09606e8dcaef6d1c9d93213dd246ef7720f39842eb3d980

Download Submit
/data/user/0/com.t304.ysbgpk/app_webview/Cookies-journal

Filesize
1KB

MD5
4804116be3ae99c1a7b40f8ee0ffb76b

SHA1
62a761d1cb821b063d9eabc928a7c843e332a086

SHA256
ac5b6dba3b9141a45577cbe62cbfceb756fee7cf8599800f1656bff36ae76fd9

SHA512
db555150de2da10bb380d6d27eb28f4e6edc826973ad851afd4a77fddae4298442f5c6f557fdc4064ebdbcf605430645180e143ddea3fd2af864b2cf29ec2997

Download Submit
/data/user/0/com.t304.ysbgpk/app_webview/GPUCache/index

Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.t304.ysbgpk/app_webview/GPUCache/index-dir/temp-index

Filesize
48B

MD5
c4d3e82d51da8a840f4abc784b358648

SHA1
e02209baae64df0971893de7b080967a5b014e75

SHA256
74c1312ae456d5e28e823664985893da848354d7cab028d13cc8fc22fda25979

SHA512
3406f420961ff7f78a180aee832706fbe5ce358f1d484c5a5df7920766e014a5cdf0232b05f1f6add0e40b8c839efdf04c0909cdea00d7dde39aeac7ce831088

Download Submit
/data/user/0/com.t304.ysbgpk/app_webview/Local Storage/leveldb/000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
/data/user/0/com.t304.ysbgpk/app_webview/Local Storage/leveldb/000003.log

Filesize
79B

MD5
22d53706d2e416dc286ab928262330ed

SHA1
70cb275d1d9adbe2fa26eaec9a1a7a868e0330d9

SHA256
0ad014fd358322495d47758d0ca5311df014bc2b89e89078ae9e26edd1c7d113

SHA512
5cb04df563c8aa623c8822dfc24352936a28b475ffdb5ac96b5658f0de7aa21b627ad20caf29d0f7dea0562e552cb63797f647dd6b669a30d81c5e04da66e2c4

Download Submit
/data/user/0/com.t304.ysbgpk/app_webview/Local Storage/leveldb/LOG

Filesize
70B

MD5
0cce7d8b305c5a6ae9e3cf5bc5fe7370

SHA1
b2feaf9f4c698d49fd494763ce69d9276aefb609

SHA256
1bcf645170ff87b1991a1fc933cdf1500c14119667ac9541aed6886b56cd5f92

SHA512
1384b38a66bb790db00fdbc53a2862a91b35e0528413dd7c979955d2498ec4a202c50f70eb3db97e053f34f85185f154a6f2378579a25b88e290ddf7980ccd79

Download Submit
/data/user/0/com.t304.ysbgpk/app_webview/Local Storage/leveldb/MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
/data/user/0/com.t304.ysbgpk/app_webview/Web Data

Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.t304.ysbgpk/app_webview/Web Data-journal

Filesize
1KB

MD5
7cfc1824be80cea178422d41a3b1d0a6

SHA1
ddff1bf845e75e79d87abe9e9e0dbc9d81bf8567

SHA256
263b8f6ea470017868ae88bb268f5495d2351e7335db1bc28e285d3c0caa1612

SHA512
ad28e8f948bf3c54d5ebfe8f5de8e8a6944eee998a4ba3f1de3558ed0afcd09487e3a5cab01a105c23e3e72732e575b66b868e998eec3b08d9eb53946bc23d4b

Download Submit
/data/user/0/com.t304.ysbgpk/app_webview/metrics_guid

Filesize
36B

MD5
611dff302826833e995534434a00c2d2

SHA1
dc312c2fc833580e874deb9ed23abbe68228ad63

SHA256
0b1980679264a10d4970b2597c313ca5c923a99f98ede94ebe2191b044d981a8

SHA512
b6995c9e251d6cb8ee181b2c375fa0317fa4314fdfce4eb5e73aa6a63417fd4bb2d2795a0d10e0c1044b5272d22aab91c38e8f46e8abb9eec0e2174b88842c2f

Download Submit
/data/user/0/com.t304.ysbgpk/cache/org.chromium.android_webview/25c6cd6d72518a79_0

Filesize
144B

MD5
2d5c10840ac570ceca4a3039dee58e5b

SHA1
0458c037ce1cb2ff4e626de4ab832c8e35b565a0

SHA256
f44d038152ea65a9de193d30b3438920af62fb1f20cffb0ba315eceb7ceb4cc7

SHA512
8d3b95e2ed67db933680ef841fb3ead4526e9e863c4f45726a27b91ac03168d6fda6c1e152073a0d80c75ae12188da287d4b80b100788fd327bfc40e1caf8215

Download Submit
/data/user/0/com.t304.ysbgpk/cache/org.chromium.android_webview/index

Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.t304.ysbgpk/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
72B

MD5
dda375c048d26c93b5bd421d7e9f1f4c

SHA1
6aaf5dedb8c55570c57beaa1c9268f87d08e3062

SHA256
b2657b7e0f540cc78f827e3fdbe5ce5942625a3f059cf2b65703d8ad29fa90c4

SHA512
d89024693302eb6ee0948f88b4bd7c760af5833ca8be7557ba26f1e50c52bf46787c1eec99a6552d0736d9e8c5ff07790a0551efef1785cc851186c87af70b05

Download Submit
/data/user/0/com.t304.ysbgpk/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
48B

MD5
539085f3bc644e5163c05c5fa9726908

SHA1
c0653eff3be69043c3dc461bd16230cc07fe1b6a

SHA256
aaeeaa1f947f48b8f313fd8a68de0fead02bbdb075a49755efae794442ab61f7

SHA512
d960ef55c5dad29f5da20259b971b1f588f51579158d770f33ff3e3d2ba9325510e4b7c7f7f07d3172afd8ec5f5e561efc611dde780018523e41780040df843d

Download Submit
/data/user/0/com.t304.ysbgpk/files/INSTALLATION

Filesize
36B

MD5
42a27cc134180cbc532eb9c083b27329

SHA1
c4c215f5b1ba14a558bae6be6dcc02d42ba8aad7

SHA256
0ac831375fbaa80f1e112580c7bbec2e9a70c46bccfef1896955430b4719decd

SHA512
cd837cf0f3a55eca9ac4be352abd3d4e3b9900ef8d49ebcd5eddd53c8bd085a232ec54b09189ef17c29aa0ed9ad636c8982bc8535d35c43a26bb363190263cb1

Download Submit
/data/user/0/com.t304.ysbgpk/shared_prefs/APP_START_TIMER_INFO.xml

Filesize
117B

MD5
0bf759f7704f0e6905bccc99dd457624

SHA1
9768a4affa0a97732b30bd9f9fde0ba573c265e7

SHA256
8f263450a8becdff118443d7f4ef63afcb2f8132e773f34925803ec72877c919

SHA512
5a52617f0b02b72a8c9df38892ac4e3bb802ab6f8e182ab3a54ac62212f471cd783fc9eeb3808c78372da0d49f7149ae17842296a64336b99246be2f63f6a71a

Download Submit
/data/user/0/com.t304.ysbgpk/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/com.t304.ysbgpk/shared_prefs/twc.xml

Filesize
117B

MD5
30160bec596f6d1752c4d3f3fd41a4e7

SHA1
33384ba5e0058aa623070b5c086c06fd8bfe34c1

SHA256
02fdb3a7562f105051c8f104f084bbe33a2a4eea9d463f5b76a3abc8f360f8c8

SHA512
55534f23d828c95e033a59a41b22a07f63874070711eff615d8fbaf22c39d863d54285c321a747ccda53c86c793d9380aab6b275a11d42d2b2ff4f186bc73da8

Download Submit
/storage/emulated/0/.tpservice/com.t304.ysbgpk/download/jar/mkugjw_12002_5052.jar

Filesize
322KB

MD5
12d61e948e230bd8e26753c559932032

SHA1
5464733d6d4f6d72ca6ee5800a384b8ce2f4516b

SHA256
8e2b71f4b6fe254ef4a94f854f8eaf20dad11dbc6e7d6618762e880ce031d753

SHA512
27e2a944e8b7246d30ade3c5954f067936d7f6f25e70a982d384a61eef1bcc049efeb9517da602e5cabcf656523e5cbe7efde3abba3e2ab2a7dc4617ca712f32

Download Submit
/storage/emulated/0/.tpservice/com.t304.ysbgpk/download/jar/mkugjw_12002_5052.jar

Filesize
322KB

MD5
3b6620f6e9c457f769f78c7ca34f591c

SHA1
ba2bdedf085a2d4fb5074086eed8be667dbade9d

SHA256
06ddf00b6952c0a74409d26b499a64a0c8d8b6b17f9e2443cac786f1f8789165

SHA512
1853ae1ce512972ad32786f40f0d5d2f9e5f36fac1de28e38b7ff738f21292007cc7615d0d5cfdda9759fc10162a8b560e61ba926f027e3fff112eb964438e95

Download Submit
/storage/emulated/0/.twservice/tvohnu_2001_2003/tw.jar

Filesize
636KB

MD5
dda160182a8af354084505a2e40a4e93

SHA1
98032f9f9e76e0ad0e9b71fb196bef6affef916f

SHA256
8a85b63110aaf90ef12fe20033ca7a836509d251c3b7f7d31d4216a1c1905b3f

SHA512
3acf7cee6e959a1303f834ff54db710f0a8fc142a9642410d4a56fde5f25f138e669f268b2939f5948646c233cc6cdc189d088128ab9a6cdad41f88f6939516a

Download Submit
/storage/emulated/0/.twservice/tvohnu_2001_2003/tw.jar

Filesize
636KB

MD5
dda160182a8af354084505a2e40a4e93

SHA1
98032f9f9e76e0ad0e9b71fb196bef6affef916f

SHA256
8a85b63110aaf90ef12fe20033ca7a836509d251c3b7f7d31d4216a1c1905b3f

SHA512
3acf7cee6e959a1303f834ff54db710f0a8fc142a9642410d4a56fde5f25f138e669f268b2939f5948646c233cc6cdc189d088128ab9a6cdad41f88f6939516a

Download Submit