9045b94a07df471a3da68cbe716d1c31c118fba499f9719e9564e00bdcbe519f

Analysis

max time kernel
3150797s
max time network
130s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
27-11-2022 06:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9045b94a07df471a3da68cbe716d1c31c118fba499f9719e9564e00bdcbe519f.apk
Size

2.0MB
MD5

4d6a252f5eb9ddc318bd4b0338fb496c
SHA1

1f31d9379a136ac3343c443f8bbe90e3e789b9d6
SHA256

9045b94a07df471a3da68cbe716d1c31c118fba499f9719e9564e00bdcbe519f
SHA512

83cf9861cdcf4b932a6d5ed7499758b4b11be677af51f65b3a71dc09838fb1f18585d2d5030d17790ee1ff40e9c7176591c5ef1fa33876de4e4fbd6529a116c0
SSDEEP

49152:Clu9hiUhmF9OZt+jrvOpO0T1H+NAdBeE+2urleVkPbc4D:Qu9DhQUZt+jrvO80T1H+MBenTeVkPbcy

Score

7^/10

ransomware

Malware Config

Signatures

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/com.skymobi.pay.app/plugins/com.skymobi.pay.opplugin_v2021.apk --output-vdex-fd=48 --oat-fd=49 --oat-location=/storage/emulated/0/Android/data/com.skymobi.pay.app/plugins/oat/x86/com.skymobi.pay.opplugin_v2021.odex --compiler-filter=quicken --class-loader-context=&com.sffa.medi/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sffa.medi/files/com.skymobi.appui.sole_v1002.apk --output-vdex-fd=50 --oat-fd=51 --oat-location=/data/user/0/com.sffa.medi/files/oat/x86/com.skymobi.appui.sole_v1002.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/storage/emulated/0/Android/data/com.skymobi.pay.app/plugins/com.skymobi.pay.opplugin_v2021.apk	4121	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/com.skymobi.pay.app/plugins/com.skymobi.pay.opplugin_v2021.apk --output-vdex-fd=48 --oat-fd=49 --oat-location=/storage/emulated/0/Android/data/com.skymobi.pay.app/plugins/oat/x86/com.skymobi.pay.opplugin_v2021.odex --compiler-filter=quicken --class-loader-context=&
/storage/emulated/0/Android/data/com.skymobi.pay.app/plugins/com.skymobi.pay.opplugin_v2021.apk	4051	com.sffa.medi
/data/user/0/com.sffa.medi/files/com.skymobi.appui.sole_v1002.apk	4164	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sffa.medi/files/com.skymobi.appui.sole_v1002.apk --output-vdex-fd=50 --oat-fd=51 --oat-location=/data/user/0/com.sffa.medi/files/oat/x86/com.skymobi.appui.sole_v1002.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.sffa.medi/files/com.skymobi.appui.sole_v1002.apk	4051	com.sffa.medi

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.sffa.medi

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.sffa.medi

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.sffa.medi

com.sffa.medi
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4051

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/com.skymobi.pay.app/plugins/com.skymobi.pay.opplugin_v2021.apk --output-vdex-fd=48 --oat-fd=49 --oat-location=/storage/emulated/0/Android/data/com.skymobi.pay.app/plugins/oat/x86/com.skymobi.pay.opplugin_v2021.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4121

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sffa.medi/files/com.skymobi.appui.sole_v1002.apk --output-vdex-fd=50 --oat-fd=51 --oat-location=/data/user/0/com.sffa.medi/files/oat/x86/com.skymobi.appui.sole_v1002.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.sffa.medi/databases/app_download_record
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.sffa.medi/databases/app_download_record-journal
Filesize
524B

MD5
1573a092119e42a366804962e1804ab8

SHA1
29b0d3d5560f54d1fd4ddfa47ba9e4302314883f

SHA256
c145bb8f83ad359b637247223d6e77adc37729e00901b6df3115cda725b76fe3

SHA512
9797c445774ad29c7c5cbb975f63e935f0a053f92aaa56caec0d211fcedbfcac6caa094d2a00bb9778aebb31c92684257688c90b8ebedc31c228574c7a98c63f

Download Submit
/data/user/0/com.sffa.medi/databases/app_download_record-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.sffa.medi/databases/app_download_record-wal
Filesize
44KB

MD5
0d6b8cd1eb84e732f5ea5cb6ab860500

SHA1
259c78ae7cabfa1bf27351806948e064eb03f0a8

SHA256
7ef28963c16d7adf9af930896862cfed0aea8ff900fd160e39493d22ee81f63e

SHA512
2ff11131a67198677796aa7231028b0046b4c668eaf3f913dfe97c9f2fd90652d4c7285f9c3f10dc3453edfb7930257fd0953834d224e84eebeeec8ca7b59140

Download Submit
/data/user/0/com.sffa.medi/databases/sy_pay_record
Filesize
40KB

MD5
f33e40dc44dddf9886c560576fe30a70

SHA1
58df836a00a47eba37ba479a7aee95bcf404b2b5

SHA256
4438043ecb3f2ce4c482f5312042c439437aeb896181069dd6e8966f40bd3de2

SHA512
af1162e2b3802bbc9e4bfc43bfd1258bb40b49a601e361076c58f7dbc8f7e8b5d4e3003183dffba1c00810ac34a59fa595d8908ef9b2652578522b8c014327d9

Download Submit
/data/user/0/com.sffa.medi/databases/sy_pay_record-journal
Filesize
524B

MD5
b591018ed97e7f8505f9e65e943993b8

SHA1
dcb0678075b7fe0c370aca3a4c2080ed7bd4a497

SHA256
40224a8efe71c50e901fd6524d15ba7a8f8d29855f5a4c2a658d41e403c2f597

SHA512
60474c50e89ffbff6b9d97fc84aa5966f1d8c1f0a59999236057931150763f59a015399f588ff032a6bc3d633f68130d6b107c15262ae888b35f57b0ae9274fa

Download Submit
/data/user/0/com.sffa.medi/databases/sy_pay_record-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.sffa.medi/databases/sy_pay_record-wal
Filesize
48KB

MD5
b5fa4103159c752a3b95b454d63116cc

SHA1
492e798fe2dd69a8dd8b3f6201108aa85caa983a

SHA256
ecf1a1c70f123a44e5cb1d3a98fada52a5845248c5094c2939c57089edc7e617

SHA512
c5d13ca96c43819541067371cf1a7c096e8d7d0c9b5f525da75f1affbd5249df8af924d5553652091f56846e417dc54e74f2e5deb1001e8a4bf288e97deeb691

Download Submit
/data/user/0/com.sffa.medi/databases/video_record
Filesize
100KB

MD5
38853230b4b72f8fd89f8b6864d0d2d4

SHA1
c9420e3f4f4e7d1cd57662e72298e3fb3b70e1c2

SHA256
aa21d95a82ce47248e0951e384844a61181b79db379f56b37c4a36b47be1c10e

SHA512
d4c514a006413ce1a596368863ed9f260199570ce86fbf2651776dfa7fadbbf86df9bd9f15eb2a4ec90d89b136ad25dc1432440ad33ad31ad4608eb3816d70fb

Download Submit
/data/user/0/com.sffa.medi/databases/video_record-journal
Filesize
524B

MD5
351bc8b7aa8257b23b43c75fa0b2cc85

SHA1
32b34e7a6e1ae33faa14a0968d9b2ab4eddec73e

SHA256
8da74e3e395ff390d31fcea7cab0ad46980e30375616782f000fd0189ca61e22

SHA512
919dc7ac09d32a602d75b272876c0c764f5600fd70403b27d322307b2e02eda28a548e2be6f4cb967dcc0ffcdac0caf798fc4e97089b17044b3073e33faaa4a8

Download Submit
/data/user/0/com.sffa.medi/databases/video_record-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.sffa.medi/databases/video_record-wal
Filesize
108KB

MD5
c332f4dd3225af413dbb752c8b318887

SHA1
6f67b7f07574e520ac3ec6b47e9ebefa9a167174

SHA256
4c82cec6543908a55a2458652f83a4ecb85b0abaab7888870e9a1821f6f4d366

SHA512
a71ba0a4b07ab834c0a321ffcb1bfc3b51efb919f79f8388aea5fa2c6beffa486432cc4cf08e4e38876718d2e7848f95ab80ae3391c08029b9c8e26ebc8c24d9

Download Submit
/data/user/0/com.sffa.medi/files/classes.dex
Filesize
1.1MB

MD5
aae85daf48a5bc38884040810a727117

SHA1
80184301ba51ee837f1827b342f8abb5d8ad0934

SHA256
e67e3c54bf2f3ffd87204a54f8e3e2516608841ada1777c723c2c192e8d6d670

SHA512
4a25d697953ae0142e69f01a774b4667e6dea16f8c4d4da6876db7bc393b77ceb6907615857f7e19329dfa1e20cb412e4f5e3285975e400d7d14de00d4cff575

Download Submit
/data/user/0/com.sffa.medi/files/com.skymobi.appui.sole_v1002.apk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.sffa.medi/files/com.skymobi.appui.sole_v1002.apk
Filesize
19KB

MD5
dd68796b01d134c0a23b69cd76509f0a

SHA1
519650ad815de9516fa8588f847593fb7eec61b5

SHA256
f9301663e249fc181ccf57cffc6a0990b9e7659ff550eeaa33684e1b99510655

SHA512
d08d3f038116430ab8ae627aefd90477617072aa1dc37d0c88bbbee4d22d634159293557494b3a959c3fe1a48e504288e433002bd4c6a2adb7e35432b1a1fc43

Download Submit
/data/user/0/com.sffa.medi/files/com.skymobi.appui.sole_v1002.apk
Filesize
19KB

MD5
36635f86bc3520d360c85a023e3f5a70

SHA1
3b5c81648b9e8fe4ab38dfb702b8c4c0967e1cfb

SHA256
16eb5d477961623d82ae300fffb8f81a2b5a9fad50a0ff7486b4ce81f615bda5

SHA512
509f746f85e76bca3df65630b110f506637395d9dc26e78fbd434f16edb69c28646c170f696fb21a1416af051080eb6e58ae1347ac32db35951e5bf6c93b85b4

Download Submit
/data/user/0/com.sffa.medi/files/com.skymobi.appui.sole_v1002.apk.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.sffa.medi/files/oat/com.skymobi.appui.sole_v1002.apk.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.sffa.medi/files/oat/x86/com.skymobi.appui.sole_v1002.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.sffa.medi/files/oat/x86/com.skymobi.appui.sole_v1002.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.sffa.medi/shared_prefs/APP_START_TIMER_INFO.xml
Filesize
117B

MD5
1d0f102b0ccc936fcd56611af02e7881

SHA1
66dd582d25535188f4b6e78d76c107b6b710bcdf

SHA256
b59d522c4e41cb725f1aab570aed1de2a6a9e79c98a2a0b16c002ae3a372af70

SHA512
88a91f6f7a11d443d3d6985b34acf063b4cf29ebe516b1e197969119fbf200afce9d90fc8969ef313919dfeae079011b109bd82926ed47c6dddf75544b94d399

Download Submit
/storage/emulated/0/Android/data/com.skymobi.pay.app/plugins/com.skymobi.pay.opplugin_v2021.apk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/Android/data/com.skymobi.pay.app/plugins/com.skymobi.pay.opplugin_v2021.apk
Filesize
386KB

MD5
4a1fb248e672d39457f2cf9088c17880

SHA1
b500b2528ed6cee5929603b862b14a18655ac06d

SHA256
b2831dae43d2dc8daffc919456c244b17f15f5453dca097d665979e7254f8c23

SHA512
b434ee9348e7e2717b35c4f64bc71aa58aca634741045b91ec61eea5bdb536ece7449fe8d376f724bb0006cd2bc7976c9695bc3aa47a59a26ab6c6c09096279e

Download Submit
/storage/emulated/0/Android/data/com.skymobi.pay.app/plugins/com.skymobi.pay.opplugin_v2021.apk
Filesize
386KB

MD5
4a1fb248e672d39457f2cf9088c17880

SHA1
b500b2528ed6cee5929603b862b14a18655ac06d

SHA256
b2831dae43d2dc8daffc919456c244b17f15f5453dca097d665979e7254f8c23

SHA512
b434ee9348e7e2717b35c4f64bc71aa58aca634741045b91ec61eea5bdb536ece7449fe8d376f724bb0006cd2bc7976c9695bc3aa47a59a26ab6c6c09096279e

Download Submit
/storage/emulated/0/Android/data/com.skymobi.pay.app/plugins/com.skymobi.pay.opplugin_v2021.apk.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/Android/data/com.skymobi.pay.app/plugins/oat/x86/com.skymobi.pay.opplugin_v2021.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/Android/data/com.skymobi.pay.app/plugins/oat/x86/com.skymobi.pay.opplugin_v2021.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/SYPAYFILENAME/CACHE/12114/12114text
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit