d2184259736beae96e622b742e8e01e6e9fb5a4a61f23497a83fcd0c8c492d75

Analysis

max time kernel
3174821s
max time network
152s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
27-11-2022 12:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d2184259736beae96e622b742e8e01e6e9fb5a4a61f23497a83fcd0c8c492d75.apk
Size

1.6MB
MD5

0eb9c30c2e441378a238fcbcb0806284
SHA1

de537b784be0a049bfccd7cba16bea4e19eea129
SHA256

d2184259736beae96e622b742e8e01e6e9fb5a4a61f23497a83fcd0c8c492d75
SHA512

694ca8f8b59a5ca407b4f1d6c80606aabc2e18263634095756b86890dfb412c024e157573e5cb454348c0135f0c296dd2b6ab8187db66474cf0ef83bc603b2d9
SSDEEP

49152:VN2BysmpE0mzjao/oM3K2YJzsIKodKOOxhn3vxOkeKLhRPPrZDyUVaxVO3Xn/W3P:VNKyNeTQM3K2Y9dKN1AkeKbPPrZDyU/+

Score

8^/10

ransomware

Malware Config

Signatures

Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.

Processes:

org.gsan.medie.zw

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation org.gsan.medie.zw
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

org.gsan.medie.zw

description ioc process

Framework API call javax.crypto.Cipher.doFinal org.gsan.medie.zw

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	org.gsan.medie.zw

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	org.gsan.medie.zw

org.gsan.medie.zw
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data).
PID:4028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/org.gsan.medie.zw/databases/access.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/org.gsan.medie.zw/databases/access.db-journal
Filesize
524B

MD5
44ef2d25c0e4b4dd891ddee15223eb8c

SHA1
59ed4a7440d0c39ce17366201c28a0e0b7a9b3a0

SHA256
3bbb22a5db66b909adee61c79dd74d6fb0dd9777c7336a3160a5c8ce24ec1da0

SHA512
b1bf5650c02c94bbcf0fcd37ffb45ef92e7386db90be76af1934be453c0e32d44e5e008a6d595179e2ef4e207ccb25e471886f032f479601e8f04dd926d7fa00

Download Submit
/data/user/0/org.gsan.medie.zw/databases/access.db-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/org.gsan.medie.zw/databases/access.db-wal
Filesize
32KB

MD5
a9196488977beeb7676ca3020b7f209c

SHA1
d127c385d928216f60559e49d4b5618fa8734914

SHA256
61f83d77e63e0b7d02d664cef96a326731226d841b7f50e9221bc1677376a2d3

SHA512
a1fea3c8fa3a80267ee0631dfef80f191a4204949803009e91a5c09909f00e4a9a538a0cbfc32caf58bf5029216e66f03e6a12a91415e438c7c30389c9eaa6ca

Download Submit
/data/user/0/org.gsan.medie.zw/files/__local_stat_cache.json
Filesize
25B

MD5
2d805b13f2f28dc3ca9bbcc000f49bb5

SHA1
9eac165b4d81258fd3967cde5cc53b53b1dabcb1

SHA256
c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19

SHA512
5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0

Download Submit
/data/user/0/org.gsan.medie.zw/shared_prefs/pay_xml.xml
Filesize
119B

MD5
56be6b759e25d6f84fad17cf6f0af4a0

SHA1
769b9b85217158e11ad1ac346537143f3b291384

SHA256
742af9555a7b1c52ff65092c7809add85e5f66dc01b337c7994b10149e9dfcc2

SHA512
591ab4bf27cf5b08b3cd5690e1c290f487d7e787f03c25e120f63aefa53d31de5df7a47ee342db5c2784da71fcdb862ad74eb68416e3fd54da9db5c4217ddf5d

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid
Filesize
89B

MD5
7660af1c82048335faf5653c262ae56c

SHA1
7545f05cc9021e5ba41ab72618e12af197f3eb90

SHA256
653d2f0a260cb69caf9605e912b807f7eff135f8358bae90ea6761958dee36b3

SHA512
6b0e48de7ebd03c916dde96f74d00955d9da7185914da547e1fe9a1b1bddf83bd20a62d5be44ade4754aad3e077607baeb1afb660bebd02b3a72e398e69c4d30

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads