b7f44e1ffd260f950508d3626d6074c040e02bb1e42a6f0ee4f1bd1f03634593

Analysis

max time kernel
3176174s
max time network
167s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
27-11-2022 11:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7f44e1ffd260f950508d3626d6074c040e02bb1e42a6f0ee4f1bd1f03634593.apk
Size

893KB
MD5

7c0d4d41874e7108c34f8a3f8d8b0382
SHA1

cf10c9e19ca049e233ce939e52cb02d20f461b10
SHA256

b7f44e1ffd260f950508d3626d6074c040e02bb1e42a6f0ee4f1bd1f03634593
SHA512

af861b48d2041a72fc96673875b6b70d60911125bdad0e6a995032c87c720b5575d2c9637f6ebd8fa4b33b83b2f7c7f4eac2f04634481a9d999c7a7983ad35f4
SSDEEP

24576:XqbWtC5lXZZE139qNH1g4Gc7tqd8PeHnieZFWqz:XqbaCnXZZENMMchs8PwiIFxz

Score

8^/10

banker ransomware

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
banker

Processes:

com.KhotqnjoTVDW.GrtEMwRd

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications com.KhotqnjoTVDW.GrtEMwRd
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.KhotqnjoTVDW.GrtEMwRd

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.KhotqnjoTVDW.GrtEMwRd

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.KhotqnjoTVDW.GrtEMwRd

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.KhotqnjoTVDW.GrtEMwRd

com.KhotqnjoTVDW.GrtEMwRd
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Uses Crypto APIs (Might try to encrypt user data).
PID:4408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.KhotqnjoTVDW.GrtEMwRd/app_webview/.com.google.Chrome.srsUf0
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.KhotqnjoTVDW.GrtEMwRd/app_webview/Default/Web Data
Filesize
120KB

MD5
a48cd9324b1f8754b07f00d863b840f3

SHA1
11c6614775b35a58f440971dfc87c8aaac6d6173

SHA256
8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420

SHA512
35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

Download Submit
/data/user/0/com.KhotqnjoTVDW.GrtEMwRd/app_webview/Default/Web Data-journal
Filesize
2KB

MD5
9cedae6588e5aa5f524b372582f3b806

SHA1
fd613a29b1fb40e0df2cf935fa57768e01a3c0b6

SHA256
e6d1eae57e44c8b70eab3c3f1c9059f29f5550f9edd053dc7a05388812b8dcd1

SHA512
94bf8cf6e46226ba8f307be69eded84670f1e2c8d74c1448999e5587d8657e24bd2c47d3e50e3445fb5f7aac5c7973c56bf001fb7517c85391ab768ea1c6bbee

Download Submit
/data/user/0/com.KhotqnjoTVDW.GrtEMwRd/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.KhotqnjoTVDW.GrtEMwRd/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.KhotqnjoTVDW.GrtEMwRd/app_webview/webview_data.lock
Filesize
31B

MD5
07b15815d303f19c4796f0df60607c88

SHA1
e53a39bc1ef157f77cd3c9ca617ecbd1a78d2755

SHA256
63e50051d4d138d93c9dda36bca15585bf6a44418f7c43d64b3573c6a0f2b99e

SHA512
a0930a9a1048c6fcc13d3adc25ba16ec18b17406c64fd86ab84fc6d2785ae736a033f4be54728ae5b830c695c114ac850d3918763c576ef985838eca96c29500

Download Submit
/data/user/0/com.KhotqnjoTVDW.GrtEMwRd/cache/WebView/Crashpad/settings.dat
Filesize
40B

MD5
088aa795221a7867a8dafda9047c00eb

SHA1
7d8287ae92f7969aeab3b23b57b18cec4178ef65

SHA256
6f34981804b789590571245b1303919667571deae130763d4c02af8ca017cfa6

SHA512
bd7dc2d9cfa022105eb70a66aee96ee3e4c8c372f971890b84a0f1ad3dc7bee370a62c35f66e8d8386de132e8726d071d2d664c5ffc2a73b1131d7acddc1b994

Download Submit
/data/user/0/com.KhotqnjoTVDW.GrtEMwRd/cache/WebView/Default/HTTP Cache/Code Cache/js/index
Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.KhotqnjoTVDW.GrtEMwRd/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index
Filesize
96B

MD5
ede00e0571bb9dd7ed40d12a3eba4825

SHA1
336277a14626bd0b28cb2b935c2b51236efead10

SHA256
ed35b30d30a1609847d54ec91dac2e293ba7f96c6c0df6bf616cf7d2e07e8de6

SHA512
d99468bc30f2ce821ca1f14bd9cf12b78ba5dd9e401bce0288f67ba631373f19eee3fa460093912b91d2d02b3ef3f30c64c02aa950e3d6e31ec9eaf5aa040858

Download Submit
/data/user/0/com.KhotqnjoTVDW.GrtEMwRd/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index
Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.KhotqnjoTVDW.GrtEMwRd/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index
Filesize
96B

MD5
1b15c18f258a58a9f6b1a020ee2a56b7

SHA1
94761d6ae32e181c86541b30022899f36b943d40

SHA256
cbbf8cd74291d7f932801b69091010b93a36b3400ea2d7d8d30e043e4bf82954

SHA512
600cf0e6933689ed520d73be0f0d04dfe859c992be1dc74660abc6b456d1ed3b8388d49a2df0fadcf08d7e9cbf34d57f82939be0dbf59754c885b6044ac81c1f

Download Submit
/data/user/0/com.KhotqnjoTVDW.GrtEMwRd/cache/WebView/font_unique_name_table.pb
Filesize
57KB

MD5
f080fa2a56ab5479d58063e5ea871447

SHA1
4b3fd57a98916fa5784305b76ba30af26b5253d9

SHA256
0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815

SHA512
8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

Download Submit
/data/user/0/com.KhotqnjoTVDW.GrtEMwRd/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/user/0/com.KhotqnjoTVDW.GrtEMwRd/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/user/0/com.KhotqnjoTVDW.GrtEMwRd/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_7169c2bb-d3d2-40bc-b17e-bd6a2573f260_1669623331958.tap
Filesize
338B

MD5
1cd20e8e5e08de4c0529bbd6485d8faa

SHA1
30c74fe9dc4d3ee89a4ec7a28204cb2694b309fd

SHA256
b917b9a794900d0dd3c33dff2cdd61defbe9f0bc57a3ac7e43208e5303d243cc

SHA512
b9555889fbf383dca01359dfeba4c6d125d8f639d7d0eea5a76fb096413c2ffbf6bf8faa68db9f4927d77e3560086385aa5413906a81f50edd48ce1b52288bd2

Download Submit
/data/user/0/com.KhotqnjoTVDW.GrtEMwRd/files/.Fabric/com.crashlytics.sdk.android:crashlytics/63846E2300F1-0001-1138-519A7C25CADBBeginSession.cls_temp
Filesize
77B

MD5
1385ed8b235f2f81da41c360572aac54

SHA1
85a1b0a5dd27d48cbeef7bcb0d982f798e718207

SHA256
aa0c2e42d0f1b84df07df166209d7f958bd46974954e3a5070aaca554832d13c

SHA512
cbf6b355dcb448ac45d3d01b51af3aa79aca8d6d0d0fc85e971deeaac71a27233d6edd40c85252e0026efbae844de7eefc77a7ace2d5dc91f7745b4983bd57a8

Download Submit
/data/user/0/com.KhotqnjoTVDW.GrtEMwRd/files/.Fabric/com.crashlytics.sdk.android:crashlytics/63846E2300F1-0001-1138-519A7C25CADBSessionApp.cls_temp
Filesize
120B

MD5
37c2480d0a9b561a73cc2f029d2c83e1

SHA1
6e145dec9177f408a076860fd2abe1663484ad43

SHA256
8040056cc2ee527b5cf3b5401b78618c73163929ccd8ae1255908b64d7120cbe

SHA512
12114820319dbaee9610b92c575f8cc4988ad4ecc6856352425c152b377e464b88375b133293f1b6158323f1fdd1d2d5d57eff6b57e77b328935c8bbf1551d53

Download Submit
/data/user/0/com.KhotqnjoTVDW.GrtEMwRd/files/.Fabric/com.crashlytics.sdk.android:crashlytics/63846E2300F1-0001-1138-519A7C25CADBSessionDevice.cls_temp
Filesize
101B

MD5
fe7205d78661623d45b71d7a5a4298e8

SHA1
2a8175031df9cd5f59e430fbc58765602973080b

SHA256
ba916035f3e6084cf402cf6f4168960e482fbc75677228f6a9cc6257cdd7c7a4

SHA512
03bff9ec18fe58855a33cb796d790b4fc509562e9427f4925ed04dcd396296b7b42616405507c7f2a36829a0f1fff551e6b3dd66efccdb722fedd1610c20df7d

Download Submit
/data/user/0/com.KhotqnjoTVDW.GrtEMwRd/files/.Fabric/com.crashlytics.sdk.android:crashlytics/63846E2300F1-0001-1138-519A7C25CADBSessionOS.cls_temp
Filesize
15B

MD5
b3d9541cc92a9153d14e5160f8d8c008

SHA1
2e1ac80eb381dd82a03795b682f92020348c0113

SHA256
1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d

SHA512
78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

Download Submit
/data/user/0/com.KhotqnjoTVDW.GrtEMwRd/files/.Fabric/com.crashlytics.sdk.android:crashlytics/initialization_marker
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.KhotqnjoTVDW.GrtEMwRd/shared_prefs/TwitterAdvertisingInfoPreferences.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/data/user/0/com.KhotqnjoTVDW.GrtEMwRd/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
97ccd9a2b2063143df56b6937f961ca4

SHA1
5e78a91ae5df289ce83443cb7d5589dd3504fb5d

SHA256
248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd

SHA512
86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

Download Submit
/data/user/0/com.KhotqnjoTVDW.GrtEMwRd/shared_prefs/com.crashlytics.prefs.xml
Filesize
159B

MD5
8d78d54cfd3d8c401f5caf2a02a5ec1b

SHA1
c22f053d46834e550ccba11037269a33781ec3fe

SHA256
1cc7f18498d239a8da201948f478598dffc7cd78af53f8f9041bf3068826bd8c

SHA512
de99c8d1189d50320b716815a8eb13d5f3e7c66892c443d68561a3fe53fcedcb5e9387ead743bda00d63b12bf419f739c84bcd303a9fdb972dfd020ef225b513

Download Submit
/data/user/0/com.KhotqnjoTVDW.GrtEMwRd/shared_prefs/mat_queue.xml
Filesize
109B

MD5
72c63cb25a6ee9d13efa766650d5d0c6

SHA1
0b66633ba147fb38f11aca5933100ad4432e4fc4

SHA256
e6c8e9e82a4ded75a5b8e0bf4f23c6a7847621b0583d1b5c9e591e48a97d62f4

SHA512
fe74f3d2d5ad2749fea6566c05ad37af8a20de7ee08fdab95f4aad1c76e423e075e559ebb3342c39e8ca4aa75d31e682cc248c8b00f876844fea87035c2880f5

Download Submit
/data/user/0/com.KhotqnjoTVDW.GrtEMwRd/shared_prefs/mat_queue.xml
Filesize
574B

MD5
ea2510763d877c23ffb262c605d8a837

SHA1
cfe2763ff053dd04da321cf8ac507382e70b9b85

SHA256
f512b775cce6a2be146947f7c1b3c4df9885a309d17a396b8d0de7c1790ba73f

SHA512
a315532984ca3cdd29b03659310879cd4f3850ab00a01b62b36f4e01e460253f40055a9a426a6c279177becd559590d80bf09124245377e1fee837b13f5268cc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads