5295a41d9e1e1ab47fb48ee949813f61fd71bf38a33d8b14e2da3ff4167e1270

Analysis

max time kernel
3177969s
max time network
138s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
27-11-2022 12:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5295a41d9e1e1ab47fb48ee949813f61fd71bf38a33d8b14e2da3ff4167e1270.apk
Size

6.4MB
MD5

280ea4fa6ac91541d76c8c79ae6311dc
SHA1

ac879e473aebb5e1401b64caef948715a3fb195d
SHA256

5295a41d9e1e1ab47fb48ee949813f61fd71bf38a33d8b14e2da3ff4167e1270
SHA512

a59c82f3dc28839de4404772116457695afdb39b8e11440a874591788e39c087f8f5c2d02975480cb3ccf6891c1fe01a292fc39f9b11bb330119c3f9f8e6a688
SSDEEP

196608:MH1Rj74eHqeAmiU9rt1gRx0zSBIZk/51RmsVK80lrDJ6KP:Y1R34UzhiUxgE2BZ/575880lZ6KP

Score

7^/10

ransomware

Malware Config

Signatures

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.crazyCute/files/.23502727/d.jar --output-vdex-fd=53 --oat-fd=54 --oat-location=/data/user/0/com.crazyCute/files/.23502727/oat/x86/d.odex --compiler-filter=quicken --class-loader-context=&com.crazyCute/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.crazyCute/files/.23502727/apps/43.jar --output-vdex-fd=55 --oat-fd=56 --oat-location=/data/user/0/com.crazyCute/files/.23502727/apps/oat/x86/43.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/user/0/com.crazyCute/files/.23502727/d.jar	4203	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.crazyCute/files/.23502727/d.jar --output-vdex-fd=53 --oat-fd=54 --oat-location=/data/user/0/com.crazyCute/files/.23502727/oat/x86/d.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.crazyCute/files/.23502727/d.jar	4026	com.crazyCute
/data/user/0/com.crazyCute/files/.23502727/apps/43.jar	4251	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.crazyCute/files/.23502727/apps/43.jar --output-vdex-fd=55 --oat-fd=56 --oat-location=/data/user/0/com.crazyCute/files/.23502727/apps/oat/x86/43.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.crazyCute/files/.23502727/apps/43.jar	4026	com.crazyCute

Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.crazyCute

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.crazyCute

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.crazyCute

com.crazyCute
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4026

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.crazyCute/files/.23502727/d.jar --output-vdex-fd=53 --oat-fd=54 --oat-location=/data/user/0/com.crazyCute/files/.23502727/oat/x86/d.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4203

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.crazyCute/files/.23502727/apps/43.jar --output-vdex-fd=55 --oat-fd=56 --oat-location=/data/user/0/com.crazyCute/files/.23502727/apps/oat/x86/43.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4251

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.crazyCute/databases/g.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.crazyCute/databases/g.db-journal
Filesize
524B

MD5
f675e6ab73fea28d2c6ded0f7be7d58b

SHA1
7ce5c2951b56cec36edd2a0e7b88cf0ea41a062a

SHA256
199ea901cb165d510ac07639863e48d5a6401c0bf5430b50fd4eef5287d8bae6

SHA512
8030fddc0a38d840e1ce449da4fb219dff0dced663068649ce350da6f88052d45f3cd9fc023dfc533708aa71245b98f4e91c909018c9ce252780d2b0da298c74

Download Submit
/data/user/0/com.crazyCute/databases/g.db-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.crazyCute/databases/g.db-wal
Filesize
48KB

MD5
f11d41ef754919dceb8d0b61c722416a

SHA1
d122b9e4390a5ad7a913ea67b6b6c08231a1fd6a

SHA256
8aafc5f90dcba0bdad7581999f17a56fb03fd3b7d90b8387e76dccf82fd76591

SHA512
c2573c4ff6a33c97623acc31856e9a2ceb9653638fdedfe58372f55c9a255eaffd2f173bd666e246d0466d2ccddef991cfc5de7ecda0c4086c0d14d389822a0a

Download Submit
/data/user/0/com.crazyCute/files/.23502727/apps/43.jar
Filesize
38KB

MD5
c51cea3349e367a6514fa19f76fc4080

SHA1
26fd5458eb58f166318f7a31c15267040d65c2e7

SHA256
bda1145530abf7fd001349999e50aa884929cbae66f00e0217296da8c9124b95

SHA512
a644595ffc9f19388a7f2b275f016f5248b9ef707de5e306a4c8bcac57f4b0eb881ca39dc4e138964cb45794b76702c86affed737edace6d1b68d4429f0934de

Download Submit
/data/user/0/com.crazyCute/files/.23502727/apps/43.jar
Filesize
83KB

MD5
baec58a1b19e24435702c0ebd3b43dfa

SHA1
5b7f1644158c6ea18a061d1b94c95672ce47b412

SHA256
97df7fc1caafc604300903b1b6f8345a48f003016e7e4cedf55deabeabde0cfe

SHA512
af54ee6dae617d821f48be2025aa212b56472ddd0731d833b976b267d1bf1ec4fb522811153147bba7a4ce87437e2d0741e05c875d36cf2ee4255f66d414d42d

Download Submit
/data/user/0/com.crazyCute/files/.23502727/apps/43.jar
Filesize
83KB

MD5
bd84765f7315c654257b5ddbc23046e5

SHA1
ea99c2534d7931af5a106a97fa64ee8576c2d4c9

SHA256
62097155860a6546d52c242b36db6374a05b9115c43c7ce34dfeef956d3b2e7e

SHA512
d39a53a9b007a2f781b87966e06cf70b2d76b5acea1d4d297185df988542c51b1df41916c0449dd820360a89093baba03464b0c1e57dd9e3bb2be642fd1c5972

Download Submit
/data/user/0/com.crazyCute/files/.23502727/apps/43.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.crazyCute/files/.23502727/apps/oat/43.jar.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.crazyCute/files/.23502727/apps/oat/x86/43.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.crazyCute/files/.23502727/apps/oat/x86/43.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.crazyCute/files/.23502727/d.jar
Filesize
28KB

MD5
586ff85cb09b9f47be123b4f236ed7ac

SHA1
fc1c87d160402630aadc99f37ddbe271cfae3cd6

SHA256
a36fb5a874fab8493f9032f3d9c3beb20ec62562079b81f03f371fd6551f6529

SHA512
10bdc3891e677c3d47720061af49bee0004accda70709ee0dc549c95a64e98441e54730873b209f734dd0ece9f123664a5f9506fe662c2f7814833701ca7cd2d

Download Submit
/data/user/0/com.crazyCute/files/.23502727/d.jar
Filesize
60KB

MD5
11ec7183c1dcae910cf24ec2a37bec1e

SHA1
e13596630f71e217442b4b033e465a88fe14caa0

SHA256
69847d6f1fa94f3909778d13fa0a6ce750510114d70ba13e7ffad941611d2eb8

SHA512
cfee9ffb6f31f7fff5238e6c4293d8eac2441593b2c9981660de96c41b2e285a2f15c2f635abc6eed6fa533b94315c54e025a318539b718d74ec58f0f942c1a0

Download Submit
/data/user/0/com.crazyCute/files/.23502727/d.jar
Filesize
60KB

MD5
ce9c746f000fb6fd20e06341435dc46d

SHA1
4a7bc04b995f4582155003996ef45e65bcff79dd

SHA256
cfb4687198bc72b2ceb8800cfc1e950e4a1807b6d696e8f3f070e000a1ef278e

SHA512
4a78b76411cbd55826919c3ad30779166ea214afdeae33e8a82d3a10092dd29b7129f4d316d842fdf60fa6d018b83b9f454f9f3f0a26363faa4f1b45929f353b

Download Submit
/data/user/0/com.crazyCute/files/.23502727/d.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.crazyCute/files/.23502727/oat/d.jar.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.crazyCute/files/.23502727/oat/x86/d.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.crazyCute/files/.23502727/oat/x86/d.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.crazyCute/files/so
Filesize
77B

MD5
1a231dad7a65072fb320700ccb6d0148

SHA1
26507b9352fce08f47c6350d3b63103ed36f7cf9

SHA256
dbedef9d4b71f1b8b43a5126cb2bda8944366b917946f731700d0d16534bed8c

SHA512
7cce37318acea457291b28af456cf256c95ae14a58ad69ae5f0ac8f44dae2b83ec2b5bdf17e1d3ce8c5fad00adb143598d5e1f60f11ed47bc22cb23bdce43b6f

Download Submit