52829d034dbf916e7b60d3b0b0ae636e31560f4e96e9cdaf8fb76155ba0872d3

Analysis

max time kernel
3205239s
max time network
133s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
27-11-2022 18:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

52829d034dbf916e7b60d3b0b0ae636e31560f4e96e9cdaf8fb76155ba0872d3.apk
Size

2.6MB
MD5

9086bbc603b6f68aa97f400c10d2d550
SHA1

4720a3c1c64175b5aff5316dccb906cba3d790fd
SHA256

52829d034dbf916e7b60d3b0b0ae636e31560f4e96e9cdaf8fb76155ba0872d3
SHA512

ddc978bc6b3e679c1a24c0c4aae53b82d22d28a7496ef95a32a8387a5f4f6085041554040c0efd5ceaf960c8f71022bbaf6536b66e86f25ba6157da6c69286b2
SSDEEP

49152:XQvuRIAzsB0S6+EwmPwRsWzlhe3f1UPGRie6+McgcuvBaXWf:AW2A4B0GXmPwRhof1dJ7tgLgE

Score

8^/10

banker ransomware

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
banker

Processes:

com.leo.appmasterh

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications com.leo.appmasterh

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.leo.appmasterh

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/com.leo.appmasterh/app_jc/fx.jar --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/user/0/com.leo.appmasterh/app_jc/oat/x86/fx.odex --compiler-filter=quicken --class-loader-context=&com.leo.appmasterhcom.leo.appmasterh:remote

ioc	pid	process
/data/user/0/com.leo.appmasterh/app_jc/fx.jar	4152	/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/com.leo.appmasterh/app_jc/fx.jar --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/user/0/com.leo.appmasterh/app_jc/oat/x86/fx.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.leo.appmasterh/app_jc/fx.jar	4024	com.leo.appmasterh
/data/user/0/com.leo.appmasterh/app_jc/fx.jar	4321	com.leo.appmasterh:remote

Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.leo.appmasterh

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.leo.appmasterh

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.leo.appmasterh

com.leo.appmasterh
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4024

/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/com.leo.appmasterh/app_jc/fx.jar --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/user/0/com.leo.appmasterh/app_jc/oat/x86/fx.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4152

com.leo.appmasterh:remote
1⤵
- Loads dropped Dex/Jar
PID:4321

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.leo.appmasterh/app_jc/dfx.jar
Filesize
197KB

MD5
7e031a57720fd2ec69343474664ac085

SHA1
cac235f9dcf2a3bd90f537ece920c5824d374dba

SHA256
56b3db412d7e695e7bce38d0ea227662c50f2823a5b08d3afa8876b493fab742

SHA512
7aad637c3775d8d656d71fac0487e13e8a15cc452b5712a9a27fac0ab9215429d76820289a4d7e268eb21d51ee1c3b2ca0eb20086decfe2b746de872d44eced6

Download Submit
/data/user/0/com.leo.appmasterh/app_jc/fx.jar
Filesize
210KB

MD5
886ba719050c818c99c8e5350122d6c8

SHA1
056d010694df9ca1a521dcb104bc1781df0d10d3

SHA256
d65c96b3053ba72eb36510d39618b9c3afd72741b673b5e9ab4027dac360b15d

SHA512
14617fc7cffdff8aadcd73afdb42aaa13e34bbc9c42396d28760befd722821468052caa9c809d50a2035bc9729c8a628b1835db9ae69f03bd78bad4a5ddece6d

Download Submit
/data/user/0/com.leo.appmasterh/app_jc/fx.jar
Filesize
210KB

MD5
886ba719050c818c99c8e5350122d6c8

SHA1
056d010694df9ca1a521dcb104bc1781df0d10d3

SHA256
d65c96b3053ba72eb36510d39618b9c3afd72741b673b5e9ab4027dac360b15d

SHA512
14617fc7cffdff8aadcd73afdb42aaa13e34bbc9c42396d28760befd722821468052caa9c809d50a2035bc9729c8a628b1835db9ae69f03bd78bad4a5ddece6d

Download Submit
/data/user/0/com.leo.appmasterh/app_jc/fx.jar
Filesize
210KB

MD5
886ba719050c818c99c8e5350122d6c8

SHA1
056d010694df9ca1a521dcb104bc1781df0d10d3

SHA256
d65c96b3053ba72eb36510d39618b9c3afd72741b673b5e9ab4027dac360b15d

SHA512
14617fc7cffdff8aadcd73afdb42aaa13e34bbc9c42396d28760befd722821468052caa9c809d50a2035bc9729c8a628b1835db9ae69f03bd78bad4a5ddece6d

Download Submit
/data/user/0/com.leo.appmasterh/app_jc/fx.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.leo.appmasterh/app_jc/fx.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.leo.appmasterh/app_jc/oat/fx.jar.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.leo.appmasterh/app_jc/oat/x86/fx.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.leo.appmasterh/app_jc/oat/x86/fx.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.leo.appmasterh/app_jc/tfx.jar
Filesize
197KB

MD5
f1ca28e54fd38133a422b26070f5a497

SHA1
49516d522e36cd3108300804d42fff23e41ea4b0

SHA256
7d012a1a7235f431599415bd86154597edcc709734f62086702214f7136e9528

SHA512
ba6f6a08e50d819f14257667eb2c5122ac624f653af81b3db05b7d6c04ac6dd28ba7da8c50ed9969f9c3d22dcc0cf80a4dc818efbe6693b00a812de403e361eb

Download Submit
/data/user/0/com.leo.appmasterh/databases/fx_kit_unlock
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.leo.appmasterh/databases/fx_kit_unlock-journal
Filesize
524B

MD5
c6002eb05217bafe71e5350035308679

SHA1
cdb21d6c25d959e81835858b39b9e5e2ecb92653

SHA256
cc5091ab0a8a9b461eb027e041121b26c91f32a27f7ba5cd2c40f1d74e58439c

SHA512
74a062590b8bf6a831793c4194cef447bd11bc1a1b34561bfba55c16d6db4abc4252248afca6ff229fe276ce01198e60c5000735dcb499cedd9ebe13321cc077

Download Submit
/data/user/0/com.leo.appmasterh/databases/fx_kit_unlock-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.leo.appmasterh/databases/fx_kit_unlock-wal
Filesize
32KB

MD5
e6c383127e32b009b4bb11bde211c1ad

SHA1
3243ddca78f2869e437340aeca45df4acb121ea6

SHA256
2c70efd24db0d886295540fb6b0fdcc7486a3f771a8cd9793631953d1ef013ff

SHA512
c828fdd5aa76aa8112805430d07861a707bfa5f6f405bcb871ec87a816b6781f84b98fbce971a4e1ace47756ed75f0548c508a7f9e48aaa460667cb7a8723131

Download Submit
/data/user/0/com.leo.appmasterh/databases/fxlock.db
Filesize
24KB

MD5
15cf786587fc5875b78948098037b5b4

SHA1
e95515387d4ad87521270cce76e13fd6b67a29b2

SHA256
a7b5d17395e03220da5335c96fe162f72ba712c75aa03c1020030cc05af21b16

SHA512
18ad85a0a1c1e514d75bf399e10e5b360d61b4946304093ade5bdda9ca83ee69f558734b886c14f54e86391d02bccd9b84f095cb26d206ca44e26466744dbb69

Download Submit
/data/user/0/com.leo.appmasterh/databases/fxlock.db-journal
Filesize
524B

MD5
11c585592ba4ee9ba9925fd5164d5772

SHA1
df9e661bd6b9f68c50321b16e13747ce8529ea6a

SHA256
5e018fb5bd86b8e7e6b5259f74501116a1e5d60469e3a89c883cfe919641ae4a

SHA512
ddf27fbf4a697594d34c0178a474ad21402b5edb145a3929197fb8b9784f9072cd1183dc03204b32c5880d41fb4d398f06a52423b563aee2d94b24882a7023aa

Download Submit
/data/user/0/com.leo.appmasterh/databases/fxlock.db-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.leo.appmasterh/databases/fxlock.db-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.leo.appmasterh/databases/fxlock.db-wal
Filesize
32KB

MD5
a69958fe7e8e6be9cd1eb10043c51402

SHA1
ade97e3141d061236d1a589ec925c7fc399f5054

SHA256
30fe563b8eae5e31e1136783921dae2e392bbb7fd55272513e953a6410e86b4c

SHA512
8e9e4b7f5dc1d480c3a820bbfc7b70e47417c51816959b984a39b047eae820050125ac2578a7932bb4d24b4eba9df89aa9f9dca276e80020bca491554c709772

Download Submit
/data/user/0/com.leo.appmasterh/databases/fxlock.db-wal
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.leo.appmasterh/databases/unpop.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.leo.appmasterh/databases/unpop.db-journal
Filesize
524B

MD5
959ea42386c5ad5a23c5c51bce7a4c53

SHA1
90c369dbe83bf5b6fe4fd06b306716d99a2da67a

SHA256
5c8769ba700a61eee9b8f53b8fc0676a39f2dc0d629997518aba91402c99df3c

SHA512
864d86d606b1389012bf8e15db693563c4d451ad418d7383317a2e31be91325bb68f41fc014f971c894241de75b7c743574027bc9383842941c8d522a938f91e

Download Submit
/data/user/0/com.leo.appmasterh/databases/unpop.db-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.leo.appmasterh/databases/unpop.db-wal
Filesize
36KB

MD5
125f4b41a73891f6b14c645a43455ada

SHA1
ccb803f951137e89f67b4a486e87d4dbe3fe5e36

SHA256
1ad1d2b3c6ba2945d5e225d8d683e0c1d7cd80964d302367d110b66a42b61d4a

SHA512
323b51679cf6ab0cc4e7d4752a15716f3a7fe6298cb5e02088f75fb7144dc94d6394aa8acefeaf763e230bae7aeafde6dd526b32f44bce333a0cc45af411401e

Download Submit
/data/user/0/com.leo.appmasterh/files/.imprint
Filesize
901B

MD5
f549c6f1394444c46f8b355254d015f0

SHA1
1712cb8c4378426ac2f3ff39973f5e94971f28bc

SHA256
3fb0a484fba1e834b3dc4a636cc93042cfb35e8794a0d5a52bbe00cdfc266d99

SHA512
ed903dad9c183154d513da31b5c0add9da551c454f90fca726837ff08b301edb332f8fa0055485b12e951d963decb0dd18f5ca02597c189580445127fc0f396f

Download Submit
/data/user/0/com.leo.appmasterh/files/armeabi/libmonitor.so
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.leo.appmasterh/files/armeabi/temp_monitor.so
Filesize
13KB

MD5
125c571d8b22ce2873635193bea043b7

SHA1
d3db9bb92fe674234e1eb72fa7be83253e132722

SHA256
fceaad7fff88d6c46c438ad6d39426a58b1f4e6fd49517658269338215bcd437

SHA512
246a433d86122bf18665d49c842231300037452fc816f197e6954a4baba3d9d5befdee887df216b4a0f887fe07e2292f31a4d067fb7b9f576bd04e20bd9a76f0

Download Submit
/data/user/0/com.leo.appmasterh/files/umeng_it.cache
Filesize
310B

MD5
4a81e88d3e3fdca111ff6c87c53aa1d8

SHA1
9a1dfbabf796d41ebce1b66d0c17636f34742e67

SHA256
d03da5f1035e50cae51b5cec6f046d2b3a869b70e504629379d2a8cd5c749916

SHA512
97885a8c0a3f95ea33da6079e3b2971a82019a46558e8cc99d380d202abe8fd849d325f8a5deaaa9f7ecf17ce7f3cfb6bd48e77c542259b48d0218973aa5c575

Download Submit
/data/user/0/com.leo.appmasterh/shared_prefs/SDK.xml
Filesize
113B

MD5
a37accbf9f7b782c96eeafaa570a509c

SHA1
cf2baba410924a3417482ababaa95b3b2e9acad4

SHA256
7ba622879fcb2dff94c4ae965a5146b74f2e47a5d3508f17d85fcb947bf7cec1

SHA512
f671430bf584c5e905355257ce57fd59b928a978bf5489e3480de74307ebbf65416a513f0e005f9c098b78f037649b2a9d130aeb0c856bf10bb49cf3b442f682

Download Submit
/data/user/0/com.leo.appmasterh/shared_prefs/SDK.xml
Filesize
150B

MD5
c79ad883bd4c074900a24b641d1b0342

SHA1
5672860f454ec061db3004395134db06715e2f9a

SHA256
addfc1453415cfe32e1cf6043357c89577c632f3dd2f42ad78d6b7ab360a4134

SHA512
e7ae249941f9a5e534a41f42b7c0907503a72e81ccded12d3cb25bbdada16a7906b95ed0ab313c00797cfd0d22c0ebee85d35c196d06f0b42dff24d99062e7b3

Download Submit
/storage/emulated/0/Android/data/shard/.UUID
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/com.leo.appmasterh
Filesize
2.2MB

MD5
9e9fa037d70ac45264bb7102317ff127

SHA1
0273ff523229c2eebe40d59a1adfe3a23db19549

SHA256
efca74331259ccefc06b1d4b46c1a8691c500a0488d317a609d2b9777940960a

SHA512
4be42784286f8133ab02c9377fd8243f83dd6f1bf2af3d659defe1796437b915f082e14858cc863afdc1a1219b4c3fa057e4b6d8a89d705b5c0dd7a0adf2f28c

Download Submit