290a1c0530ff5d0a0ac8354e6964e04c7e1b9040af785fa8435b27a22296b812 | Triage

Sharing

General

Target

8480701920.zip
Size

18.1MB
Sample

221128-139hysha44
MD5

057e5fa8d05a2106572cfab80687b0b5
SHA1

853d6ac9cdd629b38e0312a008dafceb1f674a49
SHA256

290a1c0530ff5d0a0ac8354e6964e04c7e1b9040af785fa8435b27a22296b812
SHA512

10f1a1d5a38904b823d7084bed5a9fb6df9c633d7bf3321845266eafde9a0384c73a79f63412a0db7c890fa14558db043994f8e283045f0f14074d7daa6ef064
SSDEEP

393216:GSWkz9tN05HFofNNpKS5MgWMRR7C5Cn/91qV7AHXmZr6P:FWk9NTpXb5m5Cn7qDr6P

Score

8^/10

android banker ransomware

Malware Config

Targets

- Target
  
  135ae0ef1cf748aac3db3eef64054dd02d903814d37b19daa736265789a18a55
- Size
  
  2.1MB
- MD5
  
  0d712eb55f63a14e5d53630066362684
- SHA1
  
  7c8142a17ad55a4f015fd0c0905679d46067d220
- SHA256
  
  135ae0ef1cf748aac3db3eef64054dd02d903814d37b19daa736265789a18a55
- SHA512
  
  c342ef2631d777b077f3e61e85ec58dc986a7a63d627a981c3631dcbb37b99d80871e47cd79d34de712070fc5e30e60ec0c546ccc8749ac7f9fd9fa0be463f0a
- SSDEEP
  
  24576:KQ+THLzt7PIHUJoWyepewbotaLB+iDN0sdVwhQs2mhAvOPVFe/ionC3:9GrRPIy8epeDMLBpJRmEOz
Score

1^/10
behavioral1 behavioral2 behavioral3
- Target
  
  682b58cad9e815196b7d7ccf04ab7383a9bbf1f74e65679e6c708f2219b8692b
- Size
  
  5.9MB
- MD5
  
  599ca5ade29ca5a197d672c4c8030403
- SHA1
  
  b65579c62481b07f955638d884d3a59b9582e705
- SHA256
  
  682b58cad9e815196b7d7ccf04ab7383a9bbf1f74e65679e6c708f2219b8692b
- SHA512
  
  2331da7504ff00686b8afbfb2ba9c8b226566b0ab2b2d26d8f5370b9f94af301469818f926c8e27f72de0ed5f91371fc4f0024d7c5c1723675b2b0ecd65d7448
- SSDEEP
  
  98304:MLv0HRFwlCAuCnTCK7/WkOC1CvgRw33cDbe24ynnfnDc4WQAEzfrp2vwCNwG7:o0HzwLPnTCK7OkpzRwR24ynnfnDcIsNL
Score

8^/10

banker ransomware
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Acquires the wake lock.
- Requests enabling of the accessibility settings.
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral4 behavioral5
- Target
  
  a8ca778c5852ae05344ac60b01ad7f43bb21bd8aa709ea1bb03d23bde3146885
- Size
  
  6.2MB
- MD5
  
  d70fb29424a2b16302b2edcecf05d19d
- SHA1
  
  fa045c61c4e126b3d2fdd0cb89341f3e7a6a32eb
- SHA256
  
  a8ca778c5852ae05344ac60b01ad7f43bb21bd8aa709ea1bb03d23bde3146885
- SHA512
  
  0d75cb332baf3cd213bb1f92bd39a94fcc609d1b9d3f6f4e01d3a8d5c936d2590d49dd3f2957bbc78e22fc0d54319dddac7151504867cff52443a5c9ee9adbd1
- SSDEEP
  
  98304:gy8E0X6FbzoQzTdwvgRw33BCb0KB/ynnfnDcYWIS9zfrtmYqhOwcIw8t:ghz6NoQHhRwTKB/ynnfnDcgrOwcIvt
Score

8^/10

banker ransomware
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Acquires the wake lock.
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral6 behavioral7
- Target
  
  dc0f434d18886fedc234aca0b61904f6dd5b628e18682f3b7934f54276ee92e4
- Size
  
  3.0MB
- MD5
  
  b84f1059dfcaff420387f4760bf2f758
- SHA1
  
  9e17305a666ab77bb2eae1a40612a95a92ea91df
- SHA256
  
  dc0f434d18886fedc234aca0b61904f6dd5b628e18682f3b7934f54276ee92e4
- SHA512
  
  e93f3f03e25687d434b1b0f6ae7774f79cea0911dbca04b9d357b031a9f5a9fe9eabf8471b3dc38c3742e4d0d0f3046559bca5e68f329c1ed2b85a67917e7e53
- SSDEEP
  
  49152:pIrv1WBpvT37R2YfPS4tT4wiNh/5OkFkEmCtqXdx2xSwPVhxX4c9KLcFIw8c28dF:p2vip8MyWeje86DJa
Score

1^/10
behavioral10 behavioral8 behavioral9
- Target
  
  e0e2a101ede6ccc266d2f7b7068b813d65afa4a3f65cb0c19eb73716f67983f7
- Size
  
  2.1MB
- MD5
  
  177478f9552b62a3eeb9ab55f7f07027
- SHA1
  
  62c68bace4aad457b1064180aa858230dcdf3129
- SHA256
  
  e0e2a101ede6ccc266d2f7b7068b813d65afa4a3f65cb0c19eb73716f67983f7
- SHA512
  
  71cc23c5b766b2d75a39384f65961b7a09938a4bf40d14de621dbab27447f40eb3c8d63c5132d15a6f457648ad8d07fc39ce1810c78ee79157ce834ff1d20d5c
- SSDEEP
  
  24576:fsgVcmF5Glvv0cx1GWJepe3ZKHORZtaLBxN/WTnxltJ7ualJaiigWmoIOoty3H+p:UcHK0c3pepegORZMLBf/c8Ki3+GO
Score

1^/10
behavioral11 behavioral12 behavioral13
- Target
  
  fb9306f6a0cacce21afd67d0887d7254172f61c7390fc06612c2ca9b55d28f80
- Size
  
  2.1MB
- MD5
  
  d0bbdeba7975220505223f66575cb510
- SHA1
  
  02706a787070d7662f29c4cd3431ee85ea29f54b
- SHA256
  
  fb9306f6a0cacce21afd67d0887d7254172f61c7390fc06612c2ca9b55d28f80
- SHA512
  
  2ab725fcf351f76b867cd07a59b5d74dd766ecf18dc7c5864bc12c00a4c6acaa7f35bc445a39a4efa65da58200b68ffe76fa961c8b03273f5a3cf5b7b59de77c
- SSDEEP
  
  24576:A8HDb57x0HbKWUepeWm35LtaLBKC9WGbNZdOoU8ln5ajp+cVRcl19CGD:xP59ibYepeNMLB7Pw2
Score

1^/10
behavioral14 behavioral15 behavioral16
- Target
  
  fc791db30fd5ddc58b9fcb2b2a41ed7d5c5d83b70e5527ec6020b1c590dcd86f
- Size
  
  5.9MB
- MD5
  
  0925a78ee5c520273dcd89c5e88b60ef
- SHA1
  
  c6ccefd5494c99ea85dc802669464fdbf31211b2
- SHA256
  
  fc791db30fd5ddc58b9fcb2b2a41ed7d5c5d83b70e5527ec6020b1c590dcd86f
- SHA512
  
  b20ea20884eec21a74e7c77d731d99bdcadd41183545b846d50669ef247e46841db2c96983681c12543ef213c5027c60bf77f620559ddf9a51234d1e724b1803
- SSDEEP
  
  98304:Qfy7lOKQmKxZgXybxYJeDeZBqwvgRw33Zabrbs5AD8eWAX2zfrqkPKClwsT:HlDKxZgMxYJKeZARwQecXIlwsT
Score

8^/10

banker ransomware
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Acquires the wake lock.
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral17 behavioral18

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

bankerransomware

behavioral5

bankerransomware

behavioral6

bankerransomware

behavioral7

bankerransomware

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

bankerransomware

behavioral18

bankerransomware