290a1c0530ff5d0a0ac8354e6964e04c7e1b9040af785fa8435b27a22296b812

Analysis

max time kernel
3223198s
max time network
137s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
28-11-2022 22:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8ca778c5852ae05344ac60b01ad7f43bb21bd8aa709ea1bb03d23bde3146885.apk
Size

6.2MB
MD5

d70fb29424a2b16302b2edcecf05d19d
SHA1

fa045c61c4e126b3d2fdd0cb89341f3e7a6a32eb
SHA256

a8ca778c5852ae05344ac60b01ad7f43bb21bd8aa709ea1bb03d23bde3146885
SHA512

0d75cb332baf3cd213bb1f92bd39a94fcc609d1b9d3f6f4e01d3a8d5c936d2590d49dd3f2957bbc78e22fc0d54319dddac7151504867cff52443a5c9ee9adbd1
SSDEEP

98304:gy8E0X6FbzoQzTdwvgRw33BCb0KB/ynnfnDcYWIS9zfrtmYqhOwcIw8t:ghz6NoQHhRwTKB/ynnfnDcgrOwcIvt

Score

8^/10

banker ransomware

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
banker

Processes:

org.thoughtcrime.signal

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications org.thoughtcrime.signal
Acquires the wake lock. 1 IoCs

Processes:

org.thoughtcrime.signal

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock org.thoughtcrime.signal
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

org.thoughtcrime.signal

description ioc process

Framework API call javax.crypto.Cipher.doFinal org.thoughtcrime.signal

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	org.thoughtcrime.signal

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	org.thoughtcrime.signal

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	org.thoughtcrime.signal

org.thoughtcrime.signal
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Acquires the wake lock.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4078

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/org.thoughtcrime.signal/databases/com.google.android.datatransport.events
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/org.thoughtcrime.signal/databases/com.google.android.datatransport.events-journal
Filesize
524B

MD5
8a9ce56c7c4a1cff2d98ecceee4f3570

SHA1
5572d123ef493e342a7949d5db101cb1f578a495

SHA256
f7b585f7f65850e94e73ef53daf76ce9402b5bfb197e2ef4d2593b353920d006

SHA512
cb381a284452e9760ba96c03616f445a4e78134ec555797f41c69c846cd3317b573ad2db41800649b20ab22fe1d75706812cacc9f519351d78c119b5d6a4fd88

Download Submit
/data/user/0/org.thoughtcrime.signal/databases/com.google.android.datatransport.events-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/org.thoughtcrime.signal/databases/com.google.android.datatransport.events-wal
Filesize
52KB

MD5
547a37520d7c5ea5377ef9bfe61762b4

SHA1
232f0244a6eed920cab6f3d9ef3a1b0b0c1ffbb2

SHA256
137d870f646e18c8b2b7e0b5236dad85015461f9ea5349fba589906f329e49e2

SHA512
cd30e604e7d3a9bf783cec945fb0dc1b3fad8931c770b2be91e7128ce442e6ef48039c168f5cf2984f4f1935ccc57ad39073504f8819253992bc0bb9eefa48f5

Download Submit
/data/user/0/org.thoughtcrime.signal/files/PersistedInstallation1930229702523774767tmp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/org.thoughtcrime.signal/files/PersistedInstallation7007705399217698274tmp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/org.thoughtcrime.signal/files/generatefid.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/org.thoughtcrime.signal/no_backup/com.google.android.gms.appid-no-backup
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/DataLink/1c0n1ct_1669670488231.cn
Filesize
3B

MD5
8a80554c91d9fca8acb82f023de02f11

SHA1
5f36b2ea290645ee34d943220a14b54ee5ea5be5

SHA256
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

SHA512
ca4b6defb8adcc010050bc8b1bb8f8092c4928b8a0fba32146abcfb256e4d91672f88ca2cdf6210e754e5b8ac5e23fb023806ccd749ac8b701f79a691f03c87a

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/DataLink/1c0n1ct_1669670488231.zip
Filesize
221B

MD5
081bd3d39d52d7780803a4a1174357b5

SHA1
7dfb790c2b33af577b3c4b2b0ac5e6512d0cce03

SHA256
94c568475fd16cd2231924a1808a3734a1e50d77d96c41c2b837890e12b8e20a

SHA512
80d162158968de22b4ca4763de40b9331ea949c6a83bbd026299f2f302056505ccb7e390c992d1b5ced8b9bfd69bf850426b633b77a097ee7cdf0fcfac43454e

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/DataLink/apps.ap
Filesize
1KB

MD5
40bc390c3c789160f043bcb443c41395

SHA1
aef4bc3b0d40035138d9859c006e5454e842b0b9

SHA256
68c9b2d9a133cf503401b7f902a3e42a92c91e8c442cd8893003062b6c94683f

SHA512
1d1200815977a505897bd7995a8a7e5e30999c3463f5e55c0a14bab1491b824bffe215b53ddc5e9ecc85522f878d642bbc322aa53588bccc514d7530ab2c8800

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/DataLink/s8s54_1669670478233.sm
Filesize
11B

MD5
0c554d4e30c294140ede96a4d06775b6

SHA1
c22fe7585096e9478b6b64c20bd33e22df5d96d8

SHA256
fefaa3e60e610770898396979fc7e59e2f32515db738a2aa6fc5053d571e49ca

SHA512
6759ae4635432a45dc37262aeea6a4457cf4a34bcb5805db2d42563d052e30ce97438b695a671d8ab7931bed82f93908cdba608ad086e24e7667c1640182e3b5

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/DataLink/s8s54_1669670478233.zip
Filesize
225B

MD5
dde39c113c47c1fdabbd190e20d77f45

SHA1
67379ca0e58e05610f365ffaf6a4a48774e48c46

SHA256
52e4100f00a7b044207409d84f5f1a68abd80593810ebeffcc98c29e3d436150

SHA512
a6eba9384f68a6340a3fde299468ad8b96fc210b0ee4a10c27dc658d4ede1da34a6bb490ddb079981fc18d1a9c582228e86bd0ecc47fd4bf26bf7346d42ebeec

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/Presentation/conf.st
Filesize
45B

MD5
0715c425e68269fb474bbf4ef92c9494

SHA1
761945ce56c4cedfd07e2d78f5d795fde493ea37

SHA256
c7ac06c02abc6acebb0a21b907ea1773680df2277a0fc3e44336039525f06114

SHA512
cb1b8b8df700c23fc6c0b1102d54ef3ad7e1ab2f07903c82e87bb68672662cb569c7a777ce09c75892b4d04ffcc5a09537bc2da59cf46b7d306951c7beac2f34

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/Presentation/encSocketID.enc
Filesize
176B

MD5
c5bc9dff2445791c1ac22fca9ec90eae

SHA1
da1a2e45038a9748b7ee8914fc73ed25c10d6e2a

SHA256
c89cb4b65713e69b1dea1f75e24b47723fe6d1b7d9951fb571ebcf537877b8d3

SHA512
7d78068d23a8b6e1d088ef2e1c004992848a8b00817db27f0bae10fadf997c52f9d1bd22fe706e07ed7921f957433c37ffbc2b490abb7354e46ecf8b094db810

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/Presentation/everyone.evl
Filesize
2KB

MD5
9a76fddf40aa03c1c2ff812355d30d0f

SHA1
463735c8a5ad32be53b37056a326becbc6f78d05

SHA256
24c35b48a02c5e9482c631787bd6930eba7154250d7fcc0dca1ae0963f9cdf23

SHA512
d52315852aa1772623888cfa3716cc76124f18fa63c24997cfdd97652893321254c9a542c40cd3e580b2a00d541a6dfc3d5ff00fdcccf56235b3e4d8b97552c9

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/Presentation/fls.tr
Filesize
397B

MD5
a0b6cfdc195ce33163239adc67f6fab1

SHA1
58440f5e0a8c31451c98883e527bebb57ea0f55f

SHA256
67831204d6496af968e51ecfbaeb61ff382d1c06749d775ccca39ff81288fa10

SHA512
fd2ea74aa3af2116fc7f18e39c2a27d8fd4de4ca38c3fa4757b5fec17ef4d682ec0276e5fa921c70e44be99b386ba7eea571191cf3eddd540171a3f9d5985baf

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/Presentation/socketID.st
Filesize
33B

MD5
9ce49a17170ef8407be5499c94dd8b56

SHA1
f96358503d8002adbe4eea6268ad31f53a104959

SHA256
2d6156c08933863468ddfa51dab0764404eab5762b3559fa7e16b7ce260a082c

SHA512
caba94eec324ee5ec1dd57b2acc008f5a8d6b74812abd7b3dc944765ad795b70889bf10f3c09066bad03ea67603906297bea61b5d6bdd614a1400a15caa1c326

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/Presentation/system_log.txt
Filesize
175B

MD5
93c0e51de971b59b0d7021011f40aac5

SHA1
f45303b8b3f4495bbdb4d0984902bca54e410102

SHA256
8c5585184684be7a6d54cb5cadbe2552c6f5917d2ad8f6373715415daa7deafc

SHA512
840d58caaa236af7050ff6e01b8af7b550b2007982f66a668a4d3ae465c0593352baa91552a924706cdb58d9ae7f9043db13dc9d5c01be0a19e77063765a4745

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads