290a1c0530ff5d0a0ac8354e6964e04c7e1b9040af785fa8435b27a22296b812

Analysis

max time kernel
3226780s
max time network
138s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
28-11-2022 22:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8ca778c5852ae05344ac60b01ad7f43bb21bd8aa709ea1bb03d23bde3146885.apk
Size

6.2MB
MD5

d70fb29424a2b16302b2edcecf05d19d
SHA1

fa045c61c4e126b3d2fdd0cb89341f3e7a6a32eb
SHA256

a8ca778c5852ae05344ac60b01ad7f43bb21bd8aa709ea1bb03d23bde3146885
SHA512

0d75cb332baf3cd213bb1f92bd39a94fcc609d1b9d3f6f4e01d3a8d5c936d2590d49dd3f2957bbc78e22fc0d54319dddac7151504867cff52443a5c9ee9adbd1
SSDEEP

98304:gy8E0X6FbzoQzTdwvgRw33BCb0KB/ynnfnDcYWIS9zfrtmYqhOwcIw8t:ghz6NoQHhRwTKB/ynnfnDcgrOwcIvt

Score

8^/10

banker ransomware

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
banker

Processes:

org.thoughtcrime.signal

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications org.thoughtcrime.signal
Acquires the wake lock. 1 IoCs

Processes:

org.thoughtcrime.signal

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock org.thoughtcrime.signal
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

org.thoughtcrime.signal

description ioc process

Framework API call javax.crypto.Cipher.doFinal org.thoughtcrime.signal

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	org.thoughtcrime.signal

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	org.thoughtcrime.signal

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	org.thoughtcrime.signal

org.thoughtcrime.signal
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Acquires the wake lock.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4685

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/org.thoughtcrime.signal/databases/com.google.android.datatransport.events
Filesize
112KB

MD5
42234a0297173062f6ed764ca6c0208c

SHA1
d8105d91e5557e0392dc749fbac6974d2daed956

SHA256
7265e8650b06d78c24ca70a41564680abfe6e529ce6ff5f5aa7504caf9113dc6

SHA512
001960aca53baf55b045b0b1d1f8609d1d614bb145306da3d8eca698d33d3a6d5b66a81cedb8a581b7e0a9fa97349b0ce0b19113564ecfcc41ba95201b871f53

Download Submit
/data/user/0/org.thoughtcrime.signal/databases/com.google.android.datatransport.events-journal
Filesize
1KB

MD5
714d25f6ccbca474d42c030abf64e4f0

SHA1
221d20fb51142a28b9375373f0c527e69bc91b9f

SHA256
1bef479fea48453e5b9186563815b73c9b2d468d80b20e8dbd5cb622cbebed6a

SHA512
51ed4debd1f0ab821a97191ea235cd2d535fe2fd163c1b15960dd8e0e5dc931930c1b6e28d69229ada3dd999f555ed16fcb08cbf316445f0e30f100f62afca2b

Download Submit
/data/user/0/org.thoughtcrime.signal/files/PersistedInstallation3836606342798836991tmp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/org.thoughtcrime.signal/files/PersistedInstallation8582383839062305950tmp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/org.thoughtcrime.signal/files/generatefid.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/org.thoughtcrime.signal/no_backup/com.google.android.gms.appid-no-backup
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/DataLink/1c0n1ct_1669674090236.cn
Filesize
3B

MD5
8a80554c91d9fca8acb82f023de02f11

SHA1
5f36b2ea290645ee34d943220a14b54ee5ea5be5

SHA256
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

SHA512
ca4b6defb8adcc010050bc8b1bb8f8092c4928b8a0fba32146abcfb256e4d91672f88ca2cdf6210e754e5b8ac5e23fb023806ccd749ac8b701f79a691f03c87a

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/DataLink/1c0n1ct_1669674090236.zip
Filesize
221B

MD5
6fefb8078ca13c86082c5fdc720e8471

SHA1
f508e5567fd672e55643617b2b0eb741e2025276

SHA256
33c5a80c1a2bc822326e8897e4acfb323c462e6ea5fc37e6d129f37437e83c84

SHA512
260c101ff7bf64abcca975e7148f988f5722f39056cd3c5133de88eb72b57aaa0a0afcc601ed9a5167f59eaffacf8307108e528a991d3d2c5d5c120cbcc39188

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/DataLink/apps.ap
Filesize
1KB

MD5
b65d4cdcadc0818da4f968d0f4f32625

SHA1
d5b9355c9fe70322e9a0dada07373ecc48071dbf

SHA256
bd46dc535667447b49cc2e4a624c9464758cd80327bdd9b9a5c20934c5b7fbad

SHA512
bd43f11960dc44ce8f57a13a8d5a058c9b0343a6d56c5ab1c398472b0ed435b31580460d617ad5191b9f865b2193a57823b1dba273be62033ee7d32ae9f7d2c9

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/DataLink/s8s54_1669674080296.sm
Filesize
11B

MD5
0c554d4e30c294140ede96a4d06775b6

SHA1
c22fe7585096e9478b6b64c20bd33e22df5d96d8

SHA256
fefaa3e60e610770898396979fc7e59e2f32515db738a2aa6fc5053d571e49ca

SHA512
6759ae4635432a45dc37262aeea6a4457cf4a34bcb5805db2d42563d052e30ce97438b695a671d8ab7931bed82f93908cdba608ad086e24e7667c1640182e3b5

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/DataLink/s8s54_1669674080296.zip
Filesize
225B

MD5
373e0db38b06894a701fc5a3a6bae304

SHA1
890d32b8e4c68b4a8238dd0580c72996d7130863

SHA256
49632edd2ba97337b0fc2520e0168691ec5f880f8787653959267be0329f9c23

SHA512
a9ca72878607497daf879ae2c012ca57e3eef6e61dcacb6b31b63ba6ba857b9376928cb62a88e717fadbf807d1b9746f429b2191251185d5044bbc09786057a5

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/Presentation/conf.st
Filesize
45B

MD5
0715c425e68269fb474bbf4ef92c9494

SHA1
761945ce56c4cedfd07e2d78f5d795fde493ea37

SHA256
c7ac06c02abc6acebb0a21b907ea1773680df2277a0fc3e44336039525f06114

SHA512
cb1b8b8df700c23fc6c0b1102d54ef3ad7e1ab2f07903c82e87bb68672662cb569c7a777ce09c75892b4d04ffcc5a09537bc2da59cf46b7d306951c7beac2f34

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/Presentation/encSocketID.enc
Filesize
176B

MD5
b19cf3aadacef5d6b4c590c2df42de99

SHA1
582328ad9ff6f940a0c4ba1d6935c5ee386f1c0c

SHA256
bf035cca733654e4f57cbfc248db3f4ec721a0b757daacdf892e2338c641a3ac

SHA512
881c8ff21ad18cd7196a65c1b7b22d3c390af5d56fea61c38b7eb2b89b92f9b6849fb2e97576b1a47d0b902e9eb71c6821a525ee47c8c30f16cc0b5cb44cf18f

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/Presentation/fls.tr
Filesize
388B

MD5
d1e916c8febfcf3258d23e5010749f14

SHA1
921f859bd3af2e6b5ee62f9643ca727f82d059cb

SHA256
cc3c10c3ea2791133e76dc51e1481c83a18c3f6321efcc1f2de5cdedd02b7570

SHA512
67db88324121c240cde3ffb2d1614a9e959b1e4cafe39f895ebdca7d1eb9e949384d3847a92214f301b574711a771790348e4977c5b2fb2f3897a74bd55a2c8a

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/Presentation/randomUUID.uid
Filesize
60B

MD5
6c49d545e654799f752758a62c6c8d0d

SHA1
b164dcfd0b317ff8e4f967497195e4288a2435ca

SHA256
4e93ae5993f1e87514c2f1b311dd69d54853f9cb43e4762626d5121fe2a1af4d

SHA512
b8f9ccd9705d5eb6033a3ab4d69dbfbb67f77088c64448019b3cf31ef372146f2cdacbb84f060224a6492a6845c72407ae20864ea77e919f30b737a39f1abc6d

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/Presentation/socketID.st
Filesize
33B

MD5
83add36322b3c1aecf19dbbe48d38cd8

SHA1
408f4c0cd799524a06cbb57cf5ed7ffe87f0620a

SHA256
4b31d9d95e2d468087893c623657a99b394ae117d610a34c75a112c6bd10a029

SHA512
83b1f59e0af4444c6e1cc8929f585c6506a4d03a15b1aec1f8f342bba9fd93d8f6dcdf3dca3706380f0acd83139fd1d19ea73b3238279f2875bab8737f0a8742

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/Presentation/system_log.txt
Filesize
175B

MD5
36529ef317f7df3e84299611edaa6335

SHA1
2af9f6f8d1bf80a39ea36097fd3c43fea1bdac1a

SHA256
1e6d9b08ec5345b418239a646bda3caeda7b063bdacf7c04a4766c0b91f748e6

SHA512
6917c13b4dc37e3a09ce5f75067c0bd92bb158f3b0bd8ecc4a02bb3b5d093464e022fcd0700e49cca80cc71d6a98f5b5cf0298280cb87c14d2a03585d960f899

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads