e1d12953bb1adc4ad04ded99f833935f60785f510cf87587cdc860866d8da593

Resubmissions

12-12-2022 10:57

221212-m18xradh5t 10

Analysis

max time kernel
100489s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
12-12-2022 10:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Paint Art.apk
Size

3.5MB
MD5

16a4cbdb16994f328003f63a8b16a1ab
SHA1

87b027fa2a3bf188d5945720bc16dc1f9469cf77
SHA256

e1d12953bb1adc4ad04ded99f833935f60785f510cf87587cdc860866d8da593
SHA512

09eaf20e4b27f012a2458fcd875db02eff6d500b9ef2d9c1a0b073591cef6d86f4a5e648e0dedc29c64b11d6a846cf27806972c0438f5eeba44e52c9b19b010f
SSDEEP

98304:QrSSze0+HVciXp0wxsPgdsuGnRCCO+8Lz31JuhVEraCZRgqk:USSi0wciXp0w2JxRe+8H31QjO1k

Score

7^/10

ransomware

Malware Config

Signatures

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.nuklis.artpainting/cache/1633031840514.jar	4434	com.nuklis.artpainting

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.nuklis.artpainting

com.nuklis.artpainting
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4434

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.nuklis.artpainting/app_webview/Default/Cookies

Filesize
64KB

MD5
dfb2098ca7b3bf16d6f5f1e7d3839af5

SHA1
ebb7a8bc886062d77a4092bd306b77a0ce7a3e9d

SHA256
e4119d32577d7fc63b267cc23eb7a9bbfb12d238f23e08918c38838fe0181224

SHA512
fccec45399258eb98220b7f01b492a72b8b3d1254dec6e196e344d89a0376c6ee24534a31a6675c866d4a17256d3ac6823657eaf04e1d386757d0cbfc6597e50

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/Default/Cookies-journal

Filesize
1KB

MD5
fdc0403b8a7cf5507e5c4a1729bc7efe

SHA1
d9c74d1ee7e7a385bdfbd2590363065bbb0201d3

SHA256
af187ebde5ca98d41f4417fbdb332ddb0bb5ccfc5fd499723c7405c36552930f

SHA512
296c05eb26e5ac333618b7ac826a97d73e0ea2351d1168307283f62a504a3875245e5914e3cf469ec9a4ef690874665aad38a54657b5561e357cf53e4a06b2cd

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/Default/GPUCache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/Default/GPUCache/index-dir/temp-index

Filesize
96B

MD5
0b479dd37ffa172a6b937d296374c7bb

SHA1
8521b934361156099ff09c113aeae3f739ca827e

SHA256
daade15e545474be183dcb31e14d7b9e76c5602c09817231fcfe827a6eb6d31e

SHA512
61109008a5f8fb58f5bcf0949eb2c23252ff2279fe0d300ff3e20abdd8b96665e787c41af8132aa82954093650fb1da4b529fe60c2cbeedc97a428038166de9d

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/Default/Local Storage/leveldb/000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/Default/Local Storage/leveldb/000003.log

Filesize
497B

MD5
2cb2b9f73765f2577948f7b32a76c476

SHA1
5cecb4d568be95e7cd64528cfa81d4f9707a45ba

SHA256
9c5126fc1c5716fa593197e3bd365efeca48a120b7535aa53b249aed85ff231d

SHA512
ffc1d1f3388ee816803e12ee15e48dc78618691b283a0e2e5ad3b5ccfffc9a215247659a15a88d7700786a8b6eecba3e151b24b8cc665e06ae7abf763301a68b

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/Default/Local Storage/leveldb/LOG

Filesize
140B

MD5
180987d27d8c768744c10a2d6d5a8ba3

SHA1
0861ab666b46ba97d00b7e43729cac97e16a8501

SHA256
c69135773a3f35a01e6765fe24be376c8aca0b53ba9565592b79ea6c350ae980

SHA512
c4dd031a94ae03cf18d65ba0671810c51aec5222992acc5606a3e2c64a0681558a3cc59c32e5eba87cad44b9ecc2ad7b506119d26c77da0cd1d243dac83e1f84

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/Default/Local Storage/leveldb/MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/Default/Web Data

Filesize
120KB

MD5
a48cd9324b1f8754b07f00d863b840f3

SHA1
11c6614775b35a58f440971dfc87c8aaac6d6173

SHA256
8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420

SHA512
35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/Default/Web Data-journal

Filesize
2KB

MD5
185c751c4d12a1fb169f558d3c35702d

SHA1
4c4a39d279e3bce32c12a3fa43a036817788489e

SHA256
1c9f23c65dabed1f9a76da16a0edf20d281de9a0a7059fc0545f85fc7dd81479

SHA512
0bdf58393a925b651da1299119b10c61d3513eed4bc2f5919e150b4474c7e1d9072d5e8445376245298c2fe253c813876985ada537c1aff82de1453e58161ae4

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/webview_data.lock

Filesize
28B

MD5
438a9ec91919293beb2d538f129b9a1d

SHA1
2c813767ea152dc31ab17fab1e78187af9da91c3

SHA256
2736df8cb351e072183ebca0a39e1b7c46adebcfbd1257fa8a6813c134ec8862

SHA512
cf5b482a62f4234c0bed779f77b69de2579e1645de71225922f38aa775d369f4e500635b64e627eb46e7d9970a4b63c244a6ed30103488689e226bba530b341e

Download Submit
/data/user/0/com.nuklis.artpainting/cache/1633031840514.jar

Filesize
19KB

MD5
38c960945cceba468ee4f1772abb99cb

SHA1
c7c2d5bdc5d06a5f43c24809602d0f2d2ba8e62b

SHA256
b8d90074a4efd78bcdecc27a24d4249d53b0b76134590750733d1136d9ad964e

SHA512
efa6c5518308ded2af559bdf6276176be8f7067dd1a486dc7f23395435a2cfca4f40106275e38ae126b52d943fced8383f92469c734f3b721cfcc78db400e1f9

Download Submit
/data/user/0/com.nuklis.artpainting/cache/WebView/Crashpad/settings.dat

Filesize
40B

MD5
48df748fe72864f2015814ec8ce1754c

SHA1
d37ca9c7c43d2a543fced15362c8c09d01f900ac

SHA256
5a0af54b2cd9962adbeea4a006b7aaea2ec4eb88cfd9d8b2f430f498fd52bace

SHA512
c8dd4c5104166d457fb57812b0e503b7b9bc41bed7118bb0f8757e5d50b48b61941cddb367b32fbe27a5c989f8949c99b6de8503644738e0038a4cf97c29e8da

Download Submit
/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/Code Cache/js/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

Filesize
96B

MD5
40d00f14a79eb853353531ad532246a7

SHA1
5e9c772ba1d96d913ab3da4c7915792121243f22

SHA256
b591d049652163504d7ebc1cf7fec61840e5e59e50fc7a55fdcade0201b317f3

SHA512
e48c642448fda14c61bcb4a7584377dc2536dbf8203aedd5e25cedf70dca730ec83f1c40bb3abf0b2ab1e91e9d0bf3520e0ec5e0adea80e5974061f56b8a1e00

Download Submit
/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

Filesize
96B

MD5
ddc73238a1d305e02a8aa07fc7d5cfcf

SHA1
899dbeb3dddf93931de5852892a24abf94104efb

SHA256
5d85b96954019084087f0e89bc6576c46961488a8ba3a88b4de3e990330c4218

SHA512
8619e4b3060122aa2ba042ec8ae64163bbb191e6c0cb907114ed47a61139b2227805b9511397cbbbfa55e77b15861531d1bdfb5fc151ad2597f5bf2cb53c94b8

Download Submit
/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/dfe6b2497a7513ba_0

Filesize
12KB

MD5
4b262217db41c165364cec6e79f3c29d

SHA1
212dd406298a64ba346591f2cda5814503d5e7e5

SHA256
ea6405e58bdd7e0f68006910afa99c9d21d9173b44f9b39914c8e8f3f0996511

SHA512
7e081ccf0a6b67c6dd0bc10fff65cce475d95d44613a61b7e3e7d8d8987f61cd1ed9927a45d6ea9543af3bfb8a537a7c4b5c122a737c50e9d1f6d71b7da76639

Download Submit
/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/f038e94cb33282ab_0

Filesize
247KB

MD5
bf884a3a8d54dafd134a3f38c43a0bc8

SHA1
801fde8bae2150dcffa07db24ca3d464d0ba6d61

SHA256
67979f3a4f76d3cfb0fc9ba46ce8236fe861718488389b615340a906ad5518c3

SHA512
5849f79edaca1489f91dfb07cb550ea7f7b0abd5dea708cdaa424e6a92aee56e47f18214425cf9360273ab9374f2efe35b31034dbcb2fd4bbae4a762bdca2b02

Download Submit
/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/index-dir/temp-index

Filesize
144B

MD5
8a7c6a40254b2e8c9ce7e8aa8f6885c6

SHA1
069906dae108e4db9965b8a2f83bf0d1a21c0b10

SHA256
ccb9437c20235b98c832251f86bc4ce0e4130e671e704027f2faa6617e697c4d

SHA512
d24d1471d72e907cd9f5e2834eaae4c9ef9c817ed0165a37badc650334b67e3a27e128894e9aeff9733de4c1697d0cda7d8ae3591e21f3acd500463d8340d09f

Download Submit
/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/index-dir/temp-index

Filesize
192B

MD5
253433e2ea39e7c4c1f5883ba1a02a77

SHA1
adfcf2bdfd82c56f55cb88c1c170d2cf2c1631e8

SHA256
8eda5570e0ec6cb7952c42a70d68ee535657e1f531b8390b36bec8fd36b16e54

SHA512
29e64713f0bebf904aae2c2626e7c451cdb97a72ef607129e2d6afe9cfc8c4abe0304a85f4d8c2ff22c575ff69984ccf3255aa627be352cb1a6a927eedf6c3e5

Download Submit
/data/user/0/com.nuklis.artpainting/cache/WebView/font_unique_name_table.pb

Filesize
57KB

MD5
f080fa2a56ab5479d58063e5ea871447

SHA1
4b3fd57a98916fa5784305b76ba30af26b5253d9

SHA256
0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815

SHA512
8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

Download Submit
/data/user/0/com.nuklis.artpainting/databases/PAINT_ART.DB

Filesize
88KB

MD5
570f0c64ad1c14b608e55621c90d3d12

SHA1
c7dec36f6acbf6604372db015caeea191c16d8d5

SHA256
1a781cd15e8ceb685a08cd43cf2b722e87124e4fb4cdf4072ebd1b51d3ec936a

SHA512
bb474cf83ad570f4243ce8ea061fddf62f5ffce7abb3f909bc6c640ef27834f769ea03d44a49b52b85d3e83ffd3a9a7f9397cf9ae53af6f7c5db282c100327f9

Download Submit
/data/user/0/com.nuklis.artpainting/databases/PAINT_ART.DB-journal

Filesize
1KB

MD5
61cb9af17b8fa8dd63e8c745800e6d64

SHA1
2ce172fc4180e5e9712cd7296f8e861637483c43

SHA256
20d1a2594170b2393fd93c835aad1dcca05fa7e9bf416734c2052b1dfa4cfc09

SHA512
0aea7f8a6a381de22b78b633a3194776d6d4296f0296e28b17d58026709b81ae96238b84da508874dd32ebfa8e09248351c0a4034106f50ef370ac682419c000

Download Submit
/data/user/0/com.nuklis.artpainting/files/temp/layer_1_1670842639894.png

Filesize
844B

MD5
f31e821104e08ddc2e2afaf558fac542

SHA1
d40668f4c691220258e9ce2d5afac5a039aa308b

SHA256
289e9ebd3e31faf2cf2293aa0eb5f5293fdfc04de8c9bd6bd00b7ef587e975a6

SHA512
5e730b90a0452a7e195ec1fb5cb79067c1dd383e51c12970b4714a2a41b08ec0969a9a234b5aeabf5165f84bec63ed7acda2a3e836e77d76645089679843ba07

Download Submit
/data/user/0/com.nuklis.artpainting/no_backup/androidx.work.workdb

Filesize
8KB

MD5
e579a6b00eef1318f9166352228eba18

SHA1
76988896854f0139083e77862eea1a4846cf039f

SHA256
4b34cf505050facf47aa7936e4e7667e1969105665c632b3eefe7ecddf9a6935

SHA512
c47632e957d87727bf6504a82ca7a44d8da24d30cd997a0f449a96e4f97c656a1b4d9da3fcd827e2a48c59677688da0b872358ebd0f9369d898d1b8ec18d5699

Download Submit
/data/user/0/com.nuklis.artpainting/no_backup/androidx.work.workdb-journal

Filesize
1KB

MD5
24410dfae88bb11df4845b17c07034ce

SHA1
9a1f077091ab312788fa9e08a47579f658c5b951

SHA256
fedb6cf0cc7258491cb0aa52234307b345981370e034ea459fc3a5c03cd4fc52

SHA512
90870b1c140301d5c7f3b00408b35405e1a1e14eb27b7b140019ff37109a98d2480fcd5e3f272191533133a74cc326e5f1e20d398280a9864db4c0e930b834df

Download Submit
/data/user/0/com.nuklis.artpainting/no_backup/androidx.work.workdb-shm

Filesize
16B

MD5
4ae71336e44bf9bf79d2752e234818a5

SHA1
e129f27c5103bc5cc44bcdf0a15e160d445066ff

SHA256
374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb

SHA512
0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

Download Submit
/data/user/0/com.nuklis.artpainting/no_backup/androidx.work.workdb-wal

Filesize
217KB

MD5
c7b6b642066959074692e96e254253a0

SHA1
adeb5dadb128983ccc1ad5f02e41b656f0aac4cc

SHA256
1d5cf3afa3a4728127de1e4e58e85a05a0b7f78833a4138f90687af4bcbc145e

SHA512
99bd0da7ca1fdace71e981b9a1bbf92c6c4ca631936864931a2e515a44fc081d16ee41a26b6e0495b12f4ad2f8eaddea8e56c7ab5f8cfa909773bb8cd46f336a

Download Submit
/data/user/0/com.nuklis.artpainting/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
97ccd9a2b2063143df56b6937f961ca4

SHA1
5e78a91ae5df289ce83443cb7d5589dd3504fb5d

SHA256
248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd

SHA512
86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

Download Submit