0f41adb9d470c2450c2987c1c6b3a2ddcf8bcc47fad7a54ee4ec064afd0b8a3e

Analysis

max time kernel
107785s
max time network
127s
platform
android_x64
resource
android-x64-20220823-en
resource tags

androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
submitted
12-12-2022 12:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Paint Art_1.3.apk
Size

4.1MB
MD5

36af3b813438470a0dc1c890360e3c6a
SHA1

c8cb5654e1bb031bc337d3501ffce2ad7fd0a437
SHA256

0f41adb9d470c2450c2987c1c6b3a2ddcf8bcc47fad7a54ee4ec064afd0b8a3e
SHA512

f0a0b9e05759f71dade7e81639f705462b81bb01d709d47a48691bb837536a959677ba5a82d7b8c9634d6d256f5d1da1d5a85c47f60f35b5219245a08c647a3d
SSDEEP

98304:PrSSze0+HVciXp0wxsPgdsuGnRCCO+8Lz31JqhVEgaCZtzT:TSSi0wciXp0w2JxRe+8H31ojFJX

Score

7^/10

ransomware

Malware Config

Signatures

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.nuklis.artpainting/cache/1633031840514.jar	4705	com.nuklis.artpainting

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.nuklis.artpainting

com.nuklis.artpainting
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4705

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.nuklis.artpainting/app_webview/Cookies

Filesize
64KB

MD5
9b23e6a88d5a95f155f205cb04b93cd0

SHA1
b62dccbbef087a0731f226b96d15d35d8aa5e5fc

SHA256
f2f3c3c0c7f085399a6f9a464c1ac30a59ceeb5a4b7026286fa5609e6e8ef857

SHA512
bce5f25d98e2e8296c4101b62082dcb6a43902f3431ff6f725e41be6b9aece76e887ef94c4818baf4da845708fd76fd51c37fb6915710c870647593868f27482

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/Cookies-journal

Filesize
1KB

MD5
7778216bc72fac18a55fd0f02bf38fda

SHA1
30a1647e54c0f241d7476904ee34bfd2e91ffd5e

SHA256
a1af694f73a0d1500d2fd54c43443818cede27effb77ed78814b0479b4e3c032

SHA512
2b9baafadad5076e01ea9d5485daae9bad29e260be7f8971eb3f8ec1eb79dfc301e2a890ceee41fa09c84e0bb727a6a9a8a790a440ad277d3bbc19f4fdb9f89f

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/GPUCache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/GPUCache/index-dir/temp-index

Filesize
96B

MD5
9faede7c4bc519937366a42be1e81819

SHA1
d3d64417ee55c1814b6bd6d71f6b156d90fb23b5

SHA256
00d3eb87f05278a338ee0f6b73b512e8641b7917c08c0109ed4032e6609943ca

SHA512
194b603c78443a03de075566d1e8a6078f0ec1cdd6cc9cee8a6bc6ea8421223b4d5e03bf50a967b78ed3eb1ade6c6cb8b6fb2665c6a7765b9a2bb066b656fbc6

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/Local Storage/leveldb/000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/Local Storage/leveldb/000003.log

Filesize
497B

MD5
b45f56696750342545b6272a796e006d

SHA1
d658475543351cc4d47e4b10a89cf3cd72e4ce7d

SHA256
bf251f3a19033b94b54270eb6a9575e3e5457d467e3503ea181d3fb200c260c2

SHA512
bd421c610916714f905a7632f7ff65baffebada726bf1c47d5816c5ea0b180dd1be4162d903cfc64e83987f87346c42904296754a77948eb8b8323e40fbde1c8

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/Local Storage/leveldb/LOG

Filesize
70B

MD5
c3990010af4eabbc78e9d9c9343b84d3

SHA1
6f6c99c16ce6812031e7f494b6ca36138bc5a884

SHA256
c3e3207572b92364a3480b8e25f619bd784218d1240923160f2c17ea375c7458

SHA512
51d2e1e6bd03125d6414f7b0b94d3544dcf5943da36b4b515b3d82f52152d3dfe1a46b363645ec07b16378aa35d95d041d30194cfa02953f115099ef17664664

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/Local Storage/leveldb/MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/Web Data

Filesize
112KB

MD5
b663831f8cc130493476d94f2d7a5330

SHA1
043a1956ab8e40821d67043f8a9110a8eb36fb93

SHA256
c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

SHA512
e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/Web Data-journal

Filesize
1KB

MD5
19a3fbf8c87364a2945954b66b1a55d5

SHA1
f094b304dbf21dde05874814d08871f21587dfaa

SHA256
384b17bd977bb1a8d9290c17e4703b3fc631a175c1618a808dd5fba844bd6057

SHA512
6cefca87c98ec08a7453bc4fe5d29071c249377004deaa3a986150471947cd44bdc001e779816a6a9c470ce74b6adb7c1c4198a10be70f1e95127c43a48c45d5

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/metrics_guid

Filesize
36B

MD5
dd54e40a23ec0bd7527ee1a69f525824

SHA1
a53844519242ed65a45a573bf3fcdea935ddb5e3

SHA256
9f22cccb38df0110120eb61ff20c8ae3deda84c3a2142c5431590a432559d5f5

SHA512
650feec43147fad78a21cc334b04876322216c3f98d38afcd1627b72b23502d9e9c66c6039e509b8cc0c82860497ba3ccb05d4ed58993f90612e79e62c26c9bb

Download Submit
/data/user/0/com.nuklis.artpainting/cache/1633031840514.jar

Filesize
19KB

MD5
38c960945cceba468ee4f1772abb99cb

SHA1
c7c2d5bdc5d06a5f43c24809602d0f2d2ba8e62b

SHA256
b8d90074a4efd78bcdecc27a24d4249d53b0b76134590750733d1136d9ad964e

SHA512
efa6c5518308ded2af559bdf6276176be8f7067dd1a486dc7f23395435a2cfca4f40106275e38ae126b52d943fced8383f92469c734f3b721cfcc78db400e1f9

Download Submit
/data/user/0/com.nuklis.artpainting/cache/WebView/Crashpad/settings.dat

Filesize
40B

MD5
f3dee094a14368183c8452007f48d05c

SHA1
7ca6a8d7a0fab1a841401f0cc5084747f743f855

SHA256
338199eaef7154a8bbe6ceeadd48ab35d715126d27b6ccef389642f6bbb58e09

SHA512
202f7cff230aedf7f9d06b805489e2aeecad5e54861737275052fbe16d42118c4a361d47d6f6b060852fca79c7b6810bc49f3406e6bfe579d9ed1055f265eadc

Download Submit
/data/user/0/com.nuklis.artpainting/cache/org.chromium.android_webview/Code Cache/js/e06cc44686ac5311_0

Filesize
548B

MD5
780a6eb7a50374e5ff4ca72fcd549a2c

SHA1
d7054a02cffaee5f97e251cf853945017dff828f

SHA256
8096a59e17151ca38ead58f091e06f71e01614d83ea1d615b886446b883e09cf

SHA512
47051c11a48dcd425bb5e9c51c30a31b1235697bc18ba6ac006078bf81a18deece288b5f39b8a47ab60154b331ca7b7092f6f84e21ac37d8c6dd1abb48250d9e

Download Submit
/data/user/0/com.nuklis.artpainting/cache/org.chromium.android_webview/Code Cache/js/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.nuklis.artpainting/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

Filesize
96B

MD5
2fbe77ccfaaed8e6a39e7983121d4dae

SHA1
31144edb2f2ce7dd5f113993351974b0a36d9f2f

SHA256
49f90bfacb89705c16ec6542add751d885402b6965b746ef206bd2689da43d91

SHA512
dee014bb26542606a7965a9368b180e4a7e16a1afd8d52aeb1b7ec6e78ec74b288f81281737b6136b105292c87915f8df3c2eda154b02a9a3726f8b663cd1b2a

Download Submit
/data/user/0/com.nuklis.artpainting/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

Filesize
144B

MD5
44d2129cc744bb9c004cc641ffe883c4

SHA1
072bccc69071cda42b8296e672b49415a50c48ab

SHA256
662e9a1f0eb5bd0a5f70ad3edaa6a00b3506484f6027f651ec4d81885fce7c0d

SHA512
167eb29cbbbba766c31ce7aae140768907e707d958e6dd16f9f0b8efd5d89f900294001dd7a378fe1661f87c409de7bb347b4b3c78a139feb25b531224672349

Download Submit
/data/user/0/com.nuklis.artpainting/cache/org.chromium.android_webview/dfe6b2497a7513ba_0

Filesize
12KB

MD5
11317b0c10eeec60fa5f21deccf5f384

SHA1
a4922d63a60734106575c7115911be4873954830

SHA256
d03c6b5ea92ae399216913c616a32e7b7ca68fc1938abbbdc69254494cfba90d

SHA512
58b3085f779700bde88b6b057ea426a752699825f5ab2e5b70484f610af503d9a3b9e04a505ebd513d599ce3a2c8c923a2a202564f5d42bacbcc619d7ff06669

Download Submit
/data/user/0/com.nuklis.artpainting/cache/org.chromium.android_webview/f038e94cb33282ab_0

Filesize
247KB

MD5
88299f69d9fc37c3f0384e9b3cbc259a

SHA1
00657e96e3a0b5f54567112c3cd7c9f1e926d173

SHA256
0aa93c6210bfe960390c25c75f9ffca31806d1a2ba95bf71180e9f3671a5b620

SHA512
77ab9fde83c245a9ed2e5b97d175b51e196120e399f176c6598270700590fe581e4c9ca5d13d4580b80690346aebb797f4afbb11b3f29ead115a918e4b63b589

Download Submit
/data/user/0/com.nuklis.artpainting/cache/org.chromium.android_webview/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.nuklis.artpainting/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
144B

MD5
958d55538c0a58155214fad8a63137d5

SHA1
4f9a474c71c0b1c3f7521626738e2a1b317740bb

SHA256
3d2d08c4efd233d75b492e2376c9633cbdb027bc953eb000e9ded3c0ce90a20c

SHA512
e0839e14b9f34d762f68f31a0b26bcdcee4765c63c0201e6bb34abd01a803bf09d151426b2d54ccf69042ac90ee33e3bed75fa4b0ede32e4424e7d40d774f7bc

Download Submit
/data/user/0/com.nuklis.artpainting/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
192B

MD5
9b21879d36e06b0b182228ea976f3f84

SHA1
4905bfb6e36639fd0570dd22f8f8ddbd5b4b2371

SHA256
8a1efa2f5e934ea23b4e82d019fea01b9452056cf747e7e568a8abbd2831f026

SHA512
96c17227a45dcd5b9f3a57da110554a24eecadbdeb3166cdc874b31f654ee779fd5bbc77135e5dfb8b6de4fe244d2652ac3d107c42fd245e9eab3f39401c8ac9

Download Submit
/data/user/0/com.nuklis.artpainting/databases/PAINT_ART.DB

Filesize
88KB

MD5
88071e85bcd69a166751848a665e3c44

SHA1
c2e6aaa4c826580174626ddfad8cdfec8a160c6c

SHA256
ecf3d48ded7978e8de46066dae0c07a2f04db68c6d41fd1063749eb9efa1fa24

SHA512
d04e228386774f3858ee1f49165e918fed346f9539a487fc19cdb50871866b78ac9aa94f2e5b30d0b157d8ea96bc1f0ef51344a2d2013a725f13897ed02e521f

Download Submit
/data/user/0/com.nuklis.artpainting/databases/PAINT_ART.DB-journal

Filesize
1KB

MD5
21d29ac429762546e0185bf64a973862

SHA1
b438fccfc7d0baca5af2b5841c33ac16ac8b7f6c

SHA256
2eb73f689cb9d6455709b3e5486ce1125c3e89feaac9fb4e7ab1cd4b8988dc0b

SHA512
3f7ebda3781d4eae005d8c63d43370ed3e2332b57a4731487cbd8dc462c90378b069b4f699fe0ede5f6e177960179a2b7898581ed23f7b332fc562133a917885

Download Submit
/data/user/0/com.nuklis.artpainting/files/temp/layer_1_1670849940558.png

Filesize
844B

MD5
f31e821104e08ddc2e2afaf558fac542

SHA1
d40668f4c691220258e9ce2d5afac5a039aa308b

SHA256
289e9ebd3e31faf2cf2293aa0eb5f5293fdfc04de8c9bd6bd00b7ef587e975a6

SHA512
5e730b90a0452a7e195ec1fb5cb79067c1dd383e51c12970b4714a2a41b08ec0969a9a234b5aeabf5165f84bec63ed7acda2a3e836e77d76645089679843ba07

Download Submit
/data/user/0/com.nuklis.artpainting/no_backup/androidx.work.workdb

Filesize
8KB

MD5
b6ca8b30661a7844ed292db75a29a953

SHA1
8e0d397ab1f2ced1f143829084c3f53333743bdd

SHA256
63a219c7092be26641907c5f955aa977e7675e3922a8e4ee2af25bfed8c7bbfb

SHA512
d21ce3adf13d61369708ea000438f626973f20b08ca05a744c1cccb2d5e7c264a8af9c3ebd18a7a6a464d38e1c64146f8e881d29d71a0484dd94212315f6dceb

Download Submit
/data/user/0/com.nuklis.artpainting/no_backup/androidx.work.workdb-journal

Filesize
1KB

MD5
1970671ef08c41cc8dea1b4372dadaa3

SHA1
c3ea81bae23fe8a79e4598e9945751b0ee720bd0

SHA256
3ed2625d3380d41f91ec27f76e8008e2a64553d2d66f4de36f158ec10766a50f

SHA512
00afa5c1c2e9a1253f0ccb10de94967b52c8106c4a11d96fa5ba20b05ce7f85a1adcd2445a012747586c49a0effad0e4117060cdbfeff0a8e8d8e79e1e1b079e

Download Submit
/data/user/0/com.nuklis.artpainting/no_backup/androidx.work.workdb-shm

Filesize
16B

MD5
4ae71336e44bf9bf79d2752e234818a5

SHA1
e129f27c5103bc5cc44bcdf0a15e160d445066ff

SHA256
374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb

SHA512
0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

Download Submit
/data/user/0/com.nuklis.artpainting/no_backup/androidx.work.workdb-wal

Filesize
217KB

MD5
ec04690c8753f9f931eaf231e31caa83

SHA1
c87be223459a9449b76dddaeb8d034c28fa5084a

SHA256
2ea421579f52477c8020480350b3293565396d0b75a0d922ad55e72c57354785

SHA512
d7b52ce93ec584a771ceb92b5f52d59cf094a516d0d77bca6024418ed1a0b9dee5a16a6086ed49f38e0b9ba09123d5f869ff84546e5fe0ac8d5f067e7ea1502f

Download Submit
/data/user/0/com.nuklis.artpainting/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
6ef709b8536878951e87c29a1518fc2b

SHA1
24376c70b00152501b3d98df61fa7db435339172

SHA256
10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

SHA512
96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

Download Submit
/storage/emulated/0/Android/data/com.nuklis.artpainting/files/-1451633082

Filesize
75KB

MD5
e9c5b3102b58738822fe10d4ea7981ed

SHA1
43321b69657127a9e2937710f16b6c618daf8a51

SHA256
eb1a183c7a377a39e41a121edbb294180f54a4a92f1b363dc38431182a2e0dfe

SHA512
27e7e8b7dfb2fd14546f341745486a41f5b6f4ed852a3548a64cb2db14efc2fc077a743a5b56f6c15027160065778c305394f2190ab0a2ec705ff36fdbdcb3dc

Download Submit