0f41adb9d470c2450c2987c1c6b3a2ddcf8bcc47fad7a54ee4ec064afd0b8a3e

Analysis

max time kernel
107791s
max time network
163s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
12-12-2022 12:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Paint Art_1.3.apk
Size

4.1MB
MD5

36af3b813438470a0dc1c890360e3c6a
SHA1

c8cb5654e1bb031bc337d3501ffce2ad7fd0a437
SHA256

0f41adb9d470c2450c2987c1c6b3a2ddcf8bcc47fad7a54ee4ec064afd0b8a3e
SHA512

f0a0b9e05759f71dade7e81639f705462b81bb01d709d47a48691bb837536a959677ba5a82d7b8c9634d6d256f5d1da1d5a85c47f60f35b5219245a08c647a3d
SSDEEP

98304:PrSSze0+HVciXp0wxsPgdsuGnRCCO+8Lz31JqhVEgaCZtzT:TSSi0wciXp0w2JxRe+8H31ojFJX

Score

7^/10

ransomware

Malware Config

Signatures

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.nuklis.artpainting/cache/1633031840514.jar	4458	com.nuklis.artpainting

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.nuklis.artpainting

com.nuklis.artpainting
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4458

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.nuklis.artpainting/app_webview/Default/Cookies

Filesize
64KB

MD5
dfb2098ca7b3bf16d6f5f1e7d3839af5

SHA1
ebb7a8bc886062d77a4092bd306b77a0ce7a3e9d

SHA256
e4119d32577d7fc63b267cc23eb7a9bbfb12d238f23e08918c38838fe0181224

SHA512
fccec45399258eb98220b7f01b492a72b8b3d1254dec6e196e344d89a0376c6ee24534a31a6675c866d4a17256d3ac6823657eaf04e1d386757d0cbfc6597e50

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/Default/Cookies-journal

Filesize
1KB

MD5
a5fc5b9a2a8c018f31672bc80493c420

SHA1
e654b905f28d24b048a567fa64ac9c6e9f395a48

SHA256
d468dd55e454d59da901619f6fe7f40604a9fb86d746406f323c55e9e5ca0ce0

SHA512
28a9b9f2dd37f765dfeaf53073c144df0aa5ff7c74655a03f348adef9a6673866f83c2ea2329c111c56b8f6195e7a121ee497bf9f69aef935e71cde8ec8312a5

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/Default/GPUCache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/Default/GPUCache/index-dir/temp-index

Filesize
96B

MD5
920ffb00547509438d38e29404df6726

SHA1
2838cc32a1d4a4658b73e1d0737df9b73587ac65

SHA256
24b309b78b1b6c59413181d3e72df580defe158e36abdbb1243c63a44c62795c

SHA512
e3581041c4172e0048f62580eafce98707a2ec20fdb53b516a5988f2e051965fa8f407320fc464b2d437c781fed7186239fda8acbf230d8eed82e24acde9e75f

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/Default/Local Storage/leveldb/000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/Default/Local Storage/leveldb/000003.log

Filesize
496B

MD5
8e0ad27851801463a9fff6a11f5f20d2

SHA1
c445ddb2200a6e0a39a6322c9cb4383713bbebbe

SHA256
a39c8fce8cc3eeaba829b5b32288d01c47ece8f52e5cfd3b30aa584c23474653

SHA512
db21c5db40aac0ec9be41b8974f903a5a99b2ccb12a5232d3e21cc1bd215a2a69503dad28e3766e00881cadd50a480e213beab22d25e269558579cf86bc18572

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/Default/Local Storage/leveldb/LOG

Filesize
140B

MD5
eb47216d475f469901096a0206302cbf

SHA1
681d2cd52d4c32417330ae96e2c55c85bdf37a93

SHA256
f83cdec993aadca453d6d0147758aafcb12f18814dd0d8a49a81ac2ac6119a63

SHA512
dc556047cbc9a4e83bdcc8ecc26f868a8432cd6645ef2a38355393116792f2e13985c144d15678363da5bebb9518ab93c39f4a9628e7c02d05053ffabdbcaa5e

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/Default/Local Storage/leveldb/MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/Default/Web Data

Filesize
120KB

MD5
a48cd9324b1f8754b07f00d863b840f3

SHA1
11c6614775b35a58f440971dfc87c8aaac6d6173

SHA256
8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420

SHA512
35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/Default/Web Data-journal

Filesize
2KB

MD5
cea2b01bf500bec7d918b3325019363d

SHA1
d2ad8f59fe6684dc64176d2d2602ce3c135f4819

SHA256
7fea2f32b4203c1ad3d903e0e76410028c59dfdd7c13f5d6ca7f45fadd67b5ed

SHA512
e62d9bac73f6eec35c69d07030ef0e3fae59d2fe23c62adbdc33eb7909606ba56f992993511ce06a0dd2250f2197883e92a1e4345dce3ea5137a2e271fb179a7

Download Submit
/data/user/0/com.nuklis.artpainting/app_webview/webview_data.lock

Filesize
28B

MD5
0e76197dca37f2346c0112c7f511ce8d

SHA1
1d21e71746527a4808a149bcc9bbae08ca2acc62

SHA256
8460d968b62705b7644c1dde1f64aadda02fdd1776d32c2394ade0d27d825590

SHA512
c246e82d70701da68cc315eb97155fc1594f75da3a70dd6b06f795f36d084c08d68ddc7d09d9e93b319dfede2206b3e7deb487437e49dd4c6bfcd728432f6b71

Download Submit
/data/user/0/com.nuklis.artpainting/cache/1633031840514.jar

Filesize
19KB

MD5
38c960945cceba468ee4f1772abb99cb

SHA1
c7c2d5bdc5d06a5f43c24809602d0f2d2ba8e62b

SHA256
b8d90074a4efd78bcdecc27a24d4249d53b0b76134590750733d1136d9ad964e

SHA512
efa6c5518308ded2af559bdf6276176be8f7067dd1a486dc7f23395435a2cfca4f40106275e38ae126b52d943fced8383f92469c734f3b721cfcc78db400e1f9

Download Submit
/data/user/0/com.nuklis.artpainting/cache/WebView/Crashpad/settings.dat

Filesize
40B

MD5
050a10b251cb0819054c2387a0000082

SHA1
0cac3eedd2bb9d14559b48ed715da3e62525bb7b

SHA256
969b7a692d2566794e2dd046db414fee1bd336924dfe0dde6fe8812ea27945b0

SHA512
f490bf30574a04d3b008098bd715483542ec7422938fc37839f0444b0b3e0a62d2cc3c950cd27dd75b5f61b5d8d42927d59d301c6e03ac21473d14f38bb36a3f

Download Submit
/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/Code Cache/js/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

Filesize
96B

MD5
41fbbc6e26743239822dd8b0cf6286a9

SHA1
8127e30a8716db30efb7e3666d14022b1e4d0494

SHA256
e2a85d6b9e5b66b245cc59987df789d09d031e2d27e492effee9ffdeb7ef6a44

SHA512
b0941f5a0c11aba1826da39900445b134d4ef7ed38e97353f5c1a95275ae74390ffa4ddd061abee6e192e968fe0072abe1f8b497e7a0ce0f449424d8e894c458

Download Submit
/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

Filesize
96B

MD5
6a012d506cd24a716d5ec8fa7c86e20b

SHA1
a2803f00f0e0a359c8c2b5793b6d05d1200d8d0e

SHA256
73bd1ae3a40c84057a782040d75da84d50fedb503a8507e6a17e2c473e4ec57b

SHA512
02feef740c134fa4b54238875ad4a4a36f1a00d0107e883525223f668b61c72895b11beded8550cbd1c9fbd971c1434c96f3748baf8c1caa41d7817910c0d44c

Download Submit
/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/dfe6b2497a7513ba_0

Filesize
12KB

MD5
85a937ee8cc71966a85a88417b7ea89b

SHA1
e0efaff80fff373aa8dbb8a11124e0210986fec3

SHA256
60fd529c06d80787b9ae8cbffeb6acdbbae957c0b4ec124269c089848dabc75c

SHA512
1a7e965dc155389bff07ed27ddacef67a1b822f952062724b0f9dc2717bd24208c8ac85f2ab109e6143a77c6dd2893f0fc07ec022ddc97144798325bcd28d5a7

Download Submit
/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/f038e94cb33282ab_0

Filesize
247KB

MD5
b55cf990903d74615e1241ef184c2adb

SHA1
0fbecc026ae80e431da4d566aebe36af84041b83

SHA256
e7d1718295868fcc2744ebbef3e16279a6f74332b65902f5a4e0094cbb08f601

SHA512
df6e76f2401a06bef3fd1ab82f66d46492351ab490def6ea444440d669ca411465c780b9cc9593abf2226b0754acc9614f9ad24ca468acdaa99abfc4dcdcd786

Download Submit
/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/index-dir/temp-index

Filesize
144B

MD5
d3ed876195698b83e5cc45e01b2ac1fc

SHA1
fe50c3ae702462ed50b6b3e020a86ad6549ae757

SHA256
c20d1271b79f18d3bcd67167e6cfe60a59ab436af0bcaf9b591b27195a7112eb

SHA512
3dc60acc4e9d4fbd4d1de65205844dbb271f565175b26393d3ccc5ed671f002147b3be1b5e637754104816587f3b06dbe0bd2e2c7eeeffe9720fcea00907aaad

Download Submit
/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/index-dir/temp-index

Filesize
192B

MD5
0e1540feeaaff9b32c090c32ff4455a4

SHA1
89f0455af19fd23cef9c6d9664ea1d0056567f01

SHA256
58c9a5e307918956ee3573eeecd66555315425e2f0002bee4da6e5542ef56c66

SHA512
b1d4c242d9f3d3b6b4260bdb7c848acb771e5acbd8af5ad5ab9a90aeaeb541c4a4e36cc60402873b9fe13351edc7777c607508ca470d168aaa901e1551136769

Download Submit
/data/user/0/com.nuklis.artpainting/cache/WebView/font_unique_name_table.pb

Filesize
57KB

MD5
f080fa2a56ab5479d58063e5ea871447

SHA1
4b3fd57a98916fa5784305b76ba30af26b5253d9

SHA256
0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815

SHA512
8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

Download Submit
/data/user/0/com.nuklis.artpainting/databases/PAINT_ART.DB

Filesize
88KB

MD5
570f0c64ad1c14b608e55621c90d3d12

SHA1
c7dec36f6acbf6604372db015caeea191c16d8d5

SHA256
1a781cd15e8ceb685a08cd43cf2b722e87124e4fb4cdf4072ebd1b51d3ec936a

SHA512
bb474cf83ad570f4243ce8ea061fddf62f5ffce7abb3f909bc6c640ef27834f769ea03d44a49b52b85d3e83ffd3a9a7f9397cf9ae53af6f7c5db282c100327f9

Download Submit
/data/user/0/com.nuklis.artpainting/databases/PAINT_ART.DB-journal

Filesize
1KB

MD5
d86bec952c8ca6797969f86e086c0e9d

SHA1
8fbb3b4392519abb05a15c9b32100c63d9c8f27b

SHA256
ce607ac32ff610a64e3963e3b377dc989edb741523b5436c2c17d766a48d87e1

SHA512
1d336e3f0cdb7a14534abc709c3a03973aee385a91702e5afee1dd43818e61a64a92c2b03906eafb9bae5f3fba745bd712e7ecfe0c4ff1f5b55d28c45251ca6f

Download Submit
/data/user/0/com.nuklis.artpainting/files/temp/layer_1_1670849941622.png

Filesize
844B

MD5
f31e821104e08ddc2e2afaf558fac542

SHA1
d40668f4c691220258e9ce2d5afac5a039aa308b

SHA256
289e9ebd3e31faf2cf2293aa0eb5f5293fdfc04de8c9bd6bd00b7ef587e975a6

SHA512
5e730b90a0452a7e195ec1fb5cb79067c1dd383e51c12970b4714a2a41b08ec0969a9a234b5aeabf5165f84bec63ed7acda2a3e836e77d76645089679843ba07

Download Submit
/data/user/0/com.nuklis.artpainting/no_backup/androidx.work.workdb

Filesize
8KB

MD5
e579a6b00eef1318f9166352228eba18

SHA1
76988896854f0139083e77862eea1a4846cf039f

SHA256
4b34cf505050facf47aa7936e4e7667e1969105665c632b3eefe7ecddf9a6935

SHA512
c47632e957d87727bf6504a82ca7a44d8da24d30cd997a0f449a96e4f97c656a1b4d9da3fcd827e2a48c59677688da0b872358ebd0f9369d898d1b8ec18d5699

Download Submit
/data/user/0/com.nuklis.artpainting/no_backup/androidx.work.workdb-journal

Filesize
1KB

MD5
c82b527ca72d7b595eda618572cc0528

SHA1
b9f06ad3fcadd595965301d3c827932d15b5378a

SHA256
87238603fcde0162e66ab059d5601b11051a594d34678577cd610b09a26bf9d7

SHA512
34dd94da22c514f056d3ee489aae0bbc20ec0d97a22c24bc679550f164593b8463854621776cf4e694700e0f9c89f2ac0ede87a1aebd5bebf95924dc9101dcc5

Download Submit
/data/user/0/com.nuklis.artpainting/no_backup/androidx.work.workdb-shm

Filesize
16B

MD5
4ae71336e44bf9bf79d2752e234818a5

SHA1
e129f27c5103bc5cc44bcdf0a15e160d445066ff

SHA256
374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb

SHA512
0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

Download Submit
/data/user/0/com.nuklis.artpainting/no_backup/androidx.work.workdb-wal

Filesize
217KB

MD5
1445bcdab3d45c95ac9ab52bb905cb0b

SHA1
f0a6cf44ef2f21c88c98ed1ab4c654ecb648435b

SHA256
cb55d8ecbe3a004145bbf8e5b8be0d18c7a2ef2838c8f6b7b529e6a560b55653

SHA512
e7d6deaab3dc650781e0617165ab690f9ea478bc1027d7a225e5e8a597ae90a10e6a58bc635052351225576d36e11a51d3c8dfe6372830680503aef156958834

Download Submit
/data/user/0/com.nuklis.artpainting/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
97ccd9a2b2063143df56b6937f961ca4

SHA1
5e78a91ae5df289ce83443cb7d5589dd3504fb5d

SHA256
248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd

SHA512
86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

Download Submit