5d67ecd60d9d7a21a8250fdb2f7889043c970065b511fa0bb4745f154d29ffbe

Analysis

max time kernel
325957s
max time network
166s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
02-02-2023 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

osu_droid_1.6.7_release.apk
Size

18.2MB
MD5

52919ab4264424cf7f9f456ed2198ba5
SHA1

4c849a5c576e0983efabdf96c447547fb4d4fad7
SHA256

5d67ecd60d9d7a21a8250fdb2f7889043c970065b511fa0bb4745f154d29ffbe
SHA512

6a2f641964731fefb1be6591efde1b908fd7eedde97212548007ca4b3fa33745e3b5749976a3918d6accacb4b249d32717ea6587396a36369813cfdb3d0b4e36
SSDEEP

393216:wNhIL8Yw0uRp5g/p4CGVD4/qRJkeXPwLdI:0YwrTRC2D4/qIeX4C

Score

7^/10

ransomware

Malware Config

Signatures

Acquires the wake lock. 1 IoCs

Processes:

ru.nsu.ccfit.zuev.osuplus

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock ru.nsu.ccfit.zuev.osuplus

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	ru.nsu.ccfit.zuev.osuplus

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

Processes:

ru.nsu.ccfit.zuev.osuplus

ioc	process
/system/lib/libc_malloc_debug_qemu.so	ru.nsu.ccfit.zuev.osuplus
/sys/qemu_trace	ru.nsu.ccfit.zuev.osuplus
/system/bin/qemu-props	ru.nsu.ccfit.zuev.osuplus

Checks known Qemu pipes. 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.

Processes:

ru.nsu.ccfit.zuev.osuplus

ioc process

/dev/qemu_pipe ru.nsu.ccfit.zuev.osuplus
/dev/socket/qemud ru.nsu.ccfit.zuev.osuplus
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

ru.nsu.ccfit.zuev.osuplus

description ioc process

Framework API call javax.crypto.Cipher.doFinal ru.nsu.ccfit.zuev.osuplus

ioc	process
/dev/qemu_pipe	ru.nsu.ccfit.zuev.osuplus
/dev/socket/qemud	ru.nsu.ccfit.zuev.osuplus

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	ru.nsu.ccfit.zuev.osuplus

ru.nsu.ccfit.zuev.osuplus
1⤵
- Acquires the wake lock.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ru.nsu.ccfit.zuev.osuplus/databases/cc/cc.db
Filesize
52KB

MD5
957c26875f84730f9632560de255415c

SHA1
4c766a11e1aed93ee8e3dde816fc7027ea139b83

SHA256
a77be28391a129ea82f5a8bc4cb5efbb3bf7bd040a8797ee65a20ea8a254cfbc

SHA512
7ea816abcccb3f1378e3c25059cac6165942e8b2c51e0aa193c03e0d942f84ca023b111947c42d512d321aba9bcbf267e7f98008df8aa6a24b8757dbeacaa120

Download Submit
/data/data/ru.nsu.ccfit.zuev.osuplus/databases/cc/cc.db-journal
Filesize
524B

MD5
017402348f7ff12430c2c75ae2715e3f

SHA1
bc2c66f10004ff78a7ccaf032b112ba83fee7cf3

SHA256
53f4cb2f43c9ff011301e2229fd12393b9d957dead0a8e65eca06616b4f2ce81

SHA512
d5f99bd08635419a4d4aff3791e3b69e607564a61995b4d449eb49e58621e44d7a92384e344b8583d35cc08d298897b12c9b9fe0e475fee1a2edd7ccd64aeb32

Download Submit
/data/user/0/ru.nsu.ccfit.zuev.osuplus/app_bugly/sys_log_1675363189830419.txt
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ru.nsu.ccfit.zuev.osuplus/app_crashrecord/1002
Filesize
252B

MD5
499fdb1ef45e305aef044c912b529a19

SHA1
010c527277090778cce21874fb02f8efa3b6fc47

SHA256
92a6fb319db2b630d201b771324ddf4c096b5a7202a374ec9e4f35f6e345beda

SHA512
42c55b4282f942381d632fd7dc90f644c3555021f2b39d747cf0cfff8d1fd449d907acb26754f63864a4ac042950542fc8d4d1374164121cd1aac0b9bea00e81

Download Submit
/data/user/0/ru.nsu.ccfit.zuev.osuplus/app_crashrecord/1004
Filesize
252B

MD5
31ce7a572d10bcd41e29159232f88af0

SHA1
776a04cdef97294fddaa1d21026492a8f1571e98

SHA256
860872f089c3f9654d1cf340118dac6651c0dc1fb1df9c9b0bb6d6a0f764ffbe

SHA512
f1cd3fd298356df46a128ca57c2119fb3f96185903adbf13db16034d829e47d03b3bddf53f871f441dbe9580def15daf509de6ebfab5ce90556d9dcc7f5c06a5

Download Submit
/data/user/0/ru.nsu.ccfit.zuev.osuplus/databases/bugly_db_
Filesize
164KB

MD5
cd649f5b18a0ad17e8bf13446cf90ffa

SHA1
0be050ce4f3d5ce639d7b07f951883d2dbc0bb22

SHA256
345c7fa4a1702b957bc843629452b8bd322b1e064a64a085b92b27d3775bb6a6

SHA512
c48b42704f5f3417e53d576470e49485d613f29d4bbef40235042ccb789b866a786709fe750636459d1d94163113c082635d57ee10f444c3f66833cbf3f1d79a

Download Submit
/data/user/0/ru.nsu.ccfit.zuev.osuplus/databases/bugly_db_-journal
Filesize
524B

MD5
1256dcd379e86a035bef4564c591ded2

SHA1
79d360b4f458c2f7d207f8054dcaaa3dfa219cc6

SHA256
54c630c5119af07a6e3e1644162293d4c8e67da1a0dff46b931b2da4846e9f59

SHA512
bfab951f2ef2c30d5bb979de21be500f41c44c660ce088bd16a5cf3811186bf5ed10e903c0ead19e19c39aaef48493d60f1c48702bf2090b67ab9dafe6bb2ffd

Download Submit
/data/user/0/ru.nsu.ccfit.zuev.osuplus/files/.um/um_cache_1675363202545.env
Filesize
1KB

MD5
e28dbcc3c04626c1d128436dea4058f8

SHA1
c2513b45b26d903874e2da7931bf1ad107338e41

SHA256
b2ede6dbf06280580bab825df43dc3ec9944925032910ae901d580679d92f402

SHA512
88cb801a7d273a74427d8033f42b9dbaacdaa6e61ab2d34bc089b789973d162e7c6775e0f0e76f8f45c4507ed77f0ffd308878a477a88d352d7125abb992d899

Download Submit
/data/user/0/ru.nsu.ccfit.zuev.osuplus/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
77e35c12c518d2b5293cd1c489e6d98c

SHA1
4fafcdb85c5cac948c217f3ca7efeb0c77d7356a

SHA256
3ae43906d91780cf68db5aa871718eb6227461b8dd71d18d52586400dd02427a

SHA512
8fa9f669e8c89b97a1dcfa89baa573b19a2c8edf92e3cc9bd28c3f796cfa62d407a310c0a08fbd6f0ccd4f9f00cfcbcce74eff9ce28ec18e1643ed2c851545e8

Download Submit
/data/user/0/ru.nsu.ccfit.zuev.osuplus/files/local_crash_lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ru.nsu.ccfit.zuev.osuplus/files/local_crash_lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ru.nsu.ccfit.zuev.osuplus/files/native_record_lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ru.nsu.ccfit.zuev.osuplus/files/security_info
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ru.nsu.ccfit.zuev.osuplus/files/umeng_it.cache
Filesize
433B

MD5
bb3ee0eacc7e06dcb5d73c79db7c45ac

SHA1
90da41b1b3fddb114bed5ed93944893a2fc66cb1

SHA256
ed63b95bcbb4a831308d52c798e172005d8bc130694d6dd44421c788a1df29c1

SHA512
5d641b262d1c75dd921cc236e1fb24f870538fff0c2b0aaeec0235ae5bf966de34621a9f93ae0d1fbe5e987b0032b42b0870e31c91a5f73af546bf40998b526f

Download Submit
/data/user/0/ru.nsu.ccfit.zuev.osuplus/shared_prefs/crashrecord.xml
Filesize
137B

MD5
5adeac2202baf69559ee457f15e29627

SHA1
89d4e4a728e3cf8756784b34bb3063ff5579cf43

SHA256
a794d731c0266abf9d787197682aa2421860def1e3b96fc993dd4ba84e88d231

SHA512
325ff3e530faed2d8fb790a1e9eaf40d560f249f81bbff00ed7c6b27c65747c215e8612c32c236bb5c1665e171911b93a4330551ca9c52abd00f9330a676a09f

Download Submit
/data/user/0/ru.nsu.ccfit.zuev.osuplus/shared_prefs/crashrecord.xml
Filesize
204B

MD5
72a20c2af21ba0bfcd7f3bb64c8b8479

SHA1
dd3ea73037e15739781983fc38d61163c86afb2c

SHA256
e7c037e8bf6ec490608dac176448d0d42fd5dda977459c7448df959bbd3e6cbd

SHA512
87e80aa1d76764c08afb79c1544ad51f3e6ca82b59d675df6107d9123c24db085ec7baa16cab489ae2279329f28f20add205c26ee880f2fcd158186148d90942

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
90ee4dc43278055e878b2df50952d04a

SHA1
604b4faac2505afc49c9bd292a174fe338117073

SHA256
f032f37f7337e61ab8238bf1bda5393bdb609efaee5d1535f5c8f84364c6eaf6

SHA512
cf5dd4e1a9aa3105b6b26de19a0d8224096b802b00ac970e351c5908828f99fd04967e5956014c01200292b3d449f794e4667e0b84cd432955acb22b3ec64004

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
fb292f7ed8c3a3a7a036fb3d57c26bc3

SHA1
e611822f359805ca2a7d4660cc48a251145cf449

SHA256
28b1bb2f74c7aba7739f860236114a05530adf79d6fb1d1e3c617136d7fd875e

SHA512
fbd8525df08d029c47a003841e814e4ba0dd1a3f480aa066664331a5c9864e78956e6bd9b2ee69a2340ae4f84a2a2ab10081afe3cf76b07882cd3b786bdf0b6e

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
408B

MD5
12508d0231294e22398877867a822a0b

SHA1
18394c48d7313f7e423e119c0dd92f22eb6891de

SHA256
a29d8330bf3241a69d4c267d82a5f5b998e6690067481dde6e2856304bf3e760

SHA512
7352cb5d0bf143f2b8037e52b67fbff4a65c9b81e4971a7f81fdfd9c0917eb514e041b761ee8749face5b8b061e0cf0cab50a5329444968d3ac225bdae1b0f20

Download Submit
/storage/emulated/0/osu!droid/.nomedia
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/osu!droid/Songs/library.library3.3.dat
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/osu!droid/databases/osudroid_test.db
Filesize
36KB

MD5
184af9998aad5b4c64d3d9c596dd9820

SHA1
9183523403333a863ed0ce69d3d4f8c01546e3e4

SHA256
cbf388a3a8d3ea11e5ad71a04a0e23463a94d40756f39ccbe89dfe692a71bf11

SHA512
15f29ff95a9856acb6206f267bdea345b81cb9bb4ff47e7d2c2d8d5c27f0445dc49873f52e56025dc48793aa0272e97442b4b6ce08418fb6482ba9be1c5bacbc

Download Submit
/storage/emulated/0/osu!droid/databases/osudroid_test.db-journal
Filesize
524B

MD5
58c9c92a96cfba6dc561805b18469ddb

SHA1
3d476bd0c8c1ed92b1d75ba90ba4d0f157a441f1

SHA256
e823b0fa29bb8f13fc77ec7203fbc072cc69a50ff78c878c602dbdf3f2711388

SHA512
56ea5cae68484aed29b2b3af39a9919049178404fd8a05770a46a20cdc598bf577e7069d4cf81173213674000db02d4d761f9d102350e772a8f4b0a592676a8d

Download Submit
/storage/emulated/0/osu!droid/json/favorite.json
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit