48b7e96e2b0747029df20e5f22f2d01c5bf9a481188603a271c1139886f4a99c | Triage

Sharing

General

Target

legion_anime_37.apk
Size

23.6MB
Sample

230203-fpwpqaed5y
MD5

0654211679d049ba1d3a7fbfb40cdd84
SHA1

76a32d16431a87d9b002c978727714b8b28010a2
SHA256

48b7e96e2b0747029df20e5f22f2d01c5bf9a481188603a271c1139886f4a99c
SHA512

2e5d565d70e170fcddfd5111fe14611844400b46b8749b8f05bf1de48aa348609edfe823bc7537b5573cda5970aefea910b1fb9353b2e6a346bbde42a8f1e5a3
SSDEEP

393216:/Yy8E7o/dyXv6NuyyoS73I6FiSutWPfasvciT+piJv7GO8RM8/u+TM5be/hONZbc:/YBEydyXy/S73IITmWXfTgiJviOgM8/P

Score

7^/10

android evasion ransomware

Malware Config

Targets

- Target
  
  legion_anime_37.apk
- Size
  
  23.6MB
- MD5
  
  0654211679d049ba1d3a7fbfb40cdd84
- SHA1
  
  76a32d16431a87d9b002c978727714b8b28010a2
- SHA256
  
  48b7e96e2b0747029df20e5f22f2d01c5bf9a481188603a271c1139886f4a99c
- SHA512
  
  2e5d565d70e170fcddfd5111fe14611844400b46b8749b8f05bf1de48aa348609edfe823bc7537b5573cda5970aefea910b1fb9353b2e6a346bbde42a8f1e5a3
- SSDEEP
  
  393216:/Yy8E7o/dyXv6NuyyoS73I6FiSutWPfasvciT+piJv7GO8RM8/u+TM5be/hONZbc:/YBEydyXy/S73IITmWXfTgiJviOgM8/P
Score

7^/10

evasion ransomware
- Acquires the wake lock.
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Legitimate hosting services abused for malware hosting/C2
- Reads information about phone network operator.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

evasionransomware

behavioral2

evasionransomware