0b72c22517fdefd4cf0466d8d4c634ca73b7667d378be688efe131af4ac3aed8

Resubmissions

22-11-2023 16:15

231122-tqbyladf25 10

06-02-2023 11:15

230206-ncz6dadf55 8

01-02-2023 07:34

230201-jd4sqsec2s 8

Analysis

max time kernel
641466s
max time network
158s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
06-02-2023 11:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b72c22517fdefd4cf0466d8d4c634ca73b7667d378be688efe131af4ac3aed8_unpacked.apk
Size

7.2MB
MD5

ec9f857999b4fc3dd007fdb786b7a8d1
SHA1

3fa48a36d22d848ad111b246ca94fa58088dbb7a
SHA256

0b72c22517fdefd4cf0466d8d4c634ca73b7667d378be688efe131af4ac3aed8
SHA512

51d9965e08fa3f5cd8850df3f2dd8503c47ce9f3668b2ae90d3560cc16acd0d4d1b3bbed651d957bc41ea7595a527a00b9c600b3726faa6095af380019e3d1e0
SSDEEP

98304:vDdInEpAOdLl2DfGjOmP34z09nmw3xAZMV8JiDQeZgUGdh0fr33dmh++0oEHi6Pz:5gE7tf3u09nmiOZmDid9h+CFZMXmwfXR

Score

8^/10

banker evasion ransomware

Malware Config

Signatures

Makes use of the framework's Accessibility service. 3 IoCs

Processes:

com.rduzmauwns.jieliysagr

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.rduzmauwns.jieliysagr
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.rduzmauwns.jieliysagr
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.rduzmauwns.jieliysagr

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
banker

Processes:

com.rduzmauwns.jieliysagr

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications com.rduzmauwns.jieliysagr
Acquires the wake lock. 1 IoCs

Processes:

com.rduzmauwns.jieliysagr

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.rduzmauwns.jieliysagr
Requests enabling of the accessibility settings. 1 IoCs

Processes:

com.rduzmauwns.jieliysagr

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS com.rduzmauwns.jieliysagr
Reads information about phone network operator.
Removes a system notification. 1 IoCs
evasion

Processes:

com.rduzmauwns.jieliysagr

description ioc process

Framework service call android.app.INotificationManager.cancelNotificationWithTag com.rduzmauwns.jieliysagr
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.rduzmauwns.jieliysagr

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.rduzmauwns.jieliysagr

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.rduzmauwns.jieliysagr

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.rduzmauwns.jieliysagr

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.rduzmauwns.jieliysagr

description	ioc	process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.rduzmauwns.jieliysagr

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.rduzmauwns.jieliysagr

com.rduzmauwns.jieliysagr
1⤵
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Acquires the wake lock.
- Requests enabling of the accessibility settings.
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4022

com.rduzmauwns.jieliysagr:remote
1⤵
PID:4128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.rduzmauwns.jieliysagr/app_webview/Web Data

Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.rduzmauwns.jieliysagr/app_webview/Web Data-journal

Filesize
1KB

MD5
9b3f882d919fbac6ca8774607bc460e3

SHA1
89f15177ca3609626c7bc2cb1bbfb171ba5379ef

SHA256
268e536cab6a17f0abede0df5be8876fc9522fe45c1a0489567163e4aacff252

SHA512
a6c3aee240f6844f85078e83f012ff4f45d544702c2e132fc7d49ec3262983dce9e855f2ead5873ee0aded3bc4aece4e2ca7285da8c5ea6af5430dcdec385a2f

Download Submit
/data/user/0/com.rduzmauwns.jieliysagr/app_webview/metrics_guid

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.rduzmauwns.jieliysagr/app_webview/metrics_guid

Filesize
36B

MD5
8b86508fdf8506833a83e294b6dac49c

SHA1
bcb3ef5837080f3b3abe0894db542ba1a60d042e

SHA256
10c659617aa1d738bd46db8ea494e8c7f5117ac9c410c7132e94f3e0c0555de6

SHA512
434a0e366f71e8098e8419b0326a30570afac0ed90b197e7a99f4599fbc3f07ea4804e26128818ba7930905fb91a7b686d36e4a118fbde16cd54f715bb884d7f

Download Submit
/data/user/0/com.rduzmauwns.jieliysagr/app_webview/variations_seed_new

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.rduzmauwns.jieliysagr/app_webview/variations_stamp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.rduzmauwns.jieliysagr/app_webview/webview_data.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.rduzmauwns.jieliysagr/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit