831346106da21d6edd95d62d22065a705e1c8c3edd29a31fb4ca7431d50d5cb1 | Triage

Submit
Reports

Overview

overview

8

Static

static

7

831346106d...b1.apk

android-9-x86

8

831346106d...b1.apk

android-10-x64

7

Resubmissions

03-10-2023 04:57

231003-flel2agd3x 10

02-10-2023 04:19

231002-exzwnsgh69 10

10-03-2023 06:31

230310-haj4gsdf5t 8

15-06-2022 10:31

220615-mkec7sdehq 8

Sharing

General

Target

831346106da21d6edd95d62d22065a705e1c8c3edd29a31fb4ca7431d50d5cb1
Size

123KB
Sample

230310-haj4gsdf5t
MD5

b08c833107b4fc22289386fe47dd997f
SHA1

fe6673b28888d22b1d3181e26b5e708d96d3f602
SHA256

831346106da21d6edd95d62d22065a705e1c8c3edd29a31fb4ca7431d50d5cb1
SHA512

9b26a007c1c3a107c41992f14df40f094880c045a0586cd67a3fca091fc9937ec513a40733b74950b7c4bdfaffd3a8142be3333f4981e5ff07898d5a1b1bc52f
SSDEEP

3072:ZXWaaDA/UsmY9KFdlvg08HHf1yhEZeXGA4FYP8R4V7/I6EPCLps:ZXP/5P6Y1NlepPnV7/pEKLm

Score

8^/10

android banker evasion ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

831346106da21d6edd95d62d22065a705e1c8c3edd29a31fb4ca7431d50d5cb1.apk

Resource

android-x86-arm-20220823-en

banker evasion ransomware

android-9-x86

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

831346106da21d6edd95d62d22065a705e1c8c3edd29a31fb4ca7431d50d5cb1.apk

Resource

android-x64-20220823-en

android-10-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  831346106da21d6edd95d62d22065a705e1c8c3edd29a31fb4ca7431d50d5cb1
- Size
  
  123KB
- MD5
  
  b08c833107b4fc22289386fe47dd997f
- SHA1
  
  fe6673b28888d22b1d3181e26b5e708d96d3f602
- SHA256
  
  831346106da21d6edd95d62d22065a705e1c8c3edd29a31fb4ca7431d50d5cb1
- SHA512
  
  9b26a007c1c3a107c41992f14df40f094880c045a0586cd67a3fca091fc9937ec513a40733b74950b7c4bdfaffd3a8142be3333f4981e5ff07898d5a1b1bc52f
- SSDEEP
  
  3072:ZXWaaDA/UsmY9KFdlvg08HHf1yhEZeXGA4FYP8R4V7/I6EPCLps:ZXP/5P6Y1NlepPnV7/pEKLm
Score

8^/10

banker evasion ransomware
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
- Reads information about phone network operator.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bankerevasionransomware

behavioral2

© 2018-2024

Terms | Privacy