9ce2ad40f3998860ca1ab21d97ea7346bf9d26ff867fc69c4d005c477c67a899 | Triage

Submit
Reports

Overview

overview

8

Static

static

7

9ce2ad40f3...99.apk

android-10-x64

7

9ce2ad40f3...99.apk

android-11-x64

8

9ce2ad40f3...99.apk

android-9-x86

8

Sharing

General

Target

9ce2ad40f3998860ca1ab21d97ea7346bf9d26ff867fc69c4d005c477c67a899
Size

2.2MB
Sample

230314-g834ksdh45
MD5

8ce057ff57478e98c0e246355ccd27db
SHA1

1d3cc636883c72d45e8f336344bdea97ec8d91d1
SHA256

9ce2ad40f3998860ca1ab21d97ea7346bf9d26ff867fc69c4d005c477c67a899
SHA512

5fd1345c3d605859bc56cf4cf7088712b63d929a3d576e99a88406eaa3387e4a996361c3bcc78275650609ad967636b7042fa42c244b183da96a0e7cfff78a1f
SSDEEP

49152:grrgUCuMhTKb+/CZFLqtBOU3t95tnUAqkp3IQRRiEKfaFEjI:uTOKb+qXmBOuPUAqkpIQDGsEjI

Score

8^/10

android evasion ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9ce2ad40f3998860ca1ab21d97ea7346bf9d26ff867fc69c4d005c477c67a899.apk

Resource

android-x64-20220823-en

android-10-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

9ce2ad40f3998860ca1ab21d97ea7346bf9d26ff867fc69c4d005c477c67a899.apk

Resource

android-x64-arm64-20220823-en

evasion ransomware

android-11-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

9ce2ad40f3998860ca1ab21d97ea7346bf9d26ff867fc69c4d005c477c67a899.apk

Resource

android-x86-arm-20220823-en

evasion ransomware

android-9-x86

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  9ce2ad40f3998860ca1ab21d97ea7346bf9d26ff867fc69c4d005c477c67a899
- Size
  
  2.2MB
- MD5
  
  8ce057ff57478e98c0e246355ccd27db
- SHA1
  
  1d3cc636883c72d45e8f336344bdea97ec8d91d1
- SHA256
  
  9ce2ad40f3998860ca1ab21d97ea7346bf9d26ff867fc69c4d005c477c67a899
- SHA512
  
  5fd1345c3d605859bc56cf4cf7088712b63d929a3d576e99a88406eaa3387e4a996361c3bcc78275650609ad967636b7042fa42c244b183da96a0e7cfff78a1f
- SSDEEP
  
  49152:grrgUCuMhTKb+/CZFLqtBOU3t95tnUAqkp3IQRRiEKfaFEjI:uTOKb+qXmBOuPUAqkpIQDGsEjI
Score

8^/10

ransomware evasion
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

evasionransomware

behavioral3

evasionransomware

© 2018-2025

Terms | Privacy