9ce2ad40f3998860ca1ab21d97ea7346bf9d26ff867fc69c4d005c477c67a899

Analysis

max time kernel
3738294s
max time network
160s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
14/03/2023, 06:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ce2ad40f3998860ca1ab21d97ea7346bf9d26ff867fc69c4d005c477c67a899.apk
Size

2.2MB
MD5

8ce057ff57478e98c0e246355ccd27db
SHA1

1d3cc636883c72d45e8f336344bdea97ec8d91d1
SHA256

9ce2ad40f3998860ca1ab21d97ea7346bf9d26ff867fc69c4d005c477c67a899
SHA512

5fd1345c3d605859bc56cf4cf7088712b63d929a3d576e99a88406eaa3387e4a996361c3bcc78275650609ad967636b7042fa42c244b183da96a0e7cfff78a1f
SSDEEP

49152:grrgUCuMhTKb+/CZFLqtBOU3t95tnUAqkp3IQRRiEKfaFEjI:uTOKb+qXmBOuPUAqkpIQDGsEjI

Score

8^/10

evasion ransomware

Malware Config

Signatures

Makes use of the framework's Accessibility service. 3 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.great.calm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.great.calm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.great.calm

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.great.calm

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.great.calm/app_DynamicOptDex/hDpdaxQ.json	4673	com.great.calm

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs

evasion

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.great.calm

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.great.calm

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.great.calm

com.great.calm
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4673

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.great.calm/app_DynamicOptDex/hDpdaxQ.json

Filesize
934KB

MD5
637d3020a6e8d9aa114d51e7939fe6a0

SHA1
7e172dabca14040635c9118920942805ddfc964a

SHA256
cc3c058fd60da1fd0c3c8f0e58fecd355eef4ecc1d138fe8c6b9da8920cf9797

SHA512
e426c769af5af742f4b6f2f0f1dce4df0543d55fa8652759417c850943c750e90ea4033a7ce5ebd1063779238c4961a82840f3074b00f7d62e7bcf9978b91e2b

Download Submit
/data/user/0/com.great.calm/app_DynamicOptDex/hDpdaxQ.json

Filesize
2.6MB

MD5
033e4993902fa453fc96b86248ea7ae7

SHA1
efb980435f0b7de14861fef21e4c09434b519c4d

SHA256
b28162d529728bf31f7dac4eadf40825a0ea1e5e6039e9b521d5906280c29196

SHA512
fe27307d7401dbc3881b3f7aec18b228ea48285d3f8fa8ffab51b29a51a8eba91d677ebf7bdd9b44ece60c9f87a36604272ff98ff8c25102cb162f49f61aaca3

Download Submit
/data/user/0/com.great.calm/app_webview/Default/Cookies

Filesize
64KB

MD5
dfb2098ca7b3bf16d6f5f1e7d3839af5

SHA1
ebb7a8bc886062d77a4092bd306b77a0ce7a3e9d

SHA256
e4119d32577d7fc63b267cc23eb7a9bbfb12d238f23e08918c38838fe0181224

SHA512
fccec45399258eb98220b7f01b492a72b8b3d1254dec6e196e344d89a0376c6ee24534a31a6675c866d4a17256d3ac6823657eaf04e1d386757d0cbfc6597e50

Download Submit
/data/user/0/com.great.calm/app_webview/Default/Cookies-journal

Filesize
1KB

MD5
ba87658d4e22d72ea1161f735aaa8c13

SHA1
7b21d5b291dee7e030e681bfde8e556bb455cef1

SHA256
f3318f0517378216dac98072cc5f4dd1ddb3068e5526f8ab6780741f917e843c

SHA512
bfe49d048a0e10cd5c89e68ba70d46569b398bf6d60a4d8cb9508f0c3af63577f2ddf6d2f6aadacda9d7e3620bb4d64c7793928e414fc5280002111679fed17b

Download Submit
/data/user/0/com.great.calm/app_webview/Default/GPUCache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.great.calm/app_webview/Default/GPUCache/index-dir/temp-index

Filesize
96B

MD5
24bbaf9b8fb86fd66fb9f205c33846d0

SHA1
55b028f0cd17e1a7190cab19eb6a02ff02ae6fb9

SHA256
9f353dc6fe5eb38cbe6942708cf5204ff0df9ff5795b205134950f1b5d61f41c

SHA512
c5a562a588a1705c1db3bf9924a7242be6e4e76b4562ebdcb32ae7d27b21ec810d38380f90aebcc5c57b7520227d14935c82edb714553779cd04608f4af45e94

Download Submit
/data/user/0/com.great.calm/app_webview/Default/Web Data

Filesize
120KB

MD5
a48cd9324b1f8754b07f00d863b840f3

SHA1
11c6614775b35a58f440971dfc87c8aaac6d6173

SHA256
8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420

SHA512
35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

Download Submit
/data/user/0/com.great.calm/app_webview/Default/Web Data-journal

Filesize
2KB

MD5
91a411b1a60ebebe2a0c33c30ce3b5a6

SHA1
a5e482e07d068edff67ad190c4fa0b0b86ff3fe6

SHA256
3ae64937666aac2237d8ce7ac9a0299c5e6e207eec55bae7cd6afbc8d43c1551

SHA512
94787edfb03b58d5eb4d584881d70cc1d2aa39deb7478dd1646cd16313ed134f05b67ca0310d8f81f56402f0fe97df85f1c566706ef89e0b61f1391f9c8945ff

Download Submit
/data/user/0/com.great.calm/app_webview/webview_data.lock

Filesize
20B

MD5
9328e133316e3a3a02554ea22f458ec0

SHA1
90984e871efcd18edec46f98a902df28e8f988b4

SHA256
91c7b06c898750d6919dc669e955084938ca30f8092123f865c0c09615e7a25a

SHA512
464f1b972ba606c9239ff401e1037a79b46d562da68e4165fed637c32ca8415f5e1a4a3db0f286f923fb1a012f4dc547f6872a762d30b8151ff6a24e043c39ca

Download Submit
/data/user/0/com.great.calm/cache/WebView/Crashpad/settings.dat

Filesize
40B

MD5
d5214042ce39c5c012b25e707abf3bf9

SHA1
3be38c68ede73b694028e862497b5e225946df36

SHA256
1099d0215f531211ae718fa3ebdc54db3562dc1cf157bf7751d9a46b661b5bc8

SHA512
c2f22dcdb6837e887092c07d703aa80d33dfa99bf0e28fe70a2ba7a27b157a869f3e27c1145df2b15f662baa1d815ece9a328e7138d0d905f643acef1657a96f

Download Submit
/data/user/0/com.great.calm/cache/WebView/Default/HTTP Cache/21a97041b40c53c6_0

Filesize
346B

MD5
ce11b1f306d06cde62ab845d5dec0751

SHA1
37ad5d64bea9c1bfd68fc58d28e527697b6d019c

SHA256
2202d51d057280290dd11887f7d960dc6a852112525f1cc5c44fe0f8c804021b

SHA512
cc684d74d945362de69a50871f2776f54cae88bf948cbcf4eee539f1e39f2488396f0ec6b860a375c671b1ff236d43c56cdee0d7b4a1d032218789370b9e4cd1

Download Submit
/data/user/0/com.great.calm/cache/WebView/Default/HTTP Cache/5dcc6771ad552215_0

Filesize
328B

MD5
365c9de3db40a2fbea7d8f0d3685b9ff

SHA1
c9b3a85f823589aaf7b5693a95de0d0d41aae457

SHA256
db41b76fce18aa35503786a0211e30193bb9ff350ee032b914736a96119c79ff

SHA512
d934facc284ef7346938a6f8ebb79899c80f3aadbde22c2664de79113073f3161800283a36431766be8032b5499578b74c0673d87723e661358c4201148aceb4

Download Submit
/data/user/0/com.great.calm/cache/WebView/Default/HTTP Cache/624f2bd216494a6f_0

Filesize
348B

MD5
5947cde352bb37289a0893ec2ab8a815

SHA1
2712037cff9d2ffe43f602485f6a8db13f1e4265

SHA256
7d183ed5017635247ca4c3e1cd02b114b16f99a4fa03b1eb6388f9bbbe8612fa

SHA512
60d6c7b660ba3f1e70014d9166d3eea98e225f527542f10f654bba18605114d5a8b501821d0ba2789412776bc10c3a1322d9b8cbde5845ac4eca6450056c333b

Download Submit
/data/user/0/com.great.calm/cache/WebView/Default/HTTP Cache/Code Cache/js/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.great.calm/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

Filesize
96B

MD5
c4150fc4a905819fd2354063b373d151

SHA1
a8eee03e023dd0ccf08bc4b9e5bc0c04456bed51

SHA256
1e85435ff7fbce8e53d79b8395fab3df2c550fc80f6eef8d87ec5d01af7eb256

SHA512
27f2556efe222707bfc7cd8ed33132d2710ff6981078b6dbc8b1cebcfafa3691af455f6fd1fdd3a12a8d69bc74d689620bba23aac8ba073033f4fd250345ee40

Download Submit
/data/user/0/com.great.calm/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.great.calm/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

Filesize
96B

MD5
195f1d7ed3db248d0fe6ac1490481f39

SHA1
d018037a848d6e30c95c9dfc505ce906e336e9bb

SHA256
7f9a69e5d8987dc2c2e22cad6d80a6439bab1c20b63cec511c774010db768a3c

SHA512
b202cbd0395c269e6d50cc21cee5e6b4e1a954a0956720b72a9a66675cc0a8d1ae231e2e3a2d5958b4307f0704bca8ce78e93d770b4e496a4ec3960f1fb5f479

Download Submit
/data/user/0/com.great.calm/cache/WebView/Default/HTTP Cache/a0c2ffc2995089d9_0

Filesize
346B

MD5
2f5c9f81a0f69e69839e1e5e625024f6

SHA1
3966beb309e16dc568f012ec6efa45590a6266d4

SHA256
268077ed9db9ee7874e736a1eb24885faf9270c8800ffbfeede9dc2f5d562201

SHA512
8ffd75bf809f264798d4030e273cf2e26f9d3a5699aedfebad04fc29a28d768f4ecc72d49d349b6495bcbc5a87857a8635e53726c48014562466b45345e57b1e

Download Submit
/data/user/0/com.great.calm/cache/WebView/Default/HTTP Cache/ba6620262a558c11_0

Filesize
346B

MD5
2506dccf4ebbed1021dcb3c26c5e533a

SHA1
3971d53cf70e8bb3080d01abef50d70b7629d3f6

SHA256
fb88b715425abd71ce9891ff691ee6f9c35ebbc35f1619c6d0819138bb7991d3

SHA512
4f1ecd0af828917f35a7fc09dd9cc80829707962d25c001515b61ea95e850e34a774227bb469db17e86e9bce319b3b9bd0f98b2ac9f58cadcddf27e40d768cff

Download Submit
/data/user/0/com.great.calm/cache/WebView/Default/HTTP Cache/c74c995875787a06_0

Filesize
470B

MD5
2f11f81300643c191ad9b075610961b6

SHA1
a2f8ab22293e1356f25e38a44c88f6d6d3b1ea6b

SHA256
f832b421897aeada03ae7d6970a300a42e132c274de3f4895c96de1bc8c2b1bf

SHA512
3299b06b0877863effb1e1f72975fe9e3eb534fd29597b61e390205cac9c11bf3aa8c91b1906594fb96a84c2c5a0d37bc1f6721a0256af97e325e7d425e8e914

Download Submit
/data/user/0/com.great.calm/cache/WebView/Default/HTTP Cache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.great.calm/cache/WebView/Default/HTTP Cache/index-dir/temp-index

Filesize
384B

MD5
bef92298f9cc1cda63faff6d67f3dead

SHA1
5095d303d14a966fbb4fcba9901ef5180016a05e

SHA256
6e7dc41fbed1101fe6fcb9f69ea8ba54da43da032c76c04903b3ec7baaa8fa1d

SHA512
b53f03c3850d5d1f986fb57a4f1ab89bf1cfda21146c8251f1fe9d95c3c9f3aed360edd235fab7de91c3fe834d730a3b591c657064c86840d2b43a226de9d7e6

Download Submit
/data/user/0/com.great.calm/cache/WebView/Default/HTTP Cache/index-dir/temp-index

Filesize
96B

MD5
453907bba86a5d7c31daf1f5e76d015d

SHA1
0032b9e910d552e0fb7dc4f22ebaf181f4d5216c

SHA256
209d9569743de1d8a2b1a2ad6f75bb9e986a46f6058e19ece7ea583ef18f58a5

SHA512
d99e2728a671e64e189a53c41cb053e3f100bf63f9c3f257776042b1cc7d09c06c580acf3f85f31ec0e40115017f66a533c14c4a187f385304b973d57d548e43

Download Submit
/data/user/0/com.great.calm/cache/WebView/font_unique_name_table.pb

Filesize
57KB

MD5
f080fa2a56ab5479d58063e5ea871447

SHA1
4b3fd57a98916fa5784305b76ba30af26b5253d9

SHA256
0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815

SHA512
8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

Download Submit
/data/user/0/com.great.calm/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
97ccd9a2b2063143df56b6937f961ca4

SHA1
5e78a91ae5df289ce83443cb7d5589dd3504fb5d

SHA256
248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd

SHA512
86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

Download Submit