153410238d01773e5c705c6d18955793bd61cb2e82c5c7656e74563bb43b3ffa

Resubmissions

02/04/2024, 07:18

13/04/2023, 13:04

max time kernel
2058849s
max time network
19s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
13/04/2023, 13:04

Target

CoinSpot.apk
Size

3.6MB
MD5

382e4022f901ebc2fa15a168a8dc5a20
SHA1

a8afa19a4aa30b144387101a58e7f52335f24eeb
SHA256

153410238d01773e5c705c6d18955793bd61cb2e82c5c7656e74563bb43b3ffa
SHA512

891b38c568d56325a51394c8676e9553534dc470b8272cdbe610ff530f63ca15b03436143f4af23141ef9580a9a90ec4d6fd1448ed5ec93130290de242162c4a
SSDEEP

49152:0CEMb7Wdu21EpCPOzbGHYBLJ/Oys84q9rsljigY2a1WQOqvauFOJ+AIibJWhL9Bt:FXb/VUP2GHYBJOyI3l2WaUqCKYSKJLRE

Score

7^/10

ransomware

Checks Android system properties for emulator presence. 1 IoCs

description	ioc	Process
Accessed system property	key: ro.hardware	com.top.omit

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.top.omit/app_DynamicOptDex/dmW.json	4115	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.top.omit/app_DynamicOptDex/dmW.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.top.omit/app_DynamicOptDex/oat/x86/dmW.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.top.omit/app_DynamicOptDex/dmW.json	4064	com.top.omit

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.top.omit

com.top.omit
1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4064
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.top.omit/app_DynamicOptDex/dmW.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.top.omit/app_DynamicOptDex/oat/x86/dmW.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4115

/data/user/0/com.top.omit/app_DynamicOptDex/dmW.json

Filesize
1.2MB

MD5
2eeb9aee083cb992a040f20625673074

SHA1
2b98c5f01f2746ffe649280d960a6409abbb1b82

SHA256
2c3df15f1acd573f94f7d5ad7c75825b36a392a166100c1c931dc34ab20d1cab

SHA512
5232496166d71610399ad3969c6d32ce16e83f0947bec09b0ef82d1a13e65dca607bbfa914d2ea502fbe144d81adcce260004e5c2a0abc6bb6850b94ff837a4f

Download Submit
/data/user/0/com.top.omit/app_DynamicOptDex/dmW.json

Filesize
1.2MB

MD5
0e6e8f70702bceb278745e19c2ac2b14

SHA1
e6ea5dba97c3c1851882e120d13e43460385de01

SHA256
9e1417946a05655869642d9c560605fb8cad248f86e276f894ab0744bd428f7a

SHA512
13382ce1800d5a658a159c07c81afa5cd595db812e265d218272b26e6822f1d5975c9bfa8212d6dc11e42c406bf2bca35729eb2d18415b820fd5b7cf12179c3c

Download Submit