furball | 30ab16f5132dc94c94b3db0632f84a1c2def8bd53b1041c5cddd9aa81d3496eb | Triage

Sharing

General

Target

162edb56fbe13dbe3aa389da760705556d3f440b37ff0df7374aa00a14552b5c.zip
Size

2.1MB
Sample

230424-crtrcshc89
MD5

f17c5bce91ca8a45c69d608778be9910
SHA1

f0ea97d45e3a04f2b0d19768bad5b69a0fb85344
SHA256

30ab16f5132dc94c94b3db0632f84a1c2def8bd53b1041c5cddd9aa81d3496eb
SHA512

f276b8c1633bc519567439b8594faf73eb2c6067431e440f2328d39ff67b5231724b74d47bc9f80e3d9e89ebb8c5231258423119bbf868b4e1a2fc4cd82b4674
SSDEEP

49152:21YHER2I7Ul2cJigRamYd9lASaZxhZY48iY8LKhpSE:2TgIwpVYpdVaZL96SE

Score

10^/10

furball android ransomware

Malware Config

Extracted

Family

furball

C2

http://www.appsoftupdate.com/mmh

Targets

- Target
  
  162edb56fbe13dbe3aa389da760705556d3f440b37ff0df7374aa00a14552b5c
- Size
  
  2.2MB
- MD5
  
  c456989431700dac4f35c5288c120818
- SHA1
  
  37ddcf192f606a2fb5f3f9410c08db758e5019c8
- SHA256
  
  162edb56fbe13dbe3aa389da760705556d3f440b37ff0df7374aa00a14552b5c
- SHA512
  
  0059412368a42493a62aaa83dbf052c8dc6efec533e860dd46a453cfe7c64153a36a4099d9edc4ba8a973e11a8d1d114670b9a122aed7fc56bc937c9245c26cc
- SSDEEP
  
  49152:QY4xv2oULWN+YyjZ2xKv0uL5KjbTl5CWGfs3oxR+n2nH:c2oF+Y7xKvnL5I/lFws3A+e
Score

7^/10

ransomware
- Acquires the wake lock.
- Reads information about phone network operator.
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3