xenomorph | 9ce2ad40f3998860ca1ab21d97ea7346bf9d26ff867fc69c4d005c477c67a899

Analysis

max time kernel
4136223s
max time network
157s
platform
android_x64
resource
android-x64-20220823-en
resource tags

androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
submitted
07-05-2023 05:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ce2ad40f3998860ca1ab21d97ea7346bf9d26ff867fc69c4d005c477c67a899.apk
Size

2.2MB
MD5

8ce057ff57478e98c0e246355ccd27db
SHA1

1d3cc636883c72d45e8f336344bdea97ec8d91d1
SHA256

9ce2ad40f3998860ca1ab21d97ea7346bf9d26ff867fc69c4d005c477c67a899
SHA512

5fd1345c3d605859bc56cf4cf7088712b63d929a3d576e99a88406eaa3387e4a996361c3bcc78275650609ad967636b7042fa42c244b183da96a0e7cfff78a1f
SSDEEP

49152:grrgUCuMhTKb+/CZFLqtBOU3t95tnUAqkp3IQRRiEKfaFEjI:uTOKb+qXmBOuPUAqkpIQDGsEjI

Score

10^/10

xenomorph banker infostealer ransomware trojan

Malware Config

Extracted

Family

xenomorph

dedeperesere.xyz

vldeolan.com

cofi.hk

Extracted

Family

xenomorph

AES_key

Signatures

Xenomorph
Xenomorph is an Android banking trojan that is seemingly tied with AlienBot.
banker trojan infostealer xenomorph

Xenomorph v3 payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/com.great.calm/app_DynamicOptDex/hDpdaxQ.json	family_xenomorph_v3

Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.great.calm

ioc pid process

/data/user/0/com.great.calm/app_DynamicOptDex/hDpdaxQ.json 4757 com.great.calm
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.great.calm

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.great.calm

ioc	pid	process
/data/user/0/com.great.calm/app_DynamicOptDex/hDpdaxQ.json	4757	com.great.calm

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.great.calm

com.great.calm
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4757

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.great.calm/app_DynamicOptDex/hDpdaxQ.json
Filesize
934KB

MD5
637d3020a6e8d9aa114d51e7939fe6a0

SHA1
7e172dabca14040635c9118920942805ddfc964a

SHA256
cc3c058fd60da1fd0c3c8f0e58fecd355eef4ecc1d138fe8c6b9da8920cf9797

SHA512
e426c769af5af742f4b6f2f0f1dce4df0543d55fa8652759417c850943c750e90ea4033a7ce5ebd1063779238c4961a82840f3074b00f7d62e7bcf9978b91e2b

Download Submit
/data/user/0/com.great.calm/app_DynamicOptDex/hDpdaxQ.json
Filesize
2.6MB

MD5
033e4993902fa453fc96b86248ea7ae7

SHA1
efb980435f0b7de14861fef21e4c09434b519c4d

SHA256
b28162d529728bf31f7dac4eadf40825a0ea1e5e6039e9b521d5906280c29196

SHA512
fe27307d7401dbc3881b3f7aec18b228ea48285d3f8fa8ffab51b29a51a8eba91d677ebf7bdd9b44ece60c9f87a36604272ff98ff8c25102cb162f49f61aaca3

Download Submit
/data/user/0/com.great.calm/app_DynamicOptDex/oat/hDpdaxQ.json.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.great.calm/app_webview/.com.google.Chrome.Ma8yEZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.great.calm/app_webview/Cookies
Filesize
64KB

MD5
9b23e6a88d5a95f155f205cb04b93cd0

SHA1
b62dccbbef087a0731f226b96d15d35d8aa5e5fc

SHA256
f2f3c3c0c7f085399a6f9a464c1ac30a59ceeb5a4b7026286fa5609e6e8ef857

SHA512
bce5f25d98e2e8296c4101b62082dcb6a43902f3431ff6f725e41be6b9aece76e887ef94c4818baf4da845708fd76fd51c37fb6915710c870647593868f27482

Download Submit
/data/user/0/com.great.calm/app_webview/Cookies-journal
Filesize
1KB

MD5
f8d6b580cb114ae4ad2d9784a85a341c

SHA1
5a09c13f75f52e381f53357275439cac3d2b625a

SHA256
034eb2c80b21152298f3f79a7942aaa6a2f61634b47e6a91afb69f6987b31e4a

SHA512
f3a04ff8c8370acdfc4396e56a4dda7559a8cf06b78a77f6b2cac17e41345386ae9f32831758cc1d9264abd8a2507b9e09178a107bf4cfc436fa6dbbb71f27bb

Download Submit
/data/user/0/com.great.calm/app_webview/GPUCache/index
Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.great.calm/app_webview/GPUCache/index-dir/temp-index
Filesize
96B

MD5
90444891c22b3f8a54325dc05905679c

SHA1
afc7f792c901e371382c19e965801ed96e5df4a1

SHA256
34dff85da56b3cc61cd469e3c2c222f0ddd42007eabcad710a1cd8fc3b38e191

SHA512
f1d8af0dfb1dba5083e3ca095167cf389b46d90e4eadabfd48041cbcaeebef02550ccbd4b9ad9458fa36963a9922be51b197f888b9cb8a6c50df6d382454181b

Download Submit
/data/user/0/com.great.calm/app_webview/Web Data
Filesize
112KB

MD5
b663831f8cc130493476d94f2d7a5330

SHA1
043a1956ab8e40821d67043f8a9110a8eb36fb93

SHA256
c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

SHA512
e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

Download Submit
/data/user/0/com.great.calm/app_webview/Web Data-journal
Filesize
1KB

MD5
cebed1883fc92039dbebfa07f99ea0e6

SHA1
d5cc0a4d8fae5d23098222e648077d6b3ea8259d

SHA256
3c37a615815fd3c21a32959546b5b0f218f2646acf329d121557f1069e2c5f06

SHA512
d26a62d9d8a537ede724e7967c2f7fea2f9551b10c6d13db68be8c0d7f47344fe35ece5f35d3559226eb0e9e5a00d868f862197ae954b0190941f872251d0ddd

Download Submit
/data/user/0/com.great.calm/app_webview/metrics_guid
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.great.calm/app_webview/metrics_guid
Filesize
36B

MD5
333d230bc8dbe1f4d4da70e8c8084604

SHA1
81b67aff7148508f4fa9417fbe28a6e85d23aa9b

SHA256
91ddd4068b88ef45eaff46ceb2d6de41e7476840f79d3ced34ac9beec02391c4

SHA512
5811cdbbf514a14871524b0c15fedf169e70b28be5e2801502332f61181dfff1ec7519ec27298e08482aae11f11fadcc244fdb7e25d7a72372f09d1eb791c2da

Download Submit
/data/user/0/com.great.calm/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.great.calm/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.great.calm/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.great.calm/cache/WebView/Crashpad/settings.dat
Filesize
40B

MD5
0ff2f0c5513935db619e34356c3ddd72

SHA1
a67f60f621aa8978041271e88a6e2b6a96ff1f93

SHA256
d7945b17cdac295f99a124a6234eba9e568df7f38b5000890ed1f7c900d02821

SHA512
490787c16cbcbb93ff91dd1d79919b45e70828968c9d010b5e8eaf4b92195f5ed386b8f07e24260f6b2f3f78c7b6102442589a8e39d3e7bff0da02bb6ab4bf1e

Download Submit
/data/user/0/com.great.calm/cache/org.chromium.android_webview/21a97041b40c53c6_0
Filesize
11KB

MD5
6d654acf5edd7c535f8b11248fb0bbbc

SHA1
91fad1fbf60cbe76bb69852a56b18de491de8277

SHA256
b36579b06817b098e3c095c052de7072634edaa3d2aa43208765fc71dfb335f1

SHA512
f4ea492283a7b4e5d250a6d75169222e5af8a3daa4061f2c1792bfe3e1e3c8057dab1dd69890b19b516e2c159eb2031b3eecb84f143e2db4db996212ced3f04b

Download Submit
/data/user/0/com.great.calm/cache/org.chromium.android_webview/5dcc6771ad552215_0
Filesize
11KB

MD5
fa171e598a11019b802a7487d955aa31

SHA1
f014fc37396b360065030d71274ad7816c006151

SHA256
1266b262f30c4cf732dd31774e90fd57312c4889744db20d6171c083c86bab6d

SHA512
3020f9b36a7a65a7c47653442a36d2da6cd82267075841639e602ffd195ee988e2ad0d2de36069f279f7873e25f079a80712730f66eeee7db68d64371653105a

Download Submit
/data/user/0/com.great.calm/cache/org.chromium.android_webview/624f2bd216494a6f_0
Filesize
11KB

MD5
3a1df034ae3b1b38b10571094d5280ae

SHA1
9d86e25ca36d8f5c09def58c621baad6cac068f7

SHA256
ecb14c3ba5c40ccbbec69521b80154bec3aa7c9f2306aea87a8db4fd5620af1d

SHA512
ccdc7c0e1f3c2e021f8a4ebc9e5ea4d76d40537915bf10b19822acde263f8f09caec82db55b040797eb87f621b353c5289a47c28d7ea2bd087c0d4d9d3bc2bed

Download Submit
/data/user/0/com.great.calm/cache/org.chromium.android_webview/Code Cache/js/index
Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.great.calm/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
Filesize
96B

MD5
f8625dd056c99d951b9d55224bb01a96

SHA1
b1f6419b0ce066de63fd5714b7dc27ab887016f8

SHA256
2e81a7d2c42336a02fd93675700583cd1074e01773aad8738fee6de42381ae08

SHA512
bfd1d3637104445eead8e0070240ccbc13b264678c9ca8f060c7eda9d80cddd671a8c9e5afaf3cbe233be7676e66f705278e46f521c11221ae18ea26c2aefa59

Download Submit
/data/user/0/com.great.calm/cache/org.chromium.android_webview/a0c2ffc2995089d9_0
Filesize
11KB

MD5
1e5c0cfb7f94e9bec4defd960b1505ee

SHA1
f213858422193c145de33c74aa4349c6dc41a4d5

SHA256
cfb604388714401125ff1eb9e0ad186a2d94b2e6f2ba4f2ba0e2f3eb1d17513d

SHA512
7a771f34491e70cca6e79e81717655ef74c8ae731d3d728c986a9a8928dea828fac663c8e4d2cbe2a4ca43a090e02c7d2e14257e619957ee0d80f36b0bcf5f3b

Download Submit
/data/user/0/com.great.calm/cache/org.chromium.android_webview/ba6620262a558c11_0
Filesize
11KB

MD5
31bf6ad722755ee34aa06cc5fb0664c1

SHA1
f55ffc8e3543bc6272664b05a01d82261d343795

SHA256
dd13702daca2065733f5ebd6a5c7ab8e6f305ee949031d292b20192d8333fa87

SHA512
9359254ebe412ee840e975de23bc07edd5903e2a9a272ffeb200139939f6e5243b288021c3db86a23f5f03efc1707e57a182b03c7ab8fb8e5dfe2b4524f051a7

Download Submit
/data/user/0/com.great.calm/cache/org.chromium.android_webview/c74c995875787a06_0
Filesize
470B

MD5
2f11f81300643c191ad9b075610961b6

SHA1
a2f8ab22293e1356f25e38a44c88f6d6d3b1ea6b

SHA256
f832b421897aeada03ae7d6970a300a42e132c274de3f4895c96de1bc8c2b1bf

SHA512
3299b06b0877863effb1e1f72975fe9e3eb534fd29597b61e390205cac9c11bf3aa8c91b1906594fb96a84c2c5a0d37bc1f6721a0256af97e325e7d425e8e914

Download Submit
/data/user/0/com.great.calm/cache/org.chromium.android_webview/index
Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.great.calm/cache/org.chromium.android_webview/index-dir/temp-index
Filesize
96B

MD5
08b1252d182b1b286635eea63656daf7

SHA1
44a7bc36cd6d7b7ea724990f9cbaae102b6f0b34

SHA256
f463a82c62487665c7c5a7c2f13113484c278cb654bbc78e65ad3fe15a0395ef

SHA512
0749abcc7d0ccd9430a5ea57b15710990ef077923cab384611882cdb59065659108be2579e1202f7aec7909774cdc7472af735f0cf248b487ff9666dbc3b75ad

Download Submit
/data/user/0/com.great.calm/cache/org.chromium.android_webview/index-dir/temp-index
Filesize
336B

MD5
0bcd6886ff3dafb331347c2cc8068bb6

SHA1
726e84a61f2bcf177200dc0f444f2f3a08e26d74

SHA256
4396777bcd12359a68163360c3a04246319c4cbe258341c8fa8ec8a8d6ad6db4

SHA512
3c9b0a1f360a84d15aca4d3fd5beca1b2c7988ac31df58aab6424aff4d650510fa45a6fa12c15ec7085d1ed668dfc89e4bb1a2902133ebf40f10b0ce430eaf68

Download Submit
/data/user/0/com.great.calm/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
6ef709b8536878951e87c29a1518fc2b

SHA1
24376c70b00152501b3d98df61fa7db435339172

SHA256
10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

SHA512
96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

Download Submit