Overview

overview

10

Static

static

7

238cdfbab8...0b.apk

android-9-x86

10

238cdfbab8...0b.apk

android-10-x64

10

238cdfbab8...0b.apk

android-11-x64

10

Analysis

  • max time kernel
    769764s
  • max time network
    162s
  • platform
    android_x64
  • resource
    android-x64-20220823-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
  • submitted
    18-05-2023 07:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    238cdfbab88cbcb6b1a2379b2a18c993640c1f498c4cb0e9faef408331f41c0b.apk

  • Size

    3.7MB

  • MD5

    10f5a518febd8b0b08b7f69982bc0a7d

  • SHA1

    77137ca4881b82a9baf3dea99e03ce92c89cc742

  • SHA256

    238cdfbab88cbcb6b1a2379b2a18c993640c1f498c4cb0e9faef408331f41c0b

  • SHA512

    52c557425b2eff4f244c2c34280118e913574c0b3a51bff966c4fb4538afdc1220ad6f94956098aeb53cee4984aeff30142f148f6e19c1a978af6d0e7801f918

  • SSDEEP

    98304:z/Se3GAtk9/CYItyoKmFTwgzOOH2qWS9Rr:+e33tcPItTvFcg5W6b

Score
10/10
hookinfostealerransomwarerattrojan

Malware Config

Extracted

Family

hook

C2

http://193.233.196.2:3434

Extracted

Family

hook

C2

http://193.233.196.2:3434

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Renames multiple (248) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.dogilowopuna.zico
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4738

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json
    Filesize

    704KB

    MD5

    9bfea1b2027ec1635c3590e0ea14e3cf

    SHA1

    9cc1ea7f49e361961be1f5d2ab43658d41f86d59

    SHA256

    f2620b302348120f00c9bd7a3e0a6cbef991b484edcdcdd915fbbd13ac861eb4

    SHA512

    4e17d67bcd5f5361a3d9b27f4fbc29969b25a2686edffa9872e7bca1a6528b4eaaf7f90541eda8d31583d8e515b1a20d4d1b20dd4a88c9e83e07d91d525de4a1

    Download Submit

  • /data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json
    Filesize

    1.5MB

    MD5

    cf80a0964d7adb2dc9ab389185abcff1

    SHA1

    a630b6d63b9be79f2fe9f2fc38c91fcbc1d8d6ea

    SHA256

    f90f95cb686db2f9ce0607038438527e3665ca8e33c38fd168834f6d96def4ed

    SHA512

    ef1a6f7c47772fd49ae2fda552df4f54fea83e30c99980ae8e0863b4abcfe2d7cb9869449962129cb560760d49ee6349add36e6ca7417e6cf0e9f99d86a3ee53

    Download Submit

  • /data/user/0/com.dogilowopuna.zico/app_webview/GPUCache/index
    Filesize

    48B

    MD5

    6d7d499960179766cd4261d12dacc411

    SHA1

    e6f8553b0015e12b23cc551afe98763f3b1c9bed

    SHA256

    c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

    SHA512

    6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

    Download Submit

  • /data/user/0/com.dogilowopuna.zico/app_webview/GPUCache/index-dir/temp-index
    Filesize

    96B

    MD5

    b2e6938f634b95cd932c0732d1d2b9e2

    SHA1

    3a2128f7276c55b166c7c9e09f345c48d661e106

    SHA256

    cc086bc9a6f5a3296e9803b17a592487f336736f5c1a89f9debff64e95a0cd32

    SHA512

    75b121daef69c698ba36c3336923cffcd819966d4f57d0873870b222de7f82519c3419dde4ad1ea1a0303aabba3c185475d3be065181fe2699f3ae534c2324c5

    Download Submit

  • /data/user/0/com.dogilowopuna.zico/app_webview/Web Data
    Filesize

    112KB

    MD5

    b663831f8cc130493476d94f2d7a5330

    SHA1

    043a1956ab8e40821d67043f8a9110a8eb36fb93

    SHA256

    c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

    SHA512

    e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

    Download Submit

  • /data/user/0/com.dogilowopuna.zico/app_webview/Web Data-journal
    Filesize

    1KB

    MD5

    331676ef38ff40824255a3fa1f11a497

    SHA1

    fa00d1bf284aa25aba39eb03f6514b60ed5f7626

    SHA256

    285eaed11f968bcc52a69b0dacd62b787b46a1ef16e3aec4cb6f5e4f64e13634

    SHA512

    2074064abf206ba6556989ef59a3b52147855982ee3221b50733bffc6c46f0deb70f15c55967d5dec7977192e659f5c539545760bbda5e2c266cf5d035ac2dfd

    Download Submit

  • /data/user/0/com.dogilowopuna.zico/app_webview/metrics_guid
    Filesize

    36B

    MD5

    8b96fbeec81eaf711e1f7e15656a127e

    SHA1

    169d33dcd06673bd8079b504b90b3af2667cbc3f

    SHA256

    5448e3fddad3683e93e99f33feb1493fce2e7227effed937e27fe1b1e2935440

    SHA512

    4ab464d67c7d557e4f93c12ba67cc94048ffd5927bf8ec05de4ba391302a9597bdd897ed076f29e31cac7c7e137493305e977e8dfdcc32f7889f3250e1eb5d0c

    Download Submit

  • /data/user/0/com.dogilowopuna.zico/cache/WebView/Crashpad/settings.dat
    Filesize

    40B

    MD5

    342165269dfec04b5006e245f9a82ccf

    SHA1

    52be8a07cb6b7acac18b654f69b33b38f7c9a5a1

    SHA256

    160082c967d9a92644a2ec15251faaf149a5956956519a2e14182ac2e84fa5e2

    SHA512

    015ab8563d42322406f26b69583a5421b2b339e04cca14e4fec13dee02a0ed4fd53dfd576d7ad359d9a2b048c37ca716613de28deb55c903b0ab1b62bc572df8

    Download Submit

  • /data/user/0/com.dogilowopuna.zico/cache/org.chromium.android_webview/Code Cache/js/index
    Filesize

    48B

    MD5

    6d7d499960179766cd4261d12dacc411

    SHA1

    e6f8553b0015e12b23cc551afe98763f3b1c9bed

    SHA256

    c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

    SHA512

    6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

    Download Submit

  • /data/user/0/com.dogilowopuna.zico/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
    Filesize

    96B

    MD5

    b331b1c4875b7d1828a76710598b46d9

    SHA1

    c7fcc971aba6a7b00ad036ef308f1b3346a4c3d5

    SHA256

    96f1aa5568df9eacc53618ffd06a81975f7111b61f11f612e7828c9e08ac23bc

    SHA512

    885c9fae173884fba56501a61d9ae4b65dadf34fdbb0057b9393b1b4462163c272135a00de9b07fe9751b2378cb9464e01f7731e86ac1f007cc99cf1053ded49

    Download Submit

  • /data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb
    Filesize

    8KB

    MD5

    b6ca8b30661a7844ed292db75a29a953

    SHA1

    8e0d397ab1f2ced1f143829084c3f53333743bdd

    SHA256

    63a219c7092be26641907c5f955aa977e7675e3922a8e4ee2af25bfed8c7bbfb

    SHA512

    d21ce3adf13d61369708ea000438f626973f20b08ca05a744c1cccb2d5e7c264a8af9c3ebd18a7a6a464d38e1c64146f8e881d29d71a0484dd94212315f6dceb

    Download Submit

  • /data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-journal
    Filesize

    1KB

    MD5

    d293c7d380e2230a47288af730e87507

    SHA1

    887ca5a9d50e1aeb1b11df665c27e2e6abaedf0a

    SHA256

    6ba88d0f425609e5a15fd2b2afb38a8a4c4496b799249ba0207e0cb04febd8b8

    SHA512

    29a9fc696f4f969b3bb2a234f95f05ca97a5a831c331e57f814f3ff5d323aacdaf310d6a2eb40c2062408f32da40fe5d700f056cd26e92d2054e199673a7c688

    Download Submit

  • /data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-shm
    Filesize

    16B

    MD5

    4ae71336e44bf9bf79d2752e234818a5

    SHA1

    e129f27c5103bc5cc44bcdf0a15e160d445066ff

    SHA256

    374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb

    SHA512

    0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

    Download Submit

  • /data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-wal
    Filesize

    346KB

    MD5

    78e05e5560c5687cc807176bd6b2c980

    SHA1

    e2be70daf57a0adae2343654f0fa143850646659

    SHA256

    d8d82ff2d85b283b54b096d51d8fde454908f34a86fdcfe049612af5e0c227f6

    SHA512

    ecf4a23f53bcf9ba767ba44178f1b4e2286cc09389fa12ee5f8ccd1e75e6f9e8b0b437d2cb810711efec4a369dc63d01198de97cf6b5bb03d14043f6fd753a14

    Download Submit

  • /data/user/0/com.dogilowopuna.zico/shared_prefs/WebViewChromiumPrefs.xml
    Filesize

    127B

    MD5

    6ef709b8536878951e87c29a1518fc2b

    SHA1

    24376c70b00152501b3d98df61fa7db435339172

    SHA256

    10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

    SHA512

    96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

    Download Submit

  • /data/user/0/com.dogilowopuna.zico/shared_prefs/settings.xml
    Filesize

    134B

    MD5

    78a2c63a0ec2f947097c8b764fb49e30

    SHA1

    e38dcf9d6a39c0f58cdabfcbd5dd4954817a7869

    SHA256

    7aaf74896c69acb15d2b36290e8bc74f6090e1b51ceab19400018fa7ed87285b

    SHA512

    96acd80ce5b0a1bd286f688de13b8b5ed9f2cfc73f034c2928a3d7a360a100e54c7a3239a45d7f81969585cc40b6fa9ab3ec4f7fa487e49efb1954b14d66484b

    Download Submit