dd9b4726f1bebeae976dcb2f720c8dc8350b5f626a61b9a323ac4e20f8a611b5 | Triage

Sharing

General

Target

HappyMod-Multilang-2-9-6.apk
Size

12.9MB
Sample

230609-1418zaed4t
MD5

09ac622ab518b17922d33cf38d778287
SHA1

025acd670614003c004704ede9c2b6142c955ef3
SHA256

dd9b4726f1bebeae976dcb2f720c8dc8350b5f626a61b9a323ac4e20f8a611b5
SHA512

bbe5f2310279703150ae26f35369bb8708c2398d6555d0781ad0fce9504b6a3b42927321a74f8d28ba5feb8509cebc23edcb9f6b8e8ac920a719c0e1dcf1c909
SSDEEP

196608:W4iGcEbIMcth5/IEtInqw3npU5a1W3aeR8D43tqywVOp+W8/H19RFhNDcWt00keF:ZhcEb7NWWmaOdf0OYW09wpCAy

Score

7^/10

android evasion linux ransomware

Malware Config

Targets

- Target
  
  HappyMod-Multilang-2-9-6.apk
- Size
  
  12.9MB
- MD5
  
  09ac622ab518b17922d33cf38d778287
- SHA1
  
  025acd670614003c004704ede9c2b6142c955ef3
- SHA256
  
  dd9b4726f1bebeae976dcb2f720c8dc8350b5f626a61b9a323ac4e20f8a611b5
- SHA512
  
  bbe5f2310279703150ae26f35369bb8708c2398d6555d0781ad0fce9504b6a3b42927321a74f8d28ba5feb8509cebc23edcb9f6b8e8ac920a719c0e1dcf1c909
- SSDEEP
  
  196608:W4iGcEbIMcth5/IEtInqw3npU5a1W3aeR8D43tqywVOp+W8/H19RFhNDcWt00keF:ZhcEb7NWWmaOdf0OYW09wpCAy
Score

7^/10

evasion ransomware
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2
- Target
  
  demo.html
- Size
  
  1KB
- MD5
  
  03b178d1ff60f7b47438321299c1e1ea
- SHA1
  
  b4097afe68a2b28456cafad4b70f28bb87020527
- SHA256
  
  56a53efdc143e241faafa8eb1fafbf8aa82ea1c630465a5d66a9c406a134c99b
- SHA512
  
  ccd7c1c2c99de385b4c53056d2e014ae03164cc3927084750716a100316bb94a42ce4c127faf0bf8caf884ef470df23216c004b5f75deff1a4b62721d233ff7f
Score

1^/10
behavioral3 behavioral4
- Target
  
  happygame.js
- Size
  
  2KB
- MD5
  
  35087f967af3fc9a9cc42df602eff110
- SHA1
  
  e100c9518d9d689ebb58849508c9da8ed8b745a4
- SHA256
  
  585ae6e48db41266166f185b8c7c9b17876b23f70b8205d14f94ee737a081eb9
- SHA512
  
  2e1473138b031ac0bfe79423009619a5a7ead16a04d4018f40aa3c0e956ae43cd3455cf488f8cc1137d76b27aa3d4278dc0b967cacd385a70b77ca595c622260
Score

1^/10
behavioral5 behavioral6
- Target
  
  slow.html
- Size
  
  3KB
- MD5
  
  bb5120365ae32b156749e60184fdd68e
- SHA1
  
  2b7fbd67c51d0c0a39682c09d75912fbd44061c1
- SHA256
  
  189c01f32ddaa5a2e43676447b86fda1696e8ff9ed7cb8cd5ea1aad0b5d7b532
- SHA512
  
  c42d8d7d623422e5852e07fa488cde5d3576882cfdb621ad4b31bc357231f0d69f4c0a893f57b6839b5bf260a56657638e03988ff9c25af32e6cd30d57d83680
Score

1^/10
behavioral7 behavioral8
- Target
  
  t86
- Size
  
  276KB
- MD5
  
  f9cdb8f55b2217f0b9ccdef3ffc4b036
- SHA1
  
  8dadc7e6ac72a7671feb0de1d4738d576165132c
- SHA256
  
  9169d7be0c21bd0e62d6908cb6efe3c0088d25502c2803d9897dd51e802d40ce
- SHA512
  
  de40d6aa8837b3cfa6622d3f086bf9e811db35d6072f45cf8d0cb7b0a74ad619bb96151ba2f8b0aa196faddbcc468fff898ffcc22f86217a439699527484fc3e
- SSDEEP
  
  6144:31ML+5ZeatsS6XT53NEaGoPYYG0VOOMn4j:Q+5ZeCshXT5O5n4
Score

1^/10
behavioral9
- Target
  
  t86_64
- Size
  
  285KB
- MD5
  
  55a9e782b33a5f69010c80ca24e8aa9d
- SHA1
  
  8f183eeba8f5f44b85880fae8639adf94cefac46
- SHA256
  
  e12170526f7ebce55780a191e4d72af1af7820201007367d00c70e91dba94697
- SHA512
  
  273783505d63ea8b5dcfbae1ef4572895a5c3bd882d1facdeace198de108cebf9d97fda747c749333f0991eb98d5ce873617041d044560567b76a986af05a010
- SSDEEP
  
  3072:prtSpPgajE4ZZy82m1G5Ej6fDbOqczY7wlTvUvVEk2b81kfV+9R7:prgpP5jM82aAHDJwljUvVEk2b8iN+9
Score

1^/10
behavioral10

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

evasionransomware

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10