Malware sandboxing report by Hatching Triage

Sharing

Copy URL

Twitter E-mail

General

Target

BitLife_v3.9_MOD_modded-1.com.apk
Size

167MB
Sample

230609-z8wnlsec8t
MD5

cdc57ba24081e261b7821b23d7350e11
SHA1

e9c4e26ea9ba735a4a84eb5ba92c30ab5127a545
SHA256

d3f984c264fe320731d92c53d314159c28fe813fcb9b5ea803c959e9ce4d46f4
SHA512

b7bfaf5091183254a49ed129fc5324e08a00482cf63e62e406ce36f09f17725cc28e8d878b2879bf56116b3cd0b50004c5ca76fc735d131f37124b9a31361737
SSDEEP

3145728:/5UuhMlCF66IkTNo6LK52ZHr1L8Y4XCbeh49+6Y1Bs/9EF:/54Q06W6O56FySxeBGEF

Score

7^/10

android ransomware

Malware Config

Targets

- Target
  
  BitLife_v3.9_MOD_modded-1.com.apk
- Size
  
  167MB
- MD5
  
  cdc57ba24081e261b7821b23d7350e11
- SHA1
  
  e9c4e26ea9ba735a4a84eb5ba92c30ab5127a545
- SHA256
  
  d3f984c264fe320731d92c53d314159c28fe813fcb9b5ea803c959e9ce4d46f4
- SHA512
  
  b7bfaf5091183254a49ed129fc5324e08a00482cf63e62e406ce36f09f17725cc28e8d878b2879bf56116b3cd0b50004c5ca76fc735d131f37124b9a31361737
- SSDEEP
  
  3145728:/5UuhMlCF66IkTNo6LK52ZHr1L8Y4XCbeh49+6Y1Bs/9EF:/54Q06W6O56FySxeBGEF
Score

7^/10

ransomware
- Checks Android system properties for emulator presence.
- Checks Qemu related system properties.
  Checks for Android system properties related to Qemu for Emulator detection.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1
- Target
  
  DefaultWsdlHelpGenerator.aspx
- Size
  
  59KB
- MD5
  
  f7be9f1841ff92f9d4040aed832e0c79
- SHA1
  
  b3e4b508aab3cf201c06892713b43ddb0c43b7ae
- SHA256
  
  751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a
- SHA512
  
  380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5
- SSDEEP
  
  768:6CEPutHjvpMgMwP9h5Ij7khsp/6JtEZwMXVtkUI3t3CXyEyk3VbNbqDvJ4oT1y:/r6CdsCOZwMX3k5dWyklh+Dvbw
Score

1^/10
behavioral2 behavioral3
- Target
  
  GoogleService-Info.plist
- Size
  
  1KB
- MD5
  
  7a295ad29431a2dde2c2a0faf3d151e6
- SHA1
  
  f9afe6ed8e55937d3579d2b8672efa56e39fd13a
- SHA256
  
  26fd03c9a0ae95306e6f807a082b1307a36927edea60e5461323e9b06458f550
- SHA512
  
  aa4f9feae1088e9372289a721365d0035a163eda4a6e01198ac07883540c8ded1f93d1167c6f036f8f5ae22c4c4e7930abd86432ce88f72415401cf4f4c81fb5
Score

1^/10
behavioral4 behavioral5
- Target
  
  aps-mraid.js
- Size
  
  10KB
- MD5
  
  18222d9cedc9a1db9a475e985f11a016
- SHA1
  
  4a3a13986afd2c96c293fea508938f1f19e3e906
- SHA256
  
  291cdf5c9427ca4f9a3e3e5d0d5aec47dc8c8466d4670d5416d4e0845cf3f15f
- SHA512
  
  a886a1137d8cd5c0bdf0a8e9ee95c45095945fb83347b1656b9f93a14743dd9f223b02e04fd32ceac9d8ea8619a6ee495c9a1576e3e2bc341185e56a6fecc6f9
- SSDEEP
  
  192:3iCKI550cHMYP2io9Sy6+n30fnIR9dydCDGH2nTShawv9I:3JZ4cHrP2iom+n/RTydCZTwa1
Score

1^/10
behavioral6 behavioral7
- Target
  
  dt-mraid-video-controller.js
- Size
  
  19KB
- MD5
  
  b1fe77fe619b46ae3e167fae84bd8830
- SHA1
  
  f185f3fa2b390c14df5cafa42066f77348d50ab3
- SHA256
  
  25a4f95f4d060b2a57a950b2071a2934e1d32caec8f0e67d9c6ab71332cc0af1
- SHA512
  
  63c05560ab097debf98c42de21664975544791ee9f227e933843c9e8cb759256c376987ced33e08a12f868064d01f7b2b42ce519db618fb5c85dce0f2ca9bfac
- SSDEEP
  
  384:7eEgPcMVXh9OLjFmgeFIS3JOSMP3TKa8m9T:7biZhyF
Score

1^/10
behavioral8 behavioral9
- Target
  
  dt-omsdk-mraid-video-tracker.js
- Size
  
  4KB
- MD5
  
  985e868e5a88c72cac44928496dedfec
- SHA1
  
  b68a8bfc75c34cf6b8bc4316f045d88c8d748e91
- SHA256
  
  1e36560eda8c2d290d00266a7da4adf9f46c890969bdaac32b5ac95238392065
- SHA512
  
  54b97ffb8b3c4455031fe909ce80e2601e10ce77b486c944ead8f7de8c2dcf9e888d602ff5776b625d4556e2574ea4784e07f08d75c657cb3f89f9fe6bb850da
- SSDEEP
  
  96:6AwI+Rtr3nKdI+W5EJs9GrehUgdAczj0uzvOKnVNIhjnin7yIyg:6AwTX7nWT6EW9xUSAUguzvOKnVNMin7T
Score

1^/10
behavioral10 behavioral11
- Target
  
  dtb-m.js
- Size
  
  37KB
- MD5
  
  5a2f7d1a990b4041640d8126b11ab060
- SHA1
  
  5bef1f4871c7d716aafee09506dbec4729b5e0b7
- SHA256
  
  5801b77b4c8af8216cec2001d053b900a8a43b5e4ce42f863c84768c726fbb4a
- SHA512
  
  9c52fde83bc2d36eeba881f9b1ae4740de26349b1536476e9440a34f7a8a0b93cd2af513bfdbd4ec2429926a351bad0fcb4238e5ca8642324e7c84a90074d90f
- SSDEEP
  
  768:7xB0X2lZFdgrm7L6bv2gs+++PC+mt+nSvCc+0i:taC/P6SgS+t+8
Score

1^/10
behavioral12 behavioral13
- Target
  
  fyb_iframe_endcard_tmpl.html
- Size
  
  520B
- MD5
  
  7844cba73b7b4b439b587dd501e92d82
- SHA1
  
  25a452bc6886d0e05d4a73da785021fd4c477a04
- SHA256
  
  e042e304cecd19bb6816de0150d3895e2717e66dda91f7e189610687c049dae6
- SHA512
  
  f54c2d7c0b265aa7c6feb18b8fb6740e01c9e3aeb19bf420d39832737fa59eed8fb959c8aa8a99c0efc87ca3399a244a918f0b4e90b0ee831a87e8afefdf2711
Score

1^/10
behavioral14 behavioral15
- Target
  
  fyb_static_endcard_tmpl.html
- Size
  
  3KB
- MD5
  
  d18fb1787ce0e84567496b8564e452aa
- SHA1
  
  007033d0824685600611af6992060577e127dd23
- SHA256
  
  2ae5e0576febb1a1cd63b10bf71644f99fcfd0fe7fb1f2d19525594165294e51
- SHA512
  
  ba5225a80941e3ee4ff18401b910968a6cab47634914ecb68213599b96fd4b39c8722e82bf2883faf355d9416a6f2acaa36151a5d8969079cfcd4c6795f6003b
Score

1^/10
behavioral16 behavioral17
- Target
  
  machine.config
- Size
  
  33KB
- MD5
  
  0869544722561f5aff0eefc83fc7b001
- SHA1
  
  1e118f4b5c1c6a7b1858e3fccb1b1d1095561976
- SHA256
  
  ef9b9387168fd1dd6c996f96c134d9c44f8eb06f9587004bf997252a520182d6
- SHA512
  
  ced7c9a5363cabdb87b01ed6b4ca190a690640dddf5cbcc0438acdc611a8ee942cb6cd73c78d3fc2d59f70171f22ac832a10b1e23758dc92599ee24acd978ac2
- SSDEEP
  
  384:PbtltttttSRtNRtcRtGrRtSRtTf5Rt70zDgRt2Rtuj4f1RDRty6ugyunHMSeuWuh:dkn
Score

1^/10
behavioral18 behavioral19
- Target
  
  mraid.js
- Size
  
  40KB
- MD5
  
  f097180ec2741c125a5d9aff5fb46a54
- SHA1
  
  5d8e09c4e228aef59a2fcd09d49ef7c24e948567
- SHA256
  
  1662726579767bf959bc34e4ceea32c730e1d7452119688ad5a5e4599ec52f89
- SHA512
  
  839176de6575447ebaf67f2a7024f91b985dace82205b31076b4f295aed698cfefd848ca4447c306eb4204301157c17c53c650db6a4bae24a222fa00fc54af2e
- SSDEEP
  
  384:EYSdGfT2QJIGCOIyzuP2QESHmz/SXZ3hsyGENyyFXHjFeYSpyObjw7NLhdlrdT9r:RXaoyFX7SIXEmD
Score

1^/10
behavioral20 behavioral21
- Target
  
  omid-session-client-v1.js
- Size
  
  55KB
- MD5
  
  ec66bd4160d9cb6db650caf6cb69b796
- SHA1
  
  8c38ea5527844653eb6014130923542b57451297
- SHA256
  
  e6c434e64d8c73759b7fdc69d331e89489127bb0da59168b02e16e6c9165afb0
- SHA512
  
  b8e6e93ccd9b5a275f6f35a25055513fbdd99b9ec8cd4271a7bc7f8096f13cf83ad2195e8d88af013e48133276361dd54fd4373163ab197b1b8668fad376e045
- SSDEEP
  
  768:RJkFU2PZiCCZVHAzqfiTGmKHg/1wEcvA5fioZgkwqDCWBoxKmvwLqI6Jg656TT6D:4FzCZ2tTDHCFT54/dE
Score

1^/10
behavioral22 behavioral23
- Target
  
  omsdk-v1.js
- Size
  
  40KB
- MD5
  
  967a72b19547da090c0c9bf30ac12ee6
- SHA1
  
  a93648d53876030e3a25b4cc8409571ed14a6ea2
- SHA256
  
  f0940f3d950dc82c434a3cf5465a564bdf9f19abc89c7f45b5751407199337bc
- SHA512
  
  d530d4c7f7b37840670e21cafa2b70ace2329cc57e2b91719a1d44ec91ad07786999b47c3d6b0d0570927ed5fa78c94c28da52ddc41a202cb18c7838f795e075
- SSDEEP
  
  768:Q7kZnrjXyU9bte9kE34JMf11c1tGxU52w+xRyYqM8A8AwM/5QUVtPGiVELgCEqq9:Q7kRrDqr3g6xU52w+xRyYqM8A8AwM/5/
Score

1^/10
behavioral24 behavioral25
- Target
  
  sdk_core.min.js
- Size
  
  291KB
- MD5
  
  c6e7c9e90d653ac46a9f30b770353c05
- SHA1
  
  1398637013d8a5f222e645d8befddfb96ba14d2d
- SHA256
  
  82ac4c401d64982578204e944591ec869861103c51a525ab8016769d553b80ae
- SHA512
  
  c83769ab0fb5abc7055888f46257cfc4f3fbd727a2fcfce467f28db60f961e4a8e30f6a7fcc5203d20d60d42982b823928a1c871b8a10727716a22e37e02ac38
- SSDEEP
  
  6144:G46Ts0VdOYjIvF66u1asSvptdyPhcD3F7Y2OQrl6DvB:G4E094kpNwjB
Score

1^/10
behavioral26 behavioral27
- Target
  
  settings.map
- Size
  
  2KB
- MD5
  
  ba17ade8a8e3ee221377534c8136f617
- SHA1
  
  8e17e2aec423a8e6fb43e8cbe6215040217bb8a3
- SHA256
  
  ce1db1ad8a9512073164e3eccdc193f7eda036e1a9733caec4635de21b2865c8
- SHA512
  
  c18bcbcbd4b9a20a72b1a934d70db1eafef047f34f3ba2c6357d8e3afed07ecaab861e5571ceb58c22d4d3e5ebb34b51e366a0553c3153fbc263d1d80472e297
Score

1^/10
behavioral28 behavioral29
- Target
  
  vpaid_html_template.html
- Size
  
  16KB
- MD5
  
  e276e92e96646fdac5a1988074f33954
- SHA1
  
  1a7aa338deba5f148ea18666ec1ec4fbf5ea148e
- SHA256
  
  4b8fd03cf268f9cd2f7432e13e8a7862760f7a6ed10bbf96dcc8232d2d382b42
- SHA512
  
  8425f53afde718047c310fc74a8d3924ce47f61f33fbb99d52147364244b9252b87ce1ebaac80db9d27151d0969537737c042e0f615e354bf2edaac6b13ce065
- SSDEEP
  
  192:mrLYJFkVvGFQshArPtP842+Lw1wOEeR6kad8bWXSrJEBOn8TsjNC4ck8aanlDTt2:8U42Fn9qW4+EQNuSXIlodoG
Score

1^/10
behavioral30 behavioral31
- Target
  
  web.config
- Size
  
  18KB
- MD5
  
  5075af18fe1d2b5f9555d5cc68029814
- SHA1
  
  56c4c47501664bc3bcd54be505cc3d9f7d0761f5
- SHA256
  
  c4cbddd4fd9347b58cc5a72b36dc4ba1ad2bb699e65869d05cd3fb9865f0d824
- SHA512
  
  dfe8ed72b013e67c3cf0622cfe7d14ffde97a4d7132ca6690db5cf2d347f3535b475119b01984923ff6c3f39b8865f857c67ed465c3b0358e2fd06bb0dae0909
- SSDEEP
  
  384:lJJuAr8F1mJ1ayCk5+H75YaW41DBWTwa6st/tlLvSqwwU4FVXaS7L3nHIXYFXc//:jbEJi91Xbi
Score

1^/10
behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks Android system properties for emulator presence.

Checks Qemu related system properties.

Loads dropped Dex/Jar

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32