Malware sandboxing report by Hatching Triage

General

Target

Snaptube_20230610.apk
Size

19MB
Sample

230610-bwbkxadh85
MD5

984577fa8e1fd793d2238cfff4d5b042
SHA1

c940c2c205e105076dd9bc247fd2d3920369c9c1
SHA256

cc544784f228d9e34ba18b764390050a6c80d7fee3bd415b65ed942c57114d7d
SHA512

f45c99a0971aca5659a1d281528a23fb04a9605fe527b62c16788e72d088b859f82821347745e93478562ce9bfa13814014d1a189ab57f21cdb7bc77128331b1
SSDEEP

393216:8AfnfahZw0AUi4+ZZuBpcMYf46EzSdThD6XCqfJ6saQcXSmFYKdlNbg6:8AavvAz10B9EyS/6XUQcXSmKsNV

Score

8^/10

Malware Config

Targets

- Target
  
  Snaptube_20230610.apk
- Size
  
  19MB
- MD5
  
  984577fa8e1fd793d2238cfff4d5b042
- SHA1
  
  c940c2c205e105076dd9bc247fd2d3920369c9c1
- SHA256
  
  cc544784f228d9e34ba18b764390050a6c80d7fee3bd415b65ed942c57114d7d
- SHA512
  
  f45c99a0971aca5659a1d281528a23fb04a9605fe527b62c16788e72d088b859f82821347745e93478562ce9bfa13814014d1a189ab57f21cdb7bc77128331b1
- SSDEEP
  
  393216:8AfnfahZw0AUi4+ZZuBpcMYf46EzSdThD6XCqfJ6saQcXSmFYKdlNbg6:8AavvAz10B9EyS/6XUQcXSmKsNV
Score

8^/10

banker evasion ransomware
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1
- Target
  
  loader.js
- Size
  
  14KB
- MD5
  
  875c48ef5f3a612a8e373860e36024ee
- SHA1
  
  3a4396a9fcfcee25848c3ee8182b856a5186fe80
- SHA256
  
  2a1a2c0222b0fd73d59dbdea616340ee907e52e587911f3a63716e4e28542440
- SHA512
  
  57acfeb80bd39af79a9c8435702795f06259ca29104ab93e0f3eeb1637739f481ab8541c8cd99182961d010b748b6124c832b04c5487ecd2333383ec5aec3e3f
- SSDEEP
  
  384:4v6Q1Ew3N0VuUPfaokMat3QK9SM3tUkdX97Mmaz2:6fNLUPG/dX99
Score

1^/10
behavioral2 behavioral3
- Target
  
  tt_nd
- Size
  
  5KB
- MD5
  
  cfb58d5a778a4da98783db9388bacfc5
- SHA1
  
  4e826b8e65f7a81ee0c30836f132632054f338e7
- SHA256
  
  64f11eb5134f29bcff547988289baff229b05faf93adac63d3a3bfe97c7f810a
- SHA512
  
  1cac2288c9d222dbd195e3b929aebb887e5ff8d13c46675bcc879c762d09311b97a1e331389df520165cb994f1717ee5debf1a97a7563c474130943d5cd4267c
- SSDEEP
  
  96:PWuzrX8H2mrqoAuRJff9SgbhWFllXU+9z:PlrXWRJ9Sgbh0l5
Score

1^/10
behavioral4

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

Acquires the wake lock.

Loads dropped Dex/Jar

Reads information about phone network operator.

Removes a system notification.

Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4