General
-
Target
AlfaTVPRO (1).apk
-
Size
62.6MB
-
Sample
230610-wdmknsfd76
-
MD5
a5acb875e755e10e19f486dffceff586
-
SHA1
309ff20c940ff5cb2a0b750cbb9b97ff55f47cad
-
SHA256
5a337e21b49d6c75f522d7d77101724422f732afb54b15d809137428178fccfe
-
SHA512
3b1ade305865bd0758d18dbf4d411ebac183272c9f67c26c11744dac76d5a750591a929c4672197b1e366c732b6a34652c08356b8cbeadec16ea904fe60567e6
-
SSDEEP
1572864:poBDzyqM0UfCtjc59hTBKJqxey/ck5+bOJ:mNz2fXfhTBKJHyEkD
Malware Config
Targets
-
-
Target
AlfaTVPRO (1).apk
-
Size
62.6MB
-
MD5
a5acb875e755e10e19f486dffceff586
-
SHA1
309ff20c940ff5cb2a0b750cbb9b97ff55f47cad
-
SHA256
5a337e21b49d6c75f522d7d77101724422f732afb54b15d809137428178fccfe
-
SHA512
3b1ade305865bd0758d18dbf4d411ebac183272c9f67c26c11744dac76d5a750591a929c4672197b1e366c732b6a34652c08356b8cbeadec16ea904fe60567e6
-
SSDEEP
1572864:poBDzyqM0UfCtjc59hTBKJqxey/ck5+bOJ:mNz2fXfhTBKJHyEkD
Score9/10-
Renames multiple (182) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Checks known Qemu pipes.
Checks for known pipes used by the Android emulator to communicate with the host.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Requests cell location
Uses Android APIs to to get current cell information.
-
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data).
-