84e675c027bb88d96f25b51c6de7190d1bd16d1bca16a294659f2834b4935535

General

Target

studyinchina.apk
Size

3.7MB
Sample

230613-1nfbkacc5t
MD5

2b0bd5645bbbb9d18937d6e3a58abd0b
SHA1

c95ad429c4e6c9c36257d5930234b9983dc3b76c
SHA256

84e675c027bb88d96f25b51c6de7190d1bd16d1bca16a294659f2834b4935535
SHA512

84f01bcb24774dd8a3ec794585feb4f8e66cfee3c8ef0d1403ebab0291548a7daa3a1a080d6f812c757eadb9b0cbe470cf3683ed31620e42b66b48eb59a263f4
SSDEEP

98304:HUhOgetr6PbLVr6AKyNtzoosE3ruFVUjCoq53N48BgKg:0sSbLTcosE3rsSjCo4N4Ug

Score

7^/10

android ransomware

Malware Config

Targets

- Target
  
  studyinchina.apk
- Size
  
  3.7MB
- MD5
  
  2b0bd5645bbbb9d18937d6e3a58abd0b
- SHA1
  
  c95ad429c4e6c9c36257d5930234b9983dc3b76c
- SHA256
  
  84e675c027bb88d96f25b51c6de7190d1bd16d1bca16a294659f2834b4935535
- SHA512
  
  84f01bcb24774dd8a3ec794585feb4f8e66cfee3c8ef0d1403ebab0291548a7daa3a1a080d6f812c757eadb9b0cbe470cf3683ed31620e42b66b48eb59a263f4
- SSDEEP
  
  98304:HUhOgetr6PbLVr6AKyNtzoosE3ruFVUjCoq53N48BgKg:0sSbLTcosE3rsSjCo4N4Ug
Score

7^/10

ransomware
- Checks known Qemu files.
  Checks for known Qemu files that exist on Android virtual device images.
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1
- Target
  
  index.html
- Size
  
  2B
- MD5
  
  444bcb3a3fcf8389296c49467f27e1d6
- SHA1
  
  7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
- SHA256
  
  2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
- SHA512
  
  9fbbbb5a0f329f9782e2356fa41d89cf9b3694327c1a934d6af2a9df2d7f936ce83717fb513196a4ce5548471708cd7134c2ae99b3c357bcabb2eafc7b9b7570
Score

1^/10
behavioral2
- Target
  
  libjiagu.so
- Size
  
  780KB
- MD5
  
  3316b90589dd96e45af3bcdc9261c503
- SHA1
  
  f0f5d3a6e2b4cd2e05b8741d1bace304eaa14222
- SHA256
  
  99f24a4dc5640df0d6c099a0233c16466bb2f32bc2a220673de657019b40c961
- SHA512
  
  e612395abbc4ebb09d58c3537aa370b4ef181521b1e69d929f24ba6bf4721c16cb6741534650548d802579fe01472c2efd5eeaee69ff2ca53c49c21fb2a34d30
- SSDEEP
  
  12288:xnjZMTqvjk5+sdGs64GvAEUxXd6pQ2+fLNtcZQ/IIkxHW/WLcjUSfyK6H2dIhKeE:BjGTqE+sJ6/KTIIQFktyK6WdReU6q
Score

1^/10
behavioral3
- Target
  
  libjiagu_a64.so
- Size
  
  1.1MB
- MD5
  
  89dae9b24e0de122236d542c72c2b66d
- SHA1
  
  30878280a47d6411fb1eb38d5ebe8abef183ed2c
- SHA256
  
  2d3469fd76a6a6c94b556403952d29bee7d82761bb212cb90986305a3e5b3b93
- SHA512
  
  637eb46620a8a2af1c1e830c729ce1842a0c1821d863a8ed5bd591c0d536f2ac93aa9aef5b6b016923da79deeea5405384b7c1ff378d4d5037c85a07880f8483
- SSDEEP
  
  24576:pbENfv91tQbqd9LSIz75t62n5wgmZ8s9ivdVR2M:uf11t6qnLzr6Ad7sM
Score

1^/10
behavioral4
- Target
  
  libjiagu_x64.so
- Size
  
  808KB
- MD5
  
  401bba8db0c025aa56a524c010b43f48
- SHA1
  
  eac073332c43a5f37453164b624061a1e4d14e26
- SHA256
  
  0d6f9cb8c06e008a80c72480ef11c40316c6f1741bec3b91ba5fbac300b3727a
- SHA512
  
  12042abd5d9308f4c76ee32417bd469c9e4c974f3962b899e1cc97656b7197de247b27ca47b81da08ea6b6903df121311d212587ec57220faf9c500c3e1e118d
- SSDEEP
  
  24576:IP+UqoyoGbjkljTbaRty3hRhjwFNMaxg4BpE9CQDQxRSlRUX:IP9sNHsCSQxqRs
Score

1^/10
behavioral5
- Target
  
  libjiagu_x86.so
- Size
  
  691KB
- MD5
  
  76b2f6b381970b80972ae2a06215878c
- SHA1
  
  ff77d42fb94dc60c2c9964c98c5def28a63dba0c
- SHA256
  
  9b161eac88832b6f54645b39f9a650f27db3aff3a5001ed67b6198676351663d
- SHA512
  
  488d21056bd85518277f8d5ac216d2f1c5265e97c5119701321478d3bb850cbfc98358bf08049e318606e4b95a46fd981036b438f9fdaa4b66e160e6598f3381
- SSDEEP
  
  12288:M/ERP+Em5G5nzsx4kPseXh5f6EntlQwwu6HPK1wMl6x6DGve+hu/BqO6rGbTA04X:8bEm5G5nzsx4kPfOEntaww01lPGve+gm
Score

1^/10
behavioral6

MITRE ATT&CK Matrix

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Checks known Qemu files.

Checks known Qemu pipes.

Loads dropped Dex/Jar

Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6