70118cb601728b6d25a321a9534a285da32caea03c68f98336a75afd73a78df4

Sharing

Copy URL Twitter E-mail

General

Target

TapTap Lite - Discover Games_3.4.8-lite.200000_Apkpure.apk
Size

41.4MB
Sample

230703-be5seseb93
MD5

2261b5c87becdcb6f1cb00dba7daa4ab
SHA1

d5df0e9f56c5fcc22f8998056063660f4188dae6
SHA256

70118cb601728b6d25a321a9534a285da32caea03c68f98336a75afd73a78df4
SHA512

b83a85c05f5fa0854d6768021f52426f9684dd2756ce8537a995a4a80e2be63f73df6c79dd81697fb2a51abcfa554c833d4ec0ec1cfe141c8c6b4ef6e2f66a66
SSDEEP

786432:mBswzDRS2F6KdQa20VmoaHkLexKJLPNYxmsuBLnnlDZYOUHGqEQ:+S2FldQa20Vmoa+GKJZYxuBLn/alEQ

Score

9^/10

Malware Config

Targets

- Target
  
  TapTap Lite - Discover Games_3.4.8-lite.200000_Apkpure.apk
- Size
  
  41.4MB
- MD5
  
  2261b5c87becdcb6f1cb00dba7daa4ab
- SHA1
  
  d5df0e9f56c5fcc22f8998056063660f4188dae6
- SHA256
  
  70118cb601728b6d25a321a9534a285da32caea03c68f98336a75afd73a78df4
- SHA512
  
  b83a85c05f5fa0854d6768021f52426f9684dd2756ce8537a995a4a80e2be63f73df6c79dd81697fb2a51abcfa554c833d4ec0ec1cfe141c8c6b4ef6e2f66a66
- SSDEEP
  
  786432:mBswzDRS2F6KdQa20VmoaHkLexKJLPNYxmsuBLnnlDZYOUHGqEQ:+S2FldQa20Vmoa+GKJZYxuBLn/alEQ
Score

9^/10

evasion ransomware
- Renames multiple (288) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Acquires the wake lock.
- Checks Android system properties for emulator presence.
- Checks Qemu related system properties.
  Checks for Android system properties related to Qemu for Emulator detection.
- Checks known Qemu files.
  Checks for known Qemu files that exist on Android virtual device images.
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1
- Target
  
  editor.html
- Size
  
  2KB
- MD5
  
  22fde5ddfc88859e1cb8a41b09e217a0
- SHA1
  
  4ba8d69e85902de1c4e6445f54aeacdd95c3ce5c
- SHA256
  
  e421a9d5963ed68df43e7453ab6ff0e8f0b6ab4909055c1a2a12c4bff667c9fa
- SHA512
  
  ad370690deab56211eca29d3c186765e0da6e0ea9ad53abae1d3feeb04ecbb9867228f6ce1c25e4892e5cb7b91c8526e88a1ba476eaba7d0ce6e437205691ee4
Score

1^/10
behavioral2 behavioral3
- Target
  
  editor2.html
- Size
  
  1KB
- MD5
  
  61acf4db8b548c19e08747c08084841d
- SHA1
  
  3dc7cb72926c328ce56b1217ba80492332483ee0
- SHA256
  
  f2d90c2f69452662f51c51697a35ddd5eb42c4ea0fd1ae1445a3ea442528d282
- SHA512
  
  1a66c9d45ec59c586a270e406a160a45afc14c471ca2d8fb8dbfb4527d342981f3e148d8ef4a05f25f513979794579985b3564923924da0645a04822a178cea7
Score

1^/10
behavioral4 behavioral5
- Target
  
  index.html
- Size
  
  355B
- MD5
  
  8ddce0bcf9b9221dc622ec6fd931a371
- SHA1
  
  7bf0d1a02e42983e3317eb42d7cd2b9f64779592
- SHA256
  
  c9a3653bf2a016c5b9de634cb5363958b1cbabd7993f6929bea20124363414e3
- SHA512
  
  97813e8e369b7fe2ff5a14c1c4dac6b72eed869d26c4eb6ab7691cdc8cf5802c28482bd44b330add0b16071d1d4b80790964830c4106f128d8d085fa4de55037
Score

1^/10
behavioral6 behavioral7
- Target
  
  jquery-3.1.0.min.js
- Size
  
  84KB
- MD5
  
  05e51b1db558320f1939f9789ccf5c8f
- SHA1
  
  c72c1735b4d903d90dd51225ebefb8c74ebbc51f
- SHA256
  
  702b9e051e82b32038ffdb33a4f7eb5f7b38f4cf6f514e4182d8898f4eb0b7fb
- SHA512
  
  ab3ad9a98fe431508461ebbf8029bc536f34d16cfef8b4c62b8a62b56fe2b30a426e3c3186c994c2578bd585da1c89a9b421c6d2f27053b2f2ed13b0dd9428c3
- SSDEEP
  
  1536:3dhEyijTikEJqRdXXe9J578goJsWXdLVhNLKz4DTAjnWotoZqwsRmKKH7UggYiTv:2Qcd5hNLxTwn3t0iUHiTDU8Cu5
Score

1^/10
behavioral8 behavioral9
- Target
  
  post_video_detail_likes.json
- Size
  
  4KB
- MD5
  
  855df7d2abf5bb0bd28463d50316e931
- SHA1
  
  827ab6b195cd105e8d9fab135e84f99d554b9ac0
- SHA256
  
  bc531e2e1d77dc3713c09d2338b20800ed1065716e3c530e964d0d0f9a98747a
- SHA512
  
  686a6d46b42e83576f5bfcd047aa4f003d4843c6dcfc150edf7c90da3cd0250719d66d934449f19b674f079405ba5b89f37bf3f66d0a7443658b93e53316d52e
- SSDEEP
  
  96:4xPYxQ8dh7PPKjdnuOJMIu+lK4KuIu7uwkq6u+l:bxQ8DK5nuUBKPu7uw5C
Score

1^/10
behavioral10 behavioral11
- Target
  
  rich_editor.js
- Size
  
  17KB
- MD5
  
  435c135acb09640df1cb6b93677d844f
- SHA1
  
  7a2589aa4998e915d6f598d3e7f0a2399a1d7fa6
- SHA256
  
  b94fa0e90c37523579d2402f4a4b491d312896d5c85ea54437dadc661f0c7f05
- SHA512
  
  0f3d997be6f77f07252d76e95c554ce9b54ecf5e924eccc84dbeac2ba79da7a158135a6e7df4143c11632303a9193b3277f7fc4dfb7afc4e4ffc45da0e107fe4
- SSDEEP
  
  384:wfWz6G6LVP6UV3tGkMdBob9QsYBeXmNNWW3rb/f8E6u:wO2YjXob9I0Q
Score

1^/10
behavioral12 behavioral13
- Target
  
  rich_editor2.js
- Size
  
  37KB
- MD5
  
  9720549ab5b438f2c3657dd71a12514b
- SHA1
  
  893ac959722e07b76280e55ad25ea6aae61c4d5e
- SHA256
  
  d3040ee10ab3b319f128b979881d28426af648a8195c884c3da582158975b44c
- SHA512
  
  e3ccfa302ae69b3fe6b7d831a1bb67ed0d66e0e0409b5cb54076c4a7de0ecb2eb2aab5c578f352ad43d50abc11a515e53297ea51999ee7e810a10653bc774bdb
- SSDEEP
  
  768:wMQwXob9I2ronfI051+rArCArNzs3szC0Q:w5ugAfI051+w3NW70Q
Score

5^/10
- Drops file in System32 directory
behavioral14 behavioral15
- Target
  
  story.html
- Size
  
  11KB
- MD5
  
  de7a3d2e985b557df198566650c4054e
- SHA1
  
  37edbabe5569186a6bf4bef2b4e76728b242c68f
- SHA256
  
  9302dde78ef03bc6b7e9acdd2e1b291be8e2ce9f1dae7c0e5b1ca31e7a5039b1
- SHA512
  
  958dbc5f7c1448bae87e9494c2378229d69edb67417657eb95951646e1e1edf952d74e7c9efc9ea773a20d1dc0d2a3064a2bbf2fcb1eb12c6525cf7f86565d17
- SSDEEP
  
  192:dSjGual3m0en4MfKWKRg/6zd2hGWyw7C/JZVYwxiqU8/8uaRknw7NAimr4hQI4f3:dSS120en4MfKWKRg/6z8hGWyaC/JZVY6
Score

1^/10
behavioral16 behavioral17
- Target
  
  story_web.js
- Size
  
  4KB
- MD5
  
  7840e16efa9415b24ffab2da05d5ebbe
- SHA1
  
  8607528470e5c879ce638150ad5b5d187895dc93
- SHA256
  
  4c800592001990f956960f37f0968005b6060d0fe463179f57e24779b2ad8d33
- SHA512
  
  71d641655275a0cd1554cf27221f039860cc1730c83589b872f7b3ec57101301c97a9e67184deed8adac191baeedaffdeb86cf58e59cfa5d70a702925fe36c07
- SSDEEP
  
  96:GCh7SQ3v36Y3r3W0XDguMHaCxDKBvOeHX8E022Xm+WALiSOefEWLyvOyNnyeym4o:GChOQfvbPXs74dJHX8E03XprJfD1J3Du
Score

1^/10
behavioral18 behavioral19
- Target
  
  tap-editor.js
- Size
  
  640KB
- MD5
  
  ed4b05e0bbf0cd4fb62ddb8c1c55e256
- SHA1
  
  1df979feabf45e460844cb4a77a2f37f34894253
- SHA256
  
  95dcaf3c83e6fa13dde3247c67bb96154e3134aae46f4a19c75ab7daeb7e105e
- SHA512
  
  ee1440f1f2de8d3215faa7834ff066058560576a4038fbd2942696b5ef85f02f7a7483512ddda324675aac1f14f39dcacbeffb7f05cdb633eb9b864cd64bae79
- SSDEEP
  
  6144:WMjDjAS3ggOS21HJmchQlf2Gx+x60VfFIzfZ/3U492y6mD64U2nrRB9Z20s2/C4B:9jCDAS60ZW1U492JmD64U2kGB
Score

1^/10
behavioral20 behavioral21

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Renames multiple (288) files with added filename extension

Acquires the wake lock.

Checks Android system properties for emulator presence.

Checks Qemu related system properties.

Checks known Qemu files.

Checks known Qemu pipes.

Loads dropped Dex/Jar

Reads information about phone network operator.

Removes a system notification.

Uses Crypto APIs (Might try to encrypt user data).

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21