d70330bff40a771fda25702e66572bbb364080d7971989a60dc172bb52b2ffc0

Sharing

Copy URL Twitter E-mail

General

Target

CPF10.apk
Size

47.8MB
Sample

230705-klxvtsbc47
MD5

7d1acd01f2a08ccdccb90d719fc969b8
SHA1

ef35fa3b06d02cd6a75ceb505d50e29c2afca5a9
SHA256

d70330bff40a771fda25702e66572bbb364080d7971989a60dc172bb52b2ffc0
SHA512

d5bab5785010389aa68ffbadd7e24612ee8274ce3184f5da15c436c885497c86ad6286c999efeb855992b4dd8e6bb346210174790069c1741038290fe507c480
SSDEEP

786432:WZ+OcioTGT8m4iXToYeLFKmNT9b6EF6RU8SKEQVgtjOdYAqu83KMVmxn0D9:WZxYGwviDheLQQRbGaZKq/9oY9

Score

9^/10

Malware Config

Targets

- Target
  
  CPF10.apk
- Size
  
  47.8MB
- MD5
  
  7d1acd01f2a08ccdccb90d719fc969b8
- SHA1
  
  ef35fa3b06d02cd6a75ceb505d50e29c2afca5a9
- SHA256
  
  d70330bff40a771fda25702e66572bbb364080d7971989a60dc172bb52b2ffc0
- SHA512
  
  d5bab5785010389aa68ffbadd7e24612ee8274ce3184f5da15c436c885497c86ad6286c999efeb855992b4dd8e6bb346210174790069c1741038290fe507c480
- SSDEEP
  
  786432:WZ+OcioTGT8m4iXToYeLFKmNT9b6EF6RU8SKEQVgtjOdYAqu83KMVmxn0D9:WZxYGwviDheLQQRbGaZKq/9oY9
Score

9^/10

evasion ransomware
- Renames multiple (56) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Acquires the wake lock.
- Reads information about phone network operator.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1
- Target
  
  clockDarkTheme.svg
- Size
  
  1KB
- MD5
  
  663e33bfbbb0d14830694114d49c457d
- SHA1
  
  3231baf54a3c1f336f1b11d9a7011bc5502a9d4a
- SHA256
  
  43b0cd84c7344f57b2656d66d5bf215a4f1d1713a8117e0ecf92226b8ce1a200
- SHA512
  
  c116ffaf6c1f8ad9bd6a1d85de318c9ca2c3b6d4931a1aa165dc7ef7351c80fbddc7ca1371c81dee35b3e12720fee2d3146d7a510b54026c3aba9202dee5f1b8
Score

1^/10
behavioral2 behavioral3
- Target
  
  clockLightTheme.svg
- Size
  
  3KB
- MD5
  
  2235609a58ada82f2110d941341a720d
- SHA1
  
  d3b06251eb8f131034ba1ea3b0db982cb31bd813
- SHA256
  
  d89ab1d4bc636a73d64ef1d8976d517f13449a11af28d70e88ca3d0c40e114a7
- SHA512
  
  ff7543b27941add4a92579f1a55f3b40a16cd8ec8cc43b678b229be38a3878267fcdbb80b040e91132fd938082c47e6e237f62ac3903422ad9499cf7164228d5
Score

1^/10
behavioral4 behavioral5
- Target
  
  ic_content_sticker_location.svg
- Size
  
  1KB
- MD5
  
  4e1bfd935af6c3abdbde4cd2eba4a72b
- SHA1
  
  a698232554fe0e28e65556549d97977a4fcf375e
- SHA256
  
  b887e3205ff5b8e38c1ad986ea7f534c73c2a28f989639fc1f4fb672521e1e3a
- SHA512
  
  697f7b42c02f1ce5fde22474c5c10cc1adc838eab76eb47269cccf4c7fc1cdebbe3de1f81d231c87cc3c8bf090502c4e405fba92ccf345163644d17d17baf84f
Score

1^/10
behavioral6 behavioral7
- Target
  
  ic_content_sticker_location_60_percent_black.svg
- Size
  
  1KB
- MD5
  
  a3c9e4e574c26a244e4660e3412d803c
- SHA1
  
  98c4d769e0efa91892b72887ff5075944b3547a6
- SHA256
  
  1b6c02ff1e1e60d73f6b31c1c53faebe6d1f57782e3caf3c4328a65b4929648e
- SHA512
  
  f0660665f035131c70589a70955b2bfa8c7c8b9c45053f914bad335be06a2f8c23246c24348e3e469a03ae4449811796e39843a07a275cca1806dfed10df1610
Score

1^/10
behavioral8 behavioral9
- Target
  
  ic_content_sticker_location_black.svg
- Size
  
  1KB
- MD5
  
  fb77f4f57cfc4c4a6016d10c56e879d9
- SHA1
  
  d98ed1a853a61e722f35525e47b16616d5b56fce
- SHA256
  
  c6f4e62c0d25cc789058a5563bcc546bd10f492f2e95fa5cd3824951680f1b1b
- SHA512
  
  78ec21798b9adca5822ac03446a8e66017281c6767d99114e524c57952942c745699e58e3228441e54ba42654f91156ee5a26fd8025afbe4e5543e053d63f627
Score

1^/10
behavioral10 behavioral11
- Target
  
  ic_content_sticker_location_emerald.svg
- Size
  
  1KB
- MD5
  
  aadfe32db3ccc31c96197f0591e0fa18
- SHA1
  
  59ce2e9a22fff2e9a1b68578c429f5d710463d0e
- SHA256
  
  71d43fecf9f2ef6e37022c8446194d74f11b7c05816ce321f6a84279c870b4fc
- SHA512
  
  914f19b03527d440752bc284fa46af19ae7cf9f4d2c11cb7bb2753fd50526181e6ca5abed68c695236227b5d8e39db1b5f9359c2d0470a4eaa147c244cc91ddd
Score

1^/10
behavioral12 behavioral13
- Target
  
  stella_e2e.svg
- Size
  
  4KB
- MD5
  
  deb02e17bcc92fef2298a466d71f9457
- SHA1
  
  e4259e3c073d4cb4af07bb3a2147fb1e8d7943cb
- SHA256
  
  83d0ffc0ea968c3b71c194ecb47bbeb4512137a06e8f7ff7b3973ca23dc467bf
- SHA512
  
  cda1fc10cba541658d1f826d735641c2058fadbaf42a9f05e1d8cd3b25fe146db53187548b131bd248e56f34dfebeb3e7b2c1d53784dbe88c8266731aa7401cc
- SSDEEP
  
  96:38fSxf3sWhw3h0A+sJCxox9rxT57OxjrWthy9xFnNLWtEy8PM+cRSjOA+Ay:OSxf3sWhw3hysJCxoxHtSZ6tMNoaPsAw
Score

1^/10
behavioral14 behavioral15
- Target
  
  stella_wa.svg
- Size
  
  9KB
- MD5
  
  4ee3c0dc45185231589902397c7a4c38
- SHA1
  
  28a4882e91c2bbb68562fd9373efe43d24dce3ff
- SHA256
  
  8fead4d413917d70a317375083a0cab7bcde24530fed6d9eb39de05bf14348f2
- SHA512
  
  c22274e0cfe22cddc65f0d258ec623360ba34d8ddeb09a2e7c88290d949cb20f76cb6e8ba8f02c7f5ee7ef4ab551d2d61f680c1dfa0b9acb30143f76d908eec5
- SSDEEP
  
  192:OCxf3sWhw3hysJPiaJfdvLZacjO/SbEgle3iVIept8CMei3ttdLx7Kx:Oa/sW63hNJPV9VZvjbj03ISpei3ttdLI
Score

1^/10
behavioral16 behavioral17

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Renames multiple (56) files with added filename extension

Acquires the wake lock.

Reads information about phone network operator.

Removes a system notification.

Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17