1360b29d035673ba3c7513a9ae0078e05bc179e51880beb6648996d9f2bcfc64

Sharing

Copy URL

Twitter E-mail

General

Target

YI_IoT_base.apk
Size

79.2MB
Sample

230707-khc19afh76
MD5

e7e442f7f42d61cdebfddc801f4b03dc
SHA1

3b16dbc84446cb30963b4886600b16b4cb545dd7
SHA256

1360b29d035673ba3c7513a9ae0078e05bc179e51880beb6648996d9f2bcfc64
SHA512

8a2e5d3ed3224835ace6ea0b932f07df9ed0dc82b9ae92e80387c65897f2185ca825197b6e660b6a34da5c0128afbd4b3993bd1517a3cc8addf74047e0892f2a
SSDEEP

1572864:msI0TvVxDAmVuEhwWpk5T3b2Sdj7JF2Al6ZpJLXHM4Zdsk6RPcIZ:mT0jVxkauEuW4bPj653M4wjPZ

Score

9^/10

android ransomware

Malware Config

Targets

- Target
  
  YI_IoT_base.apk
- Size
  
  79.2MB
- MD5
  
  e7e442f7f42d61cdebfddc801f4b03dc
- SHA1
  
  3b16dbc84446cb30963b4886600b16b4cb545dd7
- SHA256
  
  1360b29d035673ba3c7513a9ae0078e05bc179e51880beb6648996d9f2bcfc64
- SHA512
  
  8a2e5d3ed3224835ace6ea0b932f07df9ed0dc82b9ae92e80387c65897f2185ca825197b6e660b6a34da5c0128afbd4b3993bd1517a3cc8addf74047e0892f2a
- SSDEEP
  
  1572864:msI0TvVxDAmVuEhwWpk5T3b2Sdj7JF2Al6ZpJLXHM4Zdsk6RPcIZ:mT0jVxkauEuW4bPj653M4wjPZ
Score

9^/10

ransomware
- Renames multiple (108) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Acquires the wake lock.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1
- Target
  
  ShareSDK.xml
- Size
  
  5KB
- MD5
  
  9473cb9f9598f194f6cc90ba35b3228a
- SHA1
  
  92e9e2c577c66bb6bc9f806f9a50ff507c3747bd
- SHA256
  
  ad326658da76bde096bad76b4921f3b566fb0b31328cb317d248d2706c0a108f
- SHA512
  
  89f3eec02d1f68d5efa557724bda22680fc70449289695364d0bb88be4f7ed93a4aa1e03283aade83944c50bcf6a4d784c36259a41035b65915d191b151f0ea8
- SSDEEP
  
  96:AE6acIJF6PNlqe+Kj5KHgSiX/79rvHVergb8LT:AE6alX6P7d5oQ79rMT
Score

1^/10
behavioral2 behavioral3
- Target
  
  alibaba_puhuiyi_bold.otf
- Size
  
  96KB
- MD5
  
  b88269075f30e1d116f4b31a37f172ee
- SHA1
  
  7db7fbc9b3a761cf114d6d96ebcf47c0009ed9f2
- SHA256
  
  3766116b78b74d07079158f2071a569fc2cfae21bd3a322af16ee841f5c5fb86
- SHA512
  
  8ba586d884507c00e8e73f0ffe6ae057deec35f469fcadc9c37a8a412bdcfedadf77efa816f8e7cad9f7103d97a83261100c95250759b32ffdabb982b442b1cb
- SSDEEP
  
  1536:GFqxFDEZ/eR6bdEF9aCI99xwgO131LXg/QIyVsEj80wzgwIe7z2qWuJQAg:GFWOZ/ekbdEF9F1g/S80oITJuJQAg
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral4 behavioral5
- Target
  
  alibaba_sans_medium_italic.otf
- Size
  
  93KB
- MD5
  
  dfe44df8baf34c76858bf0561b370218
- SHA1
  
  0b44827a23d7bde4f4983b42ae0a49e2a60fcf17
- SHA256
  
  1d7a7f75e96a5c4677873aa4b8bba69c5b60153c43d2f9673aa4e5922fc99670
- SHA512
  
  d3754d3cf5e6b12703e842dde5bd7ba42035d612249099099ba705d7e007eadc3db7c481f80243e74b6981d36a107e5cae9d925c16277d266aeebb0b867c5b2a
- SSDEEP
  
  1536:IZj8EfEgyqmB7PxG5miLSC+HSaHDXms5blHKS91MQQX/K:ogkEgduDxgFaHt5blHKS9o/K
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral6 behavioral7
- Target
  
  app.4df63c69c64f6ef78419a0a528801587.css
- Size
  
  35KB
- MD5
  
  c5948e2082976d1d298eb03bca6b21ee
- SHA1
  
  c8aa44c79e4f6198890ea7d60110536b490fdb48
- SHA256
  
  d87a84fb7978b6804f9e9bf292e4e06638904e46254297504bf7fe6914d2228e
- SHA512
  
  b61b9760bbf387179c9eb33d44176423aea1f03519655da0009b6e19ad1ed391c88e0ee1aae4ba994c694d227a3833fac371a02b4333aef6b2268be40f1b41e1
- SSDEEP
  
  384:IG/kmhKTze8ykyI4hv20Vn5TLz7d151HVXZCuVeo8W8W3fqknoV6Ij+1dot2x2T3:tNoYy
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral8 behavioral9
- Target
  
  bg-alarm-other.932c602.png
- Size
  
  75KB
- MD5
  
  94514526a83bbd564c72c295c295caab
- SHA1
  
  9cc9e47b855af12f191b57c95fb10d1defc34f17
- SHA256
  
  cd7ab3c50a7be9be3d33e54a1b2d3b7f5b98b83c5259c427cbee2b7e7cdd2a8d
- SHA512
  
  69d07754370cbd907352bed6967fbb4fcb90d878797bf54ad4a3eaf19d79275aec185f152b913ceb86600398634dc9c18bf4d0c81ec7aa061b07c1b68083e2b1
- SSDEEP
  
  1536:qEi79530Qz3QFF2nVqhtBYu+LLlmdagzzBHfAcNJRLm:Q53GFF2QhtBYu6LlfMztHJ0
Score

3^/10
behavioral10 behavioral11
- Target
  
  bg-alarm.d56d033.png
- Size
  
  31KB
- MD5
  
  9ebf65accddbbc45cb0b5ab92a736993
- SHA1
  
  57c4e18e1c6d425dc7de123bdd0aee29fee5e22d
- SHA256
  
  eaf6f49358c9c832bcb09451191f50e8658ffaa72f686289ca8b70f3ad28fd3d
- SHA512
  
  beee42bc9fde2b80c1bb51a871a03875ffe930156db21bcce8af278b15f10320454c6ce538ba962e3846b96357eeda87537a9d421d0afac6ca492c29693dc451
- SSDEEP
  
  768:7s6sXYNDjp7yvYO1P9lJVw2ZvLWE2dCwNpCPxKJ4R+yQ:g+7yw8bJJSfHWKiR+yQ
Score

3^/10
behavioral12 behavioral13
- Target
  
  bg-bind-success.e7c5c17.png
- Size
  
  33KB
- MD5
  
  56781b833b6bde147db66d3420ee609a
- SHA1
  
  bf5e05a2be5b53599ded970214cebd21f8f786e8
- SHA256
  
  0f34a2b5fc254b0e110093ec53d62f657f6d938a6c1b0d309aaf0496d1799f24
- SHA512
  
  8477459a51a226d2560ab49e215c38f8eb3c8224b8a99b9b9fbd368ee9dfddd7127489d979db76d85ef288e6007e8422679180dbadd7a6d44c521145d5caaf0d
- SSDEEP
  
  768:ToFD5R4bXElcQn7HizbxLk0xZQiKl90+mSG5X3TJyomCJlzq/:kBX4bUlNnK6wK+5PJlzq/
Score

3^/10
behavioral14 behavioral15
- Target
  
  bg_w10_bind_one.41d7983.png
- Size
  
  88KB
- MD5
  
  41d7983c97c6516ff2548cbd071420ab
- SHA1
  
  d3787c6ed2b3e39cdcca932595be0bc697bd210b
- SHA256
  
  29b15d7bbb8900e633dd5cfbc1d9043565d12fb5b5370aa5c8f63c3dcc4f4498
- SHA512
  
  074e7359ca8d2ffb0767539d6a71c08925c2f6e6f9175584f8b842f392c80c75333a162e97580d43194550afdaa098ac9e7a537a1415f642a5a6611ebb9b43c4
- SSDEEP
  
  1536:bonZbKtI82LyyuE5MOiJoUBoZrDQ9Tpw/WOAudEjLH7xbmAy1c3pkEQEzAL:bonZHLcuMR22oZfK+AudEPJm1H9EzAL
Score

3^/10
behavioral16 behavioral17
- Target
  
  bg_w10_bind_three.35c6433.png
- Size
  
  57KB
- MD5
  
  78084ff9eb0c54b2ac74e4680441cebe
- SHA1
  
  948e8328b7e0f585bbfc77c773ce8d934be10d8e
- SHA256
  
  a2ce9be21bd2991f67ad29f500793994ab6c9b96144b8e34d186187c3aff1f32
- SHA512
  
  ea2231be266d6da0d9d14e5eb014bb0ab9b97b67f5de4f6c2fa9d7f406be9c043cf12e0ae2e7966c22526794291ce37dd56005aafddfd81702a1f8a7f749aacf
- SSDEEP
  
  1536:WQogyeUabXJ6rItoaymzlcJ4GTRvYFVnVSJfwXXaD3wcpn:aeP6faymzlc3lYFaJfwXXaDF5
Score

3^/10
behavioral18 behavioral19
- Target
  
  bg_w10_bind_two.62f969b.png
- Size
  
  49KB
- MD5
  
  1bada24be56de5d8cac20de2d783524b
- SHA1
  
  5467e6dce135bb8652d4ff45e2023952c0aeb936
- SHA256
  
  36c958646ab147ad2dbe274a1f9e963e972202dd8220b4d37434a149e9dcad0c
- SHA512
  
  51125f7c3f21a66f17523456862b58cd34f775d8a4c6e52f071a7f20560c664162e5f26deaa4bee4135935a548fdb9d81e05c175aec798808a87a3b01dd962b7
- SSDEEP
  
  1536:XEK7AUpu4+1JCUjqH+oReT+z7QauIcqtMetTzT2h:XEK7dpu4+HCUXoReCQazcqtMe/S
Score

3^/10
behavioral20 behavioral21
- Target
  
  bind-device-W10.7a5b360.png
- Size
  
  43KB
- MD5
  
  071ae271cc51a6693b489b4c8884c1f2
- SHA1
  
  f7db900d63970d436a211d69f8d21dbfcd2407b9
- SHA256
  
  fb5d72d1997d9d5c5aa930f50a84a3f7e9b71a9f85bff549a9577573235f87fc
- SHA512
  
  649035e65d2ab574723163e5bcec9cf53b3b7c2ef3bc22972a8c328686ef8ea197f80e0865815d983a435e520cb35bf1e1a727bc8b3dfac9c5cc69451a800a4a
- SSDEEP
  
  768:PGAqmhPhOcKCM+43PjWifMqjH0emU3ij0KL7BaIevkq9qxMbSHrGhNYqW1Q3Nx/S:+wPhObCMz3Aox3eU7kqqxkYrqJHxECC9
Score

3^/10
behavioral22 behavioral23
- Target
  
  bind-device-gate.46bb475.png
- Size
  
  17KB
- MD5
  
  5c943f50c4b1884ce4df164a7f755734
- SHA1
  
  e0cfacd6f4ee3e0e9e3bf12a1b478fced7164a7e
- SHA256
  
  b1c40e460b266125ed6acdd5d4704957071b2291fb0b213e9b03912b1f3c42b6
- SHA512
  
  0bf31a56568b48cd239ee18f3089e080d74bfb835f98141797f42bd5eadb073a7c3803f3dad7a0892c77edec91e6fa1bb2538596287f501a4d1c004115f2f44f
- SSDEEP
  
  384:WspwGJ6li+vNYagGGWs9UXbWYW3U+hEIoaS+pFsF:XwG0PvNYad/s9FzESeaZF0
Score

3^/10
behavioral24 behavioral25
- Target
  
  bind-device-sensor.694c397.png
- Size
  
  42KB
- MD5
  
  70a908ec8634ef57b48d871256a1fc1f
- SHA1
  
  ee987dfa72b6aa1e14625171fce443cf4a631d01
- SHA256
  
  a0f7cb7ede8642b8cb7c965e8f60b654320a07eff8f5c7c08c4bf0cd634d3e34
- SHA512
  
  69da0a79e4c9ed68fffe26da07df6298d91c35ac14bc41ed291611fad7cf0889f8d6084c39d07b973e8e2eafa992684c508110fd3858a016b92c724d369bcd07
- SSDEEP
  
  768:R/Ws7JOBqhL6vzi+ghjb9rTbz9im0KFXqxq3DkX/CL0M80Z6Hysivbh+22tNTx/O:R/F7J6wL6vQjbpi2Z6UhIFHkvgTTZtc
Score

3^/10
behavioral26 behavioral27
- Target
  
  bind-fail.ee24f95.png
- Size
  
  8KB
- MD5
  
  234002c0d39d8ec08f75654bfa0d87fb
- SHA1
  
  53506b11ecb0b20c800b8d07c1d2c6c31b97aceb
- SHA256
  
  b1383f0f85b56c07418a709a484cf49c5fff315faf9381b450e083bd5f40727e
- SHA512
  
  e7419d7e10daa2abd0c09bbf0d5962d67205b16a5a162c3188cfcfce665c8b04a76a6a2856b6490eecd64a42bf8bae5648823fec9323bda02f0eebef0059d686
- SSDEEP
  
  192:N1jJfYtyjHisHcwv/BHNeh5s6fSnR8ornkuG5U19AFrvieklMvnZoiN:j2QjBcM1wSxR8orkNUXQTieqM/Zo0
Score

3^/10
behavioral28 behavioral29
- Target
  
  bind-gate-guide-first.8538f29.png
- Size
  
  124KB
- MD5
  
  995a8cc81c727a3fd5b71f2ca24037a4
- SHA1
  
  d724f2b4a9da080e9fd2224b13569810de8ffb5c
- SHA256
  
  62ebd452f03dde06a1c213a6db2e875b4d655eaf4745d022ac485bc02441a80c
- SHA512
  
  20e787d4c1728519709bf6b2bd1ec948046e3333e73ef21c3f7d4a191c3577852ebd0cb0a42305a790d1a47aebac25e4dd3681a6f9b5d9ff6b1ff501012e0328
- SSDEEP
  
  3072:lld333iwYBu16OEJwwIvu8+4Uc9In9o/RF:lldH3Cu16vcvSPcW9o/RF
Score

3^/10
behavioral30 behavioral31
- Target
  
  bind-gate-guide-second.2ac19b6.png
- Size
  
  117KB
- MD5
  
  2dee0572f4b8f32a09abbd0aa453c2b6
- SHA1
  
  6d64db848a447cdcbccc961936af4d563b703d2e
- SHA256
  
  96c0c324c3cc718b4980dd09a31dce7d3a17c2f347249c9b538dbc7b4b7e53f1
- SHA512
  
  1c8240a3270e35bae4c8fee589670f885e66b358970f54db37389220612d03b3ac242c3745ad0cd319985064bdae4a04f6043ebfb38fed257a45740b92cbfde5
- SSDEEP
  
  3072:SwYwjWun8zd+RISWmZdBftm1X63X+fBZznPC6Ps:SwYwaunEd++/mZdBA1Xl7jU
Score

3^/10
behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Renames multiple (108) files with added filename extension

Acquires the wake lock.

Looks up external IP address via web service

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data).

Checks computer location settings

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32