3d222f237097a02bc8d3d012a917cefabac89e34da12e0139edd7903baccdb04

Analysis

max time kernel
4274459s
max time network
164s
platform
android_x64
resource
android-x64-arm64-20230621-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230621-enlocale:en-usos:android-11-x64system
submitted
16-08-2023 14:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d222f237097a02bc8d3d012a917cefabac89e34da12e0139edd7903baccdb04.apk
Size

2.2MB
MD5

56292fee378ec3147e4e005559c67b79
SHA1

f3cf3bddb4e414ea38df1aff96f7a32b0eb5ab0e
SHA256

3d222f237097a02bc8d3d012a917cefabac89e34da12e0139edd7903baccdb04
SHA512

bdbb177fefaf2252e7d46b7d280f21c6425b06504835c1745fceb68091a45ef234f5e0d6264ff2e13c3f65cd68c1ed3df54c4060583deb0f0c4dc5d82a60391e
SSDEEP

49152:dOn8XtHAMveSI4HvpAqAco5vJaJ0aIbsQ2APvq0/23RjmLgp0h:U8dHAMXx+5sqJsQz9/4mR

Score

7^/10

evasion ransomware

Malware Config

Signatures

Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

wa.zi.tong

ioc pid process

/data/user/0/wa.zi.tong/app_cache/mycode.jar 4355 wa.zi.tong
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
evasion

Processes:

wa.zi.tong

description ioc process

Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS wa.zi.tong
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

wa.zi.tong

description ioc process

Framework API call javax.crypto.Cipher.doFinal wa.zi.tong

ioc	pid	process
/data/user/0/wa.zi.tong/app_cache/mycode.jar	4355	wa.zi.tong

description	ioc	process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	wa.zi.tong

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	wa.zi.tong

wa.zi.tong
1⤵
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Uses Crypto APIs (Might try to encrypt user data).
PID:4355

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/wa.zi.tong/app_cache/mycode.jar
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/wa.zi.tong/app_cache/mycode.jar
Filesize
2.1MB

MD5
2280645375f183e49cf605abe2509201

SHA1
744524c6c2ab65021ce578feeb12157475f28762

SHA256
3013ed06e4057e5abab8a6d54663f8b751715f6b6cfe3f26257160321c0d7718

SHA512
6127b6c1709b7061cac9153cab16840a236be1f189e016562834b95153602ad8e5c55dca46104418f48329ca9987457553c99310266fdf3bf51f091c227711ed

Download Submit
/data/user/0/wa.zi.tong/app_cache/oat/mycode.jar.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/wa.zi.tong/app_webview/.com.google.Chrome.8Vsa35
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/wa.zi.tong/app_webview/Default/Cookies
Filesize
64KB

MD5
dfb2098ca7b3bf16d6f5f1e7d3839af5

SHA1
ebb7a8bc886062d77a4092bd306b77a0ce7a3e9d

SHA256
e4119d32577d7fc63b267cc23eb7a9bbfb12d238f23e08918c38838fe0181224

SHA512
fccec45399258eb98220b7f01b492a72b8b3d1254dec6e196e344d89a0376c6ee24534a31a6675c866d4a17256d3ac6823657eaf04e1d386757d0cbfc6597e50

Download Submit
/data/user/0/wa.zi.tong/app_webview/Default/Cookies-journal
Filesize
1KB

MD5
ac056f71ca3178cf572fdc8ca0a16b82

SHA1
da246963dd30e6d654ae86a2d8f51b84e1daf152

SHA256
56da7c2b3c2eb80cbdefde0184b69287467141987d0a106b76b1550187da8dee

SHA512
7b2f22ea5752d0ecc11bff108e1c375d124c683bd912ea49c44c6dfbd712955f6f4225a5d1781bb5148345d91a47e4c1bd5b66194cedcbbffead23d8bdcc045b

Download Submit
/data/user/0/wa.zi.tong/app_webview/Default/GPUCache/index
Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/wa.zi.tong/app_webview/Default/GPUCache/index-dir/temp-index
Filesize
96B

MD5
74890c57f091dc7d45c8434b5d008416

SHA1
f675733765986d737437bd7733fe507d008a0864

SHA256
a2cf8d1d025bfd025a778c22540e85e6db18853176a4dbd8da77e8423c1ce5e8

SHA512
93f52d57055b03aae361047b288c367eb5ba0bcb01933f8064e5ab7934413253f27a624e95691c8f2ca7e6e27963bfb061890aca79e035f38cfb82562aa28c17

Download Submit
/data/user/0/wa.zi.tong/app_webview/Default/Session Storage/000001.dbtmp
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
/data/user/0/wa.zi.tong/app_webview/Default/Session Storage/000003.log
Filesize
61B

MD5
9f7eadc15e13d0608b4e4d590499ae2e

SHA1
afb27f5c20b117031328e12dd3111a7681ff8db5

SHA256
5c3a5b578ab9fe853ead7040bc161929ea4f6902073ba2b8bb84487622b98923

SHA512
88455784c705f565c70fa0a549c54e2492976e14643e9dd0a8e58c560d003914313df483f096bd33ec718aeec7667b8de063a73627aa3436ba6e7e562e565b3f

Download Submit
/data/user/0/wa.zi.tong/app_webview/Default/Session Storage/LOCK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/wa.zi.tong/app_webview/Default/Session Storage/LOG
Filesize
122B

MD5
382c1e6ac7edb6999c30d906e8a230ef

SHA1
2cde307118bfc7c8b3b53dc42ea86bf9732d9806

SHA256
c92263afd7ecc6aa80e6897c598af7fe5ba7e1581b245ff7eb71efacbc8ed4b1

SHA512
75bed2f0d710622f6bbd4ca77065a4fd749b1ee0a409a27db1df38292f8fa3b6b98c2f061ff2629fd75bd5c6d4a179d5a3de39e5496b4033d61a80e59d5e3580

Download Submit
/data/user/0/wa.zi.tong/app_webview/Default/Session Storage/MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
/data/user/0/wa.zi.tong/app_webview/Default/Web Data
Filesize
120KB

MD5
a48cd9324b1f8754b07f00d863b840f3

SHA1
11c6614775b35a58f440971dfc87c8aaac6d6173

SHA256
8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420

SHA512
35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

Download Submit
/data/user/0/wa.zi.tong/app_webview/Default/Web Data-journal
Filesize
2KB

MD5
6aedc8e494418870f9819d177a436ec3

SHA1
2307479941464a9c453cea3cc0458f7a5698df6a

SHA256
bb7dd235fda115612bad6d62d10102d8337f0e8141cbc0eddbba930eaa782cf0

SHA512
2cb13640dafbf063d0e4078d1f49e0030c981207ef8a3476a0cfba7076acce4b30b919f6318ab3ec77dfce88b80d6e252c654d12ce54dbaacbd2847149c799c5

Download Submit
/data/user/0/wa.zi.tong/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/wa.zi.tong/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/wa.zi.tong/app_webview/webview_data.lock
Filesize
16B

MD5
3dda95939ed92d70d273b8abb8a2c168

SHA1
76bfe13f3aa494b1dad8eb18eed8977a97f1eb9b

SHA256
3b9e6b818272514fc459aa3ce824155fab52280a8e714ed46804a0598eb818f6

SHA512
b7e6a3e06c4b848c6062d6b2945d3595c380124d7b526ee4cec0e88d34f3190be41653650bb1c047b135edde212ec77c7559f8a66d9b2bb454195dbf1e219dca

Download Submit
/data/user/0/wa.zi.tong/cache/WebView/Crashpad/settings.dat
Filesize
40B

MD5
af2a1ba48fa12f8a9b9308cef1ae7ea5

SHA1
f90edddf8197f1774a25ba91724be07592f8983c

SHA256
af85dfedc57d900e142310b29e2d0ffeee8541b722b5f77b8748e1ef4ddef8cd

SHA512
f006f0770feda7cae806f5bec506fa576385ccc5ced71c8d780fbee343247bcb71f9e1c95d99124342a36c0ae6dcb5568eba70aebe60edbb2f9998b4cad93427

Download Submit
/data/user/0/wa.zi.tong/cache/WebView/Default/HTTP Cache/36fb90f197028598_0
Filesize
11KB

MD5
d7f161cf2d39db679b71808524379b3c

SHA1
c81e13704ba3414da50d8a24fac558b2205e3d60

SHA256
efc0381ce5e90de726e11d3ad01e0b3f57f841fc40f5f252ce51d20ef3d1a945

SHA512
0cc604bc29c0be7b266f3ae5b888e900cb872cb8426dab34913016967a46d921906f6cb7162dce3087bafff159f06bf068d655408f3187781680cc4eae11e1bc

Download Submit
/data/user/0/wa.zi.tong/cache/WebView/Default/HTTP Cache/3af833a97b5c5d8f_0
Filesize
248B

MD5
689d9b5acdbe4eea67ef8df7bfabe56f

SHA1
9510f35ed91a33b6be01b7cc57fa0e722ca38e14

SHA256
cc6254d511a38d69c68b96181e37ad02632b3405f997f99e719d46e2d6343556

SHA512
9c4f5863a2b711f0cf9325deb317e74b0ccaf858eb7f712c43ae48ddaa6d2ffd2b07d663d4ff074f66aa0671d32f36d79f3b6012c3f16522039ff16ab7151f93

Download Submit
/data/user/0/wa.zi.tong/cache/WebView/Default/HTTP Cache/Code Cache/js/index
Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/wa.zi.tong/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index
Filesize
96B

MD5
91fc068b5f740cc78d73c81514ea229c

SHA1
392215a167d4b713bed4aac43ddb10677651a2af

SHA256
9b866ecc4242542c32b14e6c2d5a3262584bdc1c61dd0e6468f2f07c19ed9e5b

SHA512
dc5152ce8e463e71fed73e339fa9cc18b935aa9c47959a80394d8285a849ea7fa203d3d43e0c484d720556098466b1d0eb35fc4d5f2410c9f0b0be8c3e257238

Download Submit
/data/user/0/wa.zi.tong/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index
Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/wa.zi.tong/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index
Filesize
96B

MD5
056967667a77cbd54ab6f2986d86f193

SHA1
fb56c8d8f538e8aaf9602f6edc56faee65b40084

SHA256
4fa2376ad8540531fa15315244529d14db01cd8da5ad1d7d80137b5aee9b1985

SHA512
a9e1e91711e550eaa5b42990e5e2a117fd9d1c456f7ef6e8059c73508783f2b94825c3e987ff40af25c5abc458a554b4b1e60bc73889af4c1d5e7b74bb823685

Download Submit
/data/user/0/wa.zi.tong/cache/WebView/Default/HTTP Cache/index
Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/wa.zi.tong/cache/WebView/Default/HTTP Cache/index-dir/temp-index
Filesize
144B

MD5
9903fb8db7b525aaab1187828b51afc7

SHA1
531a6755a7851c37344e18e053b865db08bb8613

SHA256
2a671902d59d64377b1efb116d013760a1a4f71e861a2b36cc156286f7fdc12a

SHA512
1d9f7c02e5ca28ece591f8d10fb5460eef0bf4a0d5fab3cfd6799038f77d509c9ff4cf72a9004f8cb370fb8e9dcd67b45dc0af7f895fcde14bfbadff906941c8

Download Submit
/data/user/0/wa.zi.tong/cache/WebView/Default/HTTP Cache/index-dir/temp-index
Filesize
144B

MD5
cc378e3f97740a0a7c07b9d52fd42235

SHA1
d50a2daa7942948949332cfed84d4ef35d8018db

SHA256
a7c54063b789fec30ce598086679abd6e3869aa90c93d56fd90a40076506732d

SHA512
6f36b92b3c5a8feec3bfb95228febd8b1fc1c59de08cd28ca35a2bcd9e53f499fc372ed27060ad3b77d647b0de40b34a02bdf1279a268723eb7ffce34fdd68dc

Download Submit
/data/user/0/wa.zi.tong/cache/WebView/font_unique_name_table.pb
Filesize
57KB

MD5
f080fa2a56ab5479d58063e5ea871447

SHA1
4b3fd57a98916fa5784305b76ba30af26b5253d9

SHA256
0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815

SHA512
8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

Download Submit
/data/user/0/wa.zi.tong/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
97ccd9a2b2063143df56b6937f961ca4

SHA1
5e78a91ae5df289ce83443cb7d5589dd3504fb5d

SHA256
248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd

SHA512
86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

Download Submit
/data/user/0/wa.zi.tong/shared_prefs/mybank.xml
Filesize
112B

MD5
687e92433726e68275e8f2b2dcbc50fc

SHA1
7ef3028ce5e4173380f0c4f7b57f4b390a3d08b5

SHA256
55b308b7bd8d69de27a291811231f3216adbd50cefef6830aa84fd1da9b82083

SHA512
f82738d8b55af6c739a8d9e98afe57b5b53fac98a8176e77009f6f4531b6113cc663cc3a2833dc24a8690f437ece0e5e044ebfef2a432b4719623ceecfb607df

Download Submit
/data/user/0/wa.zi.tong/shared_prefs/mybank.xml
Filesize
199B

MD5
b84e606d438608cdf96019e92a07fdd8

SHA1
82748c1891b5702ca967d04f1e5041a07b2df781

SHA256
a27e728e7c570bf7bfe50f47181a5013f4c37e395d1460c4eccf7a2c38c97374

SHA512
5f85180bcaf3305c5bb58cac24ebe4d11ef71b9bebe547bfa9ad73ccfdfddd4f7186bfaf3aea396de220b89e8a82aabba50714cf980f946a77b9ec7a2a768dcd

Download Submit
/data/user/0/wa.zi.tong/shared_prefs/mybank.xml
Filesize
232B

MD5
033607053f93d353b2e9a3923f769d45

SHA1
505f02938167130b00b49b49ae212e3f2a8a8c01

SHA256
4193693a708fa6f5827c8f7724856b3d7111035772b7b9c86b8003d4c762f926

SHA512
bb4605b37ea5383410efe8844a99a37f5350167a90edc585f8bad6a2fd4812982d428ca9833689f2648a046fffbf6e24f9441a03b9ffe706d959fa146a175b21

Download Submit
/data/user/0/wa.zi.tong/shared_prefs/mybank.xml
Filesize
167B

MD5
46f093b6395f4b4b632cee227a73f1a2

SHA1
d240c517b6b608e44201c08a3c15d43125490893

SHA256
60807d991a60ae4784b74a30e426863cb98f89d8cd855083799ce2648656a7a9

SHA512
d737c3eddc273a5217d251a22ffc6e1118ce0fef29039871a6eb56d31d72b7d7a227559dd401beeb595b714f35b588d575f6c1ee4c8482090c3e7e75cd15b2e8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads