1b41ee0f3ac7f2c9cacf8cc5741b29914a38da008fbe964b3052b8b76850072b

Sharing

Copy URL Twitter E-mail

General

Target

HappyMod-Multilang-3-0-2.apk
Size

14.5MB
Sample

230828-w4w7ssed47
MD5

e4e424bf46797d1f38ccadfb2f44e975
SHA1

0ad1d62ae9e2abad4b45499be0819705c0f5a8c9
SHA256

1b41ee0f3ac7f2c9cacf8cc5741b29914a38da008fbe964b3052b8b76850072b
SHA512

6e8ad6125070c3620da2b132e5b5bcd5e359471311abd5c642020e37ba9a901815b2e6e72774bbcd564a4d40acef34bfeaea5a005c42c663222253e2278a270a
SSDEEP

393216:jhcEb7NpYfFDfxwo+N0lYByji1JToCvudeIwmgpC:NcEuJJwlN09ji1JUCGsmv

Score

7^/10

Malware Config

Targets

- Target
  
  HappyMod-Multilang-3-0-2.apk
- Size
  
  14.5MB
- MD5
  
  e4e424bf46797d1f38ccadfb2f44e975
- SHA1
  
  0ad1d62ae9e2abad4b45499be0819705c0f5a8c9
- SHA256
  
  1b41ee0f3ac7f2c9cacf8cc5741b29914a38da008fbe964b3052b8b76850072b
- SHA512
  
  6e8ad6125070c3620da2b132e5b5bcd5e359471311abd5c642020e37ba9a901815b2e6e72774bbcd564a4d40acef34bfeaea5a005c42c663222253e2278a270a
- SSDEEP
  
  393216:jhcEb7NpYfFDfxwo+N0lYByji1JToCvudeIwmgpC:NcEuJJwlN09ji1JUCGsmv
Score

7^/10

evasion ransomware
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2
- Target
  
  .channel
- Size
  
  45B
- MD5
  
  5a4d6bcefa1daa4a8695bd48885c2ad2
- SHA1
  
  5022b264ef54581ca56baa67f19645f8c0a52be3
- SHA256
  
  a5e091a2ca79be0453029dc0b40d7e23c680984f82bd398a3def9e082063f30a
- SHA512
  
  4b8cac6d50b6284511940751012932152de434a2b0b2901f557cb288c15b357f7330596c2d5e96b49bd7fc5056a1d6b6c17302eaafac0ef20e416ecca5af1f87
Score

3^/10
behavioral3 behavioral4
- Target
  
  0OO00l111l1l
- Size
  
  6.8MB
- MD5
  
  298b6fd4c768fc275f7bb9c1525c9118
- SHA1
  
  24d85e1f088b37b6bc638922ba313cea0dbb3f5e
- SHA256
  
  a9ed87122e0ff4c7afa2ceb5024c1f27d9ff072f7ddaedd2eb623270d96f828d
- SHA512
  
  95052ebae14ddb22f45824d7ebeb062749ce751bf0cc139175f760ae022ee021ea67257543248d9bc5e089ea47a6f6f51bd7de20374644224e8aece6944467f0
- SSDEEP
  
  98304:+rT5w0AMCS40kC9bf84wARoSKHBWxChJMayPz1jdYrsu84TYFpBDLramf45SEp1Q:+njAMJ40kYyA6jBMCPePz1gDEVqmypm
Score

1^/10
behavioral5 behavioral6
- Target
  
  baseline.prof
- Size
  
  1KB
- MD5
  
  26524a206a6decb9a11e4f9f925e2485
- SHA1
  
  a5812a12dbd3a8645c05f6867367845111c5c103
- SHA256
  
  e7eda976c9233efca437205596e6460c82a059ef505f0347b84d2c08678e7e85
- SHA512
  
  8dc4d32a282b14c255e7f4a6a85647136e2f4eb38ebd2b9438aef94bcd626bd1f3e464750fe7d6b766daf5d3e20fdc7e63fe3c1fcf46dc9a65f1f016c0075e43
Score

3^/10
behavioral7 behavioral8
- Target
  
  baseline.profm
- Size
  
  168B
- MD5
  
  6cff4cb3c7162baab9c06b6c3390e1e6
- SHA1
  
  95da3dcfb1ba97b7d5f13ad471dc55a8d20dafec
- SHA256
  
  1f3572937d91b919fe14b3d3169cdb903f49f6ba01bce7470937a43b78e8a785
- SHA512
  
  657da0ef0004f7418eaebd6a87d2b2afc177f7e40b22fbbba0fdf3d079dec283dcf43e26d7b0ea6066b92480bfc92a3c3e14931ab9104c17c81f25d7fb26ec4d
Score

3^/10
behavioral10 behavioral9
- Target
  
  data.json
- Size
  
  30KB
- MD5
  
  bad31b8790d7e7e2fe1fee68e51a7199
- SHA1
  
  fa0db93edc98d99003685fd2f7ddb13a6ac4e718
- SHA256
  
  dddc30f815ee6f574119786d90957cc4744976185a808645d5d77afbf5817cb3
- SHA512
  
  c99acd26b97249c5c54c5050f5dfb602c22256580a01efa96306c5b2bc4c0084cef136301d0b025f62705f02251fb9956fce9c9f80b036dc46de582c412424ed
- SSDEEP
  
  384:68WTWVvKEiZoVjMMqvgA8Wg2GZpCz6VYfGrGzBGKxgz8lWfGldMi05R2rEK5sfd8:WlzYTi2DyvP83WdWDuh
Score

3^/10
behavioral11 behavioral12
- Target
  
  demo.html
- Size
  
  1KB
- MD5
  
  03b178d1ff60f7b47438321299c1e1ea
- SHA1
  
  b4097afe68a2b28456cafad4b70f28bb87020527
- SHA256
  
  56a53efdc143e241faafa8eb1fafbf8aa82ea1c630465a5d66a9c406a134c99b
- SHA512
  
  ccd7c1c2c99de385b4c53056d2e014ae03164cc3927084750716a100316bb94a42ce4c127faf0bf8caf884ef470df23216c004b5f75deff1a4b62721d233ff7f
Score

1^/10
behavioral13 behavioral14
- Target
  
  filedownloader.properties
- Size
  
  3KB
- MD5
  
  f763ad237cc9788bfafbff3a51ead551
- SHA1
  
  a8a011a79ae302dd05d6b07e1402035475ec3294
- SHA256
  
  c5c00932f73f4d8f47177c35ce2c122593f8de0a9f3cfc432cd76fc18881c7f0
- SHA512
  
  36eb23973c896959e7713ef6c83661ac581406b4d1486a8a04f3b7391a0ecc9b1101324e25ef1f7a9248f10a7906be28261c3d459365fc2755d7fcb2e1182a8d
Score

3^/10
behavioral15 behavioral16
- Target
  
  happygame.js
- Size
  
  2KB
- MD5
  
  35087f967af3fc9a9cc42df602eff110
- SHA1
  
  e100c9518d9d689ebb58849508c9da8ed8b745a4
- SHA256
  
  585ae6e48db41266166f185b8c7c9b17876b23f70b8205d14f94ee737a081eb9
- SHA512
  
  2e1473138b031ac0bfe79423009619a5a7ead16a04d4018f40aa3c0e956ae43cd3455cf488f8cc1137d76b27aa3d4278dc0b967cacd385a70b77ca595c622260
Score

1^/10
behavioral17 behavioral18
- Target
  
  img_0.png
- Size
  
  2KB
- MD5
  
  901686febe84e4d8bc2d45b16bc9c66d
- SHA1
  
  7dc10953ee6365fbc75c53be3acaf40e3a799aaf
- SHA256
  
  b70d24522f64e9d66fb9039d9d2d91ec4548f179e43a6d091b38d9b28162fee5
- SHA512
  
  d6f191b11478d40403a5dc9b372631ce7e35adf768075bf4d2c8e94969091a79a6a7cc0363357d9b1004f63c884dd322787228b179821f4d1fc82c56a2f69863
Score

3^/10
behavioral19 behavioral20
- Target
  
  img_1.png
- Size
  
  2KB
- MD5
  
  f76f6274fe7c079eec48ad546a35bb2f
- SHA1
  
  5ee4bd2645ac3a0de5f0fa16582ae9cfb059b52e
- SHA256
  
  7efefa65610396af877bb12e4adb5e756c44e679c8251f994d900d2453f4cd0a
- SHA512
  
  c99d86621af3b53e25f11313ab6437542e9a101a263180a5ac551f7aeeb74d05ccbe2634f4028b230560f9dd939c8dcf7a892c59e81f3a6b156b166299655dd6
Score

3^/10
behavioral21 behavioral22
- Target
  
  img_10.png
- Size
  
  19KB
- MD5
  
  1bbf7dbe2cb2a7fef749d6c6775f86e8
- SHA1
  
  170d5356b330801af430c2f09947db76fc679545
- SHA256
  
  fb92624c032232ee018181977bcdd28249c65c1f625f25f49348939785a1cf58
- SHA512
  
  9b1163c341bcfdba7990695f2f1898414b9b45dcdf3ec1ddcbbc5e310f0377007e4017904cd8e475adfa66b1286bdcc870fdbeb297d40293ffd29aa525733a3d
- SSDEEP
  
  384:+eIooZBfLSN8yFwhQUbeLLmqdpeHDu5+uuk1tPMARli:+p1lLSN9hq2LVejJ0EAzi
Score

3^/10
behavioral23 behavioral24
- Target
  
  img_11.png
- Size
  
  12KB
- MD5
  
  42df8afa0779f23fb1c23b5ee0cff594
- SHA1
  
  0c17a5472bc627af8b58eb6beee7345172018f70
- SHA256
  
  201938b52e87c75977d8ac6b4a4336b731ca035834ae1eb0bd635b350d9172db
- SHA512
  
  2b5f232e6a456eb7a49703bf690486fc4e31ee8272907ffb22e546891baa52a85e74ed2d3462b15f6f3a1999a214aea8d96d3071354a08f40774d1680b789fd2
- SSDEEP
  
  384:eu8CMdsuPk5857MvNF3LngwFbLw7KOXkmsy:mCPWk5857MvPfFb20mT
Score

3^/10
behavioral25 behavioral26
- Target
  
  img_12.png
- Size
  
  19KB
- MD5
  
  c75f9537c7cd2d45d07e1104bc5b4e53
- SHA1
  
  c16106d65a9b84cfe232edb98af5ecc7e57f7ac3
- SHA256
  
  4a0008c15ed63b52164f28bfdb3efbcf98de5b94332001e1c930313a12a555f4
- SHA512
  
  b6609470621ca0e38b335d15ae096ff362d5db8140e15f79cfd8117b166f6e47c3a1a5a59ec41fb7d29d1d54e37eb0b8b171c377597b1e434ed7320eacaecae4
- SSDEEP
  
  384:Od04qu9bvOw6niUALvegrLQXduZl2h8dNp5Wo6rXm0QRrG:RpavOwYaLvegQNYp5WPrxQc
Score

3^/10
behavioral27 behavioral28
- Target
  
  img_2.png
- Size
  
  2KB
- MD5
  
  c5e815f19c16b408c1af0351a7e7db04
- SHA1
  
  73e8e3d5c133259f7da3d3728711e2d060c6002d
- SHA256
  
  636f78b89ec90d9a4280fd7eeb8bc898547214c726fd4a5f425c3c5c93de972f
- SHA512
  
  6ba7f408a3d1d69f39987a238aa9d221dce756ff3f6e0076ae55c6abf42b74a9b67e54eed5325e96224809a39c426564528e6513c23c8f13d629445d66bdb413
Score

3^/10
behavioral29 behavioral30
- Target
  
  img_3.png
- Size
  
  173KB
- MD5
  
  3dc6db78dc72a10fb40886e214534851
- SHA1
  
  33b22a75442c1f24b28622c8847a49d704ad8fae
- SHA256
  
  02bf55643c30f0fcd94651bba4bd351f3054f98c85f0cd7a41986ddfdc050e4f
- SHA512
  
  2d64616562f8e25082464ab0910b01b340f41ebb6371b5bfeb8b55abc7a12ecf42aeefd552066fd59064c7d64ab5d26f44492e60b48493e7ddb214867ba6c646
- SSDEEP
  
  3072:E6CmNbdTrXKWuF4q+YwaOWlF0i7R2YIkqwOcXED4m5tARgojhlCRn1:E6CkTrXA+xslF7YYIkqfXjiLDQ1
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks Android system properties for emulator presence.

Loads dropped Dex/Jar

Reads information about phone network operator.

Removes a system notification.

Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32