6ef26a8ac83d7e17b484e7f3de0a66d5d27a32b0b48ed55517c2f6723b67d8da

Sharing

Copy URL

Twitter E-mail

General

Target

HappyMod-3-0-3a.apk
Size

14.1MB
Sample

230901-rtlabsfb4z
MD5

b2711a8aec56f975cffad5e5bc8db76e
SHA1

a85bd5a2c16c971f5c2185fb52a2277499c59d21
SHA256

6ef26a8ac83d7e17b484e7f3de0a66d5d27a32b0b48ed55517c2f6723b67d8da
SHA512

fe400c1c5eb1a5dd8b4a831c5d78ee74df1882a31a67edf5ff0592a2a58ffd7df5eb15dcb126474f4992b63bb44dfce9330652eabbb0f35c9cba0d770a780e28
SSDEEP

393216:thcEb7NSL0qXSQ/xl+gCvVBCxffUKQy02cX9TPTZwv:DcEwwhQ/+1VBCBfmJTbTZC

Score

7^/10

Malware Config

Targets

- Target
  
  HappyMod-3-0-3a.apk
- Size
  
  14.1MB
- MD5
  
  b2711a8aec56f975cffad5e5bc8db76e
- SHA1
  
  a85bd5a2c16c971f5c2185fb52a2277499c59d21
- SHA256
  
  6ef26a8ac83d7e17b484e7f3de0a66d5d27a32b0b48ed55517c2f6723b67d8da
- SHA512
  
  fe400c1c5eb1a5dd8b4a831c5d78ee74df1882a31a67edf5ff0592a2a58ffd7df5eb15dcb126474f4992b63bb44dfce9330652eabbb0f35c9cba0d770a780e28
- SSDEEP
  
  393216:thcEb7NSL0qXSQ/xl+gCvVBCxffUKQy02cX9TPTZwv:DcEwwhQ/+1VBCBfmJTbTZC
Score

7^/10

evasion ransomware
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2
- Target
  
  0OO00l111l1l
- Size
  
  6.8MB
- MD5
  
  be4089c1e8f629ef49cad110b342a27e
- SHA1
  
  da42e298d95ee3058f8c65069126331de227b902
- SHA256
  
  22901649ec55d81a543d1492dc10578e58e3ad716d23d6763a7fd7c18aca66c4
- SHA512
  
  edb7c1901aeb561628cfac3b5210e7bd259a0f65ab9e457977b2e2600ad6f55cd27560f3eed639a85689bdf86b473de4d81a2d1d68c2c9bb9047fd2d389ffe7f
- SSDEEP
  
  196608:iz7zSbBcgDKeR8DXBCX/YLsX6oQSod1XDRP9dVw2:iz7zSbqgueCjaqsqo6XDRP9bw2
Score

1^/10
behavioral3 behavioral4
- Target
  
  baseline.prof
- Size
  
  1KB
- MD5
  
  389d2215bb8d71bc50f92897b04b94a9
- SHA1
  
  ad3d5946ffb4fb2c7d4fbcc4252b625204888140
- SHA256
  
  652bc65f0b4f52b7380f91a2a7a007ec5298b788f66ee679f3522c7139fcb73d
- SHA512
  
  6a7acf737056063f563b7f3fd121f16b204f8e5f3f29ada7b69b8f3142351a9602b7bad70cf382cd7b3f93b8a982c7730b4d78fae0026dfe4be2973f0db30396
Score

3^/10
behavioral5 behavioral6
- Target
  
  baseline.profm
- Size
  
  164B
- MD5
  
  a3e1eafc281af00b0e609f5f95e41ade
- SHA1
  
  2530d01bee9f999b047c8370d50a6bba994b01dc
- SHA256
  
  4193582e3057eae684e752eacc73b04c92797c29d8fc26dd36c9435cb5addb40
- SHA512
  
  25098c74fbb9b8967841847e4ac5a3b2d863132acb28f494d77b9a7b7295267dff818be13d92b21dc43c68caf72f0579ceb0e2e5254b085c26cf41469c37bec4
Score

3^/10
behavioral7 behavioral8
- Target
  
  data.json
- Size
  
  30KB
- MD5
  
  bad31b8790d7e7e2fe1fee68e51a7199
- SHA1
  
  fa0db93edc98d99003685fd2f7ddb13a6ac4e718
- SHA256
  
  dddc30f815ee6f574119786d90957cc4744976185a808645d5d77afbf5817cb3
- SHA512
  
  c99acd26b97249c5c54c5050f5dfb602c22256580a01efa96306c5b2bc4c0084cef136301d0b025f62705f02251fb9956fce9c9f80b036dc46de582c412424ed
- SSDEEP
  
  384:68WTWVvKEiZoVjMMqvgA8Wg2GZpCz6VYfGrGzBGKxgz8lWfGldMi05R2rEK5sfd8:WlzYTi2DyvP83WdWDuh
Score

3^/10
behavioral10 behavioral9
- Target
  
  demo.html
- Size
  
  1KB
- MD5
  
  03b178d1ff60f7b47438321299c1e1ea
- SHA1
  
  b4097afe68a2b28456cafad4b70f28bb87020527
- SHA256
  
  56a53efdc143e241faafa8eb1fafbf8aa82ea1c630465a5d66a9c406a134c99b
- SHA512
  
  ccd7c1c2c99de385b4c53056d2e014ae03164cc3927084750716a100316bb94a42ce4c127faf0bf8caf884ef470df23216c004b5f75deff1a4b62721d233ff7f
Score

1^/10
behavioral11 behavioral12
- Target
  
  filedownloader.properties
- Size
  
  3KB
- MD5
  
  f763ad237cc9788bfafbff3a51ead551
- SHA1
  
  a8a011a79ae302dd05d6b07e1402035475ec3294
- SHA256
  
  c5c00932f73f4d8f47177c35ce2c122593f8de0a9f3cfc432cd76fc18881c7f0
- SHA512
  
  36eb23973c896959e7713ef6c83661ac581406b4d1486a8a04f3b7391a0ecc9b1101324e25ef1f7a9248f10a7906be28261c3d459365fc2755d7fcb2e1182a8d
Score

3^/10
behavioral13 behavioral14
- Target
  
  happygame.js
- Size
  
  2KB
- MD5
  
  35087f967af3fc9a9cc42df602eff110
- SHA1
  
  e100c9518d9d689ebb58849508c9da8ed8b745a4
- SHA256
  
  585ae6e48db41266166f185b8c7c9b17876b23f70b8205d14f94ee737a081eb9
- SHA512
  
  2e1473138b031ac0bfe79423009619a5a7ead16a04d4018f40aa3c0e956ae43cd3455cf488f8cc1137d76b27aa3d4278dc0b967cacd385a70b77ca595c622260
Score

1^/10
behavioral15 behavioral16
- Target
  
  img_0.png
- Size
  
  2KB
- MD5
  
  901686febe84e4d8bc2d45b16bc9c66d
- SHA1
  
  7dc10953ee6365fbc75c53be3acaf40e3a799aaf
- SHA256
  
  b70d24522f64e9d66fb9039d9d2d91ec4548f179e43a6d091b38d9b28162fee5
- SHA512
  
  d6f191b11478d40403a5dc9b372631ce7e35adf768075bf4d2c8e94969091a79a6a7cc0363357d9b1004f63c884dd322787228b179821f4d1fc82c56a2f69863
Score

3^/10
behavioral17 behavioral18
- Target
  
  img_1.png
- Size
  
  2KB
- MD5
  
  f76f6274fe7c079eec48ad546a35bb2f
- SHA1
  
  5ee4bd2645ac3a0de5f0fa16582ae9cfb059b52e
- SHA256
  
  7efefa65610396af877bb12e4adb5e756c44e679c8251f994d900d2453f4cd0a
- SHA512
  
  c99d86621af3b53e25f11313ab6437542e9a101a263180a5ac551f7aeeb74d05ccbe2634f4028b230560f9dd939c8dcf7a892c59e81f3a6b156b166299655dd6
Score

3^/10
behavioral19 behavioral20
- Target
  
  img_10.png
- Size
  
  19KB
- MD5
  
  1bbf7dbe2cb2a7fef749d6c6775f86e8
- SHA1
  
  170d5356b330801af430c2f09947db76fc679545
- SHA256
  
  fb92624c032232ee018181977bcdd28249c65c1f625f25f49348939785a1cf58
- SHA512
  
  9b1163c341bcfdba7990695f2f1898414b9b45dcdf3ec1ddcbbc5e310f0377007e4017904cd8e475adfa66b1286bdcc870fdbeb297d40293ffd29aa525733a3d
- SSDEEP
  
  384:+eIooZBfLSN8yFwhQUbeLLmqdpeHDu5+uuk1tPMARli:+p1lLSN9hq2LVejJ0EAzi
Score

3^/10
behavioral21 behavioral22
- Target
  
  img_11.png
- Size
  
  12KB
- MD5
  
  42df8afa0779f23fb1c23b5ee0cff594
- SHA1
  
  0c17a5472bc627af8b58eb6beee7345172018f70
- SHA256
  
  201938b52e87c75977d8ac6b4a4336b731ca035834ae1eb0bd635b350d9172db
- SHA512
  
  2b5f232e6a456eb7a49703bf690486fc4e31ee8272907ffb22e546891baa52a85e74ed2d3462b15f6f3a1999a214aea8d96d3071354a08f40774d1680b789fd2
- SSDEEP
  
  384:eu8CMdsuPk5857MvNF3LngwFbLw7KOXkmsy:mCPWk5857MvPfFb20mT
Score

3^/10
behavioral23 behavioral24
- Target
  
  img_12.png
- Size
  
  19KB
- MD5
  
  c75f9537c7cd2d45d07e1104bc5b4e53
- SHA1
  
  c16106d65a9b84cfe232edb98af5ecc7e57f7ac3
- SHA256
  
  4a0008c15ed63b52164f28bfdb3efbcf98de5b94332001e1c930313a12a555f4
- SHA512
  
  b6609470621ca0e38b335d15ae096ff362d5db8140e15f79cfd8117b166f6e47c3a1a5a59ec41fb7d29d1d54e37eb0b8b171c377597b1e434ed7320eacaecae4
- SSDEEP
  
  384:Od04qu9bvOw6niUALvegrLQXduZl2h8dNp5Wo6rXm0QRrG:RpavOwYaLvegQNYp5WPrxQc
Score

3^/10
behavioral25 behavioral26
- Target
  
  img_2.png
- Size
  
  2KB
- MD5
  
  c5e815f19c16b408c1af0351a7e7db04
- SHA1
  
  73e8e3d5c133259f7da3d3728711e2d060c6002d
- SHA256
  
  636f78b89ec90d9a4280fd7eeb8bc898547214c726fd4a5f425c3c5c93de972f
- SHA512
  
  6ba7f408a3d1d69f39987a238aa9d221dce756ff3f6e0076ae55c6abf42b74a9b67e54eed5325e96224809a39c426564528e6513c23c8f13d629445d66bdb413
Score

3^/10
behavioral27 behavioral28
- Target
  
  img_3.png
- Size
  
  62KB
- MD5
  
  5f20a711810679188b0f395ec2834ff5
- SHA1
  
  10a44cbbec78a0247ed549d358a586f7c3f21a38
- SHA256
  
  5d0fce8ce26bcb8e6a502fac93113311c2527d62268efba6addeca3241e5af86
- SHA512
  
  734930a419eda1ace4a0353702b014b002046aa05e690774c6d1af5074150b3eaed305989ed1069de607d875df2e9b7a1cf320dd749fadc62f02b6691862273a
- SSDEEP
  
  1536:PatVUo1dLRcIKo8rWO2SzdQrDiq4LitaZt050QoGa3G:P4V57RcnrWON5YDiq4Loo0Vo12
Score

3^/10
behavioral29 behavioral30
- Target
  
  img_4.png
- Size
  
  31KB
- MD5
  
  0f2a8a1f2ab44049454ebf92f73b4a87
- SHA1
  
  fdfab1612cda823e2bfee54f5612113fc17bdc38
- SHA256
  
  e1189f3d612601256926fc5295ef9ec396f26dd7e4fb221eb637afc80ec84a1f
- SHA512
  
  672689441388e61c91dd5eb942ecfbd3c33c09929a95e980a7008dde30d0e1f2c07785014dc4fd074f0465dd6323ce829055e311fcc7ffea2cbac94fbd78bb45
- SSDEEP
  
  768:I42LJgHYTPtFmliOe89cMUGDwt58yLwlfD+5gXu7M7og:I4aF8P0BDBLwlfh+Ng
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks Android system properties for emulator presence.

Loads dropped Dex/Jar

Reads information about phone network operator.

Removes a system notification.

Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32