31f8620a467279cbfa516e368cd96a72ffb8cc0aebb299acea9221035e0cf60e

Analysis

max time kernel
3159806s
max time network
151s
platform
android_x86
resource
android-x86-arm-20230831-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20230831-enlocale:en-usos:android-9-x86system
submitted
22-09-2023 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f0496840c3627e5b839251f1de000828-1.apk
Size

443KB
MD5

92a57e55d0e04511a9bd3b819a3702b2
SHA1

715b298fd869672021fb17d2a358fcf122c0268e
SHA256

31f8620a467279cbfa516e368cd96a72ffb8cc0aebb299acea9221035e0cf60e
SHA512

ad5e793b873d97dd2421f515a4d23c40d0455d86e9da5cda41db3de3d70d268134db0178eefc0b4d89b168d7e38797d4e97643e1e0179fc35ba58f5eb165902a
SSDEEP

12288:hKuI17NtsD5BxmwMXWFXoY+pdcRZtSwfW6FKlhY6Zze:8ZZODhmwMm7W2jtScPFKlucK

Score

7^/10

evasion ransomware

Malware Config

Signatures

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mufc.fireabc/files/xhelperdata.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.mufc.fireabc/files/oat/x86/xhelperdata.odex --compiler-filter=quicken --class-loader-context=&com.mufc.fireabc

ioc	pid	process
/data/user/0/com.mufc.fireabc/files/xhelperdata.jar	4277	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mufc.fireabc/files/xhelperdata.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.mufc.fireabc/files/oat/x86/xhelperdata.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.mufc.fireabc/files/xhelperdata.jar	4217	com.mufc.fireabc

Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.mufc.fireabc

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.mufc.fireabc
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
evasion

Processes:

com.mufc.fireabc

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.mufc.fireabc

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.mufc.fireabc

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.mufc.fireabc

com.mufc.fireabc
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:4217

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mufc.fireabc/files/xhelperdata.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.mufc.fireabc/files/oat/x86/xhelperdata.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4277

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
2⤵
PID:4387

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
2⤵
PID:4486

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mufc.fireabc/databases/ua.db
Filesize
36KB

MD5
0adda9c85a5e4808f5b1b74c0a8591a5

SHA1
5048107883ab1e345af9cf2e6849ce46e0e612bf

SHA256
1e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1

SHA512
646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1

Download Submit
/data/data/com.mufc.fireabc/databases/ua.db
Filesize
24KB

MD5
a4a3ec14ddaca23665f4b8702eeac4b5

SHA1
4a07d3c02d33cf61f8c14e2facbbecb2e257212f

SHA256
46b7feaf2843370d42af4f27211a6a168ffad675d8a9cb19079cc18d1afae7c5

SHA512
e3aebea5ce79b490a1da9493152c96e560dacb8a3cd2808048dc2096161ff8406f8927e944ad06c071c3c039270a93725ae017f9ca610dbb53b99f04300a6cbb

Download Submit
/data/data/com.mufc.fireabc/databases/ua.db
Filesize
16KB

MD5
338c04707693aba58a84b07fbf8f4ca1

SHA1
131f2d076a69dbc2797661774e272fb3eae8268a

SHA256
866521c40f34da6c684a29bc1ae295461f9702d43621f33b5cf9d1d787d9432f

SHA512
a1e11c0bb0e16d4c6a4270c5753c1d5be1c6752bbe21590b4757e6207469f52e92e71bff208bfb8e7691edb8a4a84d7069ac1645c9352cf5df332f2ecfbd1cb3

Download Submit
/data/data/com.mufc.fireabc/databases/ua.db
Filesize
16KB

MD5
bd7333b6869137efc1c19d293d1a9244

SHA1
5c084e02f63ce27abb1981f8474b1532f2c19a68

SHA256
9555199d4de69ee7d77694fc30360f91efbde3a960b3453d8d5540fd8dfea51c

SHA512
7c52079e45daf5083075a2cc0ddf3f354df5482093e9bec0c6be67c3a7d8d1dcb14c7abe4a973075d424037da9ba4bf9b115d2bb8e5b0f8e47c1a35a3abfe0f8

Download Submit
/data/data/com.mufc.fireabc/databases/ua.db-journal
Filesize
512B

MD5
6f93ff3445fd34e616f08276c5cfa264

SHA1
3b4172448db01faf4189c651d5e691ab165a147c

SHA256
0bcbc59c3e78cb48c74e35face1cbe5dda065b32ddaad03548b336c6a15a3006

SHA512
f1e0672c0be8ec9dfc3ae568d7bd76e6b32f16e9a817732319103371e9f3b22b9d438a26b6e84e31919f2f3d94829ab06362dc00037e4e9b39fdfdb15f886dec

Download Submit
/data/data/com.mufc.fireabc/databases/ua.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.mufc.fireabc/databases/ua.db-wal
Filesize
48KB

MD5
b41a73e0c6e29faf202d9bf8601e3e54

SHA1
d5a39171858687aacd5f730036fdf620db7801e7

SHA256
8449c35914b7282466a5b3e86c9ce5a4417ee413df28e7d52c2e37de24d901ee

SHA512
0972d03ae0b00f939d7de5be07c91a0ef35df5e25a6e15851983d7d51ba712dbbce29b86777b504056b45969187837e9cb4d3f81030d0e7a6ff2b0252e6c383a

Download Submit
/data/data/com.mufc.fireabc/databases/ua.db-wal
Filesize
12KB

MD5
888e6b11a11431330a487a6ee81c7727

SHA1
c2dea73c1d50f77c9d8c989ec14eef2bc1bd8e42

SHA256
b5ff81dd6152cf36fd84950daf787d7678e77d2577591007c1b9229af142cd2a

SHA512
d99586008092f9a47f492c73dd01263ce73785c47ee78719f90b3bdd56da5a7db5e19a62c2c34f666438b77c62525212eca7c304d1d6ead2b938e19db2f77732

Download Submit
/data/data/com.mufc.fireabc/databases/ua.db-wal
Filesize
4KB

MD5
66af24e513ba41243a4c1aa1d10e3624

SHA1
32c7007846910f0c1d185aa2b9152a62d97d704b

SHA256
7e1d5a7ae851a2b0248eaad35b0640cde0450e4d062d11636b18807cc2b72b17

SHA512
d24e8149c24de5a95d03d1472ab5be5f492c238e591d91b0d8dd7701f63e8f06c05ccc9f5102c33f3ff7ab1ef34da6a2d35085e7ff1a639c52b5da51e6e12e5a

Download Submit
/data/data/com.mufc.fireabc/databases/ua.db-wal
Filesize
4KB

MD5
bb5d475b1e40a2549a6c5ed198d88ffe

SHA1
87e8b45220f40bc1452b15990113807d2773b41b

SHA256
f6cfed69baa0b443ed48211f9818285a9375f23ffa8a8b7f507ef9aab74ba8ee

SHA512
1ac6fa308ae50bc89d399b605fce40dfe4ae9d463479288327ec71dfab7f77427390b24615a9ad40b338d18023438cf6b4f624bc780f98b19328e2960d34702d

Download Submit
/data/data/com.mufc.fireabc/files/.envelope/a==7.5.4&&13.0_1695376804412_envelope.log
Filesize
1KB

MD5
7c77cdb86bcc7ad4a3aa82fabaf95e03

SHA1
b82ce2d018cc70a5a79f527deccb71053e2ba2c6

SHA256
39e837e93d8171d84f8585e2bee5bd264e701ec98a1fe9f637a3b4ee61e7c364

SHA512
4307602de314843de78ee421f951f51764beb42837cc9a7f76853bc5a189ca84f43a2f60c97910b787b91027eb1f39d572456e4a2fd605753be82cea1a9e1b57

Download Submit
/data/data/com.mufc.fireabc/files/.envelope/i==1.2.0&&13.0_1695376803281_envelope.log
Filesize
2KB

MD5
f3c6e28f333c875962c0b3c74dad2e67

SHA1
5bbcd3525b819f557339a0514e2ee26252f66b38

SHA256
14f538a47bf180023aa657174366a3fa7083b9eb9eed3e1f4ebf9f177ee2ff45

SHA512
c63d22840e36242eccbd2c34f1ebffdd50cfb31a9007660b82b632906ed89c6912771f152804b5d26ee9aae5c70813028cc39e66fc91f9d6460e6a0f7cc8c2af

Download Submit
/data/data/com.mufc.fireabc/files/.imprint
Filesize
486B

MD5
387a0bf89a28591dff730ef412ddcd37

SHA1
1875eb4c244e7f62b8824814ac278f5d131ef7be

SHA256
c66a8088c34d801bedf4be7f74b9caba4970dcfd7d6b27ae298bf62d9693aff1

SHA512
e98f8714fac48608ac6368b2a792353c25a409c87a29343fa2fb80175de905dba70c5dd559c6d7fd4a13fb6e868e35a72e14dd5e3e08b71e412541e2ad14af13

Download Submit
/data/data/com.mufc.fireabc/files/.imprint
Filesize
995B

MD5
2ae726d9973391c88c14d294a9998fa6

SHA1
de1c521322215ff3fc9410ecf7894bc599e31707

SHA256
8b7f60144b85d3a92ac238c67a09108524cf95f33bfff25af345763774ec3dfd

SHA512
74a118345fb275150dbb8d2f590f1224d175e7fa827cdb180fa918c394f2216b7f12282e6c65b291de9cb3790a46a00c04fdf6e7964f0e659e70d8e1add8f22f

Download Submit
/data/data/com.mufc.fireabc/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
e7aaf6105a7b7e6cd55baa9e02308e31

SHA1
a9e703b2050c9a47aedec493c29bf2211261424c

SHA256
08f7ecd09d049be545bd9939bfb124ac6c1eb3b64971fa0b0fa9b8a4c4d918e0

SHA512
d7f2780f985d6a1560e224f1f7132421457e9aa2a32d8ed62912c85092b47a2af46768ee53e103861ee60a0a8253e75995af1a0f6e2a2854a6a5a88877f7a12d

Download Submit
/data/data/com.mufc.fireabc/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
e7aaf6105a7b7e6cd55baa9e02308e31

SHA1
a9e703b2050c9a47aedec493c29bf2211261424c

SHA256
08f7ecd09d049be545bd9939bfb124ac6c1eb3b64971fa0b0fa9b8a4c4d918e0

SHA512
d7f2780f985d6a1560e224f1f7132421457e9aa2a32d8ed62912c85092b47a2af46768ee53e103861ee60a0a8253e75995af1a0f6e2a2854a6a5a88877f7a12d

Download Submit
/data/data/com.mufc.fireabc/files/bfn.so
Filesize
33KB

MD5
35e2fa977547109fe28271567833a865

SHA1
814d919bcdcfb01f96a0fb179ab707f5a7e7521e

SHA256
0c210e6a67400e3e7b9ab74a656bcdec899271c137ee82751345a1f3e3e7e360

SHA512
2be99aee9c8d12d8c8ca7bac37b31e9c8ff1d35582d7da2e4a4501fd4525003ca4e0dcb883d88746cbc72d5b3fa36f478855b2ba8a274611e6c920847fbf8de7

Download Submit
/data/data/com.mufc.fireabc/files/exid.dat
Filesize
56B

MD5
f77b1c050e05405a2154148e79e3b45c

SHA1
ae47b9d2ba0339263c7577ae24e3392ef21a9c01

SHA256
a7d197748007addc4054e42f2db3cbae47a3de103281b10432ad2f7cb4cfdc64

SHA512
ce41587a70758e0bbd0a812bdfe85294f9c774c774b8086a13cac10e66c110a59f2d338acbcbb8f6ac403a1f5dcddf5271f7ad9794dbd649d7625a83fd019a7b

Download Submit
/data/data/com.mufc.fireabc/files/exid.dat
Filesize
56B

MD5
f77b1c050e05405a2154148e79e3b45c

SHA1
ae47b9d2ba0339263c7577ae24e3392ef21a9c01

SHA256
a7d197748007addc4054e42f2db3cbae47a3de103281b10432ad2f7cb4cfdc64

SHA512
ce41587a70758e0bbd0a812bdfe85294f9c774c774b8086a13cac10e66c110a59f2d338acbcbb8f6ac403a1f5dcddf5271f7ad9794dbd649d7625a83fd019a7b

Download Submit
/data/data/com.mufc.fireabc/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNjk1Mzc2ODAyMDIw
Filesize
1KB

MD5
d5d9d22e22b58e87fc1294d42d9ac0e4

SHA1
7f08f22b3a0b21c29aee184326b9f74891ffb6c3

SHA256
0837ed0b4ea127173cc6a893210c326f481d4340b0d05b4e509af060388ca114

SHA512
9acb7bea343653df7ff4090be7d430ade9542b517a70e21bef33865843285e59442ab42b9b1a9083b0aee4b235d3194b3738248e56d2e327079ea96ea8e6700e

Download Submit
/data/data/com.mufc.fireabc/files/umeng_it.cache
Filesize
211B

MD5
99b07cb5b42e3c90765876766ae66096

SHA1
26138954c3fb5438b6fdeb986946e5e8e8fd65a9

SHA256
6c8c8667c8cb73980b01ce102ad9cf446126ed54250404a02f02e29e2b64247b

SHA512
dd73917a8ec78a35048dca1defb7316690fbde9beac6cd6b1aadb6c21ec51aa7cbaf5844ac9b0434c00a73b28d382a5e6a3a635cc70aaceda259b27f6842ea83

Download Submit
/data/data/com.mufc.fireabc/files/umeng_it.cache
Filesize
415B

MD5
0280ae9d97563b35e29aab857cbfdd9c

SHA1
eb075522a528278383608cb8cb1ca6d446b5b5ae

SHA256
34f03bcc9fee0d60e1e796d8a519accbc08e8a230c15bb88c2d385269530fcc2

SHA512
fe30f81bfbe897ce39d7d5424ba8062c284ac8350094e35f8838296e86bd50c39b13c205aad793a8e93bb529a85e49aada74d81ccf04df03811c86e3d66b3c6d

Download Submit
/data/data/com.mufc.fireabc/files/xhelperdata.jar
Filesize
211KB

MD5
26d1f7625f74fd78f4487f6d89ea08c9

SHA1
a5cf0ebcbb0d9aed587487460b1a13b685b4a820

SHA256
8a256c4aeac80393d8446a7b426d838f4d76e290d31fa9eb0b5c17b75f935828

SHA512
45cbf1cb599ad431e73ae10312dae88641d1e98e3c2363c154ce8aec9a2ba45e93e8196c06e680933cf1ed869cd2df66b0f77be84ceee5781b96aeb8f98affc1

Download Submit
/data/user/0/com.mufc.fireabc/files/xhelperdata.jar
Filesize
4KB

MD5
cbd4dfe53966f3a13454d566904d3763

SHA1
b7467e557e4f9a370d9e005b0b9c8ce9084aa121

SHA256
fba660a7fca1685775935148a3adec2fe6012939083a514ac8fec28ddf1aaad4

SHA512
17813865f9171565663419e86dea3d0f107e415efcf3e2717cdd9cef237b2c8a01db3bfb7bcf50f43666d2c0eb205f2a5bbb4ad67d2df1611d35252676dfb2e1

Download Submit
/data/user/0/com.mufc.fireabc/files/xhelperdata.jar
Filesize
4KB

MD5
969a2464e2fbf6b561cbc8176b14c8b4

SHA1
5b43a9a4342144f09da451a649e9cec4f0e58c1d

SHA256
5ade1d492abea3492cce2885c876899b2098048cd7b0255a62a79f6af6d67ae7

SHA512
aec97c4c5612982f6614ac0c5ee6c0a8172115871661295a03d1832524020de786931a53f71717645fdc558ff71e543f2dad9386f9b5baee706ee6548536c90f

Download Submit