Extracted

• • Target

    FAPlusv140_Jected.apk

  • Size

    6.8MB

  • MD5

    2a99530175ecbc707a6efa0d3e328263

  • SHA1

    49248a5f3d0d26a341c41624eb2e9b39e81c9303

  • SHA256

    52992e24e143dab006679a2e2bf13bf6d5e1b7df878a800b83bdd8400402bf32

  • SHA512

    2d0ebc662928003f8214f8b3eadb993f15d91694d172d84f17d9295e6e58a8f9c3749c281d2b7f108fed6041644381acf7b7a2bf71e470f04c6f37bc15f0289e

  • SSDEEP

    98304:ue571A6vrtEwycx7O+HPfZroo8OOCTwNjl55uaGxo4SFvo6znnfFXIu19S+mpKQ0:ue5RAst9NxTZ47n1o6zdYu197PC3Xs

  Score

  8^/10

  evasionransomware

  • Makes use of the framework's Accessibility service.

  • Acquires the wake lock.

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

  • Legitimate hosting services abused for malware hosting/C2

  • Reads information about phone network operator.

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion

  • Uses Crypto APIs (Might try to encrypt user data).

    ransomware
  behavioral1