a4687be311c40c16353baba08daeb86d858f66ed9ecffa9925efd42c4a0b5aa2

Sharing

Copy URL

Twitter E-mail

General

Target

93315f601ed8210fcc6e3c40eee5b4b23df4d606ba729cfb90e6e6d299b7b288.apk.zip
Size

39.6MB
Sample

231007-3rh8qsaf79
MD5

2ec8d21fcfa32d852bed9b557bb064dc
SHA1

17f6724cba31b4dcd6d58e5e33681f10968f8a0c
SHA256

a4687be311c40c16353baba08daeb86d858f66ed9ecffa9925efd42c4a0b5aa2
SHA512

b53508be62ca3c08944d5cb5e4f54370ff1fdfababa8737b705fc2375f3261d3f60012a600872b0dfa066d10bc1ff66af3af8fb4417a62841f0ca0ee94068c52
SSDEEP

786432:ccbNYXVQHGqNzBLu2BPV4IyGY3nfKPT1Rtml4R49394OKGOZ7Hn3om:xN4VlqxBFxyGY3nfKPTs249t4OAnH

Score

7^/10

Malware Config

Targets

- Target
  
  93315f601ed8210fcc6e3c40eee5b4b23df4d606ba729cfb90e6e6d299b7b288.apk
- Size
  
  40.5MB
- MD5
  
  054335f992d88bbe193245ef9af2c61a
- SHA1
  
  f5376704290987b3cd29d7ab1f4471668b60747f
- SHA256
  
  93315f601ed8210fcc6e3c40eee5b4b23df4d606ba729cfb90e6e6d299b7b288
- SHA512
  
  5022fc4342306e8ddc9e58132c0f7d717833a71f950d8a1105e3b40da70723fc81dfb82cd593bb9e5fc03c7b9f73366600877b946f11df4aa331eff535a9a91d
- SSDEEP
  
  786432:u+ew4eslE/XcQk1H1m99BeJxenoj15f4RnRLaUjNAwv4Gng+b:uFKXcQk1V0gLeoX4za1Wg+b
Score

7^/10

evasion ransomware
- Checks known Qemu files.
  Checks for known Qemu files that exist on Android virtual device images.
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
- Requests cell location
  Uses Android APIs to to get current cell information.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2
- Target
  
  app.51ae83ec.js
- Size
  
  86KB
- MD5
  
  bdfa8a5b9fc8524fa32914136eb357d9
- SHA1
  
  2e6897597e4815a6c421e51664b0905ba50dd332
- SHA256
  
  025de2a3c05b7cf246d9281e4554ac109e0756fdc0890261067002b96e73eea9
- SHA512
  
  c19f8d3095e11af7dd990ea3d3d3765f150824bb60a882568e69b693c6cb934a1dc2b92f9afb02ed5d4338feac6f9080b89539adce678305fc5c623363276dfa
- SSDEEP
  
  1536:euV2FhQgiDLiElOi1+PVuz5sHXGFWG9MjL5:e2LiElOi7e6Wx
Score

1^/10
behavioral3 behavioral4
- Target
  
  app.57db8fd3.js
- Size
  
  249KB
- MD5
  
  9ab7f9c7390a8d11f41e2dcd04904047
- SHA1
  
  d4b58dd64014acb5b44d69f3b6006af9688c9af2
- SHA256
  
  878d76f7a4165881125ec57d6db3a68c470a9a0240bfa2b4d685acbf7f2250d9
- SHA512
  
  43ab20a15a25c79c6f564abbb9479b05212dc6cd233122c5d05065c80bf0809b664c7ecfc9e8dedc401538174bd624db2e662e3302e4ece1f270d558edaf8b82
- SSDEEP
  
  3072:xldh7P09UqSV6RHamxlyRge4feO+gkybNJ9nYkuLBh:xVD09UqSV6Rzl6gpeO+LyJ3KBh
Score

1^/10
behavioral5 behavioral6
- Target
  
  app.e1c9a61e.js
- Size
  
  250KB
- MD5
  
  c5ff592b35211b1206c394caef35c7ab
- SHA1
  
  08da6fb8956d4d06f8d13686334a0e6ae80d7459
- SHA256
  
  b908a7b1e1c6f6e220b030a8a19cc56c3f067532dc5c05e14bc1006e55eb118c
- SHA512
  
  df312721bd5677b64bf2cf63d2c6062649f177a2345de0029bbbfbe442cba3f1758935d0db09597b02b2e72b27b7a6abfb7bb35803f0bf6fc4b7f3b561a7fad2
- SSDEEP
  
  3072:x1d9/te9UqlrD0/HamxlyRgp7DBrb5RS4/iibtMRk2LYP:x5le9UqlrD0/zl6gtBrNM4/iiRoYP
Score

1^/10
behavioral7 behavioral8
- Target
  
  chunk-vendors.51a98448.js
- Size
  
  370KB
- MD5
  
  fc8aba5ad241be943a297b791460e7e0
- SHA1
  
  dcf43dd1e42bdc949265d86053d1e16c6b86df7b
- SHA256
  
  669c17b7c0f38069b922a893d48f117fc960ca2e1d43243fac6195a37acefdbe
- SHA512
  
  780bb181eac092de875a5c6d522c30c6ec69ac89afbef44a89648a8dc8fd3b9f9b74e19bb98e575c5ac90cffde0bdf0a5e1971cb73d5a7a20f86a8e7f975e776
- SSDEEP
  
  3072:ThtpH5gY+S2pT2QH/ePYGXJAk9wdVikZRQAc7xvMX3SMJdKTU+KqMtZ0bgQVoDmu:TrqpqJG9rQAMxvOSMJfDtZ0LVT1Gl
Score

1^/10
behavioral10 behavioral9
- Target
  
  chunk-vendors.6dbf2754.js
- Size
  
  370KB
- MD5
  
  6c1394d9006430d7c2fc11090faf0c92
- SHA1
  
  9d73f125251af1af16726da456dd542dd324800d
- SHA256
  
  f03cbc08918907a7deb9a2d5dea6119baa7569891786020efe829dce8f7ce1a7
- SHA512
  
  6bf143c1ea15ba256c76bb51de3b201b90924d8165d166373ff9394c857fb3511ab760c9858cdc1e26aaf39426fee8a5badfc7f873f0fe1f7a78daba6f0547e4
- SSDEEP
  
  3072:ThtpH5gY+S2pT2QH/ePYGXJAk9wdVikZRQAc7xvaXLIeKHSOPPJ1E6tZ0bceRVoD:TrqpqJG9rQAMxvyIeUttZ0TRVT1Gl
Score

1^/10
behavioral11 behavioral12
- Target
  
  chunk-vendors.ac0a6ab8.js
- Size
  
  995KB
- MD5
  
  bbcc862a051c7683f1f60e62de296376
- SHA1
  
  21f56b3a8bd4446c74988ce030fdd1d7f2a55628
- SHA256
  
  3296aebd7d4a39d0b1edfe9a643adc531e7203e40c27ca894c7bd86b24a6c857
- SHA512
  
  b4611f1069eeef01787d2c5496d5fccc85080c7fc1512e7e1e6efde292e163c0270c38afd839f3f263239f6feeb7cb03ea42dbce7073d2ef6c6786ba8275c79d
- SSDEEP
  
  12288:Zty1v2Z+OqgbRYSnlN4axaOXHHpyeSzHJ2fVa+4sZiFzr:ny1v++ObbRY4DHceSzHJAqs0Vr
Score

1^/10
behavioral13 behavioral14
- Target
  
  cover.html
- Size
  
  5KB
- MD5
  
  6dadb417a75921d99c0a1a38e02a4940
- SHA1
  
  54b70869d8e91575823e1d145d5ecf4714a74f6d
- SHA256
  
  ad9c860da0cf8f96cb35b47ff6363ca543e3b30187322fe6857151ddc6de3cfb
- SHA512
  
  4ce093ade96fdfb4d1ac149a7bc2d5297c15c61859f7d46f0c83bd162a4cc21c5599e842b5b7696083886f6c918faf92f4a4b3be1a884a8fd951f188c7aa7fcb
- SSDEEP
  
  48:tM+hWjkA/EE5p/3PDSIvW3uvAKfOQ7MD4Kq5b5zx/s/+/e5b5z1PT32sqA6yXaiv:iD1P83lKzzlalMsq9yKpEPvT
Score

1^/10
behavioral15 behavioral16
- Target
  
  demoData.js
- Size
  
  18KB
- MD5
  
  1e279c2306fdae33627d8d829c4c3d33
- SHA1
  
  db4da924a831fecc2c6db1c2c2969e09fc8321ca
- SHA256
  
  1c61a370a97381ea8f38340b8539fedae156c186b09e5568c66096d794e220dd
- SHA512
  
  56ce9d85c98c1eb4ffce251159a90874c21e45d82dea19bbaebe27ba386f8a68a80a59c659f3fe48b9691339c658e9f017659fc83625c3f5d32797f585409ba6
- SSDEEP
  
  384:4PA27QTKgNRgLQYB6MJcBnFpRZBj1f1QFDF1FYvsqW3uTuS:4I2zagLQYB62cBnFpvBj1f1QFDF1Fasg
Score

1^/10
behavioral17 behavioral18
- Target
  
  dx_config.js
- Size
  
  2KB
- MD5
  
  e31e3c2295f0adc59d4745d469788947
- SHA1
  
  38e42900bdd969326859917ccb78f1ca3cfd2079
- SHA256
  
  7e1ba0a072455c42753083a45bdba88544bda7ff122825693d123280211bac3d
- SHA512
  
  2fea0e5477b1ea5d67c0988ed8feb2632f0989cb3511bf91b48398bd4bf58161f173484cb6ecaed713b84ec8d4a885837b2a1cf4ef817c5f4015e8700c3a1d0c
Score

1^/10
behavioral19 behavioral20
- Target
  
  index.html
- Size
  
  473B
- MD5
  
  b0758fc26c1dbe507d7c7b517a031d06
- SHA1
  
  ded38de36a9ea773178405a850bd071523499dd6
- SHA256
  
  5f640ee430e564869e94138a7a1ebaf1ce4430f52c1ea0eb3b3f39f27049da84
- SHA512
  
  aa22cf701f5d591fa14e354769a9ab7ee94f969ba8cd519f2090a772ff50731c06a094240756f4cdc8a56a374f3d0d0d5fbfe6d306edca2a9d3e190e81a6b19d
Score

1^/10
behavioral21 behavioral22
- Target
  
  jlongjing.min.js
- Size
  
  10KB
- MD5
  
  30bfeb1111db95d301d136440866f3d5
- SHA1
  
  6da6fb467ad4767793bfa9cdda8a59c295c6a45d
- SHA256
  
  c89478d20f8935994cd535b9d5f061ffc208e8bbce280746a6fe625f740ba663
- SHA512
  
  4d00109ec743bfd9eec3cc5c4ef93b8dbc28bbd40788938675823a739f36f62570bd3d95eabebbb8f0fb3229177183d190d7e34a37b13859a4d9dcbb20a1017a
- SSDEEP
  
  192:xVbBnDO85SpyFgs0VwuQstGyfyhx2oDVtML4J8zDdlXHE+5FB75r:x/nbSpyFU79oD3MsJ6dlX5Fb
Score

1^/10
behavioral23 behavioral24
- Target
  
  jquery-1.9.1.min.js
- Size
  
  90KB
- MD5
  
  397754ba49e9e0cf4e7c190da78dda05
- SHA1
  
  ae49e56999d82802727455f0ba83b63acd90a22b
- SHA256
  
  c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
- SHA512
  
  8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb
- SSDEEP
  
  1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe
Score

1^/10
behavioral25 behavioral26
- Target
  
  jquery-2.1.4.min.js
- Size
  
  82KB
- MD5
  
  b0dc11d0a434aafe88908c7f33d71095
- SHA1
  
  1327f754ff87d26bced46568543207e9df190aaa
- SHA256
  
  de4b3c3d1dc2506b6693f0f98884e1dc074cda9d66cab39b7b48a115fdfc4c0f
- SHA512
  
  177719ef74c4593e139fd254aaca5590b108338f1139041e24c56ca212bdc61cbfdce9799c8a51fd7b67e587b920097294e834fdace5127bcca9ce2877f48ea0
- SSDEEP
  
  1536:oP10iSi65U/dXXeyhzeBuG+HYE0mdDuJO1z6Oy4sh3J1x72BjmN7TwpDKba98HrA:f+41hJiz6fhdlTqya98HrA
Score

1^/10
behavioral27 behavioral28
- Target
  
  jquery1.9.0.min.js
- Size
  
  90KB
- MD5
  
  2b869ea9c8edd4c2243c5d44f665f632
- SHA1
  
  677b5f392aa1f9de26617953bc6104553a5a9043
- SHA256
  
  20719d5458ca61b80d85d70c25b831c77ad999499190d1f45844c2a0dca909dd
- SHA512
  
  b4f67211120ba3ca1180a8ba7934aeb270795ae4bb2b9591ff575949f7d3e5eaeab2cd3bb14658ae99de76995560f911193821783d5b0f4ddec4049ada3a4ee4
- SSDEEP
  
  1536:fYcvR3VhH37Ha7EmakRhIHASkCDy08otU6myJXXxMZyYk0AjrzCqlKDo9YhnaTdw:fY8MaW2c+UELKUqnAdiJ
Score

1^/10
behavioral29 behavioral30
- Target
  
  longjingBridge.js
- Size
  
  6KB
- MD5
  
  1c20c9ae209c565055a9cbb04519ed6c
- SHA1
  
  667e11ea944dab4eb02d297e23a16a18d0a352ab
- SHA256
  
  0723f13c0710c605d007568aea3a5dc73d0ae9f9fa3ae993331754c1a2d9f15c
- SHA512
  
  b181f340466bb115edbcac21470482ce841caeb72902c13f9a9fcdcde3e1ffc0062842647807267e995231bb89bc1bd9b64b0c6816c251895471a314632ad7ea
- SSDEEP
  
  96:ICoKAaR4Hnfrl3Id6RffjrfdieUgu7bw6c7Y0yw0jY89ZBCThSsb3itRSsVQ:4KRKnfZLR3nlieQbw6cc0+TZ23EQ
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Checks known Qemu files.

Checks known Qemu pipes.

Requests cell location

Removes a system notification.

Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32