13cd2a8679136e19284f04d6c3cdcd825562d35871f2b63b04e7dbbcc4ae4cc8

Sharing

Copy URL

Twitter E-mail

General

Target

4dc9876dab47be50c138a4dd4248cbfae9f595ba70965d5efdede99c21721ec1.apk.zip
Size

46.8MB
Sample

231007-3ycpjage9s
MD5

3f44f7e70c344d50168b046c6f81b101
SHA1

1be32b39568b516296b523b8a640dc7d82d7a1fd
SHA256

13cd2a8679136e19284f04d6c3cdcd825562d35871f2b63b04e7dbbcc4ae4cc8
SHA512

8bc5f3e033bde69d6c844782af43816d72c3868338d33cf29e30ee7153d4e7dd4520ecc378a0783936e5f16be8b3827f58ff7b7ce1c83e71a795cd1ed81b1dcd
SSDEEP

786432:lWkqoQKKgzai8MNJpbr8TK0VX+wZW0F26qeoIKvFnSQIThkY+NUro1dp48+ctWL2:+oQKKzQ7QTKi2s2ReoIKtnSQuhEUUp4C

Score

7^/10

Malware Config

Targets

- Target
  
  4dc9876dab47be50c138a4dd4248cbfae9f595ba70965d5efdede99c21721ec1.apk
- Size
  
  48.7MB
- MD5
  
  bb52c5dde3646c76fa78279200ff66ad
- SHA1
  
  f6d825faf578f8fcf908fce71989da1ed89f22ae
- SHA256
  
  86368e18ef52629e986d3700f9c939e57ea8fa1c2ab7d0f26fa465aa2c080549
- SHA512
  
  ce2185cdbdb8d17a1171dcc796d1259e8d55cdd74f45e6234aff72ceef27afd701cf6304a722e725815d8db1f9a9b455fb95449add14e18bbb59e706a07b22c5
- SSDEEP
  
  1572864:4ymfNGblfJdcUOmYN/pLnsSXvlmRGOT58IOZp0CDIfzMY8VfkZer:xZ5fIj/lntXv4RRzO/BDIQY8pwer
Score

7^/10

ransomware
- Checks Android system properties for emulator presence.
- Checks known Qemu files.
  Checks for known Qemu files that exist on Android virtual device images.
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
- Queries the unique device ID (IMEI, MEID, IMSI).
- Reads information about phone network operator.
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1
- Target
  
  frag.sh
- Size
  
  311B
- MD5
  
  39a2a58656f8ac24d12f82476df61562
- SHA1
  
  06d6ace208906e2fece26fd7c36d21fde0f206e4
- SHA256
  
  639e466fcfabf86510a16c91d8cc2671d1555d8b18b46d0f77d28ad9cb7287a9
- SHA512
  
  5873a8650d5a7e9500a7574120d2aa07b5a23cfb41e894f2a4aa82c3c3a8da1e6f06067220b97dab3b09c29741f2910940595083d3a8061f0e01e40aa431d76b
Score

3^/10
behavioral2 behavioral3
- Target
  
  index.umd.js
- Size
  
  7KB
- MD5
  
  7d0debe4d96549cb734e07324b520057
- SHA1
  
  cf938060060ab58e11699c1f0f5e53d2633035c4
- SHA256
  
  ddd9bb503630a896e1f006a19c6f45bc8b9c07de137921879ec0a60e6d016913
- SHA512
  
  2415b44156f4235e4be4b39a3816889836f028755f62ef31e2a542f7b63cc9cdbd7ef8e68277a7aac74290fc0bf2afe42ff09ba50d3f9ba28b1728597f164eaf
- SSDEEP
  
  192:mKTytT5rucTGRIJPpEPcu2Dy6j0FQSzRaKAvTAzNEu8:mYy55ruaGRIJyEu16wuSzRaNvyau8
Score

1^/10
behavioral4 behavioral5
- Target
  
  libwbsafeedit
- Size
  
  17KB
- MD5
  
  87727abbdac20991a8087e5ff6914859
- SHA1
  
  fd63f0d7e0e5801ad132b7ab1f2bbec6882dbc84
- SHA256
  
  11910c7acc239a471007493ff918212c8213a5bef046d5967021447d6b4b70e0
- SHA512
  
  1969c3ba59617648e285384b0a407ae2dd9c454f89ad30dbb0e80f0c6b9cd6cc81b302f0e85338775ed8fcb5a0a22af14dbd99717488bf17b10bb23323106385
- SSDEEP
  
  192:Jds5+qUXQADzeWKtzbEdcWduGjmesPRgEQQMjpMTfXe+vdvxG1J:jsEAlbEFYGCPiwe+Vvxe
Score

1^/10
behavioral6
- Target
  
  libwbsafeedit_64
- Size
  
  13KB
- MD5
  
  01d71964675b47c969c94bcf18716311
- SHA1
  
  1fbd569e1bf255cdf95302fee76660905394b58b
- SHA256
  
  ecefa0d804e3d9e832184b113b6f4cc3ac6fd17f81239d1382f8f9b6e8ef210a
- SHA512
  
  f411fa722c8a3d3b97e5c1e1c531cf23c46c8826fe0fc38f34862a69b8bff1a692f7ce8517e3ad80b0a8503579e2c03e4c5adc152e52c71f884f1fa9f575a39f
- SSDEEP
  
  192:hV+nAyMbjn69qkOv5Dpbvcg0ORWmNyExd4ilIXh:hAnAyKmqks7buOsS+
Score

1^/10
behavioral10 behavioral7 behavioral8 behavioral9
- Target
  
  libwbsafeedit_x86
- Size
  
  9KB
- MD5
  
  61bebc6045a46aa6b2b567094399adc2
- SHA1
  
  13818499935e5ab2a9f05ec0571c6148b17d7d4b
- SHA256
  
  de5e91154c0df79aa339e5ec93ccdbc8849a7c11fbe8ff487a9cc6a11de98edb
- SHA512
  
  677dc5561359ef1df059e9bec07ebcba89774c612263c2663b023bc149c01042538accc097fc2728ed8a57d335848c8cea84a4900f2b7a273fa313bc330ff173
- SSDEEP
  
  192:NXRX3QSOcVQcLMyT2842fVl0aukAglwL+P6:7gJoMyy842dBukAg2
Score

1^/10
behavioral11
- Target
  
  libwbsafeedit_x86_64
- Size
  
  13KB
- MD5
  
  09cf7065f988b6a19263b03f107a0423
- SHA1
  
  2b24324902b4021b6aa0e0ed87635a111fc54730
- SHA256
  
  b4743654f96f323203a4ef00d32b546b31c86af10af3f42666707647f3bd1c0b
- SHA512
  
  92c17ae2328cfb231f143083bb2983edec6de20ee2ed132f70ab356345b643eff9d651861459ad2077a6ce3e5cd486bd32af15e2578d5f6ff790f98666b04bf5
- SSDEEP
  
  192:Rby8pX/VWAk2LLnHAbK/m82UFAiGx1l0k7h:ZyyHk+LgoveiG
Score

1^/10
behavioral12
- Target
  
  platformProtocol.html
- Size
  
  31KB
- MD5
  
  1b1a935c85d9183f8564da7af3bd2202
- SHA1
  
  12e4111e3e62dc20b2e2b2e95e85c5893e4f6722
- SHA256
  
  7dca3946ce0e4873b65ffd30bf3d1de6d8c884c80a42f00cf12f0b3eaddc4222
- SHA512
  
  2fc055a7271b9e21faf1e8ea7983fe1aec5f5b0d400a2a222ab26ec84848c2007afa2dc918284d7823ce9cecb27315655c82c60456b9c114740da95ce517fcea
- SSDEEP
  
  768:ejrYogxl9Ya3nkdEUEm2uSMaWYdCdBjUBcAEjcZgdcPsaG0e19/:pNk25saWeCRusay
Score

1^/10
behavioral13 behavioral14
- Target
  
  popup.html
- Size
  
  1KB
- MD5
  
  73fb62357037eb34747fcd7938f6110f
- SHA1
  
  7f78017780b3af9b856138a05422502981a7d301
- SHA256
  
  74fb9280c8a5d40daae05938f99351b236159220a3a993b00b984ef992f32c44
- SHA512
  
  f8ffff00b1a4dee44c6a57e22d7cf49185535cba64c2121775bbfdea31a6a541f842536af652958eef0cb17ff5dd34b53119f5122721218e0aa3708d640f38c5
Score

1^/10
behavioral15 behavioral16
- Target
  
  userProtocol.html
- Size
  
  28KB
- MD5
  
  4152d9874d272b8c6cf2aced0faa4ba7
- SHA1
  
  c88738f86f679d96de38554153ff3c4ee854325a
- SHA256
  
  b8e69f40a7d3f10017c93c08872a009c37a2ca16eb7381f24396fc9739fbe51f
- SHA512
  
  4480da5b53cf24dfacc0909797c51f7e78f968a4e82282a1554b79ec52eec78148fcf7c80abee9be3f0e9a39087b0561c0e3e82558d9678de63a2c210756b868
- SSDEEP
  
  768:/oS574Lad2BhAFcO28gZ7Spcs2fW6L5JJ58:gk77cOlpQfhL5Js
Score

1^/10
behavioral17 behavioral18
- Target
  
  vertex.sh
- Size
  
  1KB
- MD5
  
  8b1794b41fadf1bcadafba979d23b83e
- SHA1
  
  2b1d634d36316e86b60c68fde9a65856c47d0e57
- SHA256
  
  0a6c4b746128ed89c066cec16227deb7b56224bcfd65fe8aefbe9d1b8f21dfc3
- SHA512
  
  b26b18671b7f8d295486e59f158ae603b775113e96a7f65f50401d53af7093f6ce7308addaa613ee1d54e69b6668062432a9942cadf860a69c49db2f3b39c9ce
Score

3^/10
behavioral19 behavioral20
- Target
  
  windmill.worker.js
- Size
  
  16KB
- MD5
  
  416fd2c3dcd91eb9be901edf085a0749
- SHA1
  
  749760ed41c30125aac3323165fccef196f460dd
- SHA256
  
  479ba63c16dcd7ae92483d20235fee050f2e7715eefacfed3d317389eaaff08c
- SHA512
  
  4a629722e10f473fb1ba40246c996e8c99b3a6e81108ebbce3509fbad87a662feaf196e7a2df8baf4ee195d7afd99c4b4b9fbc29bb581499685278dfba4ef879
- SSDEEP
  
  384:MIkp88FJiDLD+3/FcT1rVAMQKduMVU2lgjGv:MnBa3q9cT1rRQKdbu4
Score

1^/10
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks Android system properties for emulator presence.

Checks known Qemu files.

Checks known Qemu pipes.

Queries the unique device ID (IMEI, MEID, IMSI).

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22