1e8d9549c48831fa6cda54485e61338f92ed3d5058222602082d9517c31a83db

Analysis

max time kernel
585823s
max time network
132s
platform
android_x86
resource
android-x86-arm-20230831-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20230831-enlocale:en-usos:android-9-x86system
submitted
11-10-2023 17:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HiWaifu_AI_Friend_amp_Waifu_Hub_MOD_APK_(Premium_Unlocked).apk
Size

14.8MB
MD5

efee500cc9e5a97707024eeac9d500ea
SHA1

ee63be5b211da35bd34b8100f7bd3c02f3e675a5
SHA256

1e8d9549c48831fa6cda54485e61338f92ed3d5058222602082d9517c31a83db
SHA512

fe11e46f1b1935fc914022bb6c34718d8ac3f4e08a84e25a82788962f9e5d32571ec835da35f957661378c162c9a4761049c1b9a14f53e1d5762768595f69b02
SSDEEP

393216:ecBsT4E7nKHUbx9xW6ME+NOL0ZkgxNu2Ts5wkI0k6dr:eKsT4Ee0boRkMg59I0k6dr

Score

8^/10

banker evasion ransomware

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.oohlala.youngstown

Checks Android system properties for emulator presence. 1 IoCs

description	ioc	Process
Accessed system property	key: ro.hardware	com.oohlala.youngstown

Loads dropped Dex/Jar 7 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
Anonymous-DexFile@0xdbbbf000-0xdbbc07b8	4135	com.oohlala.youngstown
Anonymous-DexFile@0xbf227000-0xbf340700	4135	com.oohlala.youngstown
Anonymous-DexFile@0xdd93c000-0xdd93db30	4135	com.oohlala.youngstown
Anonymous-DexFile@0xbf70a000-0xbf775df4	4135	com.oohlala.youngstown
Anonymous-DexFile@0xbf05d000-0xbf141d64	4135	com.oohlala.youngstown
Anonymous-DexFile@0xbe574000-0xbe8172b0	4135	com.oohlala.youngstown
/data/user/0/com.oohlala.youngstown/cache/1675452915457.jar	4135	com.oohlala.youngstown

Reads information about phone network operator.

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.oohlala.youngstown

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.oohlala.youngstown

com.oohlala.youngstown
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4135

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.oohlala.youngstown/app_2213lfsgtmpfxog5vcxr/youngstown.dat.jar

Filesize
2KB

MD5
cd43124a308ec303f8a8f3195671cae4

SHA1
ba31d9828f47008ed304361cd489739ef105849f

SHA256
7bd4e041d95d7ff25b8b17d30df7c25544a2bbb3b70bd7d59c01cb4b9dc59275

SHA512
dbc487d16daa75d1686e86fbd1acf0b1e761eb3bc9ad8d2b9f5b853af44ae590b546cc7816dc71308fb3da268cb0831bfe30b2ef9d0f2de7439eb58ccea142f3

Download Submit
/data/data/com.oohlala.youngstown/app_2213lfsgtmpfxog5vcxr/youngstown.ext.jar

Filesize
464KB

MD5
a69384569465582f98f7a55c4646c2c1

SHA1
290e5dcb3425fac6475e29baafa5dfc8dda0b501

SHA256
9e5cd63760b5a074b7c7325f71e81be537d5cfe70944424ff33f038e0eb45469

SHA512
5072bcd464a2905bcfb50ddbbdd486fabf5ebaaca146de0eb8d9a37f98722084b0f67f6b7d4067d2e03e9a0616b3c33fccad4c73d66c8d9011cd9427d9b4b567

Download Submit
/data/data/com.oohlala.youngstown/app_2213lfsgtmpfxog5vcxr/youngstown.irs.jar

Filesize
894KB

MD5
6440eb31b423121b820771671493cd67

SHA1
8249e7ed479bcdb7a167e3e30a78eaec67e3119b

SHA256
229c6f718dd3c724703ed3f0c357921604561bc5f468a230ea212428867f6de7

SHA512
01c81da0384d8b2bb9bd4d423af33dd689e735b4dd6816dd2f8891ef836a94e9c998fafd27a60cf72cd8151bc863ecda16ffb3ebf78259e320a409ca5b6395a9

Download Submit
/data/data/com.oohlala.youngstown/app_2213lfsgtmpfxog5vcxr/youngstown.stp.jar

Filesize
384KB

MD5
4a588f6715ba06df94759f9f387be025

SHA1
41b02c4eef7b212b30d9685aba914ae8a6479d38

SHA256
24db7691e073b5cfa79a5ed3013836558225d0b51e7ca38a851356b9b420b7fd

SHA512
47f59d6c62c407bee8ea0ea35ac54fce369ebccba0b4eb7c60cbebc87481d787daabbabde7d02e301e834adec1a724c1369a71994f2b8bc28dbdef620fa38858

Download Submit
/data/data/com.oohlala.youngstown/app_2213lfsgtmpfxog5vcxr/youngstown.uni.jar

Filesize
173KB

MD5
ebeee7a87496d282e695397f864aedc6

SHA1
eecfe771db348e69e04eb931b97a15d9d7349897

SHA256
0131b3ac2bd88e9d071f58774211143c909becd858daf196301b1062fca086c3

SHA512
de9345da0ea2bfacd6c38e0bfd26858022ba654eb134201d6cf8c56af12a2a5e54aa69d0b572fa367ba07cc87e75a3b545b0397287221e90fe9e9a64e0075fc0

Download Submit
/data/data/com.oohlala.youngstown/cache/1675452915457.jar

Filesize
11KB

MD5
600bb938c8786491180f21044aa0dd64

SHA1
fce0ae8f59adda36aa0452b65b8c40d892e2cf12

SHA256
f174040e033d1045ef13695b4337c8e1ad65331f2f103248025e2d080fccd037

SHA512
1c12e6ab3f72f39addb1a2ce77a09cc5f90747567b7306f563d6afcfb49c46dbc18afabf61d9af2e7d6588e4dd70cff9e6cc7ad87021c57c605343e0ddcf67ba

Download Submit
/data/data/com.oohlala.youngstown/databases/youngstown.db

Filesize
1.9MB

MD5
523e55447e034a32d5a5cb2c51aed3e4

SHA1
93a301633c42653891de7f540123f2e0647f6b8f

SHA256
6ab0ed86c110757595468119c0324f14a277ca8b80a76b7a4c93039e70e081e0

SHA512
8eb35df4ccf88d85f5d0e951821e3c444aa6b9e95d51a1e26f7f1d8f70757ab543f41fd2b9c2b669512245a69e6d5a6f2b108cbe35da50c100222342e941bf73

Download Submit
/data/data/com.oohlala.youngstown/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.oohlala.youngstown/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
48b705409458da13fb06c39cb3250c64

SHA1
47fd383396b9aee86c371eff83da1e615291591b

SHA256
aa22eecf3139a15a373c04f06d429059abc359fdabcd1ac6c0cb4d9f8ebde938

SHA512
97500ba6d87f97d1790ab7669a14a918b89d3584159ea459a7ce67158920abba232a7b35291b036cfc8042e77fef11b953b54dad9713b064ae977b2fc5b4c222

Download Submit
/data/data/com.oohlala.youngstown/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.oohlala.youngstown/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
3716702acdd30cb864ca764e0c4cf285

SHA1
9fd27776917efad938272c5464350ed94cc187c8

SHA256
9b93aba8c6b3aee40efbe62576346f025da6cde38e2955c9c60b13c7ebd69a9b

SHA512
eea21958a0885be7234dc631f5272bfebf5bf8eb3f732643ff8d2bf25b3857d3df896697d0d9a4d869999d329052ed4db2a8ae64b8a2a1273bf44a64ac11b1da

Download Submit
/data/data/com.oohlala.youngstown/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
e0181ba6820c98512adf07e65bd5469b

SHA1
4b99a05a926c79c82dc374707e4786e7fbbb782e

SHA256
42a3ea2eff994107e30febbe125df9c199488fd78ad2f0c5f87f16822d4f1966

SHA512
26667e17f14ca074f28e58e9dd0b691555ca47b38aec16ad7dee0fb9c9049fc6c867abadd602323027a119396502d1a073765b67c70f13eef1b621d9e3423045

Download Submit
/data/user/0/com.oohlala.youngstown/cache/1675452915457.jar

Filesize
22KB

MD5
216bb03e148e333071ec13a5d000cba9

SHA1
c50144c39f6ad80d7b0cb5a30701272851e66851

SHA256
0869ba6efa2a0c4abb878b75bd8063d6b1752e31618bdbfb00cddec68107a31c

SHA512
df7882aa119eb88af3d859292a4a61e3852cc45d58c47466ec1adb8813622bed872fa977342e62718aa2a4c5f9a202f2a198ed1ac2aaeade0aabeac396bc4d56

Download Submit
Anonymous-DexFile@0xbe574000-0xbe8172b0

Filesize
2.6MB

MD5
2dda1ce00abd061023ffa910f2534641

SHA1
bb6296bb356308d86f4b675da7d7e5c3e62845ea

SHA256
0cdcf7af9d94ac98c6ec9fff7d0cba057791a4ee01d19fa11e4ed7a2f5c42a77

SHA512
063239eb839abfac92028e07b91e7b0be1cd70fb41a53a7d648eaa14034083e4d496ac4b8af7e6d0c29e6b78635080ceaf0d2c379e89e8385383d2bb86629195

Download Submit
Anonymous-DexFile@0xbf05d000-0xbf141d64

Filesize
915KB

MD5
2f5cff961c1e8cf1dc1890f2a67f84ad

SHA1
175e5a1c2da8fb7ff35bbde72ce3fab960cb7f17

SHA256
c39507f7737a38176409175efacc5c98bd9f099572c781ccc39c0577c53405f2

SHA512
c9cc1303899e965c3801af8b23392d8e1baa4399a541c815dcf97421189dcb77e7c2404b512cbe8c09664000984268ed397de5bc1e8ca945e45c1d87be49a886

Download Submit
Anonymous-DexFile@0xbf227000-0xbf340700

Filesize
1.1MB

MD5
9b061392d3a57854c42b496bf9677f01

SHA1
ea2bf0ff4d780193d309ed321f4d269653fe7fa5

SHA256
04348a6ceac14bbdd51d7a016eff573807844af058f938a9e79768bba89abf91

SHA512
225bf98711609276b91c0512a6670a14dee0a5d3aabf63fedb15011ec737a4aeec90c24ff56aac0d0d5c5d6b72831dd279fe9565ee93d967f33ae95833bb063a

Download Submit
Anonymous-DexFile@0xbf70a000-0xbf775df4

Filesize
431KB

MD5
e1286c45e9d758c6727cf64254fd4481

SHA1
3e5a3a768a152aba31a2beff6bf76cbc1f2b9114

SHA256
e4f39d66f221b8278d1e9d7e7f4e243e0094431ffe436212c1a1a6fca1815dfb

SHA512
06eb0792cb8ce53003a87f29820926fbcb48809ac3d47ed97ee4bb12796467316925cfedf8e7d20a371e3d1764c0692587830bf2ce12258d16d3a857dce39c0f

Download Submit
Anonymous-DexFile@0xdbbbf000-0xdbbc07b8

Filesize
5KB

MD5
3ede7a234017eb01bb805020bce1a33f

SHA1
c7df1569eb83e1442d5cdcd4215344cc36a9a1aa

SHA256
55d1c60c575992aab26522400781e10d70ed06f8cfbe460eeb55143bd80a8f4e

SHA512
491612504c0c354c38607e4c5c9620a52b02425fbf3ec3d0883a61f222dadb005c295d455249cc51a5769b4745ac6dafffc03f68b2c460e99ab4736bf86d4541

Download Submit
Anonymous-DexFile@0xdd93c000-0xdd93db30

Filesize
6KB

MD5
8e745cb1daa2e7b510ca16926770c02c

SHA1
a5fc25351d39b6eabd1468136be6b2f3a0030e9c

SHA256
68dacf2d6f2a7508c72e7f6168c6ec16b6c71a96f2078598bb35afe1c2b4b8ec

SHA512
24ade9c6c9c1b97f9b598235a9a40b97a6081e5e0e4bd5612a2423d07672d33137231da34392695c2bde7ce2c9fc0379432bafc85a36bef63180232adf43cfed

Download Submit