Overview

overview

7

Static

static

7

60b0e7e09f...55.apk

android-9-x86

7

60b0e7e09f...55.apk

android-10-x64

7

60b0e7e09f...55.apk

android-11-x64

7

editor.html

windows7-x64

1

editor.html

windows10-2004-x64

1

index.html

windows7-x64

1

index.html

windows10-2004-x64

1

index.js

windows7-x64

1

index.js

windows10-2004-x64

1

jquery-2.2.0.min.js

windows7-x64

1

jquery-2.2.0.min.js

windows10-2004-x64

1

jquery-3.4.1.min.js

windows7-x64

1

jquery-3.4.1.min.js

windows10-2004-x64

1

jquery.min.js

windows7-x64

1

jquery.min.js

windows10-2004-x64

1

katex-auto...min.js

windows7-x64

1

katex-auto...min.js

windows10-2004-x64

1

key.js

windows7-x64

1

key.js

windows10-2004-x64

1

keyboard.html

windows7-x64

1

keyboard.html

windows10-2004-x64

1

latex_parser.js

windows7-x64

1

latex_parser.js

windows10-2004-x64

1

rich_editor.js

windows7-x64

1

rich_editor.js

windows10-2004-x64

1

Analysis

  • max time kernel
    762831s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20230831-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20230831-enlocale:en-usos:android-9-x86system
  • submitted
    13-10-2023 22:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    60b0e7e09fe91aa785b85315aad3850e7f47f70a5aab7ae9ef31ad1c50477f55.apk

  • Size

    3.6MB

  • MD5

    b8019c6df196812517c445f802143d08

  • SHA1

    59c6ef85e25b688d8000e697ad2f3f7420dc7820

  • SHA256

    60b0e7e09fe91aa785b85315aad3850e7f47f70a5aab7ae9ef31ad1c50477f55

  • SHA512

    1c8a90e282ad9b633d3d455558b3eff2b054d1686ddedf16979ec934b29bf8297ddbe368fba4fd1467341b55d9ef8703568af5aa7bebd97f6ef0cbea79ac6e3b

  • SSDEEP

    98304:3zVifzai61uitbqGH/8o80oyHnqPHzBr0N/EhwjkJmd5JpC:3ho6/tbqGf8ohqPTBwgM4m2

Score
7/10
ransomware

Malware Config

Signatures

  • Checks Android system properties for emulator presence. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.loud.help
    1⤵
    • Checks Android system properties for emulator presence.
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4191
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.loud.help/app_DynamicOptDex/BFHAGAc.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.loud.help/app_DynamicOptDex/oat/x86/BFHAGAc.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4227
    • sh
      2⤵
        PID:4254
        • /system/bin/sh /system/bin/pm list package -3
          3⤵
            PID:4273
            • cmd package list package -3
              4⤵
                PID:4289
          • sh
            2⤵
              PID:4312
              • cat /proc/self/cgroup
                3⤵
                  PID:4329

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /data/data/com.loud.help/app_DynamicOptDex/BFHAGAc.json
              Filesize

              298KB

              MD5

              15c418e8d73b6cef1a8b487c58026d29

              SHA1

              da5de2b1666dcdd44f1d51dc9cae1df772a378c1

              SHA256

              a567ffa64f4f2e514d7a539fcf00898a722d18e5396fcc54b5c9a9dc50d8e5ed

              SHA512

              551aaef0496db98c27c7a1dcc2b363bccdb6b663b85a2bedd6b6f6d021ced66a7bb98fa482d58b680f8b94b5280fd9ea4c35a103ddf5cf040c5fbb14058b9e0b

              Download Submit

            • /data/data/com.loud.help/app_DynamicOptDex/BFHAGAc.json
              Filesize

              298KB

              MD5

              a5d1f5499382383a603ddc58ae15262f

              SHA1

              966b1e04c26f252f99df7ae5a03e837f7cb37593

              SHA256

              6b43f9f2afaadc5b239052b249cc67593771ed317b9d70debf2f8c694dc3eb15

              SHA512

              4b56eafbfc2269107e4a6232154de87bc5d75423938ba2ab760b78cba62af717012edcb07c558aaa7055157f32d0a629493b8fbba49d2745a5c0cded7d8bfb75

              Download Submit

            • /data/user/0/com.loud.help/app_DynamicOptDex/BFHAGAc.json
              Filesize

              654KB

              MD5

              cb0911a8f891295969bf94b9cc421772

              SHA1

              be460d02bd46dcef0ed1cb2f9951c2c27285eeb0

              SHA256

              23b0fe6633415e54882e244f7ab8b8f13aa3eb2a22421c4d17b9e88a5fb712d3

              SHA512

              b0a9d0d56d2436efdc613f8e54f1ebaccc8e5a67e97712907921eb5df0409b9cc8b4ac56e13602b1fd53c825b1686d8d69db926c3ccbf8626241e933adaba8db

              Download Submit

            • /data/user/0/com.loud.help/app_DynamicOptDex/BFHAGAc.json
              Filesize

              654KB

              MD5

              da9ab4f896cf98d9efef0ab26a22d779

              SHA1

              8f8959dea48320466d886a601c8a6ffa3928298f

              SHA256

              038ab2ceaa1c1b783f665f3b3a7beab67a4457bf67ea5e42721983f6bd8d32d4

              SHA512

              99a35a36dc77e0f7033dff762791ae5ffaead81f57b1656c287fe80dff45e6a00ae8b082d8815f1bde41c64b3046e4936bbc552797e8b3a84a8d4ea2a074604c

              Download Submit