60b0e7e09fe91aa785b85315aad3850e7f47f70a5aab7ae9ef31ad1c50477f55

Analysis

max time kernel
762852s
max time network
148s
platform
android_x64
resource
android-x64-arm64-20230831-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230831-enlocale:en-usos:android-11-x64system
submitted
13-10-2023 22:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60b0e7e09fe91aa785b85315aad3850e7f47f70a5aab7ae9ef31ad1c50477f55.apk
Size

3.6MB
MD5

b8019c6df196812517c445f802143d08
SHA1

59c6ef85e25b688d8000e697ad2f3f7420dc7820
SHA256

60b0e7e09fe91aa785b85315aad3850e7f47f70a5aab7ae9ef31ad1c50477f55
SHA512

1c8a90e282ad9b633d3d455558b3eff2b054d1686ddedf16979ec934b29bf8297ddbe368fba4fd1467341b55d9ef8703568af5aa7bebd97f6ef0cbea79ac6e3b
SSDEEP

98304:3zVifzai61uitbqGH/8o80oyHnqPHzBr0N/EhwjkJmd5JpC:3ho6/tbqGf8ohqPTBwgM4m2

Score

7^/10

evasion ransomware

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 IoCs

Processes:

com.loud.help

description ioc process

Accessed system property key: ro.hardware com.loud.help
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.loud.help

ioc pid process

/data/user/0/com.loud.help/app_DynamicOptDex/BFHAGAc.json 4485 com.loud.help
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.loud.help

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.loud.help
Checks the presence of a debugger.
evasion

description	ioc	process
Accessed system property	key: ro.hardware	com.loud.help

ioc	pid	process
/data/user/0/com.loud.help/app_DynamicOptDex/BFHAGAc.json	4485	com.loud.help

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.loud.help

com.loud.help
1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4485

sh
2⤵
PID:4529

/system/bin/sh /system/bin/pm list package -3
3⤵
PID:4547

cmd package list package -3
4⤵
PID:4565

sh
2⤵
PID:4589

cat /proc/self/cgroup
3⤵
PID:4606

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.loud.help/app_DynamicOptDex/BFHAGAc.json

Filesize
298KB

MD5
15c418e8d73b6cef1a8b487c58026d29

SHA1
da5de2b1666dcdd44f1d51dc9cae1df772a378c1

SHA256
a567ffa64f4f2e514d7a539fcf00898a722d18e5396fcc54b5c9a9dc50d8e5ed

SHA512
551aaef0496db98c27c7a1dcc2b363bccdb6b663b85a2bedd6b6f6d021ced66a7bb98fa482d58b680f8b94b5280fd9ea4c35a103ddf5cf040c5fbb14058b9e0b

Download Submit
/data/user/0/com.loud.help/app_DynamicOptDex/BFHAGAc.json

Filesize
298KB

MD5
a5d1f5499382383a603ddc58ae15262f

SHA1
966b1e04c26f252f99df7ae5a03e837f7cb37593

SHA256
6b43f9f2afaadc5b239052b249cc67593771ed317b9d70debf2f8c694dc3eb15

SHA512
4b56eafbfc2269107e4a6232154de87bc5d75423938ba2ab760b78cba62af717012edcb07c558aaa7055157f32d0a629493b8fbba49d2745a5c0cded7d8bfb75

Download Submit
/data/user/0/com.loud.help/app_DynamicOptDex/BFHAGAc.json

Filesize
654KB

MD5
da9ab4f896cf98d9efef0ab26a22d779

SHA1
8f8959dea48320466d886a601c8a6ffa3928298f

SHA256
038ab2ceaa1c1b783f665f3b3a7beab67a4457bf67ea5e42721983f6bd8d32d4

SHA512
99a35a36dc77e0f7033dff762791ae5ffaead81f57b1656c287fe80dff45e6a00ae8b082d8815f1bde41c64b3046e4936bbc552797e8b3a84a8d4ea2a074604c

Download Submit
/data/user/0/com.loud.help/statistic/stacktrace-14-10-23 09-15-34.txt

Filesize
2KB

MD5
77671e7718be88f17c2548a23225eaa0

SHA1
6e76a357f4957a80738005a5017bc0918ccb1508

SHA256
6d0b7a83b1adc789a7a7fbe6ea2f85b238f0a7e8b78f7103efc0882aebf68994

SHA512
cc99534c823218cf0371f6bc78b68ccbca24a59482ca6f5467d239fb65849812df0fc1e171ef01d468a3deeca7d0ad512d671ef2ef0689b7532a92d845450ca7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads