cd64b09b29f6d1effa13b8fbfd64cdfa763524ac769ffaefb65eaa49b3f57364

Sharing

Copy URL

Twitter E-mail

General

Target

com.disney.starplus_2.23.0-rc3-23081500_minAPI21(nodpi)_apkmirror.com.apk
Size

45.9MB
Sample

231101-faxcpscf28
MD5

f5cb9a0568432976ef01e032ea46a241
SHA1

99d844e1ff0e45b590801370fd66c999790d6146
SHA256

cd64b09b29f6d1effa13b8fbfd64cdfa763524ac769ffaefb65eaa49b3f57364
SHA512

49a0d87480c4d56d9c53cfe4019ad918bf5df89dd50e357f4edfacbd94c9914ab988d9f3110330bb332bcec058dd05a6ecf4692ffc7cd528e7974cb548eb3ef8
SSDEEP

786432:96Np7an9wQIC8E0VSKcm+FlC22n8d70gNsBn+/VbpJP266NpeaZ:IT7ai/ZEWlv228d7VgiVtp2ZTeaZ

Score

7^/10

android ransomware

Malware Config

Targets

- Target
  
  com.disney.starplus_2.23.0-rc3-23081500_minAPI21(nodpi)_apkmirror.com.apk
- Size
  
  45.9MB
- MD5
  
  f5cb9a0568432976ef01e032ea46a241
- SHA1
  
  99d844e1ff0e45b590801370fd66c999790d6146
- SHA256
  
  cd64b09b29f6d1effa13b8fbfd64cdfa763524ac769ffaefb65eaa49b3f57364
- SHA512
  
  49a0d87480c4d56d9c53cfe4019ad918bf5df89dd50e357f4edfacbd94c9914ab988d9f3110330bb332bcec058dd05a6ecf4692ffc7cd528e7974cb548eb3ef8
- SSDEEP
  
  786432:96Np7an9wQIC8E0VSKcm+FlC22n8d70gNsBn+/VbpJP266NpeaZ:IT7ai/ZEWlv228d7VgiVtp2ZTeaZ
Score

7^/10

ransomware
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3
- Target
  
  ADBMobileConfig.json
- Size
  
  1KB
- MD5
  
  4d1ed12b448abbefa52e956c16362da8
- SHA1
  
  df15e9a896bf1c6fff6ff7286721b76cadeaaccb
- SHA256
  
  739a0ceb4413709e30ba76a01bf681c74b239bac242a3e2a36b014588f9f0b79
- SHA512
  
  890e6199d97a36d0e409b8d713f5d535f8d99d8006448fb4145e272624bbc237c08cb88b76f25c7a9c0dd13ba76f099a34849cb75e3b4ddaa96b6b4ef0d19fb1
Score

3^/10
behavioral4 behavioral5
- Target
  
  AppstoreAuthenticationKey.pem
- Size
  
  451B
- MD5
  
  fa230440b2b5d9fd97c54c6ed9bd2ccf
- SHA1
  
  f313d2bc3a125e228b2ff158501e6ca6e3a0902b
- SHA256
  
  a03208e5c26b71ea379c55e1cbde436ae0e239825afd5188237175b292c82c09
- SHA512
  
  86aea95afb86b12c47f03b55664568d9c1e499211367d493cb9ebcaa323f5d1b540cb3a8f880aa855d7e2c2c528c9ffe2366a64b7208daf4142f63caf8c8d6d2
Score

3^/10
behavioral6 behavioral7
- Target
  
  DSSHLSSubtitleRenderer.html
- Size
  
  28KB
- MD5
  
  c6e59cc7b55e98a7bbe3680d48735f6c
- SHA1
  
  cf82ba20b39946af024bd6b2fd04b2dc1804336b
- SHA256
  
  e7a81e71bf0610e0b1067215830c8f7e8a6c887b03086014c12c7abbef2dd9c5
- SHA512
  
  8e265c895bc450030016695fca5df2d58778cfddeaa11ca947b814eb7ab1c50460860856ab78560a5744aed2797b4c114f862669e59645c12a680b6f984f282b
- SSDEEP
  
  384:CH3BQUmsGQ17Ui3Lo6QjtmNMQTdapJmHN1eWCRID84MIf2423I+hyUdCBvb2Z8C5:s3BQUms6iYePVCRQd2tITBi6CEXjS
Score

1^/10
behavioral8 behavioral9
- Target
  
  baseline.prof
- Size
  
  3KB
- MD5
  
  3fd1ec94d1e4a226c5b0d86eab1ee799
- SHA1
  
  3c24211fc5d7a3d965aa60f76fade97d09ad5a06
- SHA256
  
  2481e4ee2d797e81f7e6dd54085bb8fb70aca3e66b4e74b60083c12a1fd337e3
- SHA512
  
  b905cd9d41b9b5c3f5d28a8957e696f60eb803cdc1468a3a345699005842d90a9b2b44268bc092bb8b9457da0fe87d39e74f2d996a4b7237e6e09523eba845ad
Score

3^/10
behavioral10 behavioral11
- Target
  
  baseline.profm
- Size
  
  261B
- MD5
  
  64461f88d7f46e710478b40a9a748a0d
- SHA1
  
  1ec55f33238b25423efab3a3418c632efb43596c
- SHA256
  
  665aa319a72e87c41e3992b6a98f7970154deceab3284daed761c6e6f41baad5
- SHA512
  
  f81a8954532b56e238ac5eaa9b319e5640dc4ae0a04cd67bb74b4ed6c47d65c8394d1706f0aff8983e3962f2a4642065d273672dc831165894f8181d83f78963
Score

3^/10
behavioral12 behavioral13
- Target
  
  braze-html-in-app-message-bridge.js
- Size
  
  4KB
- MD5
  
  59466d519960df9d27f00239547c2f4a
- SHA1
  
  e07274c13de4b4d5317e65f7b5fe9f283146488e
- SHA256
  
  6c8980d63d6249934cf0936255e0e34013f28232e839af61d888d420a3bc95b7
- SHA512
  
  de575e07debef82abfb70466bdc27ed8aad64e16d965cb386fa2b881c5c206d350e3518f0bbf6798d634517a589790d6977a40e180988429f9a04328a82dd05c
- SSDEEP
  
  96:ClCF13kkhTmmDbm7o5q8rnC3pjG6qWo307IRs/QW:uq13kkfPm7o5qJxZiOIm/QW
Score

1^/10
behavioral14 behavioral15
- Target
  
  checkmark_selector.xml
- Size
  
  295B
- MD5
  
  d483b76496c0dda20c7de14dc093bc2e
- SHA1
  
  7e796f4ec30808a59eea526930296e12fa24b7ba
- SHA256
  
  48541700c064653af154466ada5f41aaa186a01a5477a91bf26b935e98bf9127
- SHA512
  
  6fc7afae8d260597af51e14b91213bfdc3c15bb1f8a10c7e601e23d1387ac6f2683fe6016a59dfac97f38772e9a0c530d758dacd24108b7c57588eec27a95009
Score

1^/10
behavioral16 behavioral17
- Target
  
  default_background.xml
- Size
  
  278B
- MD5
  
  e3cb6bd46c5db68a58b889defe853766
- SHA1
  
  16f9d206d8fca95e50636b71595fa060a53c45bb
- SHA256
  
  f78be4cb07b0775c0cc0a124536a642f66bb3dac50b1d7cdb4927e1b48f4b132
- SHA512
  
  8f91afb21a860d45cc773757d72907d7cecfe94ef242313e232cce713845c0b1748b22ea3612cc4ff4d8ec387de85e3e8605fcfac0f2e7a9b1b67caffa13a509
Score

1^/10
behavioral18 behavioral19
- Target
  
  dictionary_versions.json
- Size
  
  293B
- MD5
  
  8cc00dd6535f3a89cb8876bea9f72d1e
- SHA1
  
  a130d043daa5242e7475a914325b0c886c8f58b8
- SHA256
  
  b66d69ea52ed9973ba41b1052cf8de700829e5b79126ad9e3212753bbe4b5f50
- SHA512
  
  49ca792dde9bca3ddbaeca941895bb28f5f47a5f2c18d6b0c02f3c3855e06cd411d373382c1a5a64cccadf26abd13035b4a6a12312729591a948e8ac1cebf6c1
Score

3^/10
behavioral20 behavioral21
- Target
  
  dimens.xml
- Size
  
  141B
- MD5
  
  a889f03390b136da74b62bd27a6d596e
- SHA1
  
  d31544e8abc6228c346d229cce9a751a8acf7e40
- SHA256
  
  0b312823c63e99b048168c2d1bfb37f704222341d632895ad88f52b67882b1a6
- SHA512
  
  00855b96c123850ae9c51d0b836004a9ab3c9406e7e378184d94f0afccb9de8b79d2e383b17e6a066f00c15d405607139d662dd2ddfb990c1222c869a00013e9
Score

1^/10
behavioral22 behavioral23
- Target
  
  disney_logo.json
- Size
  
  81KB
- MD5
  
  1e544ecabd52d10d850ab0ab0f737999
- SHA1
  
  b32d08c99d13f1ebd7ae04e290920766eed2c61b
- SHA256
  
  ca78304aac1755618f9131b6b76e1cb5dd8d1ac2f48fc612a89c6a6db7f4172f
- SHA512
  
  38a682ec3165d25870594480d6cd031a86309d3cba1e5ec6cc7ed53753f427660fa616f7bb7949543cfaf6e46c709bbbf4462fc8322df2ccd1c7ef289cccbcff
- SSDEEP
  
  1536:DW1pezCbX7F4T7S/3lh6ch6UrBRsh6UrBNh6UrBfh6UrBKh6UrBDh6UrB3h6UrBA:DyTbrF4T7S/1ocoUrBRsoUrBNoUrBfoc
Score

3^/10
behavioral24 behavioral25
- Target
  
  focusable_tint_menu.xml
- Size
  
  249B
- MD5
  
  707d0fe868090a449e270bfd08eb209f
- SHA1
  
  c980c64e8abcf5c50259176368f8a72a6a08d8a2
- SHA256
  
  74c6b708cde9d706d89cf6d25d98958709be11b5b26eff9ca368318094e4d0a9
- SHA512
  
  25589235d58efe31d60eba47c2806b0c7f214d10ee4723e2c44a792d3b2ca728eab4ae6c15c0fc723b38681dc6e6a0cdfbcdeaa57aeb746782fbcdae15afc43e
Score

1^/10
behavioral26 behavioral27
- Target
  
  fontawesome-webfont.ttf
- Size
  
  119KB
- MD5
  
  706450d7bba6374ca02fe167d86685cb
- SHA1
  
  9088143b19979779b2116cef38b661f72d982e19
- SHA256
  
  9e540a087924a6e64790149d735cac022640e4fa6bff6bd65f5e9f41529bf0b3
- SHA512
  
  a77cba5a5c1b69ff5ccc12499a71df687c51ef977739f31a0a68d9d2d57522b3feca09c180bcf5883d228b8205d1447bfaedaf6c15ba385ba955755d4f9de7e8
- SSDEEP
  
  3072:u1DA1zsU9v98sdG6XXYi0iEPGFCMP67VJaXwfchxD6j64rMK6iGg2pKVO7jWgOTp:u1DA1zsU9v98sdGMIZiEP2CewVJaX1ha
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral28 behavioral29
- Target
  
  fragment_app_settings.xml
- Size
  
  1KB
- MD5
  
  cdb12571bcc81e5fd0813f2a210030e4
- SHA1
  
  cf3d084f5c9480ed032b6b1990a62c867d88fe5f
- SHA256
  
  2d4f4bc7cf8868795732fed851d9aa082fc14d5b288a6bb608048ba05f12cdfe
- SHA512
  
  036878f09e18e654fb3e5207b742e128ff4daf7d52d10d84768d7322df4479c97797c045a97a882d15d3f29dd556277ae9fb932b57c23ac185ed34dae6545293
Score

1^/10
behavioral30 behavioral31
- Target
  
  fragment_global_nav_tv.xml
- Size
  
  1KB
- MD5
  
  7621f62b756841f3789d17d3d99fe6d4
- SHA1
  
  c0f00798105f7b1cfa6a87acfcb8ea51c5208145
- SHA256
  
  2e5ea80b079b23f3d0a5eb85cc9298db4bbcecfd8fb779728c871a8471091ad9
- SHA512
  
  940f5d1f64d94697310e4c7adac026d87803cb2f7b63f79fad049a5d11b7a1f9c9ce27159ffc17143b77bec5d930c41d889214d8b9e122566b76cfebf946aa2a
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Acquires the wake lock.

Loads dropped Dex/Jar

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data).

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32