b2fe49377c9a18bd30d4709499d66bf3d48ff7cb146dcd7b7da6a88fec6c142f

Sharing

Copy URL

Twitter E-mail

General

Target

Chat_Smith_v3.4.1_(447)_Mod.apk
Size

105.4MB
Sample

231124-xhldvade57
MD5

9b4fecf285e788c90414733a593bc8aa
SHA1

4f5863b171efbcaed8341fba6380db02afc89cf3
SHA256

b2fe49377c9a18bd30d4709499d66bf3d48ff7cb146dcd7b7da6a88fec6c142f
SHA512

c2a8072814b08d3a0a13b7083f02a5e4db8a490775152bf7ab42e93d13ac44f67817f84b2d2274582ec37056a5866bbe6249330dd3ccf9766bc565e5a2404f45
SSDEEP

3145728:iqTTB4LmF4CMwhgoA9dbmfiNGzq30SxlcQ5HsJ6w:RXB4LmrvzGEogKPv9HsJ6w

Score

8^/10

Malware Config

Targets

- Target
  
  Chat_Smith_v3.4.1_(447)_Mod.apk
- Size
  
  105.4MB
- MD5
  
  9b4fecf285e788c90414733a593bc8aa
- SHA1
  
  4f5863b171efbcaed8341fba6380db02afc89cf3
- SHA256
  
  b2fe49377c9a18bd30d4709499d66bf3d48ff7cb146dcd7b7da6a88fec6c142f
- SHA512
  
  c2a8072814b08d3a0a13b7083f02a5e4db8a490775152bf7ab42e93d13ac44f67817f84b2d2274582ec37056a5866bbe6249330dd3ccf9766bc565e5a2404f45
- SSDEEP
  
  3145728:iqTTB4LmF4CMwhgoA9dbmfiNGzq30SxlcQ5HsJ6w:RXB4LmrvzGEogKPv9HsJ6w
Score

8^/10

banker evasion ransomware
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2
- Target
  
  img_brand_tagline.png
- Size
  
  3KB
- MD5
  
  d4cbc5fb9bae5de0e8f6e9d8a43a121c
- SHA1
  
  91a6825d6e9d790d3c5e6ab256aa8e3987e65663
- SHA256
  
  ab8a4530162935a9a134a721b749fd633352956de87707d23e802f500e23d226
- SHA512
  
  c0b06136c476f737e518061881b7b4aa2feaedd0bf42fbe56ba65ec95462fc7f53feaec43f9d2013f46871a56f3541bd3fd52aae2b505a137e2ea0d39e0a3c15
Score

3^/10
behavioral3 behavioral4
- Target
  
  img_business_plan.png
- Size
  
  1KB
- MD5
  
  affbd3d9323a7eb439cc84f8b2f76405
- SHA1
  
  41f82d2ce96c3250284870d145c6ae57800b05b9
- SHA256
  
  af6ebc6b53b2e721633c36b6ea866fc1d93331a2f710b2759d0955f53c2b2382
- SHA512
  
  3a1cc22184ad2ed5c71eb3e9867398ed2e60a42f2f894600f626f7f32378b1d56ae49e94436dcfe5fcc8414b4336b696ebc29e6ab52f92cfae5710c0f1dbf837
Score

3^/10
behavioral5 behavioral6
- Target
  
  img_character_creation.png
- Size
  
  4KB
- MD5
  
  2f211145d533f0aae9ff1bb8d655516b
- SHA1
  
  94aa12ec373ac5af661a27ffee17d0e34d1bc7ca
- SHA256
  
  e8f2d124512c9664584e71103efae4e2c3fcbdfc57611cf83a1ed32dae558005
- SHA512
  
  60f7866702c7ec3cbf2127fbe93b177db36a4002c480a6b5e22ed8f04fcb114e0cd7718356e4ee83c38aba03ae93c7ebd7c54b7922d58a8e31d50bd38c98f7aa
- SSDEEP
  
  96:1bWxwLtJ5k6iM1HeMx9YzzBTJTRm8xpUUgjH23wA4h1jd:1v9HDxgz5e87mHth1R
Score

3^/10
behavioral7 behavioral8
- Target
  
  img_chart.png
- Size
  
  3KB
- MD5
  
  fa4567e8305333d4c4c0db5817a2cfcb
- SHA1
  
  0aeea73178ca411e5f3854cc221a9283ca6404fd
- SHA256
  
  37df668c177384ae6b5ba4491736940e3b952d0756eef445d540683a0f7ab1cd
- SHA512
  
  2cc65b960a80fe7a55ae830cf71fdf34e707190b7c24e77456ee6803d678d9efb6aef6c999bdf33a10e0b0b216d30c2a432ebcef839759e94e0bcab3ee65568f
Score

3^/10
behavioral10 behavioral9
- Target
  
  img_check.png
- Size
  
  2KB
- MD5
  
  d4a2a4930babcb6fdcb7abf45a190f7b
- SHA1
  
  aab61604845c5766f10deeb1965ea80ef4c193b8
- SHA256
  
  52c2d7b54625af5fe3f5b31b4d443a734d1ce74d4e34b3a27506bd243fa12fe2
- SHA512
  
  c743606c540aa461356182f17d431c2ede7e9e8f1e591e13158b0abc3a4e547cdf52a7c2fa39b7f973b02761a1d22e2a0de205eb98c7b0e7eda740fcc185dde4
Score

3^/10
behavioral11 behavioral12
- Target
  
  img_clock.png
- Size
  
  3KB
- MD5
  
  86c802e2342b2fe665e403dd7af8f6c9
- SHA1
  
  ab98e780dbcf99f948ed6872f52558b15bd39b4b
- SHA256
  
  91193336af5b8699e88d1a6121cf48cd24266085c3f2d722d8ec179d6db40b8a
- SHA512
  
  a07ab74211cef4e5a1b49c80f6456024dc363a84922fbe11bf3895af4d7b9428b3837e840db33de2c2904b149e71163a60e485e8d2699276a7579eaf315c3a2d
Score

3^/10
behavioral13 behavioral14
- Target
  
  img_comedy.png
- Size
  
  1KB
- MD5
  
  3006b921847c8a1ac235fb006bd32616
- SHA1
  
  b4bd5d8103f6c334030e3f93e57ccd27ef6dfe57
- SHA256
  
  a8e122d93c7c54efd8c0229db34413766fdd4c7e2d3c2a3862f56a5971acf162
- SHA512
  
  a4b6421d1d9554b68bf8667f62286128f92c251e873b2553822bbd97982520add7a970ed8074d3e196cb445ba49b839029ac8b30dbc905a962ea86b6f89523c6
Score

3^/10
behavioral15 behavioral16
- Target
  
  img_competitor_analysis.png
- Size
  
  1KB
- MD5
  
  3adeef5a2dbf6d8ac386b24ccf118f29
- SHA1
  
  72b1c48b988426f505e0cb889adf0148acb6d79d
- SHA256
  
  fb1db1c3cfa72a605ffba5f6109d0c541eb710da6d311f1d211674678df516c1
- SHA512
  
  91d0b0ad47fa0215601031e116b84f5ac2ba3c2fbdcdf59b7c20709ee1de34b661803ab78769b47b11f90a6bcb33bd4d9e3689af3d533f0ae29382c70f1edb11
Score

3^/10
behavioral17 behavioral18
- Target
  
  img_copy_inspiration.png
- Size
  
  3KB
- MD5
  
  c37d3430cfb986f65f2a0f4f61957359
- SHA1
  
  a8eb572be329aec1f5de83bd685d026d61c3a84f
- SHA256
  
  144bb30d406310113de5abd8f85817273c15a65ec793167a3244e0018d3f31e8
- SHA512
  
  6c7458f6ad6987cc183ac94a0e61d0abe67e3f802888dc693d9c736e0e487cf270000f1a1540e677157fba7b7d1edac357e71a80ebfae5af2f20bf497df43f1d
Score

3^/10
behavioral19 behavioral20
- Target
  
  img_craft_ideas.png
- Size
  
  3KB
- MD5
  
  f6f79f68006ebee5028bd71e92db7c3a
- SHA1
  
  afdfefbb8cf773649525059341d8d5cef01574ef
- SHA256
  
  4ea9d26c3760957194cb4408c55b2e1511f484f880ff025fc45226af5e0fb06d
- SHA512
  
  1573e7cb12767d60c8c5f8d5761178c6fef0808ffc70e2791369736d77540aefc29a246082dfd78d0e34a7a6467a34bccef1a5bd22a70b084939f4d4fc0b7fbf
Score

3^/10
behavioral21 behavioral22
- Target
  
  img_creative_story.png
- Size
  
  3KB
- MD5
  
  570a43309d60ba60851734a18d5805bf
- SHA1
  
  15a8cb88a32c7f212f55610063ba08df5d2f8693
- SHA256
  
  31a7c0d844e54e7c73bd3cc116a95edbd1aea86328af1c689ccf7e0329638471
- SHA512
  
  8e090793278b26e95fddf7be594d01bd687ec23172ca556638db2f65f9806e64287bb4132d59a9df246711ef02c0e1f766915aa22eee4db87e0bcfbf9122dd53
Score

3^/10
behavioral23 behavioral24
- Target
  
  img_dream_interpreter.png
- Size
  
  2KB
- MD5
  
  2e3f20bcb09569987c71814f6bef7139
- SHA1
  
  512122d55a2d5debb0861b0d8afe53aaca468ef9
- SHA256
  
  bd78bcd527b7b494ea1cc0306cc36083b7c7f7e42e83cdffa7f92ab26a73dea3
- SHA512
  
  a6b0d8284caebb07fd1c9a4992a7b87dfb5926a6c7634c78a2cd7145620346b678a3e4743d022af1868617c799343a488506994a47d17232cdffb0801c0612fd
Score

3^/10
behavioral25 behavioral26
- Target
  
  img_email_drafting.png
- Size
  
  2KB
- MD5
  
  484795a503ebc558d824cf282bc8602f
- SHA1
  
  86a9254927669451c393dd630ad01f283cc79f6d
- SHA256
  
  39512aa259888627dd4f9399002ac0712b7f8f5cbbea8ae2d312e450e4464c96
- SHA512
  
  1fdb285162ab7291a95336a9bda855ffbb4c4279debeb94f2e0d4ea69679921e73464df458cd4a35cfa320f7dddecdfff5575bf94f1fc2fb0d5f19b958138076
Score

3^/10
behavioral27 behavioral28
- Target
  
  img_email_generator.png
- Size
  
  2KB
- MD5
  
  1053aed4944e3745de02108fd1f193c6
- SHA1
  
  b5a014778e4daec68eab69ae073a7cae9ecefc29
- SHA256
  
  f8167533ceeeae92f1cf1a351edfa58a5de75c2b022be66ffc9e566b1144934b
- SHA512
  
  5532b282f3a538745127faa599c9c8c51be7a18d98c43a8e1390e4b9936cd890d6b1de7fa16892f5aa604eae08a985525e703d5f307da3093f834d1c8f22114f
Score

3^/10
behavioral29 behavioral30
- Target
  
  img_email_writing.png
- Size
  
  1KB
- MD5
  
  6c3ef5082f153be721077f7f65f9119b
- SHA1
  
  e71fb4b49455f07fbd6b9417315bbbc4cec566f4
- SHA256
  
  98d3baba2a52e88a7818284c951a8a8df51d4c66078151c8d3ac125973fa01c7
- SHA512
  
  b768c55071768d3035211432d11d0fe0ee41779f7bd5f0652d3ec5ae163f141e581f30db732180320979da1dd39835164df01d39b4167dcc925c36d9ce3093ca
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

Acquires the wake lock.

Loads dropped Dex/Jar

Removes a system notification.

Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32