94be86d50af2ded5b2754cc2f0eeb8d26c44878b6835cb6292abf35df92bd4fa

Resubmissions

28-09-2024 21:15

240928-z4awcazbpf 10

24-03-2024 05:08

240324-fshx2acf2v 7

24-03-2024 02:46

240324-c9m2jabd5s 7

Analysis

max time kernel
157s
max time network
165s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
24-03-2024 02:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BlackMart.apk
Size

8.5MB
MD5

1f51442ac69949a896f13e42c4d7254a
SHA1

dac18bf7ac2dae640c064fe2563e4e32011144b4
SHA256

94be86d50af2ded5b2754cc2f0eeb8d26c44878b6835cb6292abf35df92bd4fa
SHA512

aaaaecb86f62c6602876a728101dc1604b57b887d788cf3dde66573a101be96301b80be3cbea21eaec9bf3021b335c0bb8964c73e7e5fc95d06cc4d382bec089
SSDEEP

196608:nxgE8qnpvtBIH7qu3G7roKx2NIXfT2+dMwW+dMwI+dMwE+dMww+dMws:nxOeHIH7R3G7rp4k2qMwWqMwIqMwEqMj

Score

7^/10

evasion persistence ransomware

Malware Config

Signatures

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

Processes:

com.velociraptor.raptor

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.velociraptor.raptor

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

Processes:

flow	ioc
25	discord.com
24	discord.com

Changes the wallpaper (common with ransomware activity). 1 IoCs

ransomware

Processes:

com.velociraptor.raptor

description	ioc	Process
Framework service call	android.app.IWallpaperManager.setWallpaper	com.velociraptor.raptor

com.velociraptor.raptor
1⤵
- Makes use of the framework's foreground persistence service
- Changes the wallpaper (common with ransomware activity).
PID:4460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/system/users/0/wallpaper_orig

Filesize
134KB

MD5
c43a39b69d8967352c9d9c50a9d3b232

SHA1
4109032a75ef4326352f55abae758f73f9129a1e

SHA256
9487405dda3ec229e9396b0898354ad82c8d701c370a94aea8bfd4d1f38fbf28

SHA512
b7c6f628b91e87583072105d9dfd6fa4ee49a89a5980c6d73ac5d23546046076793ecbbacfff4c1e393dbd85656be04f2c61ff440c6e4a854c66b36072f16acd

Download Submit
/data/system/users/0/wallpaper_orig

Filesize
760KB

MD5
50aed67a13ff4dafe297c31d6aaeb245

SHA1
f3a1048a41da26fb00a386c92b8ceba111758219

SHA256
a589b7391b7b7147d72ff6ef0a76998851fbc9360f18ad7f63733cee8051c7ba

SHA512
d945f28b22e3427cb67fbfb9fd8ec514cfcadba14c179b76cf8543455ae9739ffc3167046b7ed4454327f8292639494aceb4d705ac0f5b2dd583cadde7de5039

Download Submit
/data/user/0/com.velociraptor.raptor/cache/cache_an/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit