0592bd0cd486386a40c271ce4bd8f6b04d2924e8ce37202fe86bfe160eb27f78

Analysis

max time kernel
46s
max time network
54s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
23-05-2024 03:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tentacle locker_1.0_APKPure.apk
Size

29.1MB
MD5

1465348187503c832b526822198a8bce
SHA1

cbdd6941483eb54c6de174f47e59fbaea86245f0
SHA256

0592bd0cd486386a40c271ce4bd8f6b04d2924e8ce37202fe86bfe160eb27f78
SHA512

ab216e460ea7e51f951067d0e0f4741c4391e05ec196672d42718c928ef2ba5c0029779d40b6f42e2c83faf3fe84ed04b94bbc0c282f49d26e17cd0af7c69147
SSDEEP

786432:0oLmgbLScJa5QeSoKsNmiFR8dIBhhqpZU8Hc3rWzauNODJwbv:/9LScPJsQiFR8Oh+ZlWuN8Kv

Score

8^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

T1426

Processes:

com.kingos.tentaclelocker

ioc process

/system/app/Superuser.apk com.kingos.tentaclelocker
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.kingos.tentaclelocker

description ioc process

File opened for read /proc/cpuinfo com.kingos.tentaclelocker
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.kingos.tentaclelocker

description ioc process

File opened for read /proc/meminfo com.kingos.tentaclelocker
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

com.kingos.tentaclelocker

ioc pid process

/data/user/0/com.kingos.tentaclelocker/cache/1596060835607.jar 4595 com.kingos.tentaclelocker
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.kingos.tentaclelocker

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.kingos.tentaclelocker
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.kingos.tentaclelocker

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.kingos.tentaclelocker
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.kingos.tentaclelocker

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.kingos.tentaclelocker
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.kingos.tentaclelocker

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kingos.tentaclelocker
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.kingos.tentaclelocker

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.kingos.tentaclelocker

ioc	process
/system/app/Superuser.apk	com.kingos.tentaclelocker

description	ioc	process
File opened for read	/proc/cpuinfo	com.kingos.tentaclelocker

description	ioc	process
File opened for read	/proc/meminfo	com.kingos.tentaclelocker

ioc	pid	process
/data/user/0/com.kingos.tentaclelocker/cache/1596060835607.jar	4595	com.kingos.tentaclelocker

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.kingos.tentaclelocker

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.kingos.tentaclelocker

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.kingos.tentaclelocker

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kingos.tentaclelocker

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.kingos.tentaclelocker

com.kingos.tentaclelocker
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4595

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kingos.tentaclelocker/cache/1596060835607.jar
Filesize
9KB

MD5
03ee9d194982da8259d81957162c9795

SHA1
f05ab5cc908262c4dd51f3e8ca49bc346dc136b2

SHA256
d44cfb6b41231f150cf310c7c4d399be9587294e3727197e046db4a1c2c3ca3b

SHA512
241f97312aa3e4547ce7f3195667301872bded70880ce33641a26292530ec2c22614a85c7e2437c5a88fff0e6359ef9c253caa79fa49a025869ae5dcbae524ff

Download Submit
/data/data/com.kingos.tentaclelocker/databases/androidx.work.workdb
Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.kingos.tentaclelocker/databases/androidx.work.workdb-journal
Filesize
512B

MD5
0d21daaf9c0916d2181262bffacdf0de

SHA1
7aa83888145423b2876d4bd3de1d6cd02e3e495f

SHA256
4a8fb3f2fbd53d2686bdc1a66bd2fb5e1eaaefb218bbcb55003a3e8a822af135

SHA512
bf5fbf25a7e88ccb39e5baf51f153e1db7cd69d121935c75851d5d6097dda9e20f0931005a3de24a628f537258bdc98b2492c2b4ae90eb1ba1a4408beb9908a4

Download Submit
/data/data/com.kingos.tentaclelocker/databases/androidx.work.workdb-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.kingos.tentaclelocker/databases/androidx.work.workdb-wal
Filesize
16KB

MD5
decd1d549e9d4b9e61380c727b2dc19f

SHA1
5c414f96c6781bfe47c03bcb3841d3b2cffeb150

SHA256
ab096854da1013d8d0710fe53b8837e81dabe4457e63b516581242fbb9805731

SHA512
b845dd1e48bf10812143ec82fe7643c1eca075a65fbad8850ed3c796b8b381d0721a6c194486c83c78c2892ae76c7e6a439f6a98a257bcd8b968815823257e79

Download Submit
/data/data/com.kingos.tentaclelocker/databases/androidx.work.workdb-wal
Filesize
88KB

MD5
186a8c8b5cc2e5e0270196ca27b08718

SHA1
4ca7736cb82f5002b98413f7850f798e80b5c112

SHA256
f7511236cf2144db6fcb7953eaa52bc6f0ee71538f9891ccd41f895c6b96f2f8

SHA512
fb5becb8536421f1e3d0362475ff549fb52ed3e3a88f58596a0cfda24c826c4a6a5cabdd408334da1004a6e752f3a6a3e06854488f5a1fe3143a155b06d97fa7

Download Submit
/data/data/com.kingos.tentaclelocker/files/UnityAdsStorage-private-data.json
Filesize
41B

MD5
16d3e6eac0e79222a9b368edac765b34

SHA1
48d5e621fcdd84108f5750d6905180b622715b11

SHA256
3a518b70256a689906d6740062462e3124aad6e55c5aa47339a87a56e4933ee7

SHA512
d0aaacf86100135241426e2a0e9ba44414aa456cd708124e2f9c3a8037e008870cbcb506d316e4fe7cfe1d6dc3073393989a6f3c29f7cfabd6b0f65057afe747

Download Submit
/data/data/com.kingos.tentaclelocker/files/UnityAdsStorage-private-data.json
Filesize
607B

MD5
93f735c6f2cbde51df1041e4bdb2844d

SHA1
05b98a46daf30c11f573febb2f25281dffd877fc

SHA256
bffb8e5d0e6b6fa1eac938b0fc76eba2e381ef54a6cdbc114e6cc41e10682279

SHA512
90c55f1da9b7d42c08e025b8cb8d0880709cb6b485e2d824dc30bd6028c5aba5c6699b7625dac9c4ab53e2aa4e6880790afc8ff4271e1864ca80071468031fc9

Download Submit
/data/data/com.kingos.tentaclelocker/files/UnityAdsStorage-private-data.json
Filesize
2KB

MD5
2783b99702d025dd91265875d2471b34

SHA1
15a8ad85e67e7bf8ee4276f0adf4908c211374f5

SHA256
702d3bf7ce8ff5fa8488274d9defaa4729f3dbfa5d2a1d9a9efae66ae3dae602

SHA512
0732cca5218518a6561d7276c64433bbfd44eb6637d9a24f9bbe77a0ca624ebbc7210bec6882ed5ffdeee4fb61b6f59f87bdfd7fa34e4c52645426839c20e940

Download Submit
/data/data/com.kingos.tentaclelocker/files/UnityAdsStorage-public-data.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/com.kingos.tentaclelocker/files/UnityAdsStorage-public-data.json
Filesize
111B

MD5
270fb355845e16f23df456363048da05

SHA1
8279ab5ff920359c12c5ecde5cbc3448c717833b

SHA256
9e1fcba17ce64345a030b1fbcc9970283ecc8f5fa9bfa0525c64c6cfdc392c5b

SHA512
c978cbd4dfc2bf92feddcc33bc45574e20670a7d64e40e8bb2f683386dad9131411cd3e627bfcc60e0e2d945f507e5fe78ed17e6d692138c3962bde775468b28

Download Submit
/data/data/com.kingos.tentaclelocker/files/UnityAdsStorage-public-data.json
Filesize
272B

MD5
e948146db7329f1705310b8a7f081510

SHA1
43f5421fb4615744b529c411f567784cd9dfc31d

SHA256
3c37f8e123c0a9ee442323383ae99a296fae30112da3bd7ef438ba139d8a4bd1

SHA512
6d0c2dce1c915f1021444d76a202ca58c10f86dd2a910b552c82008bc49bbf55285fa523bf76ad18300a0a38734df86adf8140c3758b1a06cddeef9920bfd94d

Download Submit
/data/user/0/com.kingos.tentaclelocker/cache/1596060835607.jar
Filesize
19KB

MD5
cf2ed89992c1145a27f078b9da17e96c

SHA1
2afc75b5bc6329198ec01829e6c6acbd0c0dee01

SHA256
84009ae4f9125e2d61a670b88e41ad81bba2161dc0910b4506ef6356f0ebeb78

SHA512
8240cd4dcf4087b5f02400853f6820afe4b2a8825089aaa661662539fcb857b78013f8f3a9dc047034f6f42168fffcc6c1727076ab0e4eeaffcad956659de6f5

Download Submit
/storage/emulated/0/Android/data/com.kingos.tentaclelocker/cache/UnityAdsCache/UnityAdsCache-1238c4be7a4123a96f5346bf2e1f6a34b26d974eaacd66494847995bec3bdedb.png (deleted)
Filesize
37KB

MD5
7b4413a8b4d6681b399d70c76ff214c9

SHA1
c5c5208e060ed19bf83fa01f9fb00e3366ac91d9

SHA256
bf5d0631e1aa5ca3a98756b9975a6c19711179622d7065e6744257b7da797f2a

SHA512
f501e593393735a6f3a92526c2d720b8472a4ea93c1c453a0006379b7f2dbd79bc94ff46932b6551f4bf226dcafa0f26c6cd3c00851694c67885faef634ca19f

Download Submit
/storage/emulated/0/Android/data/com.kingos.tentaclelocker/cache/UnityAdsCache/UnityAdsCache-5719a001e3258b1a6b0750417b76b62a7027e74cca1d4c787ae6cb60c602a0d6.gif (deleted)
Filesize
4.7MB

MD5
f35994e5d85dfe75505980763abe085c

SHA1
9cfac4eb2bb38592a7f53477f458701f6e15187c

SHA256
216b35596c4ba2408b6b80204b3f117a483d781a9d7932a9aabdaaa490978d95

SHA512
faf8e14c3f022ae4b090f3b57a1326deabebb5cd9d25dfe56fc2af37c49443c116e4dfade7255e162c1ffe83ea2f6d9d50e0c6f5366a9080feb2d6d7b7f73a64

Download Submit
/storage/emulated/0/Android/data/com.kingos.tentaclelocker/cache/UnityAdsCache/UnityAdsCache-66a0f7cd8bd95ad70cb7c733bd6f7b4f7181cfd34c5599fc7b9537dcad664c26.jpg (deleted)
Filesize
22KB

MD5
5dddc42c8aea087ad40a7e025e42c88c

SHA1
55bbb79780298bfb88a0bf2bc99e2b49e38c6cb0

SHA256
497ec5330c665d2be3c57691ead91aaf4c9c5e29c41eaae7aad2c011c5f41101

SHA512
3d2705829ae7338be2b7eab1175df5111f137578d5ea63a9a5865376961442954c50e8e5423d06e2ed5fae4c3d8edf6dffaa04cece68f1c103c4fc718f25e53f

Download Submit
/storage/emulated/0/Android/data/com.kingos.tentaclelocker/cache/UnityAdsCache/UnityAdsCache-adb8bc1739c4cbaef818604f935e6e7b937a3f3e6442eaab68c768af5046f14f.webm (deleted)
Filesize
1.9MB

MD5
788db55ed6640ecb4a181c06a9c0184e

SHA1
2bb25019024b76e65ab84e27f1bce45b37c381d2

SHA256
2aad3dc0d7b195194dbc29a7a32f13463024589da688c27fb0712c7c430b243c

SHA512
407544b0f49dbd9ff46df9b56b21bbe90b7c7a4db00b8d7f65b7a6ee30db6cdcafd17d197e5b9928cc994114295436e9bd1a92f593f7c0be6ae4f101012b1ded

Download Submit
/storage/emulated/0/Android/data/com.kingos.tentaclelocker/cache/UnityAdsCache/UnityAdsCache-ce7076fe2a88f26add40ae0d8c00faacf670f1fff3b5cc03cb1f271cc0faa3f1.webm (deleted)
Filesize
1.5MB

MD5
bdbbc686a12c9fa47c801ed9aef8dfc6

SHA1
3bae09fdddf4176f2ffeedaf958b2d3ae3287f7c

SHA256
49e8171cd02ce5444cc00c443dae4c0bc505a25ae35264bd284adb5af55214eb

SHA512
a24cf3535a161d726c35457b8b8b8aee2e1c5030ec9a61d49ebf35a2647aab84ea9c85b88384911c48253d41f65513c242bfe1f07d39c263ccc93fbd124ee4ff

Download Submit
/storage/emulated/0/Android/data/com.kingos.tentaclelocker/cache/UnityAdsCache/UnityAdsCache-d6b1bf8dfbad39f9c605014ee9d6fbea55eb71ee9cd2f91bdf7c54a26ba52689.jpg (deleted)
Filesize
326KB

MD5
da4ba297c1495cc9b26b3061feb75334

SHA1
df0c4a223f6debe017843b189cd12f8731903cbc

SHA256
d78946e2efdc9f8e7a07493b411c939ddb36d901d0d4ced5384c6a726cbc6367

SHA512
8ca536938f4d8e1ea7c7a075277c0be80bf1955a40a38d1d36a041b53a831a0618bffe8026f06be9a5a89d2bf746ee2ac93e4e06368282213afd50fd9beef664

Download Submit
/storage/emulated/0/Android/data/com.kingos.tentaclelocker/cache/UnityAdsCache/UnityAdsTest.txt (deleted)
Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/storage/emulated/0/Android/data/com.kingos.tentaclelocker/cache/UnityAdsCache/UnityAdsWebApp.html (deleted)
Filesize
2.1MB

MD5
47058dbccfa4a0a095f5eb2640006ec9

SHA1
24dfc38b2e521f230b82bd2f34e92ca6f1e2392b

SHA256
9a750f5d23834302b37f79725b46838d92a8b22ad3de87cf1597f2b11e32dc5d

SHA512
cbec5ba1c4946eb4750f7e97d08e936f0b7cbcbff08f3de06c637b7faf41b5bc6d922a81f078440d6e3ebd47f39fd433716cc1de25fdbc60d05d7e14f933ec16

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads