Analysis Overview
SHA256
0592bd0cd486386a40c271ce4bd8f6b04d2924e8ce37202fe86bfe160eb27f78
Threat Level: Likely malicious
The file tentacle locker_1.0_APKPure.apk was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Checks memory information
Queries information about running processes on the device
Queries the mobile country code (MCC)
Checks CPU information
Loads dropped Dex/Jar
Obtains sensitive information copied to the device clipboard
Checks if the internet connection is available
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-23 03:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-23 03:41
Reported
2024-05-23 03:43
Platform
android-x64-arm64-20240514-en
Max time kernel
46s
Max time network
54s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.kingos.tentaclelocker/cache/1596060835607.jar | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.kingos.tentaclelocker
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.250.179.174:443 | android.apis.google.com | tcp |
| GB | 172.217.169.42:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| NL | 142.250.179.174:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| NL | 142.250.179.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | config.uca.cloud.unity3d.com | udp |
| US | 34.111.113.40:443 | config.uca.cloud.unity3d.com | tcp |
| US | 1.1.1.1:53 | config.unityads.unity3d.com | udp |
| NL | 18.239.69.6:443 | config.unityads.unity3d.com | tcp |
| US | 1.1.1.1:53 | webview.unityads.unity3d.com | udp |
| NL | 18.239.69.104:443 | webview.unityads.unity3d.com | tcp |
| US | 1.1.1.1:53 | tentacle-locker-f284c-default-rtdb.firebaseio.com | udp |
| US | 34.120.206.254:443 | tentacle-locker-f284c-default-rtdb.firebaseio.com | tcp |
| US | 1.1.1.1:53 | cdp.cloud.unity3d.com | udp |
| US | 34.107.172.168:443 | cdp.cloud.unity3d.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| NL | 172.217.23.194:443 | googleads.g.doubleclick.net | tcp |
| NL | 172.217.23.194:443 | googleads.g.doubleclick.net | tcp |
| NL | 172.217.23.194:443 | googleads.g.doubleclick.net | tcp |
| NL | 172.217.23.194:443 | googleads.g.doubleclick.net | tcp |
| NL | 172.217.23.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.202:443 | tcp | |
| GB | 142.250.187.202:443 | tcp | |
| US | 1.1.1.1:53 | publisher-config.unityads.unity3d.com | udp |
| US | 34.110.229.214:443 | publisher-config.unityads.unity3d.com | tcp |
| US | 1.1.1.1:53 | auction.unityads.unity3d.com | udp |
| US | 34.110.184.100:443 | auction.unityads.unity3d.com | tcp |
| US | 1.1.1.1:53 | cdn-creatives-cf-prd.acquire.unity3dusercontent.com | udp |
| NL | 18.238.243.23:443 | cdn-creatives-cf-prd.acquire.unity3dusercontent.com | tcp |
| US | 1.1.1.1:53 | cdn-store-icons-akamai-prd.unityads.unity3d.com | udp |
| NL | 18.239.50.8:443 | cdn-store-icons-akamai-prd.unityads.unity3d.com | tcp |
| US | 1.1.1.1:53 | httpkafka.unityads.unity3d.com | udp |
| US | 35.244.205.3:443 | httpkafka.unityads.unity3d.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
/data/data/com.kingos.tentaclelocker/databases/androidx.work.workdb-journal
| MD5 | 0d21daaf9c0916d2181262bffacdf0de |
| SHA1 | 7aa83888145423b2876d4bd3de1d6cd02e3e495f |
| SHA256 | 4a8fb3f2fbd53d2686bdc1a66bd2fb5e1eaaefb218bbcb55003a3e8a822af135 |
| SHA512 | bf5fbf25a7e88ccb39e5baf51f153e1db7cd69d121935c75851d5d6097dda9e20f0931005a3de24a628f537258bdc98b2492c2b4ae90eb1ba1a4408beb9908a4 |
/data/data/com.kingos.tentaclelocker/databases/androidx.work.workdb
| MD5 | 7e858c4054eb00fcddc653a04e5cd1c6 |
| SHA1 | 2e056bf31a8d78df136f02a62afeeca77f4faccf |
| SHA256 | 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad |
| SHA512 | d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb |
/data/data/com.kingos.tentaclelocker/databases/androidx.work.workdb-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.kingos.tentaclelocker/databases/androidx.work.workdb-wal
| MD5 | decd1d549e9d4b9e61380c727b2dc19f |
| SHA1 | 5c414f96c6781bfe47c03bcb3841d3b2cffeb150 |
| SHA256 | ab096854da1013d8d0710fe53b8837e81dabe4457e63b516581242fbb9805731 |
| SHA512 | b845dd1e48bf10812143ec82fe7643c1eca075a65fbad8850ed3c796b8b381d0721a6c194486c83c78c2892ae76c7e6a439f6a98a257bcd8b968815823257e79 |
/data/data/com.kingos.tentaclelocker/databases/androidx.work.workdb-wal
| MD5 | 186a8c8b5cc2e5e0270196ca27b08718 |
| SHA1 | 4ca7736cb82f5002b98413f7850f798e80b5c112 |
| SHA256 | f7511236cf2144db6fcb7953eaa52bc6f0ee71538f9891ccd41f895c6b96f2f8 |
| SHA512 | fb5becb8536421f1e3d0362475ff549fb52ed3e3a88f58596a0cfda24c826c4a6a5cabdd408334da1004a6e752f3a6a3e06854488f5a1fe3143a155b06d97fa7 |
/data/data/com.kingos.tentaclelocker/files/UnityAdsStorage-public-data.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
/data/data/com.kingos.tentaclelocker/files/UnityAdsStorage-public-data.json
| MD5 | 270fb355845e16f23df456363048da05 |
| SHA1 | 8279ab5ff920359c12c5ecde5cbc3448c717833b |
| SHA256 | 9e1fcba17ce64345a030b1fbcc9970283ecc8f5fa9bfa0525c64c6cfdc392c5b |
| SHA512 | c978cbd4dfc2bf92feddcc33bc45574e20670a7d64e40e8bb2f683386dad9131411cd3e627bfcc60e0e2d945f507e5fe78ed17e6d692138c3962bde775468b28 |
/data/data/com.kingos.tentaclelocker/files/UnityAdsStorage-public-data.json
| MD5 | e948146db7329f1705310b8a7f081510 |
| SHA1 | 43f5421fb4615744b529c411f567784cd9dfc31d |
| SHA256 | 3c37f8e123c0a9ee442323383ae99a296fae30112da3bd7ef438ba139d8a4bd1 |
| SHA512 | 6d0c2dce1c915f1021444d76a202ca58c10f86dd2a910b552c82008bc49bbf55285fa523bf76ad18300a0a38734df86adf8140c3758b1a06cddeef9920bfd94d |
/storage/emulated/0/Android/data/com.kingos.tentaclelocker/cache/UnityAdsCache/UnityAdsTest.txt (deleted)
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/storage/emulated/0/Android/data/com.kingos.tentaclelocker/cache/UnityAdsCache/UnityAdsWebApp.html (deleted)
| MD5 | 47058dbccfa4a0a095f5eb2640006ec9 |
| SHA1 | 24dfc38b2e521f230b82bd2f34e92ca6f1e2392b |
| SHA256 | 9a750f5d23834302b37f79725b46838d92a8b22ad3de87cf1597f2b11e32dc5d |
| SHA512 | cbec5ba1c4946eb4750f7e97d08e936f0b7cbcbff08f3de06c637b7faf41b5bc6d922a81f078440d6e3ebd47f39fd433716cc1de25fdbc60d05d7e14f933ec16 |
/data/data/com.kingos.tentaclelocker/cache/1596060835607.jar
| MD5 | 03ee9d194982da8259d81957162c9795 |
| SHA1 | f05ab5cc908262c4dd51f3e8ca49bc346dc136b2 |
| SHA256 | d44cfb6b41231f150cf310c7c4d399be9587294e3727197e046db4a1c2c3ca3b |
| SHA512 | 241f97312aa3e4547ce7f3195667301872bded70880ce33641a26292530ec2c22614a85c7e2437c5a88fff0e6359ef9c253caa79fa49a025869ae5dcbae524ff |
/data/user/0/com.kingos.tentaclelocker/cache/1596060835607.jar
| MD5 | cf2ed89992c1145a27f078b9da17e96c |
| SHA1 | 2afc75b5bc6329198ec01829e6c6acbd0c0dee01 |
| SHA256 | 84009ae4f9125e2d61a670b88e41ad81bba2161dc0910b4506ef6356f0ebeb78 |
| SHA512 | 8240cd4dcf4087b5f02400853f6820afe4b2a8825089aaa661662539fcb857b78013f8f3a9dc047034f6f42168fffcc6c1727076ab0e4eeaffcad956659de6f5 |
/data/data/com.kingos.tentaclelocker/files/UnityAdsStorage-private-data.json
| MD5 | 16d3e6eac0e79222a9b368edac765b34 |
| SHA1 | 48d5e621fcdd84108f5750d6905180b622715b11 |
| SHA256 | 3a518b70256a689906d6740062462e3124aad6e55c5aa47339a87a56e4933ee7 |
| SHA512 | d0aaacf86100135241426e2a0e9ba44414aa456cd708124e2f9c3a8037e008870cbcb506d316e4fe7cfe1d6dc3073393989a6f3c29f7cfabd6b0f65057afe747 |
/data/data/com.kingos.tentaclelocker/files/UnityAdsStorage-private-data.json
| MD5 | 93f735c6f2cbde51df1041e4bdb2844d |
| SHA1 | 05b98a46daf30c11f573febb2f25281dffd877fc |
| SHA256 | bffb8e5d0e6b6fa1eac938b0fc76eba2e381ef54a6cdbc114e6cc41e10682279 |
| SHA512 | 90c55f1da9b7d42c08e025b8cb8d0880709cb6b485e2d824dc30bd6028c5aba5c6699b7625dac9c4ab53e2aa4e6880790afc8ff4271e1864ca80071468031fc9 |
/data/data/com.kingos.tentaclelocker/files/UnityAdsStorage-private-data.json
| MD5 | 2783b99702d025dd91265875d2471b34 |
| SHA1 | 15a8ad85e67e7bf8ee4276f0adf4908c211374f5 |
| SHA256 | 702d3bf7ce8ff5fa8488274d9defaa4729f3dbfa5d2a1d9a9efae66ae3dae602 |
| SHA512 | 0732cca5218518a6561d7276c64433bbfd44eb6637d9a24f9bbe77a0ca624ebbc7210bec6882ed5ffdeee4fb61b6f59f87bdfd7fa34e4c52645426839c20e940 |
/storage/emulated/0/Android/data/com.kingos.tentaclelocker/cache/UnityAdsCache/UnityAdsCache-ce7076fe2a88f26add40ae0d8c00faacf670f1fff3b5cc03cb1f271cc0faa3f1.webm (deleted)
| MD5 | bdbbc686a12c9fa47c801ed9aef8dfc6 |
| SHA1 | 3bae09fdddf4176f2ffeedaf958b2d3ae3287f7c |
| SHA256 | 49e8171cd02ce5444cc00c443dae4c0bc505a25ae35264bd284adb5af55214eb |
| SHA512 | a24cf3535a161d726c35457b8b8b8aee2e1c5030ec9a61d49ebf35a2647aab84ea9c85b88384911c48253d41f65513c242bfe1f07d39c263ccc93fbd124ee4ff |
/storage/emulated/0/Android/data/com.kingos.tentaclelocker/cache/UnityAdsCache/UnityAdsCache-adb8bc1739c4cbaef818604f935e6e7b937a3f3e6442eaab68c768af5046f14f.webm (deleted)
| MD5 | 788db55ed6640ecb4a181c06a9c0184e |
| SHA1 | 2bb25019024b76e65ab84e27f1bce45b37c381d2 |
| SHA256 | 2aad3dc0d7b195194dbc29a7a32f13463024589da688c27fb0712c7c430b243c |
| SHA512 | 407544b0f49dbd9ff46df9b56b21bbe90b7c7a4db00b8d7f65b7a6ee30db6cdcafd17d197e5b9928cc994114295436e9bd1a92f593f7c0be6ae4f101012b1ded |
/storage/emulated/0/Android/data/com.kingos.tentaclelocker/cache/UnityAdsCache/UnityAdsCache-66a0f7cd8bd95ad70cb7c733bd6f7b4f7181cfd34c5599fc7b9537dcad664c26.jpg (deleted)
| MD5 | 5dddc42c8aea087ad40a7e025e42c88c |
| SHA1 | 55bbb79780298bfb88a0bf2bc99e2b49e38c6cb0 |
| SHA256 | 497ec5330c665d2be3c57691ead91aaf4c9c5e29c41eaae7aad2c011c5f41101 |
| SHA512 | 3d2705829ae7338be2b7eab1175df5111f137578d5ea63a9a5865376961442954c50e8e5423d06e2ed5fae4c3d8edf6dffaa04cece68f1c103c4fc718f25e53f |
/storage/emulated/0/Android/data/com.kingos.tentaclelocker/cache/UnityAdsCache/UnityAdsCache-1238c4be7a4123a96f5346bf2e1f6a34b26d974eaacd66494847995bec3bdedb.png (deleted)
| MD5 | 7b4413a8b4d6681b399d70c76ff214c9 |
| SHA1 | c5c5208e060ed19bf83fa01f9fb00e3366ac91d9 |
| SHA256 | bf5d0631e1aa5ca3a98756b9975a6c19711179622d7065e6744257b7da797f2a |
| SHA512 | f501e593393735a6f3a92526c2d720b8472a4ea93c1c453a0006379b7f2dbd79bc94ff46932b6551f4bf226dcafa0f26c6cd3c00851694c67885faef634ca19f |
/storage/emulated/0/Android/data/com.kingos.tentaclelocker/cache/UnityAdsCache/UnityAdsCache-d6b1bf8dfbad39f9c605014ee9d6fbea55eb71ee9cd2f91bdf7c54a26ba52689.jpg (deleted)
| MD5 | da4ba297c1495cc9b26b3061feb75334 |
| SHA1 | df0c4a223f6debe017843b189cd12f8731903cbc |
| SHA256 | d78946e2efdc9f8e7a07493b411c939ddb36d901d0d4ced5384c6a726cbc6367 |
| SHA512 | 8ca536938f4d8e1ea7c7a075277c0be80bf1955a40a38d1d36a041b53a831a0618bffe8026f06be9a5a89d2bf746ee2ac93e4e06368282213afd50fd9beef664 |
/storage/emulated/0/Android/data/com.kingos.tentaclelocker/cache/UnityAdsCache/UnityAdsCache-5719a001e3258b1a6b0750417b76b62a7027e74cca1d4c787ae6cb60c602a0d6.gif (deleted)
| MD5 | f35994e5d85dfe75505980763abe085c |
| SHA1 | 9cfac4eb2bb38592a7f53477f458701f6e15187c |
| SHA256 | 216b35596c4ba2408b6b80204b3f117a483d781a9d7932a9aabdaaa490978d95 |
| SHA512 | faf8e14c3f022ae4b090f3b57a1326deabebb5cd9d25dfe56fc2af37c49443c116e4dfade7255e162c1ffe83ea2f6d9d50e0c6f5366a9080feb2d6d7b7f73a64 |