Malware Analysis Report

2025-01-19 06:57

Sample ID 240523-d9axmscf6x
Target tentacle locker_1.0_APKPure.apk
SHA256 0592bd0cd486386a40c271ce4bd8f6b04d2924e8ce37202fe86bfe160eb27f78
Tags
collection credential_access discovery evasion impact
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

0592bd0cd486386a40c271ce4bd8f6b04d2924e8ce37202fe86bfe160eb27f78

Threat Level: Likely malicious

The file tentacle locker_1.0_APKPure.apk was found to be: Likely malicious.

Malicious Activity Summary

collection credential_access discovery evasion impact

Checks if the Android device is rooted.

Checks memory information

Queries information about running processes on the device

Queries the mobile country code (MCC)

Checks CPU information

Loads dropped Dex/Jar

Obtains sensitive information copied to the device clipboard

Checks if the internet connection is available

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-23 03:42

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-23 03:41

Reported

2024-05-23 03:43

Platform

android-x64-arm64-20240514-en

Max time kernel

46s

Max time network

54s

Command Line

com.kingos.tentaclelocker

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.kingos.tentaclelocker/cache/1596060835607.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.kingos.tentaclelocker

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.174:443 android.apis.google.com tcp
GB 172.217.169.42:443 tcp
GB 172.217.169.42:443 tcp
NL 142.250.179.174:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.250.179.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 config.uca.cloud.unity3d.com udp
US 34.111.113.40:443 config.uca.cloud.unity3d.com tcp
US 1.1.1.1:53 config.unityads.unity3d.com udp
NL 18.239.69.6:443 config.unityads.unity3d.com tcp
US 1.1.1.1:53 webview.unityads.unity3d.com udp
NL 18.239.69.104:443 webview.unityads.unity3d.com tcp
US 1.1.1.1:53 tentacle-locker-f284c-default-rtdb.firebaseio.com udp
US 34.120.206.254:443 tentacle-locker-f284c-default-rtdb.firebaseio.com tcp
US 1.1.1.1:53 cdp.cloud.unity3d.com udp
US 34.107.172.168:443 cdp.cloud.unity3d.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
NL 172.217.23.194:443 googleads.g.doubleclick.net tcp
NL 172.217.23.194:443 googleads.g.doubleclick.net tcp
NL 172.217.23.194:443 googleads.g.doubleclick.net tcp
NL 172.217.23.194:443 googleads.g.doubleclick.net tcp
NL 172.217.23.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.202:443 tcp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 publisher-config.unityads.unity3d.com udp
US 34.110.229.214:443 publisher-config.unityads.unity3d.com tcp
US 1.1.1.1:53 auction.unityads.unity3d.com udp
US 34.110.184.100:443 auction.unityads.unity3d.com tcp
US 1.1.1.1:53 cdn-creatives-cf-prd.acquire.unity3dusercontent.com udp
NL 18.238.243.23:443 cdn-creatives-cf-prd.acquire.unity3dusercontent.com tcp
US 1.1.1.1:53 cdn-store-icons-akamai-prd.unityads.unity3d.com udp
NL 18.239.50.8:443 cdn-store-icons-akamai-prd.unityads.unity3d.com tcp
US 1.1.1.1:53 httpkafka.unityads.unity3d.com udp
US 35.244.205.3:443 httpkafka.unityads.unity3d.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/data/com.kingos.tentaclelocker/databases/androidx.work.workdb-journal

MD5 0d21daaf9c0916d2181262bffacdf0de
SHA1 7aa83888145423b2876d4bd3de1d6cd02e3e495f
SHA256 4a8fb3f2fbd53d2686bdc1a66bd2fb5e1eaaefb218bbcb55003a3e8a822af135
SHA512 bf5fbf25a7e88ccb39e5baf51f153e1db7cd69d121935c75851d5d6097dda9e20f0931005a3de24a628f537258bdc98b2492c2b4ae90eb1ba1a4408beb9908a4

/data/data/com.kingos.tentaclelocker/databases/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/data/com.kingos.tentaclelocker/databases/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.kingos.tentaclelocker/databases/androidx.work.workdb-wal

MD5 decd1d549e9d4b9e61380c727b2dc19f
SHA1 5c414f96c6781bfe47c03bcb3841d3b2cffeb150
SHA256 ab096854da1013d8d0710fe53b8837e81dabe4457e63b516581242fbb9805731
SHA512 b845dd1e48bf10812143ec82fe7643c1eca075a65fbad8850ed3c796b8b381d0721a6c194486c83c78c2892ae76c7e6a439f6a98a257bcd8b968815823257e79

/data/data/com.kingos.tentaclelocker/databases/androidx.work.workdb-wal

MD5 186a8c8b5cc2e5e0270196ca27b08718
SHA1 4ca7736cb82f5002b98413f7850f798e80b5c112
SHA256 f7511236cf2144db6fcb7953eaa52bc6f0ee71538f9891ccd41f895c6b96f2f8
SHA512 fb5becb8536421f1e3d0362475ff549fb52ed3e3a88f58596a0cfda24c826c4a6a5cabdd408334da1004a6e752f3a6a3e06854488f5a1fe3143a155b06d97fa7

/data/data/com.kingos.tentaclelocker/files/UnityAdsStorage-public-data.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/data/com.kingos.tentaclelocker/files/UnityAdsStorage-public-data.json

MD5 270fb355845e16f23df456363048da05
SHA1 8279ab5ff920359c12c5ecde5cbc3448c717833b
SHA256 9e1fcba17ce64345a030b1fbcc9970283ecc8f5fa9bfa0525c64c6cfdc392c5b
SHA512 c978cbd4dfc2bf92feddcc33bc45574e20670a7d64e40e8bb2f683386dad9131411cd3e627bfcc60e0e2d945f507e5fe78ed17e6d692138c3962bde775468b28

/data/data/com.kingos.tentaclelocker/files/UnityAdsStorage-public-data.json

MD5 e948146db7329f1705310b8a7f081510
SHA1 43f5421fb4615744b529c411f567784cd9dfc31d
SHA256 3c37f8e123c0a9ee442323383ae99a296fae30112da3bd7ef438ba139d8a4bd1
SHA512 6d0c2dce1c915f1021444d76a202ca58c10f86dd2a910b552c82008bc49bbf55285fa523bf76ad18300a0a38734df86adf8140c3758b1a06cddeef9920bfd94d

/storage/emulated/0/Android/data/com.kingos.tentaclelocker/cache/UnityAdsCache/UnityAdsTest.txt (deleted)

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/storage/emulated/0/Android/data/com.kingos.tentaclelocker/cache/UnityAdsCache/UnityAdsWebApp.html (deleted)

MD5 47058dbccfa4a0a095f5eb2640006ec9
SHA1 24dfc38b2e521f230b82bd2f34e92ca6f1e2392b
SHA256 9a750f5d23834302b37f79725b46838d92a8b22ad3de87cf1597f2b11e32dc5d
SHA512 cbec5ba1c4946eb4750f7e97d08e936f0b7cbcbff08f3de06c637b7faf41b5bc6d922a81f078440d6e3ebd47f39fd433716cc1de25fdbc60d05d7e14f933ec16

/data/data/com.kingos.tentaclelocker/cache/1596060835607.jar

MD5 03ee9d194982da8259d81957162c9795
SHA1 f05ab5cc908262c4dd51f3e8ca49bc346dc136b2
SHA256 d44cfb6b41231f150cf310c7c4d399be9587294e3727197e046db4a1c2c3ca3b
SHA512 241f97312aa3e4547ce7f3195667301872bded70880ce33641a26292530ec2c22614a85c7e2437c5a88fff0e6359ef9c253caa79fa49a025869ae5dcbae524ff

/data/user/0/com.kingos.tentaclelocker/cache/1596060835607.jar

MD5 cf2ed89992c1145a27f078b9da17e96c
SHA1 2afc75b5bc6329198ec01829e6c6acbd0c0dee01
SHA256 84009ae4f9125e2d61a670b88e41ad81bba2161dc0910b4506ef6356f0ebeb78
SHA512 8240cd4dcf4087b5f02400853f6820afe4b2a8825089aaa661662539fcb857b78013f8f3a9dc047034f6f42168fffcc6c1727076ab0e4eeaffcad956659de6f5

/data/data/com.kingos.tentaclelocker/files/UnityAdsStorage-private-data.json

MD5 16d3e6eac0e79222a9b368edac765b34
SHA1 48d5e621fcdd84108f5750d6905180b622715b11
SHA256 3a518b70256a689906d6740062462e3124aad6e55c5aa47339a87a56e4933ee7
SHA512 d0aaacf86100135241426e2a0e9ba44414aa456cd708124e2f9c3a8037e008870cbcb506d316e4fe7cfe1d6dc3073393989a6f3c29f7cfabd6b0f65057afe747

/data/data/com.kingos.tentaclelocker/files/UnityAdsStorage-private-data.json

MD5 93f735c6f2cbde51df1041e4bdb2844d
SHA1 05b98a46daf30c11f573febb2f25281dffd877fc
SHA256 bffb8e5d0e6b6fa1eac938b0fc76eba2e381ef54a6cdbc114e6cc41e10682279
SHA512 90c55f1da9b7d42c08e025b8cb8d0880709cb6b485e2d824dc30bd6028c5aba5c6699b7625dac9c4ab53e2aa4e6880790afc8ff4271e1864ca80071468031fc9

/data/data/com.kingos.tentaclelocker/files/UnityAdsStorage-private-data.json

MD5 2783b99702d025dd91265875d2471b34
SHA1 15a8ad85e67e7bf8ee4276f0adf4908c211374f5
SHA256 702d3bf7ce8ff5fa8488274d9defaa4729f3dbfa5d2a1d9a9efae66ae3dae602
SHA512 0732cca5218518a6561d7276c64433bbfd44eb6637d9a24f9bbe77a0ca624ebbc7210bec6882ed5ffdeee4fb61b6f59f87bdfd7fa34e4c52645426839c20e940

/storage/emulated/0/Android/data/com.kingos.tentaclelocker/cache/UnityAdsCache/UnityAdsCache-ce7076fe2a88f26add40ae0d8c00faacf670f1fff3b5cc03cb1f271cc0faa3f1.webm (deleted)

MD5 bdbbc686a12c9fa47c801ed9aef8dfc6
SHA1 3bae09fdddf4176f2ffeedaf958b2d3ae3287f7c
SHA256 49e8171cd02ce5444cc00c443dae4c0bc505a25ae35264bd284adb5af55214eb
SHA512 a24cf3535a161d726c35457b8b8b8aee2e1c5030ec9a61d49ebf35a2647aab84ea9c85b88384911c48253d41f65513c242bfe1f07d39c263ccc93fbd124ee4ff

/storage/emulated/0/Android/data/com.kingos.tentaclelocker/cache/UnityAdsCache/UnityAdsCache-adb8bc1739c4cbaef818604f935e6e7b937a3f3e6442eaab68c768af5046f14f.webm (deleted)

MD5 788db55ed6640ecb4a181c06a9c0184e
SHA1 2bb25019024b76e65ab84e27f1bce45b37c381d2
SHA256 2aad3dc0d7b195194dbc29a7a32f13463024589da688c27fb0712c7c430b243c
SHA512 407544b0f49dbd9ff46df9b56b21bbe90b7c7a4db00b8d7f65b7a6ee30db6cdcafd17d197e5b9928cc994114295436e9bd1a92f593f7c0be6ae4f101012b1ded

/storage/emulated/0/Android/data/com.kingos.tentaclelocker/cache/UnityAdsCache/UnityAdsCache-66a0f7cd8bd95ad70cb7c733bd6f7b4f7181cfd34c5599fc7b9537dcad664c26.jpg (deleted)

MD5 5dddc42c8aea087ad40a7e025e42c88c
SHA1 55bbb79780298bfb88a0bf2bc99e2b49e38c6cb0
SHA256 497ec5330c665d2be3c57691ead91aaf4c9c5e29c41eaae7aad2c011c5f41101
SHA512 3d2705829ae7338be2b7eab1175df5111f137578d5ea63a9a5865376961442954c50e8e5423d06e2ed5fae4c3d8edf6dffaa04cece68f1c103c4fc718f25e53f

/storage/emulated/0/Android/data/com.kingos.tentaclelocker/cache/UnityAdsCache/UnityAdsCache-1238c4be7a4123a96f5346bf2e1f6a34b26d974eaacd66494847995bec3bdedb.png (deleted)

MD5 7b4413a8b4d6681b399d70c76ff214c9
SHA1 c5c5208e060ed19bf83fa01f9fb00e3366ac91d9
SHA256 bf5d0631e1aa5ca3a98756b9975a6c19711179622d7065e6744257b7da797f2a
SHA512 f501e593393735a6f3a92526c2d720b8472a4ea93c1c453a0006379b7f2dbd79bc94ff46932b6551f4bf226dcafa0f26c6cd3c00851694c67885faef634ca19f

/storage/emulated/0/Android/data/com.kingos.tentaclelocker/cache/UnityAdsCache/UnityAdsCache-d6b1bf8dfbad39f9c605014ee9d6fbea55eb71ee9cd2f91bdf7c54a26ba52689.jpg (deleted)

MD5 da4ba297c1495cc9b26b3061feb75334
SHA1 df0c4a223f6debe017843b189cd12f8731903cbc
SHA256 d78946e2efdc9f8e7a07493b411c939ddb36d901d0d4ced5384c6a726cbc6367
SHA512 8ca536938f4d8e1ea7c7a075277c0be80bf1955a40a38d1d36a041b53a831a0618bffe8026f06be9a5a89d2bf746ee2ac93e4e06368282213afd50fd9beef664

/storage/emulated/0/Android/data/com.kingos.tentaclelocker/cache/UnityAdsCache/UnityAdsCache-5719a001e3258b1a6b0750417b76b62a7027e74cca1d4c787ae6cb60c602a0d6.gif (deleted)

MD5 f35994e5d85dfe75505980763abe085c
SHA1 9cfac4eb2bb38592a7f53477f458701f6e15187c
SHA256 216b35596c4ba2408b6b80204b3f117a483d781a9d7932a9aabdaaa490978d95
SHA512 faf8e14c3f022ae4b090f3b57a1326deabebb5cd9d25dfe56fc2af37c49443c116e4dfade7255e162c1ffe83ea2f6d9d50e0c6f5366a9080feb2d6d7b7f73a64