check[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

check.zip
Size

30.9MB
MD5

cc66703c4c2159ba40b7c26848eb75c3
SHA1

0b0728546b2b79bbc4e5e304ce0013f1be41acf6
SHA256

328449250e95af61e5e92254665d4c1a43d835482cd2d159c1e8a08a1ad8c725
SHA512

f0f6e043ae8fb93a2cd51e56dbc33e92d0431106db7643f6d2364b6641ebf527849d6ffb282cb62d610bfea008b63af6dfc37fbbd84e39c8a7b7d8bdaf0888fb

Score

8^/10

pyinstaller vmprotect upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/d92ef7281e3b5145835ffa17ff869c5569011ffb9ad327eeecfddebe31cdc31a	upx

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/466d872ddb9f8ce7db8d16d171b9ba398f99c98c79e63396760cda7426d9460d	vmprotect
static1/unpack001/dffb2eaccbbfd1077d7679ecba62bb75de32259c70e28a84b32750fdfb17e13a	vmprotect

Detects Pyinstaller 1 IoCs

pyinstaller

Processes:

resource	yara_rule
static1/unpack001/197f0e170fac2b8c5f1b79d1865ce25f95f4b1a45408b091b5741710a3d9e32a	pyinstaller

Files

check.zip
.zip

Password: a
197f0e170fac2b8c5f1b79d1865ce25f95f4b1a45408b091b5741710a3d9e32a
.exe windows x64
302d77c6ec68c07741be2ae0d0c26bc88c85f525c8e3766ebf23dba34802f956
.exe windows x86
466d872ddb9f8ce7db8d16d171b9ba398f99c98c79e63396760cda7426d9460d
.exe windows x86
6d13a07022cd549f981cc929795c9c1b18c424a0faff27c1faa8990ca843c6f4
.exe windows x86
8c1d1de824c079bfec155f05b5f24fd4e1c64c015286ac417b3a587124d743ef
.exe windows x86
a31f1894f161f1005c00ad43235500691a4fd0cb7bd83945d47f16dbd7f62ab8
.exe windows x86
a3802c3a0538d8b24b8a43144c51e742b0041e3b983b654ee19639359c42b06d
.exe windows x64
af82bed2c58c403908faf323310cf6a65a7e3bfe098cc930eb5ac4bfe9315ef4
.apk

mouse.celery.alone

zoo.offer.icon.Activity.MainActivity

Activities

zoo.offer.icon.Activity.MainActivity

android.intent.action.MAIN

zoo.offer.icon.SendSms

android.intent.action.SEND
android.intent.action.SENDTO

Permissions

android.permission.GET_TASKS
android.permission.READ_CONTACTS
android.permission.READ_PHONE_STATE
android.permission.RECEIVE_SMS
android.permission.ACCESS_NETWORK_STATE
android.permission.PACKAGE_USAGE_STATS
android.permission.USE_FULL_SCREEN_INTENT
android.permission.WAKE_LOCK
android.permission.ACCESS_NOTIFICATION_POLICY
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.CALL_PHONE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.READ_EXTERNAL_STORAGE
android.permission.NFC
android.permission.WRITE_SMS
android.permission.READ_SMS
android.permission.ACCESS_NOTIFICATION_POLICY
android.permission.ACCESS_FINE_LOCATION
android.permission.SYSTEM_ALERT_WINDOW
android.permission.REQUEST_DELETE_PACKAGES
android.permission.RECORD_AUDIO
android.permission.INTERNET
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.SEND_SMS
android.permission.FOREGROUND_SERVICE

Receivers

zoo.offer.icon.Receiver.ReceiverMms

android.provider.Telephony.SMS_DELIVER

zoo.offer.icon.Receiver.RecieverPushService

android.provider.Telephony.WAP_PUSH_DELIVER

zoo.offer.icon.Receiver.ReceiverBoot

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
com.htc.intent.action.QUICKBOOT_POWERON
android.intent.action.USER_PRESENT
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.provider.Telephony.SMS_RECEIVED
android.intent.action.SCREEN_ON
android.intent.action.EXTERNAL_APPLICATIONS_AVAILABLE
android.net.conn.CONNECTIVITY_CHANGE
android.net.wifi.WIFI_STATE_CHANGED
android.intent.action.DREAMING_STOPPED

Services

zoo.offer.icon.ServiceHeadlessSmsSend

android.intent.action.RESPOND_VIA_MESSAGE

zoo.offer.icon.ServiceAccessibility

android.accessibilityservice.AccessibilityService

zoo.offer.icon.ServiceNL

android.service.notification.NotificationListenerService
c6c0d4969ac74cdc574fae3ace12a4ad64858ec5ab292733ae78fd3d04696536
.exe windows x86
d92ef7281e3b5145835ffa17ff869c5569011ffb9ad327eeecfddebe31cdc31a
.exe windows x86
dffb2eaccbbfd1077d7679ecba62bb75de32259c70e28a84b32750fdfb17e13a
.exe windows x64

Exports

Exports

��2��i5�NDD��v��m垱 7��z�ڷ��î�G�ϲ��C>��ѯ�w��u`� ��v�ǲs�W��ʃ�&`�.�,SWu�݌�h��W�3��A1�6U��$�(��D<-6��M'��L��Z��;{.d�)��8x(��Z룚��7T�2Hh��e�rr�F�B\D��4a.m��_}�w��'h��i�B��V��m��M��to�V;�B&5��MV�ΏK6e��)��D��c�[�/B��oY��=��帰v��Ǩ�Q��`�>t��{k�.�-�S�{� 8�m�Y�p-ĥ��oŬ��'��ޕ��\�c$^r~��U��D@��r2� |�7g��c�i��]� 5�$�;,�]fA��O��[��t� �|�_�c<{]#XXhnY��z��f�}&��|K��Ŷ�QNT>�ߥTxFz��E�27Ԭ/��+�Պwu��P��Χ�Ao�I��4��uk<��v[͞V�J9��?��uWN�ՇI��;l�[��H5�P��*��C�:�.��r�k �%��⿖�Q�`�N��E��7��W>�(��A��>5��|{��-�_�S��F��Pf�7�S_ u�F;e�ƻ��m=��@J�o��ww="�o�<E��4bfh�%B�c��VtscK��reIkX�W�3��|�*գ��1�.W�V��X�%��P^(�օ(J�E�"V��i��]��ڗ��8 ��<�#�/��)d��e{� ��ʏtM�d]�ܤ�kO��9/^��-�G}��zj�93 �?T!�^�p��c�}��22-��K��Xk%L�5vg�!_�z�/`u�E��G=()�e�Éd�� IW��oiRId�g��{�:�IĽ)I�o�� N�kN��mt(��\U\��r�3&�ߔ�\J��ȅM�eu�͹ˉO&��#s�iK�~�|譫��|��з4�w�k>�UU��oڎ��Yv�/h�{��t/�.�h��D��َ>b�؊��{2�rC߬ª˗D�� w��v� �� r��Y��bQǊ=��K�'=�/�8h5ٱ-~je�a�w/g�֧�}�%��k��~Q��R�Sy�go\q�Na��Ӄ3B��{��Vl�� Y=��.��+��"h�\�)Sz��.�i󓷻�τ��kx10%Y�W�@/��]�[�Wv��s�08�rs��׳e��aT-EDG�-�2H��S��R��D��s�7o�`��y�M '⠚�G�tÇ�8�_sa�� ʑ#Q+��&&��c�� P��aI^=��b�1�{��P|�^��u�� hw��iYW3��[��hy�jRo��9fw~��jᴠ�!�[��ϓz��.\�K��0P��g@��U��|C_�d��i��:Qڍ��q�6�i:<g��~v��F��Z(�s ��'<��e�[��8r��??2��.��Ĕ1��#b��MH��N`�݇��]�t�E\Ii!��I�2_��gC��_bʙ�P^Xtmz��;Qd5��H�4��efa)K�gX.��V7�� )��h��[JJ-C�E*��A�S��4/��Y��Ȯ�ܪ߬�M��Jqeb�%�ft��d��]��Mi׀-Ӯzk&��^��(�ޝ��K`�9�5��L�8rA��!��H�� W,h i�9��H�,z5��Әܧ�ީ�)�fX��#��'V�S��ҩz�yIݹ��(�Qֆ��@n�Q?3>��A��OD��r�[�i�6�=��n��n��Q�"a.�eDoNM�m<�5�=��dvL��\ E��p�\�;I�(��3w�>�$�#x1��P�C��y�Y<��@�%I�erG��>��?�E��8PL�F��?�l�a�{��m�n&e��ڈ|6��!�H��Z��o��t)�N5Ѣ�_c��Ѿ�윍��+�۵+-��2�$��?WV��d�I ��6�cp��힪�b��Fh�B՚h��~c��L��Y]�5�!3$�C[e��)��¢��9��,k_�i��ز��t��|��7�D�=�s�)�(p� ��DI�Ј�%��W{��V��L9��t �%��) L��o��vƳ)�/ x�p8Db��FXcJ�J�j"��pa 1[pȯ��v"�ɭH%E�Q,x��K��3�;�b��N��x��~B��ɸ�� F5�9pgGDu"d�'Xfl^��|��m��v<��S��u��FN��oj$��Гg��R�@��E�`��I ��.��d��V)� ��4"�P�A4��hR ��Y܍|�kE(�smG( �Y��N>�i��u�AH�#h &R��0f!Ŕ�Ŕ�l9��-�`0p�9a&,��|d�8d4ګ'�+ϴ\��tޜ��?�1��uQ��{ ط��!�1؊�k ��C�B�+��G�l�\lb{�_<��ൎH�(�^QJ_��d��!�&��j�h��Z8�L��*,R|��;L��:�Zr<{��`�$�u8)��۸�vj Z�`7Z)�4�-��A��_�fdp{Wc�\�-Qamċ^4UۊgX��oW� &��?^|%��zK�߰�)�*ܱЬ��M��}�6Q��U*��lc��@�E��$�@��jd,7�e��32�q��,_��#��1R��t�Z�Mk��@�:V�1��{��XK��t�W� J��Y�5�nO$zz�Jm�`u��)�j�[��Q�#�O�^�"û� NJċ@@e�(B=&{,�DX�a>M�@��b �̨* �L�� yc?L�>N0�{@&!��i(ͥ8��-��d��$�.�
e247b061c89190fa7fec3ce419b3ed58e088db8a58fa40fc208d3995b149adb1
.exe windows x86

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sharing

General

Malware Config

Signatures

Files

Password: a

mouse.celery.alone

zoo.offer.icon.Activity.MainActivity

Activities

zoo.offer.icon.Activity.MainActivity

zoo.offer.icon.SendSms

Permissions

Receivers

zoo.offer.icon.Receiver.ReceiverMms

zoo.offer.icon.Receiver.RecieverPushService

zoo.offer.icon.Receiver.ReceiverBoot

Services

zoo.offer.icon.ServiceHeadlessSmsSend

zoo.offer.icon.ServiceAccessibility

zoo.offer.icon.ServiceNL

Exports

Exports

Exports

Exports