230309-vr6d9shkab_pw_infected[.]zip

Resubmissions

14/03/2023, 11:30

230314-nmhzvahb2v 8

09/03/2023, 22:01

230309-1xfnpacb6s 8

Sharing

Copy URL Twitter E-mail

General

Target

230309-vr6d9shkab_pw_infected.zip
Size

4.5MB
MD5

d24a2a05323c162ec126ce4cf59c9ad7
SHA1

7e6917ab9dd7186e2109d91387f51c209db430d1
SHA256

8ced17fa910d33f80d4de74f14b8e43f1f3d2f67d69cc0eae94396fc7eb83cb0
SHA512

486adec92b07470f8365b5d0b067336c9fd78884c1d1d04714859d918c6bc12543c6973a36b13552009e53720aeed6f6a14f3221192e1f9708cff1706cc6fe3c
SSDEEP

98304:SYbCxof2jfgxuMS9RcyYB6YA7NX7E3mZcwrOMQbmCy/MtvVM5:SYbN2Tg4b35Z7NX7E2ZcSQbmCLvq5

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 8 IoCs

description	ioc
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE

Files

230309-vr6d9shkab_pw_infected.zip
.zip

Password: infected
eb8edfd04c0d1e0b03f4629519800c8b043110dbe94a70406c60d5a009f723fe_pw_infected.zip
.zip

Password: infected
tmpu05bty2b
.apk android

com.kamalicata.ru

com.kamalicata.ـיˈ诶ˑ杰ﹳˋᐧ匕יちち丹ᵢᵢˏ西西ᐧ丹れיٴʿˋﾞᵎיʾٴٴ匕ˋ吉ˈنᴵיʼייˎٴﹶᵔᵔˎ工工2.ᵢˏ工工匕诶فʾبʼثشˏʾˏᵢﹳᵎᵔᵢｊ匚ˆᐧعㄚˎ丹ʼˈل匕诶ٴʿʿى下ˈʼˈʻ下سʿىقʾاᴵ20

Activities

com.kamalicata.ـיˈ诶ˑ杰ﹳˋᐧ匕יちち丹ᵢᵢˏ西西ᐧ丹れיٴʿˋﾞᵎיʾٴٴ匕ˋ吉ˈنᴵיʼייˎٴﹶᵔᵔˎ工工2.ᵢˏ工工匕诶فʾبʼثشˏʾˏᵢﹳᵎᵔᵢｊ匚ˆᐧعㄚˎ丹ʼˈل匕诶ٴʿʿى下ˈʼˈʻ下سʿىقʾاᴵ20

android.intent.action.VIEW

com.kamalicata.ـיˈ诶ˑ杰ﹳˋᐧ匕יちち丹ᵢᵢˏ西西ᐧ丹れיٴʿˋﾞᵎיʾٴٴ匕ˋ吉ˈنᴵיʼייˎٴﹶᵔᵔˎ工工2.尺丹ʻˑ吉ﾞˋʾﹳʻخʾʼˑـٴ工ٴˉﹳˆˑˈᵢ尺哦ʻיʿﾞ诶ᵎᐧˉᐧب艾ٴᵔᵢى乃哦ﾞ匕ᵔʻخفʾ14_CA

xyz

Permissions

android.permission.SET_WALLPAPER
android.permission.READ_SMS
android.permission.READ_CONTACTS
android.permission.GET_ACCOUNTS
android.permission.CAMERA
android.permission.RECORD_AUDIO
android.permission.DISABLE_KEYGUARD
android.permission.FOREGROUND_SERVICE
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.INTERNET
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_PHONE_STATE
android.permission.WAKE_LOCK
com.android.alarm.permission.SET_ALARM
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
com.android.launcher.permission.INSTALL_SHORTCUT
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.REQUEST_DELETE_PACKAGES
android.permission.USE_FULL_SCREEN_INTENT

Receivers

com.kamalicata.ˉʼ诶لʾعיـʾ哦ⁱ工ٴع下ʿ诶丹ᴵʼˈיﹶᵎﹶاᵎ诶ᵢـا尺ʼﹶ工ـᴵʼᵢعاتᵢـ∪شا尺ᵎٴ5.SensorRestarterBroadcastReceiver

RestartSensor

com.kamalicata.ˉʼ诶لʾعיـʾ哦ⁱ工ٴع下ʿ诶丹ᴵʼˈיﹶᵎﹶاᵎ诶ᵢـا尺ʼﹶ工ـᴵʼᵢعاتᵢـ∪شا尺ᵎٴ5.ٴ杰ˋʾʻˏل西ˎ下فٴ工ʿʼˋ吉ˉ工ثᵔⁱشˈٴ诶ˈˎˈムˋاىغـᐧˉˏᵔʼخʾˋيˎˎللʾᵢ7

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
android.intent.action.USER_PRESENT
android.intent.action.LOCKED_BOOT_COMPLETED

com.kamalicata.ˉʼ诶لʾعיـʾ哦ⁱ工ٴع下ʿ诶丹ᴵʼˈיﹶᵎﹶاᵎ诶ᵢـا尺ʼﹶ工ـᴵʼᵢعاتᵢـ∪شا尺ᵎٴ5.尺丹ʻˑ吉ﾞˋʾﹳʻخʾʼˑـٴ工ٴˉﹳˆˑˈᵢ尺哦ʻיʿﾞ诶ᵎᐧˉᐧب艾ٴᵔᵢى乃哦ﾞ匕ᵔʻخفʾ14_RC

android.intent.action.PACKAGE_INSTALL
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED
android.intent.action.PACKAGE_CHANGED

com.kamalicata.ˉʼ诶لʾعיـʾ哦ⁱ工ٴع下ʿ诶丹ᴵʼˈיﹶᵎﹶاᵎ诶ᵢـا尺ʼﹶ工ـᴵʼᵢعاتᵢـ∪شا尺ᵎٴ5.ٴ杰ˋʾʻˏل西ˎ下فٴ工ʿʼˋ吉ˉ工ثᵔⁱشˈٴ诶ˈˎˈムˋاىغـᐧˉˏᵔʼخʾˋيˎˎللʾᵢ74

android.intent.action.SCREEN_ON
android.intent.action.SCREEN_OFF
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.Intent.ACTION_USER_PRESENT
android.intent.action.USER_PRESENT

com.kamalicata.ـיˈ诶ˑ杰ﹳˋᐧ匕יちち丹ᵢᵢˏ西西ᐧ丹れיٴʿˋﾞᵎיʾٴٴ匕ˋ吉ˈنᴵיʼייˎٴﹶᵔᵔˎ工工2.لⁱﹶʿʻﹶʾقعᴵنىﹳ吉ˈʻれʾ下ثˏᵎˋʾᵢٴٴـʿ哦乃عˏʼʿˈ尺娜ˈʿخˈسᵔ娜ʿʾ卄ʽ工33

android.intent.action.PHONE_STATE
android.intent.action.NEW_OUTGOING_CALL

com.kamalicata.ˉʼ诶لʾعיـʾ哦ⁱ工ٴع下ʿ诶丹ᴵʼˈיﹶᵎﹶاᵎ诶ᵢـا尺ʼﹶ工ـᴵʼᵢعاتᵢـ∪شا尺ᵎٴ5.ٴ杰ˋʾʻˏل西ˎ下فٴ工ʿʼˋ吉ˉ工ثᵔⁱشˈٴ诶ˈˎˈムˋاىغـᐧˉˏᵔʼخʾˋيˎˎللʾᵢ7_AR

android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.ACTION_PASSWORD_CHANGED
android.app.action.ACTION_PASSWORD_FAILED
android.app.action.ACTION_PASSWORD_SUCCEEDED

Services

com.kamalicata.娜ـʼʻﹶᵔᐧغˏقﾞ尺ˏشﹳᐧفـاˉ工下ᵔᵢﹳ工غث工ˏᵎᵢʻˆʾفﾞˋ艾ˎᵢち娜ʾـ诶ʾᴵʾち3.ٴ杰ˋʾʻˏل西ˎ下فٴ工ʿʼˋ吉ˉ工ثᵔⁱشˈٴ诶ˈˎˈムˋاىغـᐧˉˏᵔʼخʾˋيˎˎللʾᵢ72

android.accessibilityservice.AccessibilityService

com.kamalicata.娜ـʼʻﹶᵔᐧغˏقﾞ尺ˏشﹳᐧفـاˉ工下ᵔᵢﹳ工غث工ˏᵎᵢʻˆʾفﾞˋ艾ˎᵢち娜ʾـ诶ʾᴵʾち3.SimpleIME

android.view.InputMethod

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

com.kamalicata.ru

com.kamalicata.ـיˈ诶ˑ杰ﹳˋᐧ匕יちち丹ᵢᵢˏ西西ᐧ丹れיٴʿˋﾞᵎיʾٴٴ匕ˋ吉ˈنᴵיʼייˎٴﹶᵔᵔˎ工工2.ᵢˏ工工匕诶فʾبʼثشˏʾˏᵢﹳᵎᵔᵢｊ匚ˆᐧعㄚˎ丹ʼˈل匕诶ٴʿʿى下ˈʼˈʻ下سʿىقʾاᴵ20

Activities

com.kamalicata.ـיˈ诶ˑ杰ﹳˋᐧ匕יちち丹ᵢᵢˏ西西ᐧ丹れיٴʿˋﾞᵎיʾٴٴ匕ˋ吉ˈنᴵיʼייˎٴﹶᵔᵔˎ工工2.ᵢˏ工工匕诶فʾبʼثشˏʾˏᵢﹳᵎᵔᵢｊ匚ˆᐧعㄚˎ丹ʼˈل匕诶ٴʿʿى下ˈʼˈʻ下سʿىقʾاᴵ20

com.kamalicata.ـיˈ诶ˑ杰ﹳˋᐧ匕יちち丹ᵢᵢˏ西西ᐧ丹れיٴʿˋﾞᵎיʾٴٴ匕ˋ吉ˈنᴵיʼייˎٴﹶᵔᵔˎ工工2.尺丹ʻˑ吉ﾞˋʾﹳʻخʾʼˑـٴ工ٴˉﹳˆˑˈᵢ尺哦ʻיʿﾞ诶ᵎᐧˉᐧب艾ٴᵔᵢى乃哦ﾞ匕ᵔʻخفʾ14_CA

Permissions

Receivers

com.kamalicata.ˉʼ诶لʾعיـʾ哦ⁱ工ٴع下ʿ诶丹ᴵʼˈיﹶᵎﹶاᵎ诶ᵢـا尺ʼﹶ工ـᴵʼᵢعاتᵢـ∪شا尺ᵎٴ5.SensorRestarterBroadcastReceiver

com.kamalicata.ˉʼ诶لʾعיـʾ哦ⁱ工ٴع下ʿ诶丹ᴵʼˈיﹶᵎﹶاᵎ诶ᵢـا尺ʼﹶ工ـᴵʼᵢعاتᵢـ∪شا尺ᵎٴ5.ٴ杰ˋʾʻˏل西ˎ下فٴ工ʿʼˋ吉ˉ工ثᵔⁱشˈٴ诶ˈˎˈムˋاىغـᐧˉˏᵔʼخʾˋيˎˎللʾᵢ7

com.kamalicata.ˉʼ诶لʾعיـʾ哦ⁱ工ٴع下ʿ诶丹ᴵʼˈיﹶᵎﹶاᵎ诶ᵢـا尺ʼﹶ工ـᴵʼᵢعاتᵢـ∪شا尺ᵎٴ5.尺丹ʻˑ吉ﾞˋʾﹳʻخʾʼˑـٴ工ٴˉﹳˆˑˈᵢ尺哦ʻיʿﾞ诶ᵎᐧˉᐧب艾ٴᵔᵢى乃哦ﾞ匕ᵔʻخفʾ14_RC

com.kamalicata.ˉʼ诶لʾعיـʾ哦ⁱ工ٴع下ʿ诶丹ᴵʼˈיﹶᵎﹶاᵎ诶ᵢـا尺ʼﹶ工ـᴵʼᵢعاتᵢـ∪شا尺ᵎٴ5.ٴ杰ˋʾʻˏل西ˎ下فٴ工ʿʼˋ吉ˉ工ثᵔⁱشˈٴ诶ˈˎˈムˋاىغـᐧˉˏᵔʼخʾˋيˎˎللʾᵢ74

com.kamalicata.ـיˈ诶ˑ杰ﹳˋᐧ匕יちち丹ᵢᵢˏ西西ᐧ丹れיٴʿˋﾞᵎיʾٴٴ匕ˋ吉ˈنᴵיʼייˎٴﹶᵔᵔˎ工工2.لⁱﹶʿʻﹶʾقعᴵنىﹳ吉ˈʻれʾ下ثˏᵎˋʾᵢٴٴـʿ哦乃عˏʼʿˈ尺娜ˈʿخˈسᵔ娜ʿʾ卄ʽ工33

com.kamalicata.ˉʼ诶لʾعיـʾ哦ⁱ工ٴع下ʿ诶丹ᴵʼˈיﹶᵎﹶاᵎ诶ᵢـا尺ʼﹶ工ـᴵʼᵢعاتᵢـ∪شا尺ᵎٴ5.ٴ杰ˋʾʻˏل西ˎ下فٴ工ʿʼˋ吉ˉ工ثᵔⁱشˈٴ诶ˈˎˈムˋاىغـᐧˉˏᵔʼخʾˋيˎˎللʾᵢ7_AR

Services

com.kamalicata.娜ـʼʻﹶᵔᐧغˏقﾞ尺ˏشﹳᐧفـاˉ工下ᵔᵢﹳ工غث工ˏᵎᵢʻˆʾفﾞˋ艾ˎᵢち娜ʾـ诶ʾᴵʾち3.ٴ杰ˋʾʻˏل西ˎ下فٴ工ʿʼˋ吉ˉ工ثᵔⁱشˈٴ诶ˈˎˈムˋاىغـᐧˉˏᵔʼخʾˋيˎˎللʾᵢ72

com.kamalicata.娜ـʼʻﹶᵔᐧغˏقﾞ尺ˏشﹳᐧفـاˉ工下ᵔᵢﹳ工غث工ˏᵎᵢʻˆʾفﾞˋ艾ˎᵢち娜ʾـ诶ʾᴵʾち3.SimpleIME