9774140849[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

9774140849.zip
Size

4.4MB
MD5

72b485860f28fa65414af841b4295f7c
SHA1

9e0f999cd0e219a89306e637494f04247b4029df
SHA256

b012425386b345f0ed08b2e5cf7c1937414c80352995daef9166ba7fcee92262
SHA512

e4f36c1b377aa059b084b13d120bdcee3c6866648658e45dc212d45215102fb37ac0275c7a2d407736b4b45591d2ee867d2aa96b1ba34f303d6d44aaaa2a8761
SSDEEP

98304:/YjInC1T7nLQ4CNDHGRA/Rr3Dvidg666/Fq7HoxfsS2xn9xx:QzVLQ4ZEVDvUg66MFQoxgx9xx

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 10 IoCs

description	ioc
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether.	android.permission.PROCESS_OUTGOING_CALLS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to read the user's call log.	android.permission.READ_CALL_LOG
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE

Files

9774140849.zip
.zip

Password: infected
f3f3764ee6a0e5b933e95040092e0b348f672aaab273cf8eaaeabca28be5da36
.apk android

com.sleep.teach

com.sleep.ʼʿˎˏˎ∪غᴵיˎⁱˎقˊاムʾقʾﹶﹳˈʽʼˎʼخﹳⁱちʼちᵎʼʻ卄غˏ尺丹ʿˎˊˆᐧʼיᴵˋ娜2.ˎˑعˑモᵔغتᵢʿ工ˋי下ٴムʾʾᵢغⁱغاˎʿי匕尺诶ᵔʿ诶ˆٴⁱʻلﹶ娜ʻ西لةلʾⁱʼʾʾب20

Activities

com.sleep.ʼʿˎˏˎ∪غᴵיˎⁱˎقˊاムʾقʾﹶﹳˈʽʼˎʼخﹳⁱちʼちᵎʼʻ卄غˏ尺丹ʿˎˊˆᐧʼיᴵˋ娜2.ˎˑعˑモᵔغتᵢʿ工ˋי下ٴムʾʾᵢغⁱغاˎʿי匕尺诶ᵔʿ诶ˆٴⁱʻلﹶ娜ʻ西لةلʾⁱʼʾʾب20

android.intent.action.VIEW

com.sleep.ʼʿˎˏˎ∪غᴵיˎⁱˎقˊاムʾقʾﹶﹳˈʽʼˎʼخﹳⁱちʼちᵎʼʻ卄غˏ尺丹ʿˎˊˆᐧʼיᴵˋ娜2.ㄚʿˈٴ伊艾ˏلי匕ʻムˆ诶יʼˎﹳˈـˎﾞ西ـʾˎ娜∪ʾᵔﹶٴلⁱ∪ʿムىل卄ˎᐧᴵ匕ˋʾ卄モˋⁱ14_CA

xyz

Permissions

android.permission.PROCESS_OUTGOING_CALLS
android.permission.SET_WALLPAPER
android.permission.READ_SMS
android.permission.READ_CALL_LOG
android.permission.READ_CONTACTS
android.permission.GET_ACCOUNTS
android.permission.CAMERA
android.permission.RECORD_AUDIO
android.permission.DISABLE_KEYGUARD
android.permission.FOREGROUND_SERVICE
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.INTERNET
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_PHONE_STATE
android.permission.WAKE_LOCK
com.android.alarm.permission.SET_ALARM
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
com.android.launcher.permission.INSTALL_SHORTCUT
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.REQUEST_DELETE_PACKAGES
android.permission.USE_FULL_SCREEN_INTENT

Receivers

com.sleep.ٴᵢ艾ᵔ艾ˎˈٴ哦ʻٴٴـاᵢﹳ杰قᵢᵔˎ艾ˈᵢˊ艾ىʾ下卄卄ٴיᴵعʾˋʼيˎᵢᐧᐧᵢˏˎاˈˑˆ5.SensorRestarterBroadcastReceiver

RestartSensor

com.sleep.ٴᵢ艾ᵔ艾ˎˈٴ哦ʻٴٴـاᵢﹳ杰قᵢᵔˎ艾ˈᵢˊ艾ىʾ下卄卄ٴיᴵعʾˋʼيˎᵢᐧᐧᵢˏˎاˈˑˆ5.ﹶᴵʻˑᵎىʿ工ˑᵎᐧٴ诶יﹶｊˑᐧᵢىˋسٴᵔייˋ艾ᵔقᴵاخʼˈˋᵢʾٴˎʾʿ乃ﹶلれʾ下ˎי7

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
android.intent.action.USER_PRESENT
android.intent.action.LOCKED_BOOT_COMPLETED

com.sleep.ٴᵢ艾ᵔ艾ˎˈٴ哦ʻٴٴـاᵢﹳ杰قᵢᵔˎ艾ˈᵢˊ艾ىʾ下卄卄ٴיᴵعʾˋʼيˎᵢᐧᐧᵢˏˎاˈˑˆ5.ㄚʿˈٴ伊艾ˏلי匕ʻムˆ诶יʼˎﹳˈـˎﾞ西ـʾˎ娜∪ʾᵔﹶٴلⁱ∪ʿムىل卄ˎᐧᴵ匕ˋʾ卄モˋⁱ14_RC

android.intent.action.PACKAGE_INSTALL
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED
android.intent.action.PACKAGE_CHANGED

com.sleep.ٴᵢ艾ᵔ艾ˎˈٴ哦ʻٴٴـاᵢﹳ杰قᵢᵔˎ艾ˈᵢˊ艾ىʾ下卄卄ٴיᴵعʾˋʼيˎᵢᐧᐧᵢˏˎاˈˑˆ5.ﹶᴵʻˑᵎىʿ工ˑᵎᐧٴ诶יﹶｊˑᐧᵢىˋسٴᵔייˋ艾ᵔقᴵاخʼˈˋᵢʾٴˎʾʿ乃ﹶلれʾ下ˎי74

android.intent.action.SCREEN_ON
android.intent.action.SCREEN_OFF
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.Intent.ACTION_USER_PRESENT
android.intent.action.USER_PRESENT

com.sleep.ʼʿˎˏˎ∪غᴵיˎⁱˎقˊاムʾقʾﹶﹳˈʽʼˎʼخﹳⁱちʼちᵎʼʻ卄غˏ尺丹ʿˎˊˆᐧʼיᴵˋ娜2.卄عᵢﾞˊعاˎᐧˏᵢʿعיنᵢｊˆˎᵔˆᵎغغʿˑس吉哦尺ˎʿˎ下吉娜下ʿ匕ᴵˊعسʿˎᵎʼـᵎʼ33

android.intent.action.PHONE_STATE
android.intent.action.NEW_OUTGOING_CALL

com.sleep.ٴᵢ艾ᵔ艾ˎˈٴ哦ʻٴٴـاᵢﹳ杰قᵢᵔˎ艾ˈᵢˊ艾ىʾ下卄卄ٴיᴵعʾˋʼيˎᵢᐧᐧᵢˏˎاˈˑˆ5.ﹶᴵʻˑᵎىʿ工ˑᵎᐧٴ诶יﹶｊˑᐧᵢىˋسٴᵔייˋ艾ᵔقᴵاخʼˈˋᵢʾٴˎʾʿ乃ﹶلれʾ下ˎי7_AR

android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.ACTION_PASSWORD_CHANGED
android.app.action.ACTION_PASSWORD_FAILED
android.app.action.ACTION_PASSWORD_SUCCEEDED

Services

com.sleep.ⁱـˋ诶ʻᐧ尺غٴˏ哦י艾ٴʿ娜ʾٴ尺فاʿا下工سلᐧᐧˆれ丹ت匚خᵢˏʽنٴᵎـ工ʿ弗ٴٴᵎיʻ3.ﹶᴵʻˑᵎىʿ工ˑᵎᐧٴ诶יﹶｊˑᐧᵢىˋسٴᵔייˋ艾ᵔقᴵاخʼˈˋᵢʾٴˎʾʿ乃ﹶلれʾ下ˎי72

android.accessibilityservice.AccessibilityService

com.sleep.ⁱـˋ诶ʻᐧ尺غٴˏ哦י艾ٴʿ娜ʾٴ尺فاʿا下工سلᐧᐧˆれ丹ت匚خᵢˏʽنٴᵎـ工ʿ弗ٴٴᵎיʻ3.SimpleIME

android.view.InputMethod

Sharing

General

Malware Config

Signatures

Files

Password: infected

com.sleep.teach

com.sleep.ʼʿˎˏˎ∪غᴵיˎⁱˎقˊاムʾقʾﹶﹳˈʽʼˎʼخﹳⁱちʼちᵎʼʻ卄غˏ尺丹ʿˎˊˆᐧʼיᴵˋ娜2.ˎˑعˑモᵔغتᵢʿ工ˋי下ٴムʾʾᵢغⁱغاˎʿי匕尺诶ᵔʿ诶ˆٴⁱʻلﹶ娜ʻ西لةلʾⁱʼʾʾب20

Activities

com.sleep.ʼʿˎˏˎ∪غᴵיˎⁱˎقˊاムʾقʾﹶﹳˈʽʼˎʼخﹳⁱちʼちᵎʼʻ卄غˏ尺丹ʿˎˊˆᐧʼיᴵˋ娜2.ˎˑعˑモᵔغتᵢʿ工ˋי下ٴムʾʾᵢغⁱغاˎʿי匕尺诶ᵔʿ诶ˆٴⁱʻلﹶ娜ʻ西لةلʾⁱʼʾʾب20

com.sleep.ʼʿˎˏˎ∪غᴵיˎⁱˎقˊاムʾقʾﹶﹳˈʽʼˎʼخﹳⁱちʼちᵎʼʻ卄غˏ尺丹ʿˎˊˆᐧʼיᴵˋ娜2.ㄚʿˈٴ伊艾ˏلי匕ʻムˆ诶יʼˎﹳˈـˎﾞ西ـʾˎ娜∪ʾᵔﹶٴلⁱ∪ʿムىل卄ˎᐧᴵ匕ˋʾ卄モˋⁱ14_CA

Permissions

Receivers

com.sleep.ٴᵢ艾ᵔ艾ˎˈٴ哦ʻٴٴـاᵢﹳ杰قᵢᵔˎ艾ˈᵢˊ艾ىʾ下卄卄ٴיᴵعʾˋʼيˎᵢᐧᐧᵢˏˎاˈˑˆ5.SensorRestarterBroadcastReceiver

com.sleep.ٴᵢ艾ᵔ艾ˎˈٴ哦ʻٴٴـاᵢﹳ杰قᵢᵔˎ艾ˈᵢˊ艾ىʾ下卄卄ٴיᴵعʾˋʼيˎᵢᐧᐧᵢˏˎاˈˑˆ5.ﹶᴵʻˑᵎىʿ工ˑᵎᐧٴ诶יﹶｊˑᐧᵢىˋسٴᵔייˋ艾ᵔقᴵاخʼˈˋᵢʾٴˎʾʿ乃ﹶلれʾ下ˎי7

com.sleep.ٴᵢ艾ᵔ艾ˎˈٴ哦ʻٴٴـاᵢﹳ杰قᵢᵔˎ艾ˈᵢˊ艾ىʾ下卄卄ٴיᴵعʾˋʼيˎᵢᐧᐧᵢˏˎاˈˑˆ5.ㄚʿˈٴ伊艾ˏلי匕ʻムˆ诶יʼˎﹳˈـˎﾞ西ـʾˎ娜∪ʾᵔﹶٴلⁱ∪ʿムىل卄ˎᐧᴵ匕ˋʾ卄モˋⁱ14_RC

com.sleep.ٴᵢ艾ᵔ艾ˎˈٴ哦ʻٴٴـاᵢﹳ杰قᵢᵔˎ艾ˈᵢˊ艾ىʾ下卄卄ٴיᴵعʾˋʼيˎᵢᐧᐧᵢˏˎاˈˑˆ5.ﹶᴵʻˑᵎىʿ工ˑᵎᐧٴ诶יﹶｊˑᐧᵢىˋسٴᵔייˋ艾ᵔقᴵاخʼˈˋᵢʾٴˎʾʿ乃ﹶلれʾ下ˎי74

com.sleep.ʼʿˎˏˎ∪غᴵיˎⁱˎقˊاムʾقʾﹶﹳˈʽʼˎʼخﹳⁱちʼちᵎʼʻ卄غˏ尺丹ʿˎˊˆᐧʼיᴵˋ娜2.卄عᵢﾞˊعاˎᐧˏᵢʿعיنᵢｊˆˎᵔˆᵎغغʿˑس吉哦尺ˎʿˎ下吉娜下ʿ匕ᴵˊعسʿˎᵎʼـᵎʼ33

com.sleep.ٴᵢ艾ᵔ艾ˎˈٴ哦ʻٴٴـاᵢﹳ杰قᵢᵔˎ艾ˈᵢˊ艾ىʾ下卄卄ٴיᴵعʾˋʼيˎᵢᐧᐧᵢˏˎاˈˑˆ5.ﹶᴵʻˑᵎىʿ工ˑᵎᐧٴ诶יﹶｊˑᐧᵢىˋسٴᵔייˋ艾ᵔقᴵاخʼˈˋᵢʾٴˎʾʿ乃ﹶلれʾ下ˎי7_AR

Services

com.sleep.ⁱـˋ诶ʻᐧ尺غٴˏ哦י艾ٴʿ娜ʾٴ尺فاʿا下工سلᐧᐧˆれ丹ت匚خᵢˏʽنٴᵎـ工ʿ弗ٴٴᵎיʻ3.ﹶᴵʻˑᵎىʿ工ˑᵎᐧٴ诶יﹶｊˑᐧᵢىˋسٴᵔייˋ艾ᵔقᴵاخʼˈˋᵢʾٴˎʾʿ乃ﹶلれʾ下ˎי72

com.sleep.ⁱـˋ诶ʻᐧ尺غٴˏ哦י艾ٴʿ娜ʾٴ尺فاʿا下工سلᐧᐧˆれ丹ت匚خᵢˏʽنٴᵎـ工ʿ弗ٴٴᵎיʻ3.SimpleIME