37236d6f64c3cdcc1edf6ce53a30c7e2[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

37236d6f64c3cdcc1edf6ce53a30c7e2.bin
Size

5.5MB
MD5

d8732962d604d6840735ab2c2a161f2c
SHA1

789cac6286afdbf4adc6caf6555801a65a2200ea
SHA256

8c42150870b90dbfd58366df3caada21b231727d452f9f26e5d69fcdb7ee3275
SHA512

991db3e9507974c1a2d7de7394b31c98819cabec364c446bad1613271dc51ea0943d5f308299fa8615c2ac77752a1ea8d73d9ad4229d859208b9432fb15acc35
SSDEEP

98304:VhOSHBrbUwGc1kDqMv6yUMJT6UnpO4+cquGb6AQhbSsdOV3NmjZjLpxzURWhcqP:VlrbJ1kDt6sJmcqr6AcbSsE2jZTUSP

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 7 IoCs

description	ioc
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS

Files

37236d6f64c3cdcc1edf6ce53a30c7e2.bin
.zip

Password: infected
d8682263956304591cb047e7999c995d07a09177b5965aa43fe69ce84fd257a6.zip
.zip

Password: infected
𝐯‌‌/.htaccess
𝐯‌‌/403.shtml
𝐯‌‌/Flie/saham-edalat.apk
.apk android

Password: infected

com.lydia.route

.main

Activities

Permissions

com.lydia.route.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION
android.permission.INTERNET
android.permission.READ_SMS
android.permission.CALL_PHONE
android.permission.VIBRATE
android.permission.POST_NOTIFICATIONS
android.permission.FOREGROUND_SERVICE
android.permission.WAKE_LOCK
android.permission.ACCESS_NETWORK_STATE
com.google.android.c2dm.permission.RECEIVE
com.google.android.gms.permission.AD_ID
com.lydia.route.permission.C2D_MESSAGE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
android.permission.RECEIVE_SMS
android.permission.SEND_SMS
android.permission.READ_CONTACTS
android.permission.WRITE_CONTACTS
android.permission.ACCESS_WIFI_STATE
android.permission.QUERY_ALL_PACKAGES
android.permission.ACCESS_NOTIFICATION_POLICY

Receivers

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE
com.google.android.c2dm.intent.REGISTRATION

.mysms$mysms_BR

android.provider.Telephony.SMS_RECEIVED

Services

com.google.firebase.iid.FirebaseInstanceIdService

com.google.firebase.INSTANCE_ID_EVENT

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

anywheresoftware.b4a.objects.FirebaseNotificationsService

com.google.firebase.MESSAGING_EVENT
getewayport.txt
link.txt
lydiateam.bal
number.txt
𝐯‌‌/action.php
𝐯‌‌/app.php
.js
𝐯‌‌/assets/css/5.3121d306.css
𝐯‌‌/assets/css/8.002a6b3e.css
𝐯‌‌/assets/css/app.0d0eada5.css
𝐯‌‌/assets/css/chunk-common.650409a8.css
𝐯‌‌/assets/fonts/IRANSansWeb.344f8014.eot
𝐯‌‌/assets/fonts/IRANSansWeb.82710551.woff
𝐯‌‌/assets/fonts/IRANSansWeb.ad42a3e7.woff2
𝐯‌‌/assets/fonts/IRANSansWeb.bbf8f452.ttf
𝐯‌‌/assets/fonts/IRANSansWeb_Bold.2730bfcf.woff
𝐯‌‌/assets/fonts/IRANSansWeb_Bold.5a925e5a.eot
𝐯‌‌/assets/fonts/IRANSansWeb_Bold.844272b4.ttf
𝐯‌‌/assets/fonts/IRANSansWeb_Bold.fc9fc75a.woff2
𝐯‌‌/assets/fonts/IRANSansWeb_Light.458f02bd.eot
𝐯‌‌/assets/fonts/IRANSansWeb_Light.655ba951.ttf
𝐯‌‌/assets/fonts/IRANSansWeb_Light.a27a579b.woff
𝐯‌‌/assets/fonts/IRANSansWeb_Light.f9ada7e5.woff2
𝐯‌‌/assets/fonts/IRANSansWeb_Medium.30ac0c34.woff
𝐯‌‌/assets/fonts/IRANSansWeb_Medium.4e871a30.woff2
𝐯‌‌/assets/fonts/IRANSansWeb_Medium.e5eea707.ttf
𝐯‌‌/assets/fonts/IRANSansWeb_Medium.f391a067.eot
𝐯‌‌/assets/fonts/flUhRq6tzZclQEJ-Vdg-IuiaDsNa.1dd1bb36.woff
𝐯‌‌/assets/fonts/flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.f54bbe10.woff2
𝐯‌‌/assets/images/flag.4bfcfb71.png
.png
𝐯‌‌/assets/images/header-mobile.635bf9fb.svg
𝐯‌‌/assets/images/logo-horizontal-black.1021a6da.svg
𝐯‌‌/assets/js/jquery.min.js
.js
𝐯‌‌/assets/noty/nest.css
𝐯‌‌/assets/noty/noty.css
𝐯‌‌/assets/noty/noty.min.js
.js
𝐯‌‌/bb.php
𝐯‌‌/config.php
𝐯‌‌/error_log
𝐯‌‌/index.php
𝐯‌‌/info.php
𝐯‌‌/kos
.html
𝐯‌‌/ks.txt
𝐯‌‌/made.txt
𝐯‌‌/nanat/.github/FUNDING.yml
𝐯‌‌/nanat/.github/ISSUE_TEMPLATE/bug_report.md
𝐯‌‌/nanat/.github/ISSUE_TEMPLATE/feature_request.md
𝐯‌‌/nanat/.github/stale.yml
𝐯‌‌/nanat/.github/workflows/doc.yml
𝐯‌‌/nanat/Doxyfile
𝐯‌‌/nanat/LICENSE.md
𝐯‌‌/nanat/README.md
𝐯‌‌/nanat/Telegram.php
𝐯‌‌/nanat/TelegramBotPHP-master/.github/FUNDING.yml
𝐯‌‌/nanat/TelegramBotPHP-master/.github/ISSUE_TEMPLATE/bug_report.md
𝐯‌‌/nanat/TelegramBotPHP-master/.github/ISSUE_TEMPLATE/feature_request.md
𝐯‌‌/nanat/TelegramBotPHP-master/.github/stale.yml
𝐯‌‌/nanat/TelegramBotPHP-master/.github/workflows/doc.yml
𝐯‌‌/nanat/TelegramBotPHP-master/Doxyfile
𝐯‌‌/nanat/TelegramBotPHP-master/LICENSE.md
𝐯‌‌/nanat/TelegramBotPHP-master/README.md
𝐯‌‌/nanat/TelegramBotPHP-master/Telegram.php
𝐯‌‌/nanat/TelegramBotPHP-master/TelegramErrorLogger.php
.js
𝐯‌‌/nanat/TelegramBotPHP-master/bot examples/updates/composer/error.php
𝐯‌‌/nanat/TelegramBotPHP-master/bot examples/updates/composer/getUpdates.php
𝐯‌‌/nanat/TelegramBotPHP-master/bot examples/updates/getUpdates.php
𝐯‌‌/nanat/TelegramBotPHP-master/bot examples/webhook/gamebot.php
𝐯‌‌/nanat/TelegramBotPHP-master/bot examples/webhook/update.php
𝐯‌‌/nanat/TelegramBotPHP-master/bot examples/webhook/updatecowsay.php
𝐯‌‌/nanat/TelegramBotPHP-master/composer.json
𝐯‌‌/nanat/TelegramBotPHP-master/mainpage.dox
𝐯‌‌/nanat/TelegramErrorLogger.php
.js
𝐯‌‌/nanat/bot examples/updates/composer/error.php
𝐯‌‌/nanat/bot examples/updates/composer/getUpdates.php
𝐯‌‌/nanat/bot examples/updates/getUpdates.php
𝐯‌‌/nanat/bot examples/webhook/gamebot.php
𝐯‌‌/nanat/bot examples/webhook/update.php
𝐯‌‌/nanat/bot examples/webhook/updatecowsay.php
𝐯‌‌/nanat/composer.json
𝐯‌‌/nanat/mainpage.dox
𝐯‌‌/payment.zip
.zip

Password: infected
payment/Bankinfo.php
payment/OTP.php
payment/css/esprit_fa.minc164.css
payment/css/fonts/eot/IRANSansWeb.eot
payment/css/fonts/eot/IRANSansWeb_Bold.eot
payment/css/fonts/eot/IRANSansWeb_Boldd41d.eot
payment/css/fonts/eot/IRANSansWeb_Light.eot
payment/css/fonts/eot/IRANSansWeb_Lightd41d.eot
payment/css/fonts/eot/IRANSansWeb_Medium.eot
payment/css/fonts/eot/IRANSansWeb_Mediumd41d.eot
payment/css/fonts/eot/IRANSansWeb_UltraLight.eot
payment/css/fonts/eot/IRANSansWeb_UltraLightd41d.eot
payment/css/fonts/eot/IRANSansWebd41d.eot
payment/css/fonts/ttf/IRANSansWeb.ttf
payment/css/fonts/ttf/IRANSansWeb_Bold.ttf
payment/css/fonts/ttf/IRANSansWeb_Light.ttf
payment/css/fonts/ttf/IRANSansWeb_Medium.ttf
payment/css/fonts/ttf/IRANSansWeb_UltraLight.ttf
payment/css/fonts/woff/IRANSansWeb.woff
.ps1
payment/css/fonts/woff/IRANSansWeb_Bold.woff
payment/css/fonts/woff/IRANSansWeb_Light.woff
payment/css/fonts/woff/IRANSansWeb_Medium.woff
payment/css/fonts/woff/IRANSansWeb_UltraLight.woff
payment/css/fonts/woff2/IRANSansWeb.html
payment/css/fonts/woff2/IRANSansWeb.html.readme
payment/css/fonts/woff2/IRANSansWeb_Bold.html
payment/css/fonts/woff2/IRANSansWeb_Bold.html.readme
payment/css/fonts/woff2/IRANSansWeb_Light.html
payment/css/fonts/woff2/IRANSansWeb_Light.html.readme
payment/css/fonts/woff2/IRANSansWeb_Medium.html
payment/css/fonts/woff2/IRANSansWeb_Medium.html.readme
payment/css/fonts/woff2/IRANSansWeb_UltraLight.html
payment/css/fonts/woff2/IRANSansWeb_UltraLight.html.readme
payment/img/behpardakht_logo.svg
payment/img/ipg-capcha-refresh.svg
payment/img/ipg-card_list.svg
payment/img/ipg-decline.svg
payment/img/ipg-failed-ico.svg
payment/img/ipg-favicon.ico
payment/img/ipg-keypad.svg
payment/img/ipg-sucsess-ico.svg
payment/img/ipg-unknown-ico.svg
payment/img/ipg_sms.svg
payment/img/mellat_arc.svg
payment/img/mellat_arc_footer.svg
.xml
payment/img/shaparak_logo.svg
.xml
payment/index.php
.js
payment/ipg-defaltlogo.png
.png
payment/js/jquery.min3860.js
.js
payment/js/payment.min2dac.js
.js
payment/msg/messages_fa.min1bce.js
.js
payment/photo_2023-01-09_14-55-09.jpg
.jpg
payment/xkiler.php
𝐯‌‌/payment/Bankinfo.php
𝐯‌‌/payment/OTP.php
𝐯‌‌/payment/css/esprit_fa.minc164.css
𝐯‌‌/payment/css/fonts/eot/IRANSansWeb.eot
𝐯‌‌/payment/css/fonts/eot/IRANSansWeb_Bold.eot
𝐯‌‌/payment/css/fonts/eot/IRANSansWeb_Boldd41d.eot
𝐯‌‌/payment/css/fonts/eot/IRANSansWeb_Light.eot
𝐯‌‌/payment/css/fonts/eot/IRANSansWeb_Lightd41d.eot
𝐯‌‌/payment/css/fonts/eot/IRANSansWeb_Medium.eot
𝐯‌‌/payment/css/fonts/eot/IRANSansWeb_Mediumd41d.eot
𝐯‌‌/payment/css/fonts/eot/IRANSansWeb_UltraLight.eot
𝐯‌‌/payment/css/fonts/eot/IRANSansWeb_UltraLightd41d.eot
𝐯‌‌/payment/css/fonts/eot/IRANSansWebd41d.eot
𝐯‌‌/payment/css/fonts/ttf/IRANSansWeb.ttf
𝐯‌‌/payment/css/fonts/ttf/IRANSansWeb_Bold.ttf
𝐯‌‌/payment/css/fonts/ttf/IRANSansWeb_Light.ttf
𝐯‌‌/payment/css/fonts/ttf/IRANSansWeb_Medium.ttf
𝐯‌‌/payment/css/fonts/ttf/IRANSansWeb_UltraLight.ttf
𝐯‌‌/payment/css/fonts/woff/IRANSansWeb.woff
.ps1
𝐯‌‌/payment/css/fonts/woff/IRANSansWeb_Bold.woff
𝐯‌‌/payment/css/fonts/woff/IRANSansWeb_Light.woff
𝐯‌‌/payment/css/fonts/woff/IRANSansWeb_Medium.woff
𝐯‌‌/payment/css/fonts/woff/IRANSansWeb_UltraLight.woff
𝐯‌‌/payment/css/fonts/woff2/IRANSansWeb.html
𝐯‌‌/payment/css/fonts/woff2/IRANSansWeb.html.readme
𝐯‌‌/payment/css/fonts/woff2/IRANSansWeb_Bold.html
𝐯‌‌/payment/css/fonts/woff2/IRANSansWeb_Bold.html.readme
𝐯‌‌/payment/css/fonts/woff2/IRANSansWeb_Light.html
𝐯‌‌/payment/css/fonts/woff2/IRANSansWeb_Light.html.readme
𝐯‌‌/payment/css/fonts/woff2/IRANSansWeb_Medium.html
𝐯‌‌/payment/css/fonts/woff2/IRANSansWeb_Medium.html.readme
𝐯‌‌/payment/css/fonts/woff2/IRANSansWeb_UltraLight.html
𝐯‌‌/payment/css/fonts/woff2/IRANSansWeb_UltraLight.html.readme
𝐯‌‌/payment/error_log
𝐯‌‌/payment/img/behpardakht_logo.svg
𝐯‌‌/payment/img/ipg-capcha-refresh.svg
𝐯‌‌/payment/img/ipg-card_list.svg
𝐯‌‌/payment/img/ipg-decline.svg
𝐯‌‌/payment/img/ipg-failed-ico.svg
𝐯‌‌/payment/img/ipg-favicon.ico
𝐯‌‌/payment/img/ipg-keypad.svg
𝐯‌‌/payment/img/ipg-sucsess-ico.svg
𝐯‌‌/payment/img/ipg-unknown-ico.svg
𝐯‌‌/payment/img/ipg_sms.svg
𝐯‌‌/payment/img/mellat_arc.svg
𝐯‌‌/payment/img/mellat_arc_footer.svg
.xml
𝐯‌‌/payment/img/shaparak_logo.svg
.xml
𝐯‌‌/payment/index.php
.js
𝐯‌‌/payment/ipg-defaltlogo.png
.png
𝐯‌‌/payment/js/jquery.min3860.js
.js
𝐯‌‌/payment/js/payment.min2dac.js
.js
𝐯‌‌/payment/msg/messages_fa.min1bce.js
.js
𝐯‌‌/payment/photo_2023-01-09_14-55-09.jpg
.jpg
𝐯‌‌/payment/xkiler.php
𝐯‌‌/robots.txt
𝐯‌‌/start.php
.js
𝐯‌‌/tel.php

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

com.lydia.route

.main

Activities

Permissions

Receivers

com.google.firebase.iid.FirebaseInstanceIdReceiver

.mysms$mysms_BR

Services

com.google.firebase.iid.FirebaseInstanceIdService

com.google.firebase.messaging.FirebaseMessagingService

anywheresoftware.b4a.objects.FirebaseNotificationsService

Password: infected