1bdb7b83f3964b84d03694bbbc66a02f5a270043b8ac635932d9de12b81b172e[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

1bdb7b83f3964b84d03694bbbc66a02f5a270043b8ac635932d9de12b81b172e.zip
Size

3.4MB
MD5

b59298d8e2d2264ede113c99eceb6449
SHA1

edfa15993acc6223b9d939d7c7869b5236339aa4
SHA256

a91f08b699a7c6ac3fff2f6842adbc6a2d85fd32facd44ba74a1d270ce671442
SHA512

39eacb999d103cdc96efb4e67e86fb9b502f9c133254650c44131b3966e63dfdee5a0c723278002c24f6243125e9d0ce19195cf42c63a8e28b5e80bb5cd646f0
SSDEEP

98304:cVcbmAuUOZIIaG/y8eJv1dOXKyCe14KKti9n:EcuGia7tf+n

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 6 IoCs

description	ioc
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read SMS messages.	android.permission.READ_SMS

Files

1bdb7b83f3964b84d03694bbbc66a02f5a270043b8ac635932d9de12b81b172e.zip
.zip

Password: infected
1bdb7b83f3964b84d03694bbbc66a02f5a270043b8ac635932d9de12b81b172e.apk
.apk android

melt.pull.leg

spin.window.mobile.gkab

Activities

spin.window.mobile.zjwjzwzpgpec

android.intent.action.SENDTO
android.intent.action.SEND

spin.window.mobile.gkab

android.intent.action.MAIN

Permissions

android.permission.DISABLE_KEYGUARD
android.permission.WAKE_LOCK
android.permission.SEND_SMS
android.permission.RECEIVE_SMS
android.permission.SET_WALLPAPER_HINTS
android.permission.INTERNET
android.permission.READ_PHONE_STATE
android.permission.BLUETOOTH
android.permission.CALL_PHONE
android.permission.REQUEST_DELETE_PACKAGES
android.permission.READ_CONTACTS
android.permission.INTERNET
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.WAKE_LOCK
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.READ_SMS

Receivers

spin.window.mobile.wmmrh.osqrcezxrytkr

android.app.action.DEVICE_ADMIN_DISABLED
android.app.action.ACTION_DEVICE_ADMIN_DISABLE_REQUESTED
android.app.action.DEVICE_ADMIN_ENABLED

spin.window.mobile.fkirdyejhiu

android.provider.Telephony.WAP_PUSH_DELIVER

spin.window.mobile.ymvqucy.ixiwynwsnxdypy

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
android.provider.Telephony.SMS_RECEIVED
com.htc.intent.action.QUICKBOOT_POWERON
android.intent.action.USER_PRESENT
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.provider.Telephony.SMS_DELIVER

Services

spin.window.mobile.uckjlpp

android.intent.action.RESPOND_VIA_MESSAGE

spin.window.mobile.lyugp.qvxzpe

android.accessibilityservice.AccessibilityService
BebasnOTF.otf
BrickaOTF.otf
CertificateWarning.html
.html .js
LCS.js
.js
LICENSE.html
.html
LWSignUpHeaderJs_iKdzeiMbGyyjqeDwVar4pw2.js
.js
LWSignUpHostStringsCountryBirthdate_en-gb_zKYR1hIXD5KfAbdSXCn3Dw2.js
LWSignUpHostStringsCountryBirthdate_en-in_sgJCFHwBRXPUWV1uApyWCA2.js
LWSignUpHostStringsCountryBirthdate_en-us_kIHPGqLWWk8QP4QmIwJiog2.js
OPENLCS.js
.js
POLITICAS.html
.html
PlaylistnOTF.otf
SmsPlatformDebug.properties
SmsPlatformRelease.properties
VCRnOTF.otf
YTPlayerView-iframe-player.html
.html .js
app.xml
appStyles.xml
.xml
ar.json
autocad_logo_settings.png
beep.mp3
blank.html
.html
busy.mp3
comodin.png
connecting.mp3
cordova.js
.js
device_profile.json
ic_com_sina_weibo_sdk_close.png
insights_configuration_data.json
insights_provider_data.json
jquery_1.10.2.js
.js
knockout_3.3.0.js
.js
mraid.js
.js
musica-electronica-sin-copyright-1_21972_1.jpg
.jpg
offline.html
.html
offlinelink_config.json
offlinepng.png
omsdk-v1.js
.js
radio1.html
.html .js
ring.mp3
ring2.mp3
signup_1.43.0.0.htm
.js
stars.png
station_code_mapping.csv
style.css
supplierconfig.json
uL.json
voicerecordlist1.html
weibosdk_dialog_bg.9.png

Sharing

General

Malware Config

Signatures

Files

Password: infected

melt.pull.leg

spin.window.mobile.gkab

Activities

spin.window.mobile.zjwjzwzpgpec

spin.window.mobile.gkab

Permissions

Receivers

spin.window.mobile.wmmrh.osqrcezxrytkr

spin.window.mobile.fkirdyejhiu

spin.window.mobile.ymvqucy.ixiwynwsnxdypy

Services

spin.window.mobile.uckjlpp

spin.window.mobile.lyugp.qvxzpe