12345[.]zip | Triage

Sharing

General

Target

12345.zip
Size

17.6MB
MD5

1d2d3b4ca547863d66fd7c2f5901fedb
SHA1

ca598d7e49ab2e7453e30eee7ae539f7f5481d97
SHA256

5e58c7a01b8bfb5f97b249688d97a334ca08144463ecc6ce90009b277657c2a4
SHA512

5607b241a07cbca889193615bcfd46b6b702867e4fa56849de86b5734f7cd24db553e20c7efbfad7e6953ac83c555d269a30e4c4f14aebb65b2c359cc8d77bef
SSDEEP

393216:rz8ULHoRqPJoysH1eziw5UJXnCTlEFe/8Yu2dT5lGuwVCKlhJH:r/LHIqPJOVeUJShmaP5wVCY3H

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 2 IoCs

description	ioc
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION

Files

12345.zip
.zip .ps1

Password: infected
3603fabafd4e8c489a8fad20801c469e5582632bb39c6caa1696519c84622b40
.apk android arch:arm64 arch:arm arch:x64

Password: infected

com.google.android.mapsapp

com.google.android.mapsapp.MainActivity

Activities

com.google.android.mapsapp.MainActivity

android.intent.action.MAIN

com.google.android.mapsapp.ComposeSmsActivity

android.intent.action.SEND
android.intent.action.SENDTO

Permissions

android.permission.INTERNET
android.permission.RECEIVE_SMS
android.permission.ACCESS_COARSE_LOCATION
android.permission.FOREGROUND_SERVICE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WAKE_LOCK

Receivers

com.google.android.mapsapp.SmsReceiver

android.provider.Telephony.SMS_DELIVER

com.shounakmulay.telephony.sms.IncomingSmsReceiver

android.provider.Telephony.SMS_RECEIVED

com.google.android.mapsapp.MmsReceiver

android.provider.Telephony.WAP_PUSH_DELIVER

id.flutter.flutter_background_service.BootReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON

Services

com.google.android.mapsapp.HeadlessSmsSendService

android.intent.action.RESPOND_VIA_MESSAGE
AssetManifest.json
CupertinoIcons.ttf
FontManifest.json
MaterialIcons-Regular.otf
NOTICES.Z
.gz

Password: infected
NOTICES.Z