Overview

overview

10

Static

static

7

4859ab9cd5...8c.apk

android-11-x64

10

appx/af-appx.min.js

android-11-x64

appx/af-ap...min.js

android-11-x64

appx/es6-p...min.js

android-11-x64

appx/index.html

android-11-x64

appx/secur...min.js

android-11-x64

[email protected]

android-11-x64

[email protected]

android-11-x64

[email protected]

android-11-x64

[email protected]

android-11-x64

[email protected]

android-11-x64

[email protected]

android-11-x64

[email protected]

android-11-x64

amc-h5.js

android-11-x64

[email protected]

android-11-x64

[email protected]

android-11-x64

[email protected]

android-11-x64

[email protected]

android-11-x64

[email protected]

android-11-x64

[email protected]

android-11-x64

[email protected]

android-11-x64

amc-h5.js

android-11-x64

vi-amc.js

android-11-x64

widget_v8.js

android-11-x64

windmill.worker.js

android-11-x64

workerjs_m...ker.js

android-11-x64

workerjs_v8.js

android-11-x64

vi-amc.js

android-11-x64

widget_v8.js

android-11-x64

windmill.worker.js

android-11-x64

workerjs_m...ker.js

android-11-x64

workerjs_v8.js

android-11-x64

Resubmissions

25-09-2023 22:58

230925-2xtqzscf4s 10

25-09-2023 12:39

230925-pvwfksgb78 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c

  • Size

    6.0MB

  • MD5

    06371fc75740162de9e6275102012e6c

  • SHA1

    9b45243e89541ae26fea5ff2b9c7d14ff69044ed

  • SHA256

    4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c

  • SHA512

    c865d89143effb176c4be93fc16f54e06d248f5b7e22ffbf19754137f9da181f6d7f6019cdb28d2d7964375b1978a255c475dd3d17487fddb9fa0e4eda8bf248

  • SSDEEP

    98304:fC3rjZ1lQTKUHiLoQwaFaxCiFXzTVNeWr4kUCzwHrqrtQUn5HHOwBFyxrlV:fCvlLLNwaF8DhX4k9SrEbBFyN3

Score
7/10

Malware Config

Signatures

  • Requests dangerous framework permissions 6 IoCs

Files

  • 4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c
    .apk android

    Password: infected

    com.tencent.mobileqq

    com.tencent.mobileqq.p1279eff1


  • 66666692.amr
    .zip

    Password: infected

  • 66666692.tar
    .tar .js

    Password: infected

  • appx/af-appx.min.css
  • appx/af-appx.min.js
    .js
  • appx/af-appx.worker.min.js
    .js
  • appx/es6-promise.min.js
    .js
  • appx/index.html
    .html .js
  • appx/security-patch.min.js
    .js
  • appx/web-view.min.js
    .js
  • appx/worker.min.js
    .js
  • bugme.cfg
  • hpmfile.json
  • CERT.json
  • Manifest.xml
    .xml
  • SIGN.json
  • 66666692.appinfo.json
  • AlipayNumber.ttf
  • MOBILEIC@idNoMacau
    .js
  • MOBILEIC@secret-question
    .js
  • QUICKPAY@card-no-flex
    .js
  • [email protected]
    .js
  • QUICKPAY@pwd-validate-flex
    .js
  • QUICKPAY@recommend-setspwd-flex
    .js
  • QUICKPAY@waika-select-country-and-area-flex
    .js
  • UpkUt6hwt1.j8F
  • ag_sdk_cbg_root.cer
  • ali_purchase_ext_iconfont.ttf
  • amc-h5.js
    .js
  • amc.i18n.en_US
  • amc.i18n.zh_HK
  • amc.i18n.zh_TW
  • buy_address_ltao.xml
  • buy_image_select_ltao.xml
  • buy_image_text_ltao.xml
  • buy_input_ltao.xml
  • buy_item_ltao.xml
  • buy_pay_for_another_ltao.xml
  • buy_quantity_ltao.xml
  • buy_select_ltao.xml
  • buy_submit_ltao.xml
  • buy_switch_ltao.xml
  • buy_switch_tj_ltao.xml
  • buy_tips_ltao.xml
  • buy_tips_tj_new_ltao.xml
  • configuration.json
  • dx_appstyle.json
  • framework_slice.json
  • framework_slice_light.png
    .png
  • grs_sdk_global_route_config_apptouchupdatesdk.json
  • grs_sdk_global_route_config_opendevicesdk.json
  • grs_sdk_global_route_config_opensdkService.json
  • grs_sdk_global_route_config_updatesdk.json
  • homepage_dxc_data.json
  • lastAccetsbkup.zip
    .zip

    Password: infected

  • 66666692.amr
    .zip

    Password: infected

  • 66666692.tar
    .tar .js

    Password: infected

  • appx/af-appx.min.css
  • appx/af-appx.min.js
    .js
  • appx/af-appx.worker.min.js
    .js
  • appx/es6-promise.min.js
    .js
  • appx/index.html
    .html .js
  • appx/security-patch.min.js
    .js
  • appx/web-view.min.js
    .js
  • appx/worker.min.js
    .js
  • bugme.cfg
  • hpmfile.json
  • CERT.json
  • Manifest.xml
    .xml
  • SIGN.json
  • 66666692.appinfo.json
  • AlipayNumber.ttf
  • MOBILEIC@idNoMacau
    .js
  • MOBILEIC@secret-question
    .js
  • QUICKPAY@card-no-flex
    .js
  • [email protected]
    .js
  • QUICKPAY@pwd-validate-flex
    .js
  • QUICKPAY@recommend-setspwd-flex
    .js
  • QUICKPAY@waika-select-country-and-area-flex
    .js
  • ag_sdk_cbg_root.cer
  • amc-h5.js
    .js
  • amc.i18n.en_US
  • amc.i18n.zh_HK
  • amc.i18n.zh_TW
  • dinamic/buy_address_ltao.xml
  • dinamic/buy_image_select_ltao.xml
  • dinamic/buy_image_text_ltao.xml
  • dinamic/buy_input_ltao.xml
  • dinamic/buy_item_ltao.xml
  • dinamic/buy_pay_for_another_ltao.xml
  • dinamic/buy_quantity_ltao.xml
  • dinamic/buy_select_ltao.xml
  • dinamic/buy_submit_ltao.xml
  • dinamic/buy_switch_ltao.xml
  • dinamic/buy_switch_tj_ltao.xml
  • dinamic/buy_tips_ltao.xml
  • dinamic/buy_tips_tj_new_ltao.xml
  • dinamic/dx_appstyle.json
  • dinamic/trade_test_address.xml
  • ext/purchase_ext_plugins.json
  • fonts/ali_purchase_ext_iconfont.ttf
  • fonts/purchase_iconfont.ttf
  • framework_slice/framework_slice.json
  • framework_slice/images/framework_slice_light.png
    .png
  • grs_sdk_global_route_config_apptouchupdatesdk.json
  • grs_sdk_global_route_config_opendevicesdk.json
  • grs_sdk_global_route_config_opensdkService.json
  • grs_sdk_global_route_config_updatesdk.json
  • homepage_dxc_data.json
  • map/7/style_antsports01.data
  • map/7/style_light.data
  • map/style_antsports01.data
  • map/style_light.data
  • primary80.prof
  • theme/configuration.json
  • tr_china_cities.json
  • tr_china_cities_v2.db
  • triver.mock.appinfo.json
  • triver_iconfont.ttf
  • uik_core_iconfont.ttf
  • updatesdkcas.bks
  • vi-amc.js
    .js
  • video_weex.msoac
  • video_windmillapi.json
  • voice_thinking/images/voice_thinking_image_0.png
    .png
  • voice_thinking/voice_thinking.json
  • weex_config_bindingx.json
  • weex_config_evocationapp.json
  • weex_config_fashionai.json
  • weex_config_interactive.json
  • weex_config_mytaobao.json
  • weex_config_shopref.json
  • weex_config_tblive.json
  • weex_config_tbplay.json
  • widget_v8.js
    .js
  • windmill.worker.js
    .js
  • workerjs_multiworker.js
    .js
  • workerjs_v8.js
    .js
  • yuv2rgb.frag
  • yuv2rgb.vert
  • primary80.prof
  • purchase_ext_plugins.json
  • purchase_iconfont.ttf
  • style_antsports01.data
  • style_light.data
  • tr_china_cities.json
  • tr_china_cities_v2.db
  • trade_test_address.xml
  • triver.mock.appinfo.json
  • triver_iconfont.ttf
  • uik_core_iconfont.ttf
  • updatesdkcas.bks
  • vi-amc.js
    .js
  • video_weex.msoac
  • video_windmillapi.json
  • voice_thinking.json
  • voice_thinking_image_0.png
    .png
  • weex_config_bindingx.json
  • weex_config_evocationapp.json
  • weex_config_fashionai.json
  • weex_config_interactive.json
  • weex_config_mytaobao.json
  • weex_config_shopref.json
  • weex_config_tblive.json
  • weex_config_tbplay.json
  • widget_v8.js
    .js
  • windmill.worker.js
    .js
  • workerjs_multiworker.js
    .js
  • workerjs_v8.js
    .js
  • yuv2rgb.frag
  • yuv2rgb.vert

Android Permissions

4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c

Permissions

android.permission.CALL_PHONE

android.permission.SEND_SMS

android.permission.READ_PHONE_STATE

android.permission.ACCESS_NETWORK_STATE

android.permission.WRITE_SMS

android.permission.RECEIVE_SMS

android.permission.VIBRATE

android.permission.READ_CONTACTS

android.permission.KILL_BACKGROUND_PROCESSES

android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

android.permission.INTERNET

android.permission.FOREGROUND_SERVICE

android.permission.READ_SMS

android.permission.QUERY_ALL_PACKAGES

android.permission.WAKE_LOCK

android.permission.REQUEST_DELETE_PACKAGES