Resubmissions

25/09/2023, 22:58 UTC

230925-2xtqzscf4s 10

25/09/2023, 12:39 UTC

230925-pvwfksgb78 10

General

  • Target

    4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c

  • Size

    6.0MB

  • MD5

    06371fc75740162de9e6275102012e6c

  • SHA1

    9b45243e89541ae26fea5ff2b9c7d14ff69044ed

  • SHA256

    4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c

  • SHA512

    c865d89143effb176c4be93fc16f54e06d248f5b7e22ffbf19754137f9da181f6d7f6019cdb28d2d7964375b1978a255c475dd3d17487fddb9fa0e4eda8bf248

  • SSDEEP

    98304:fC3rjZ1lQTKUHiLoQwaFaxCiFXzTVNeWr4kUCzwHrqrtQUn5HHOwBFyxrlV:fCvlLLNwaF8DhX4k9SrEbBFyN3

Score
7/10

Malware Config

Signatures

  • Requests dangerous framework permissions 6 IoCs

Files

  • 4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c
    .apk android

    Password: infected

    com.tencent.mobileqq

    com.tencent.mobileqq.p1279eff1


  • 66666692.amr
    .zip

    Password: infected

  • 66666692.tar
    .tar .js

    Password: infected

  • appx/af-appx.min.css
  • appx/af-appx.min.js
    .js
  • appx/af-appx.worker.min.js
    .js
  • appx/es6-promise.min.js
    .js
  • appx/index.html
    .html .js
  • appx/security-patch.min.js
    .js
  • appx/web-view.min.js
    .js
  • appx/worker.min.js
    .js
  • bugme.cfg
  • hpmfile.json
  • CERT.json
  • Manifest.xml
    .xml
  • SIGN.json
  • 66666692.appinfo.json
  • AlipayNumber.ttf
  • MOBILEIC@idNoMacau
    .js
  • MOBILEIC@secret-question
    .js
  • QUICKPAY@card-no-flex
    .js
  • QUICKPAY@frontpay-limit-query-flex.html
    .js
  • QUICKPAY@pwd-validate-flex
    .js
  • QUICKPAY@recommend-setspwd-flex
    .js
  • QUICKPAY@waika-select-country-and-area-flex
    .js
  • UpkUt6hwt1.j8F
  • ag_sdk_cbg_root.cer
  • ali_purchase_ext_iconfont.ttf
  • amc-h5.js
    .js
  • amc.i18n.en_US
  • amc.i18n.zh_HK
  • amc.i18n.zh_TW
  • buy_address_ltao.xml
  • buy_image_select_ltao.xml
  • buy_image_text_ltao.xml
  • buy_input_ltao.xml
  • buy_item_ltao.xml
  • buy_pay_for_another_ltao.xml
  • buy_quantity_ltao.xml
  • buy_select_ltao.xml
  • buy_submit_ltao.xml
  • buy_switch_ltao.xml
  • buy_switch_tj_ltao.xml
  • buy_tips_ltao.xml
  • buy_tips_tj_new_ltao.xml
  • configuration.json
  • dx_appstyle.json
  • framework_slice.json
  • framework_slice_light.png
    .png
  • grs_sdk_global_route_config_apptouchupdatesdk.json
  • grs_sdk_global_route_config_opendevicesdk.json
  • grs_sdk_global_route_config_opensdkService.json
  • grs_sdk_global_route_config_updatesdk.json
  • homepage_dxc_data.json
  • lastAccetsbkup.zip
    .zip

    Password: infected

  • 66666692.amr
    .zip

    Password: infected

  • 66666692.tar
    .tar .js

    Password: infected

  • appx/af-appx.min.css
  • appx/af-appx.min.js
    .js
  • appx/af-appx.worker.min.js
    .js
  • appx/es6-promise.min.js
    .js
  • appx/index.html
    .html .js
  • appx/security-patch.min.js
    .js
  • appx/web-view.min.js
    .js
  • appx/worker.min.js
    .js
  • bugme.cfg
  • hpmfile.json
  • CERT.json
  • Manifest.xml
    .xml
  • SIGN.json
  • 66666692.appinfo.json
  • AlipayNumber.ttf
  • MOBILEIC@idNoMacau
    .js
  • MOBILEIC@secret-question
    .js
  • QUICKPAY@card-no-flex
    .js
  • QUICKPAY@frontpay-limit-query-flex.html
    .js
  • QUICKPAY@pwd-validate-flex
    .js
  • QUICKPAY@recommend-setspwd-flex
    .js
  • QUICKPAY@waika-select-country-and-area-flex
    .js
  • ag_sdk_cbg_root.cer
  • amc-h5.js
    .js
  • amc.i18n.en_US
  • amc.i18n.zh_HK
  • amc.i18n.zh_TW
  • dinamic/buy_address_ltao.xml
  • dinamic/buy_image_select_ltao.xml
  • dinamic/buy_image_text_ltao.xml
  • dinamic/buy_input_ltao.xml
  • dinamic/buy_item_ltao.xml
  • dinamic/buy_pay_for_another_ltao.xml
  • dinamic/buy_quantity_ltao.xml
  • dinamic/buy_select_ltao.xml
  • dinamic/buy_submit_ltao.xml
  • dinamic/buy_switch_ltao.xml
  • dinamic/buy_switch_tj_ltao.xml
  • dinamic/buy_tips_ltao.xml
  • dinamic/buy_tips_tj_new_ltao.xml
  • dinamic/dx_appstyle.json
  • dinamic/trade_test_address.xml
  • ext/purchase_ext_plugins.json
  • fonts/ali_purchase_ext_iconfont.ttf
  • fonts/purchase_iconfont.ttf
  • framework_slice/framework_slice.json
  • framework_slice/images/framework_slice_light.png
    .png
  • grs_sdk_global_route_config_apptouchupdatesdk.json
  • grs_sdk_global_route_config_opendevicesdk.json
  • grs_sdk_global_route_config_opensdkService.json
  • grs_sdk_global_route_config_updatesdk.json
  • homepage_dxc_data.json
  • map/7/style_antsports01.data
  • map/7/style_light.data
  • map/style_antsports01.data
  • map/style_light.data
  • primary80.prof
  • theme/configuration.json
  • tr_china_cities.json
  • tr_china_cities_v2.db
  • triver.mock.appinfo.json
  • triver_iconfont.ttf
  • uik_core_iconfont.ttf
  • updatesdkcas.bks
  • vi-amc.js
    .js
  • video_weex.msoac
  • video_windmillapi.json
  • voice_thinking/images/voice_thinking_image_0.png
    .png
  • voice_thinking/voice_thinking.json
  • weex_config_bindingx.json
  • weex_config_evocationapp.json
  • weex_config_fashionai.json
  • weex_config_interactive.json
  • weex_config_mytaobao.json
  • weex_config_shopref.json
  • weex_config_tblive.json
  • weex_config_tbplay.json
  • widget_v8.js
    .js
  • windmill.worker.js
    .js
  • workerjs_multiworker.js
    .js
  • workerjs_v8.js
    .js
  • yuv2rgb.frag
  • yuv2rgb.vert
  • primary80.prof
  • purchase_ext_plugins.json
  • purchase_iconfont.ttf
  • style_antsports01.data
  • style_light.data
  • tr_china_cities.json
  • tr_china_cities_v2.db
  • trade_test_address.xml
  • triver.mock.appinfo.json
  • triver_iconfont.ttf
  • uik_core_iconfont.ttf
  • updatesdkcas.bks
  • vi-amc.js
    .js
  • video_weex.msoac
  • video_windmillapi.json
  • voice_thinking.json
  • voice_thinking_image_0.png
    .png
  • weex_config_bindingx.json
  • weex_config_evocationapp.json
  • weex_config_fashionai.json
  • weex_config_interactive.json
  • weex_config_mytaobao.json
  • weex_config_shopref.json
  • weex_config_tblive.json
  • weex_config_tbplay.json
  • widget_v8.js
    .js
  • windmill.worker.js
    .js
  • workerjs_multiworker.js
    .js
  • workerjs_v8.js
    .js
  • yuv2rgb.frag
  • yuv2rgb.vert

Android Permissions

4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c

Permissions

android.permission.CALL_PHONE

android.permission.SEND_SMS

android.permission.READ_PHONE_STATE

android.permission.ACCESS_NETWORK_STATE

android.permission.WRITE_SMS

android.permission.RECEIVE_SMS

android.permission.VIBRATE

android.permission.READ_CONTACTS

android.permission.KILL_BACKGROUND_PROCESSES

android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

android.permission.INTERNET

android.permission.FOREGROUND_SERVICE

android.permission.READ_SMS

android.permission.QUERY_ALL_PACKAGES

android.permission.WAKE_LOCK

android.permission.REQUEST_DELETE_PACKAGES

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.