01e307adb452924bc643e14098bd50a2b69625570d9b3ea79f11fb8e98e5fb72[.]apk[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

01e307adb452924bc643e14098bd50a2b69625570d9b3ea79f11fb8e98e5fb72.apk.zip
Size

106.3MB
MD5

ed50c6dcb1f9bbb7896e2358e7550d81
SHA1

9c2136b06da13f4d491e23b598876c8a1e22ce83
SHA256

2c328a095ff4b53912ec3e7de19c4a34581e87a5cac5ee361e1ef9dc7e8ce900
SHA512

8349771d5b690a05c881a8e2b6a752eae9b32bc6ec7fab065497ea65de8bcf27332e9eef08ffb5f66578b96dcafb1395451fd530be61684f6c6882c4af82401b
SSDEEP

3145728:+vD8AlIeup3ZQyT0HSZr5AkPgjVJYy2Rwl8ibyJFGIFD7Csn5R:+vD7upQM0kEjzYy2G857p9T5R

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 9 IoCs

description	ioc
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to access any geographic locations persisted in the user's shared collection.	android.permission.ACCESS_MEDIA_LOCATION
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS

Files

01e307adb452924bc643e14098bd50a2b69625570d9b3ea79f11fb8e98e5fb72.apk.zip
.zip

Password: infected
01e307adb452924bc643e14098bd50a2b69625570d9b3ea79f11fb8e98e5fb72.apk
.apk android arch:arm64 arch:arm arch:x86 arch:x64

th.co.truemoney.wallet

.activity.LoadingScreenActivity

Activities

.activity.LoadingScreenActivity

android.intent.action.MAIN

.activity.revamp.Landing4Activity

android.intent.action.VIEW
android.intent.action.VIEW

.activity.setting.ProfileNewUIActivity

com.android.camera.action.CROP

.pages.profile.googledirect.AlipayGoogleAuthActivity

com.google.android.payments.standard.AUTHENTICATE_V1

com.facebook.CustomTabActivity

android.intent.action.VIEW

com.iap.ac.android.acs.plugin.ui.activity.ThirdPartyBackActivity

android.intent.action.VIEW

Permissions

android.permission.CAMERA
android.permission.INTERNET
android.permission.VIBRATE
android.permission.READ_CONTACTS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.CHANGE_WIFI_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.WAKE_LOCK
android.permission.READ_PHONE_STATE
android.permission.GET_TASKS
android.permission.USE_FINGERPRINT
th.co.truemoney.wallet.permission.C2D_MESSAGE
com.google.android.c2dm.permission.RECEIVE
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_COARSE_LOCATION
com.samsung.android.providers.context.permission.WRITE_USE_APP_FEATURE_SURVEY
android.permission.READ_EXTERNAL_STORAGE
android.permission.USE_BIOMETRIC
android.permission.ACCESS_MEDIA_LOCATION
android.permission.FOREGROUND_SERVICE
android.permission.RECEIVE_BOOT_COMPLETED
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
android.permission.FLASHLIGHT
android.permission.BLUETOOTH_ADMIN
android.permission.WRITE_CONTACTS
android.permission.NFC

Receivers

com.google.ads.conversiontracking.InstallReceiver

com.android.vending.INSTALL_REFERRER

.receiver.DeeplinkReceiver

com.android.vending.INSTALL_REFERRER

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

androidx.work.impl.diagnostics.DiagnosticsReceiver

androidx.work.diagnostics.REQUEST_DIAGNOSTICS

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.facebook.sdk.ACTION_CURRENT_ACCESS_TOKEN_CHANGED

Services

o.Sk

com.google.firebase.MESSAGING_EVENT

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.alibaba.griver.device.jsapi.nfc.service.TinyAppHostApduService

android.nfc.cardemulation.action.HOST_APDU_SERVICE
66666692_1.24.8.amr
.zip
66666692.tar
.tar .js
appx/af-appx.min.css
appx/af-appx.min.js
.js
appx/af-appx.worker.min.js
.js
appx/es6-promise.min.js
.js
appx/index.html
.html .js
appx/security-patch.min.js
.js
appx/web-view.min.js
.js
appx/worker.min.js
.js
bugme.cfg
hpmfile.json
CERT.json
Manifest.xml
.xml
66666693_2.0.6.amr
.zip
66666693.tar
.tar .js
api_permission
appConfig.json
index.html
.html .js
index.js
.js
index.worker.js
.js
manifest.json
package.json
CERT.json
Manifest.xml
.xml
68687209_2.7.6.amr
.zip
68687209.tar
.tar .js
appx-ng/af-appx.min.css
appx-ng/af-appx.min.js
.js
appx-ng/af-appx.worker.min.js
.js
appx-ng/es6-promise.min.js
.js
appx-ng/index.html
.html .js
appx-ng/security-patch.min.js
.js
appx-ng/web-view.min.js
.js
appx-ng/worker.min.js
.js
bugme.cfg
CERT.json
Manifest.xml
.xml
7-eleven.e-kyc.json
SE.bin
Successful.json
UI.json
animated_success_icon.json
appboy-html-in-app-message-javascript-component.js
.js
appx.json
arrow-left.json
arrow-right.json
back-scan.json
bank_instruction_list_local.json
blit_vertex_shader.glsl
config.json
config_connect.zip
.zip
layout.json
resources.json
strings_th.json
copy_external_fragment_shader.glsl
create_worker.html
.html
d
deeplink-defined.json
default.ttf
fontawesome-webfont.ttf
front-scan-loading.json
front-scan.json
front-tiltleft.json
front-whiteborder.json
gn_offline_payment.json
gn_offline_refund.json
gn_offline_success.json
griver_page_error.html
.html .js
h5_bridge.js
.js
h5titlebar.ttf
host.json
iapconnect_config.json
iconfont.ttf
info-close.json
info-open.json
instruction-front.json
instruction-left.json
instruction-right.json
kiosk_instruction.json
left-scan.json
left-tiltright.json
local_delete_wallet_template_en.json
local_delete_wallet_template_th.json
local_home_container_template_micro_app.json
microapp.json
mini-program-native-error.html
.html .js
ndid_information.json
ndid_instruction.json
right-scan.json
right-warning.json
safemode_registrator_com_iap_ac_config.json
scan_passport_tutorial_anim.json
scan_thai_id_tutorial_anim.json
selfie_with_passport_anim.json
submitting.json
success-arrow.json
success-blue.json
success_face_scan.json
success_icon_anim.json
success_with_girl_kkp.json
titlebar.ttf
tmn_loading_anim.json
toyger.face.dat
w.json
waiting_orange.json
worker.html
.html
workerjs.js
.js
workerjs_multiworker.js
.js
workerjs_v8.js
.js
zoloz_biometric.json
zoloz_framework.json

Sharing

General

Malware Config

Signatures

Files

Password: infected

th.co.truemoney.wallet

.activity.LoadingScreenActivity

Activities

.activity.LoadingScreenActivity

.activity.revamp.Landing4Activity

.activity.setting.ProfileNewUIActivity

.pages.profile.googledirect.AlipayGoogleAuthActivity

com.facebook.CustomTabActivity

com.iap.ac.android.acs.plugin.ui.activity.ThirdPartyBackActivity

Permissions

Receivers

com.google.ads.conversiontracking.InstallReceiver

.receiver.DeeplinkReceiver

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.diagnostics.DiagnosticsReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

Services

o.Sk

com.google.firebase.messaging.FirebaseMessagingService

com.alibaba.griver.device.jsapi.nfc.service.TinyAppHostApduService