General

  • Target

    01e307adb452924bc643e14098bd50a2b69625570d9b3ea79f11fb8e98e5fb72.apk.zip

  • Size

    106.3MB

  • MD5

    ed50c6dcb1f9bbb7896e2358e7550d81

  • SHA1

    9c2136b06da13f4d491e23b598876c8a1e22ce83

  • SHA256

    2c328a095ff4b53912ec3e7de19c4a34581e87a5cac5ee361e1ef9dc7e8ce900

  • SHA512

    8349771d5b690a05c881a8e2b6a752eae9b32bc6ec7fab065497ea65de8bcf27332e9eef08ffb5f66578b96dcafb1395451fd530be61684f6c6882c4af82401b

  • SSDEEP

    3145728:+vD8AlIeup3ZQyT0HSZr5AkPgjVJYy2Rwl8ibyJFGIFD7Csn5R:+vD7upQM0kEjzYy2G857p9T5R

Score
7/10

Malware Config

Signatures

  • Requests dangerous framework permissions 9 IoCs

Files

  • 01e307adb452924bc643e14098bd50a2b69625570d9b3ea79f11fb8e98e5fb72.apk.zip
    .zip

    Password: infected

  • 01e307adb452924bc643e14098bd50a2b69625570d9b3ea79f11fb8e98e5fb72.apk
    .apk android arch:arm64 arch:arm arch:x86 arch:x64

    th.co.truemoney.wallet

    .activity.LoadingScreenActivity


  • 66666692_1.24.8.amr
    .zip
  • 66666692.tar
    .tar .js
  • appx/af-appx.min.css
  • appx/af-appx.min.js
    .js
  • appx/af-appx.worker.min.js
    .js
  • appx/es6-promise.min.js
    .js
  • appx/index.html
    .html .js
  • appx/security-patch.min.js
    .js
  • appx/web-view.min.js
    .js
  • appx/worker.min.js
    .js
  • bugme.cfg
  • hpmfile.json
  • CERT.json
  • Manifest.xml
    .xml
  • 66666693_2.0.6.amr
    .zip
  • 66666693.tar
    .tar .js
  • api_permission
  • appConfig.json
  • index.html
    .html .js
  • index.js
    .js
  • index.worker.js
    .js
  • manifest.json
  • package.json
  • CERT.json
  • Manifest.xml
    .xml
  • 68687209_2.7.6.amr
    .zip
  • 68687209.tar
    .tar .js
  • appx-ng/af-appx.min.css
  • appx-ng/af-appx.min.js
    .js
  • appx-ng/af-appx.worker.min.js
    .js
  • appx-ng/es6-promise.min.js
    .js
  • appx-ng/index.html
    .html .js
  • appx-ng/security-patch.min.js
    .js
  • appx-ng/web-view.min.js
    .js
  • appx-ng/worker.min.js
    .js
  • bugme.cfg
  • CERT.json
  • Manifest.xml
    .xml
  • 7-eleven.e-kyc.json
  • SE.bin
  • Successful.json
  • UI.json
  • animated_success_icon.json
  • appboy-html-in-app-message-javascript-component.js
    .js
  • appx.json
  • arrow-left.json
  • arrow-right.json
  • back-scan.json
  • bank_instruction_list_local.json
  • blit_vertex_shader.glsl
  • config.json
  • config_connect.zip
    .zip
  • layout.json
  • resources.json
  • strings_th.json
  • copy_external_fragment_shader.glsl
  • create_worker.html
    .html
  • d
  • deeplink-defined.json
  • default.ttf
  • fontawesome-webfont.ttf
  • front-scan-loading.json
  • front-scan.json
  • front-tiltleft.json
  • front-whiteborder.json
  • gn_offline_payment.json
  • gn_offline_refund.json
  • gn_offline_success.json
  • griver_page_error.html
    .html .js
  • h5_bridge.js
    .js
  • h5titlebar.ttf
  • host.json
  • iapconnect_config.json
  • iconfont.ttf
  • info-close.json
  • info-open.json
  • instruction-front.json
  • instruction-left.json
  • instruction-right.json
  • kiosk_instruction.json
  • left-scan.json
  • left-tiltright.json
  • local_delete_wallet_template_en.json
  • local_delete_wallet_template_th.json
  • local_home_container_template_micro_app.json
  • microapp.json
  • mini-program-native-error.html
    .html .js
  • ndid_information.json
  • ndid_instruction.json
  • right-scan.json
  • right-warning.json
  • safemode_registrator_com_iap_ac_config.json
  • scan_passport_tutorial_anim.json
  • scan_thai_id_tutorial_anim.json
  • selfie_with_passport_anim.json
  • submitting.json
  • success-arrow.json
  • success-blue.json
  • success_face_scan.json
  • success_icon_anim.json
  • success_with_girl_kkp.json
  • titlebar.ttf
  • tmn_loading_anim.json
  • toyger.face.dat
  • w.json
  • waiting_orange.json
  • worker.html
    .html
  • workerjs.js
    .js
  • workerjs_multiworker.js
    .js
  • workerjs_v8.js
    .js
  • zoloz_biometric.json
  • zoloz_framework.json