df98a8b9f15f4c70505d7c8e0c74b12ea708c084fbbffd5c38424481ae37976f[.]7z

Sharing

Copy URL

Twitter E-mail

General

Target

df98a8b9f15f4c70505d7c8e0c74b12ea708c084fbbffd5c38424481ae37976f.7z
Size

5.1MB
MD5

8ec2d10d355839da988d1481c459e5fb
SHA1

63109a05bdaa1b3376a369a150513c47805299e5
SHA256

d0d67aa3f62e8e280b6a55c9523c8d82159deab4fd1693a15b6b478d47279148
SHA512

74de1784f5f9df6857969b1aee9aa867a08246c0f7e044b3b69c86bacb1c7b1e2bb87641ed56a37ff30faa1b20d8f691b15d8936d0ba122b6610efb0d37d95ea
SSDEEP

98304:RCswU6UcgM4OBC9l3yR8ob27TxyyqC6HOFt/Evd84QMkizCCGOA:EswU6U/dNyR8M2pyyqnHOIVZkFrOA

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 6 IoCs

Processes:

description	ioc
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read SMS messages.	android.permission.READ_SMS

Files

df98a8b9f15f4c70505d7c8e0c74b12ea708c084fbbffd5c38424481ae37976f.7z
.7z

Password: infected
df98a8b9f15f4c70505d7c8e0c74b12ea708c084fbbffd5c38424481ae37976f
.apk android

com.tencent.mobileqq

com.tencent.mobileqq.p05f9560f

Activities

com.tencent.mobileqq.pe795bd05

android.intent.action.MAIN

com.tencent.mobileqq.p05f9560f

android.intent.action.MAIN

com.tencent.mobileqq.p3cb7d6b7

android.intent.action.SENDTO
android.intent.action.SEND

Permissions

android.permission.CALL_PHONE
android.permission.SEND_SMS
android.permission.READ_PHONE_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.WRITE_SMS
android.permission.RECEIVE_SMS
android.permission.VIBRATE
android.permission.READ_CONTACTS
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.INTERNET
android.permission.FOREGROUND_SERVICE
android.permission.READ_SMS
android.permission.QUERY_ALL_PACKAGES
android.permission.WAKE_LOCK
android.permission.REQUEST_DELETE_PACKAGES

Receivers

com.tencent.mobileqq.pd7fc8ca3

android.provider.Telephony.SMS_DELIVER

com.tencent.mobileqq.p800c47cd

android.provider.Telephony.WAP_PUSH_DELIVER

Services

com.tencent.mobileqq.p91564b42

android.service.notification.NotificationListenerService

com.tencent.mobileqq.p65fa7fa4

android.intent.action.RESPOND_VIA_MESSAGE

com.tencent.mobileqq.p4c4a83bb

android.accessibilityservice.AccessibilityService
66666692.amr
.zip
66666692.tar
.tar .js
appx/af-appx.min.css
appx/af-appx.min.js
.js
appx/af-appx.worker.min.js
.js
appx/es6-promise.min.js
.js
appx/index.html
.html .js
appx/security-patch.min.js
.js
appx/web-view.min.js
.js
appx/worker.min.js
.js
bugme.cfg
hpmfile.json
CERT.json
Manifest.xml
.xml
SIGN.json
66666692.appinfo.json
9iG8TUgkT1.rjq
AlipayNumber.ttf
MOBILEIC@idNoMacau
.js
MOBILEIC@secret-question
.js
QUICKPAY@card-no-flex
.js
[email protected]
.js
QUICKPAY@pwd-validate-flex
.js
QUICKPAY@recommend-setspwd-flex
.js
QUICKPAY@waika-select-country-and-area-flex
.js
ag_sdk_cbg_root.cer
ali_purchase_ext_iconfont.ttf
amc-h5.js
.js
amc.i18n.en_US
amc.i18n.zh_HK
amc.i18n.zh_TW
buy_address_ltao.xml
buy_image_select_ltao.xml
buy_image_text_ltao.xml
buy_input_ltao.xml
buy_item_ltao.xml
buy_pay_for_another_ltao.xml
buy_quantity_ltao.xml
buy_select_ltao.xml
buy_submit_ltao.xml
buy_switch_ltao.xml
buy_switch_tj_ltao.xml
buy_tips_ltao.xml
buy_tips_tj_new_ltao.xml
configuration.json
dx_appstyle.json
framework_slice.json
framework_slice_light.png
.png
grs_sdk_global_route_config_apptouchupdatesdk.json
grs_sdk_global_route_config_opendevicesdk.json
grs_sdk_global_route_config_opensdkService.json
grs_sdk_global_route_config_updatesdk.json
homepage_dxc_data.json
lastAccetsbkup.zip
.zip
66666692.amr
.zip
66666692.tar
.tar .js
appx/af-appx.min.css
appx/af-appx.min.js
.js
appx/af-appx.worker.min.js
.js
appx/es6-promise.min.js
.js
appx/index.html
.html .js
appx/security-patch.min.js
.js
appx/web-view.min.js
.js
appx/worker.min.js
.js
bugme.cfg
hpmfile.json
CERT.json
Manifest.xml
.xml
SIGN.json
66666692.appinfo.json
AlipayNumber.ttf
MOBILEIC@idNoMacau
.js
MOBILEIC@secret-question
.js
QUICKPAY@card-no-flex
.js
[email protected]
.js
QUICKPAY@pwd-validate-flex
.js
QUICKPAY@recommend-setspwd-flex
.js
QUICKPAY@waika-select-country-and-area-flex
.js
ag_sdk_cbg_root.cer
amc-h5.js
.js
amc.i18n.en_US
amc.i18n.zh_HK
amc.i18n.zh_TW
dinamic/buy_address_ltao.xml
dinamic/buy_image_select_ltao.xml
dinamic/buy_image_text_ltao.xml
dinamic/buy_input_ltao.xml
dinamic/buy_item_ltao.xml
dinamic/buy_pay_for_another_ltao.xml
dinamic/buy_quantity_ltao.xml
dinamic/buy_select_ltao.xml
dinamic/buy_submit_ltao.xml
dinamic/buy_switch_ltao.xml
dinamic/buy_switch_tj_ltao.xml
dinamic/buy_tips_ltao.xml
dinamic/buy_tips_tj_new_ltao.xml
dinamic/dx_appstyle.json
dinamic/trade_test_address.xml
ext/purchase_ext_plugins.json
fonts/ali_purchase_ext_iconfont.ttf
fonts/purchase_iconfont.ttf
framework_slice/framework_slice.json
framework_slice/images/framework_slice_light.png
.png
grs_sdk_global_route_config_apptouchupdatesdk.json
grs_sdk_global_route_config_opendevicesdk.json
grs_sdk_global_route_config_opensdkService.json
grs_sdk_global_route_config_updatesdk.json
homepage_dxc_data.json
map/7/style_antsports01.data
map/7/style_light.data
map/style_antsports01.data
map/style_light.data
primary80.prof
theme/configuration.json
tr_china_cities.json
tr_china_cities_v2.db
triver.mock.appinfo.json
triver_iconfont.ttf
uik_core_iconfont.ttf
updatesdkcas.bks
vi-amc.js
.js
video_weex.msoac
video_windmillapi.json
voice_thinking/images/voice_thinking_image_0.png
.png
voice_thinking/voice_thinking.json
weex_config_bindingx.json
weex_config_evocationapp.json
weex_config_fashionai.json
weex_config_interactive.json
weex_config_mytaobao.json
weex_config_shopref.json
weex_config_tblive.json
weex_config_tbplay.json
widget_v8.js
.js
windmill.worker.js
.js
workerjs_multiworker.js
.js
workerjs_v8.js
.js
yuv2rgb.frag
yuv2rgb.vert
primary80.prof
purchase_ext_plugins.json
purchase_iconfont.ttf
style_antsports01.data
style_light.data
tr_china_cities.json
tr_china_cities_v2.db
trade_test_address.xml
triver.mock.appinfo.json
triver_iconfont.ttf
uik_core_iconfont.ttf
updatesdkcas.bks
vi-amc.js
.js
video_weex.msoac
video_windmillapi.json
voice_thinking.json
voice_thinking_image_0.png
.png
weex_config_bindingx.json
weex_config_evocationapp.json
weex_config_fashionai.json
weex_config_interactive.json
weex_config_mytaobao.json
weex_config_shopref.json
weex_config_tblive.json
weex_config_tbplay.json
widget_v8.js
.js
windmill.worker.js
.js
workerjs_multiworker.js
.js
workerjs_v8.js
.js
yuv2rgb.frag
yuv2rgb.vert

Sharing

General

Malware Config

Signatures

Files

Password: infected

com.tencent.mobileqq

com.tencent.mobileqq.p05f9560f

Activities

com.tencent.mobileqq.pe795bd05

com.tencent.mobileqq.p05f9560f

com.tencent.mobileqq.p3cb7d6b7

Permissions

Receivers

com.tencent.mobileqq.pd7fc8ca3

com.tencent.mobileqq.p800c47cd

Services

com.tencent.mobileqq.p91564b42

com.tencent.mobileqq.p65fa7fa4

com.tencent.mobileqq.p4c4a83bb