badbazaar | 1acccf97d9d5aba7fbf1d666e06883c9[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

1acccf97d9d5aba7fbf1d666e06883c9.bin
Size

45.4MB
MD5

7ed2f5234ba52b85ad0d13cb74f2dccd
SHA1

fcc32f3aca1ad4c5f3abc6f8cf30d6b58c24003a
SHA256

81e827872e2c2d8962d19cf4693730e84d9c6a10e856075566deb6e5f7de618a
SHA512

e9e4aac3ddd9303e00eea8150a5e913779ee05f1a7ede3b18fbae4dd2c5e4aed67e6fe55410f783599fa04824871d90187821fb9c5b530924657892693f9d9c9
SSDEEP

786432:iz7oAubVHhGDaOYJVmdwNyNfp/YQb0xsYmkHkvDLnSQYS8qgFAzHniaImaHKjwJm:n8pzdwANlYOXfSq8qkwQqjwJC6Px4

Score

10^/10

badbazaar

Malware Config

Signatures

BadBazaar payload 1 IoCs

resource	yara_rule
sample	family_badbazaar

Badbazaar family
badbazaar

Requests dangerous framework permissions 11 IoCs

description	ioc
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to record audio.	android.permission.RECORD_AUDIO
Required to be able to access the camera device.	android.permission.CAMERA
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE

Files

1acccf97d9d5aba7fbf1d666e06883c9.bin
.zip

Password: infected
cee721bb0eebeb452514cd579e560e5206395e7672091560bab697bc22d00ec1.apk
.apk android arch:arm64 arch:arm

im.zpayfmfunw.messenger

im.zpayfmfunw.ui.LaunchActivity

Activities

im.zpayfmfunw.ui.LaunchActivity

android.intent.action.MAIN
android.intent.action.SEND
android.intent.action.SEND
android.intent.action.SEND_MULTIPLE
android.intent.action.SEND
android.intent.action.SEND
android.intent.action.SEND_MULTIPLE
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW

im.zpayfmfunw.ui.ShareActivity

android.intent.action.VIEW

im.zpayfmfunw.ui.ExternalActionActivity

im.zpayfmfunw.passport.AUTHORIZE

Permissions

com.google.android.c2dm.permission.RECEIVE
im.zpayfmfunw.messenger.permission.MAPS_RECEIVE
com.google.android.providers.gsf.permission.READ_GSERVICES
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.FOREGROUND_SERVICE
android.permission.INTERNET
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.WAKE_LOCK
android.permission.MANAGE_ACCOUNTS
android.permission.READ_PROFILE
android.permission.WRITE_SYNC_SETTINGS
android.permission.READ_SYNC_SETTINGS
android.permission.AUTHENTICATE_ACCOUNTS
android.permission.VIBRATE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.USE_FINGERPRINT
android.permission.INSTALL_SHORTCUT
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.UNINSTALL_SHORTCUT
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.BLUETOOTH
android.permission.MANAGE_OWN_CALLS
com.sec.android.provider.badge.permission.READ
com.sec.android.provider.badge.permission.WRITE
com.htc.launcher.permission.READ_SETTINGS
com.htc.launcher.permission.UPDATE_SHORTCUT
com.sonyericsson.home.permission.BROADCAST_BADGE
com.sonymobile.home.permission.PROVIDER_INSERT_BADGE
com.anddoes.launcher.permission.UPDATE_COUNT
com.majeur.launcher.permission.UPDATE_BADGE
com.huawei.android.launcher.permission.CHANGE_BADGE
com.huawei.android.launcher.permission.READ_SETTINGS
com.huawei.android.launcher.permission.WRITE_SETTINGS
android.permission.READ_APP_BADGE
com.oppo.launcher.permission.READ_SETTINGS
com.oppo.launcher.permission.WRITE_SETTINGS
me.everything.badger.permission.BADGE_COUNT_READ
me.everything.badger.permission.BADGE_COUNT_WRITE
android.permission.CALL_PHONE
android.permission.READ_LOGS
android.permission.RECORD_AUDIO
android.permission.CAMERA
android.permission.GET_ACCOUNTS
android.permission.READ_CONTACTS
android.permission.WRITE_CONTACTS
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.CHANGE_NETWORK_STATE
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.REORDER_TASKS
android.permission.READ_PHONE_STATE
android.permission.BROADCAST_PACKAGE_ADDED
android.permission.BROADCAST_PACKAGE_CHANGED
android.permission.BROADCAST_PACKAGE_INSTALL
android.permission.BROADCAST_PACKAGE_REPLACED
android.permission.GET_TASKS
im.zpayfmfunw.messenger.permission.MIPUSH_RECEIVE
com.coloros.mcs.permission.RECIEVE_MCS_MESSAGE
com.heytap.mcs.permission.RECIEVE_MCS_MESSAGE
android.permission.FLASHLIGHT

Receivers

com.google.android.gms.measurement.AppMeasurementReceiver

com.google.android.gms.measurement.UPLOAD

im.zpayfmfunw.messenger.AutoMessageHeardReceiver

im.zpayfmfunw.messenger.ACTION_MESSAGE_HEARD

im.zpayfmfunw.messenger.AutoMessageReplyReceiver

im.zpayfmfunw.messenger.ACTION_MESSAGE_REPLY

im.zpayfmfunw.messenger.MusicPlayerReceiver

im.zpayfmfunw.android.musicplayer.close
im.zpayfmfunw.android.musicplayer.pause
im.zpayfmfunw.android.musicplayer.next
im.zpayfmfunw.android.musicplayer.play
im.zpayfmfunw.android.musicplayer.previous
android.intent.action.MEDIA_BUTTON
android.media.AUDIO_BECOMING_NOISY

im.zpayfmfunw.messenger.voip.VoIPMediaButtonReceiver

android.intent.action.MEDIA_BUTTON

im.zpayfmfunw.messenger.AppStartReceiver

im.zpayfmfunw.start
android.intent.action.BOOT_COMPLETED

im.zpayfmfunw.messenger.RefererReceiver

com.android.vending.INSTALL_REFERRER

im.zpayfmfunw.keepalive.MonitorReceiver

android.intent.action.BOOT_COMPLETED
android.net.conn.CONNECTIVITY_CHANGE
com.silence.gray.wake
android.intent.action.USER_PRESENT
android.intent.action.ACTION_POWER_DISCONNECTED
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED

im.zpayfmfunw.keepalive.ScreenReceiver

android.intent.action.USER_PRESENT
android.intent.action.SCREEN_ON
android.intent.action.SCREEN_OFF

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

Services

im.zpayfmfunw.messenger.GcmPushListenerService

com.google.firebase.MESSAGING_EVENT

im.zpayfmfunw.messenger.AuthenticatorService

android.accounts.AccountAuthenticator

im.zpayfmfunw.messenger.ContactsSyncAdapterService

android.content.SyncAdapter

im.zpayfmfunw.messenger.AppChooserTargetService

android.service.chooser.ChooserTargetService

im.zpayfmfunw.messenger.MusicBrowserService

android.media.browse.MediaBrowserService

im.zpayfmfunw.messenger.WearDataLayerListenerService

com.google.android.gms.wearable.DATA_CHANGED
com.google.android.gms.wearable.MESSAGE_RECEIVED
com.google.android.gms.wearable.CAPABILITY_CHANGED
com.google.android.gms.wearable.CHANNEL_EVENT

im.zpayfmfunw.messenger.voip.AppConnectionService

android.telecom.ConnectionService

com.blankj.utilcode.util.MessengerUtils$ServerService

im.zpayfmfunw.messenger.messenger

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT
CircleDashTexture.png
.png
DVDirectory.cfg
DVHotMap.cfg
DVHotcity.cfg
DVIndoor.cfg
DVSDirectory.cfg
DVStreet.cfg
DVVersion.cfg
M5File
PhoneFormats.dat
ResPackIndoorMap.sdkrs
SDK_Default_Icon_Car.png
.png
SDK_Default_Icon_End.png
.png
SDK_Default_Icon_Passenger.png
.png
SDK_Default_Icon_Start.png
.png
SDK_Default_Route_Texture_Bule_Arrow.png
.png
SDK_Default_Route_Texture_Gray_Arrow.png
.png
SDK_Default_Traffic_Texture_Congestion.png
.png
SDK_Default_Traffic_Texture_SevereCongestion.png
.png
SDK_Default_Traffic_Texture_Slow.png
.png
SDK_Default_Traffic_Texture_Smooth.png
.png
arctic.attheme
baseindoormap.sty
bluebubbles.attheme
countries.txt
countries_cn.txt
countries_tw.txt
dark.attheme
darkblue.attheme
graphite.attheme
icon_scale.9.png
.png
idl-license.beta-face-android
idl-license.face-android
lineDashTexture.png
.png
living.json
loading-w.json
logo_h.png
.png
logo_l.png
.png
main_bottombtn_down.9.png
.png
main_bottombtn_up.9.png
.png
main_icon_zoomin.png
.png
main_icon_zoomin_dis.png
.png
main_icon_zoomout.png
.png
main_icon_zoomout_dis.png
.png
main_topbtn_down.9.png
.png
main_topbtn_up.9.png
.png
map.sdkrs
map.sty
md5.txt
reduct.sdkrs
reduct.sty
right.json
ritalic.ttf
rmedium.ttf
rmediumitalic.ttf
rmono.ttf
secureid_ocr_nn.dat
time.json
traffic.sdkrs
traffic.sty
uni-jsframework.js
.js
upanddown.json
v14_emoji2.0x_0_0.png
.png
v14_emoji2.0x_0_1.png
.png
v14_emoji2.0x_0_2.png
.png
v14_emoji2.0x_0_3.png
.png
v14_emoji2.0x_1_0.png
.png
v14_emoji2.0x_1_1.png
.png
v14_emoji2.0x_1_2.png
.png
v14_emoji2.0x_1_3.png
.png
v14_emoji2.0x_2_0.png
.png
v14_emoji2.0x_2_1.png
.png
v14_emoji2.0x_2_2.png
.png
v14_emoji2.0x_2_3.png
.png
v14_emoji2.0x_3_0.png
.png
v14_emoji2.0x_3_1.png
.png
v14_emoji2.0x_3_2.png
.png
v14_emoji2.0x_3_3.png
.png
v14_emoji2.0x_4_0.png
.png
v14_emoji2.0x_4_1.png
.png
v14_emoji2.0x_4_2.png
.png
v14_emoji2.0x_4_3.png
.png
v14_emoji2.0x_5_0.png
.png
v14_emoji2.0x_5_1.png
.png
v14_emoji2.0x_5_2.png
.png
v14_emoji2.0x_5_3.png
.png
v14_emoji2.0x_6_0.png
.png
v14_emoji2.0x_6_1.png
.png
v14_emoji2.0x_6_2.png
.png
v14_emoji2.0x_6_3.png
.png
v14_emoji2.0x_7_0.png
.png
v14_emoji2.0x_7_1.png
.png
v14_emoji2.0x_7_2.png
.png
v14_emoji2.0x_7_3.png
.png
wear_zoom_in.png
.png
wear_zoom_in_pressed.png
.png
wear_zoom_out_pressed.png
.png
wear_zoon_out.png
.png

Sharing

General

Malware Config

Signatures

Files

Password: infected

im.zpayfmfunw.messenger

im.zpayfmfunw.ui.LaunchActivity

Activities

im.zpayfmfunw.ui.LaunchActivity

im.zpayfmfunw.ui.ShareActivity

im.zpayfmfunw.ui.ExternalActionActivity

Permissions

Receivers

com.google.android.gms.measurement.AppMeasurementReceiver

im.zpayfmfunw.messenger.AutoMessageHeardReceiver

im.zpayfmfunw.messenger.AutoMessageReplyReceiver

im.zpayfmfunw.messenger.MusicPlayerReceiver

im.zpayfmfunw.messenger.voip.VoIPMediaButtonReceiver

im.zpayfmfunw.messenger.AppStartReceiver

im.zpayfmfunw.messenger.RefererReceiver

im.zpayfmfunw.keepalive.MonitorReceiver

im.zpayfmfunw.keepalive.ScreenReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

Services

im.zpayfmfunw.messenger.GcmPushListenerService

im.zpayfmfunw.messenger.AuthenticatorService

im.zpayfmfunw.messenger.ContactsSyncAdapterService

im.zpayfmfunw.messenger.AppChooserTargetService

im.zpayfmfunw.messenger.MusicBrowserService

im.zpayfmfunw.messenger.WearDataLayerListenerService

im.zpayfmfunw.messenger.voip.AppConnectionService

com.blankj.utilcode.util.MessengerUtils$ServerService

com.google.firebase.messaging.FirebaseMessagingService