Overview

overview

7

Static

static

7

4a038c58d2...cf.apk

android-9-x86

1

4a038c58d2...cf.apk

android-10-x64

1

4a038c58d2...cf.apk

android-11-x64

1

consentform.html

windows7-x64

1

consentform.html

windows10-2004-x64

1

arm64-v8a/...exo.so

ubuntu-18.04-amd64

arm64-v8a/...exo.so

debian-9-armhf

arm64-v8a/...exo.so

debian-9-mips

arm64-v8a/...exo.so

debian-9-mipsel

arm64-v8a/...exo.so

ubuntu-18.04-amd64

arm64-v8a/...exo.so

debian-9-armhf

arm64-v8a/...exo.so

debian-9-mips

arm64-v8a/...exo.so

debian-9-mipsel

armeabi-v7...exo.so

debian-9-armhf

1

armeabi-v7...exo.so

debian-9-armhf

1

x86/libex....exo.so

ubuntu-18.04-amd64

1

x86/libfm....exo.so

ubuntu-18.04-amd64

1

x86_64/lib...exo.so

ubuntu-18.04-amd64

1

x86_64/lib...exo.so

ubuntu-18.04-amd64

1

offline.html

windows7-x64

1

offline.html

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    4a038c58d247f45be873c9d8f77f13cf.bin

  • Size

    7.7MB

  • MD5

    4a038c58d247f45be873c9d8f77f13cf

  • SHA1

    30b861351782866aa935a37c65d1feea42e9de46

  • SHA256

    427809c7bebdcfbf0cdc78828b28b0443379c7ed99e062688f57b089155e3322

  • SHA512

    af45a1c7655f33b1915379a3c588d046eca837f6be3f137683f8e6e4afe07b980cc3fa78e9617a0d7541eae21bb9d062fd815a9139e0223dc6eb9d5edab0900c

  • SSDEEP

    196608:M/SikSr/AHa4pZFWSX0KxxfKuhbPjH53HeeurNvsYEj:M/SikS+a4pZgSE851hTjH53/ur+Nj

Score
7/10

Malware Config

Signatures

  • Requests dangerous framework permissions 3 IoCs

Files

  • 4a038c58d247f45be873c9d8f77f13cf.bin
    .apk android

    Password: infected

    com.cxinventor.file.explorer

    com.alphainventor.filemanager.activity.MainActivity


  • consentform.html
    .html .js
  • digicert_global_g2.cer
  • exolibs.zip
    .zip

    Password: infected

  • arm64-v8a/libex.ffmpeg.exo.so
    .elf linux aarch64
  • arm64-v8a/libfm.ffmpeg.exo.so
    .elf linux aarch64
  • armeabi-v7a/libex.ffmpeg.exo.so
    .elf linux arm
  • armeabi-v7a/libfm.ffmpeg.exo.so
    .elf linux arm
  • x86/libex.ffmpeg.exo.so
    .elf linux x86
  • x86/libfm.ffmpeg.exo.so
    .elf linux x86
  • x86_64/libex.ffmpeg.exo.so
    .elf linux x64
  • x86_64/libfm.ffmpeg.exo.so
    .elf linux x64
  • offline.html
    .html
  • offlinepng.png
    .png

Android Permissions

4a038c58d247f45be873c9d8f77f13cf.bin

Permissions

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.CHANGE_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.CHANGE_WIFI_STATE

android.permission.WAKE_LOCK

android.permission.RECEIVE_BOOT_COMPLETED

com.android.launcher.permission.INSTALL_SHORTCUT

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.GET_ACCOUNTS

android.permission.VIBRATE

android.permission.FOREGROUND_SERVICE

com.google.android.gms.permission.AD_ID

com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE