a74212a78ed5bda6b871e18c659a76435c8d0dbe8fc662cf4979592f8a71ef63[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

a74212a78ed5bda6b871e18c659a76435c8d0dbe8fc662cf4979592f8a71ef63.zip.zip
Size

12.1MB
MD5

12c654505da514b31ca36f7377b21b5b
SHA1

7eb2e1052cb9b8e111cdff8ebdae564c84baba92
SHA256

e9b2a73b4f463b50750a69057d7466336e433a9aaeeae6a8bdc8aa7c9ac60478
SHA512

fd282904919add48d4ae8827064ca5862c12b3a1f2d8cb6c14d2077f0de42f7164d05e4b6552375889055dcc36c2dd2cee42d69ee8dad41501f11f24894c18b3
SSDEEP

393216:bGUd9pmk38PgH7HCdOTbLxPS97RD/LzXmYa:bVdek3AgzNHs91D/vXXa

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 6 IoCs

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to record audio.	android.permission.RECORD_AUDIO
Required to be able to access the camera device.	android.permission.CAMERA
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE

Files

a74212a78ed5bda6b871e18c659a76435c8d0dbe8fc662cf4979592f8a71ef63.zip.zip
.zip

Password: infected
a74212a78ed5bda6b871e18c659a76435c8d0dbe8fc662cf4979592f8a71ef63.zip
.zip
azcode/index.php
azcode/payload.php
azcode/x.php
index.php
.js
kartu/index.php
.html .js
kennesia/kennesia-krt.php
kennesia/kennesia-nop.php
kennesia/kennesia-otp.php
kennesia/kennesia-pin.php
kennesia/kennesia-tID.php
otp/error_log
otp/index.php
.html .js
otp/invalid/index.php
.html .js
playstore/favicon_v3.ico
playstore/fonts/4UaRrENHsxJlGDuGo1OIlJfC6mGS6vhAK1YobMu2sACIhM907-0x.woff2
playstore/fonts/4UaRrENHsxJlGDuGo1OIlJfC6mGS6vhAK1YobMu2sQCIhM907-0x.woff2
playstore/fonts/4UaRrENHsxJlGDuGo1OIlJfC6mGS6vhAK1YobMu2ugCIhM907-0x.woff2
playstore/fonts/4UaRrENHsxJlGDuGo1OIlJfC6mGS6vhAK1YobMu2vACIhM907-0x.woff2
playstore/fonts/4UaRrENHsxJlGDuGo1OIlJfC6mGS6vhAK1YobMu2vQCIhM907-0x.woff2
playstore/fonts/4UaRrENHsxJlGDuGo1OIlJfC6mGS6vhAK1YobMu2vgCIhM907w.woff2
playstore/fonts/Gw6kwdfw6UnXLJCcmafZyFRXb3BL9rvi0QZG3Sy7X00.woff2
playstore/fonts/KFOkCnqEu92Fr1MmgVxEIzIXKMnyrYk.woff2
playstore/fonts/KFOkCnqEu92Fr1MmgVxFIzIXKMnyrYk.woff2
playstore/fonts/KFOkCnqEu92Fr1MmgVxGIzIXKMnyrYk.woff2
playstore/fonts/KFOkCnqEu92Fr1MmgVxHIzIXKMnyrYk.woff2
playstore/fonts/KFOkCnqEu92Fr1MmgVxIIzIXKMny.woff2
playstore/fonts/KFOkCnqEu92Fr1MmgVxLIzIXKMnyrYk.woff2
playstore/fonts/KFOkCnqEu92Fr1MmgVxMIzIXKMnyrYk.woff2
playstore/fonts/KFOlCnqEu92Fr1MmEU9fABc4AMP6lbBP.woff2
playstore/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
playstore/fonts/KFOlCnqEu92Fr1MmEU9fBxc4AMP6lbBP.woff2
playstore/fonts/KFOlCnqEu92Fr1MmEU9fCBc4AMP6lbBP.woff2
playstore/fonts/KFOlCnqEu92Fr1MmEU9fCRc4AMP6lbBP.woff2
playstore/fonts/KFOlCnqEu92Fr1MmEU9fChc4AMP6lbBP.woff2
playstore/fonts/KFOlCnqEu92Fr1MmEU9fCxc4AMP6lbBP.woff2
playstore/fonts/KFOlCnqEu92Fr1MmSU5fABc4AMP6lbBP.woff2
playstore/fonts/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
playstore/fonts/KFOlCnqEu92Fr1MmSU5fBxc4AMP6lbBP.woff2
playstore/fonts/KFOlCnqEu92Fr1MmSU5fCBc4AMP6lbBP.woff2
playstore/fonts/KFOlCnqEu92Fr1MmSU5fCRc4AMP6lbBP.woff2
playstore/fonts/KFOlCnqEu92Fr1MmSU5fChc4AMP6lbBP.woff2
playstore/fonts/KFOlCnqEu92Fr1MmSU5fCxc4AMP6lbBP.woff2
playstore/fonts/KFOlCnqEu92Fr1MmWUlfABc4AMP6lbBP.woff2
playstore/fonts/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
playstore/fonts/KFOlCnqEu92Fr1MmWUlfBxc4AMP6lbBP.woff2
playstore/fonts/KFOlCnqEu92Fr1MmWUlfCBc4AMP6lbBP.woff2
playstore/fonts/KFOlCnqEu92Fr1MmWUlfCRc4AMP6lbBP.woff2
playstore/fonts/KFOlCnqEu92Fr1MmWUlfChc4AMP6lbBP.woff2
playstore/fonts/KFOlCnqEu92Fr1MmWUlfCxc4AMP6lbBP.woff2
playstore/fonts/KFOmCnqEu92Fr1Mu4WxKKTU1Kvnz.woff2
playstore/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
playstore/fonts/KFOmCnqEu92Fr1Mu5mxKKTU1Kvnz.woff2
playstore/fonts/KFOmCnqEu92Fr1Mu72xKKTU1Kvnz.woff2
playstore/fonts/KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz.woff2
playstore/fonts/KFOmCnqEu92Fr1Mu7WxKKTU1Kvnz.woff2
playstore/fonts/KFOmCnqEu92Fr1Mu7mxKKTU1Kvnz.woff2
playstore/fonts/kJEjBvgX7BgnkSrUwT8UnLVc38YydejYY-oE_LvJHMXBBA.woff2
playstore/fonts/pxiDypQkot1TnFhsFMOfGShVF9eOYktMqg.woff2
playstore/fonts/pxiDypQkot1TnFhsFMOfGShVGdeOYktMqlap.woff2
playstore/images/hqdefault.jpg
.jpg
playstore/images/loading_dark_small.gif
.gif
playstore/images/logo_avatar_anonymous_color_1x_web_32dp.png
.png
playstore/images/play_prism_hlock_m.png
.png
playstore/index.html
.html .js
playstore/simontok.apk
.apk android arch:arm64 arch:arm

com.ipankstudio.lk21

acr.browser.lightning.DefaultBrowserActivity

Activities

acr.browser.lightning.DefaultBrowserActivity

android.intent.action.MAIN
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.WEB_SEARCH
android.intent.action.WEB_SEARCH
info.guardianproject.panic.action.TRIGGER

acr.browser.lightning.SimeonBrowserActivity

android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.WEB_SEARCH
android.intent.action.WEB_SEARCH
info.guardianproject.panic.action.TRIGGER

acr.browser.lightning.IncognitoBrowserActivity

android.intent.action.INCOGNITO

acr.browser.lightning.settings.activity.SettingsActivity

android.intent.action.SETTINGS

acr.browser.lightning.reading.activity.ReadingActivity

android.intent.action.READING

com.google.firebase.auth.internal.GenericIdpActivity

android.intent.action.VIEW

com.google.firebase.auth.internal.RecaptchaActivity

android.intent.action.VIEW

Permissions

android.permission.INTERNET
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_NETWORK_STATE
com.android.launcher.permission.INSTALL_SHORTCUT
android.permission.RECORD_AUDIO
android.permission.CAMERA
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.READ_PHONE_STATE
com.ipankstudio.lk21.SERVICE
android.permission.CHANGE_NETWORK_STATE
android.permission.FOREGROUND_SERVICE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WAKE_LOCK
android.permission.SCHEDULE_EXACT_ALARM
android.permission.REORDER_TASKS
android.permission.SYSTEM_ALERT_WINDOW
android.permission.SYSTEM_OVERLAY_WINDOW
com.google.android.gms.permission.AD_ID
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

Receivers

Services

com.github.shadowsocks.bg.VpnService

android.net.VpnService

com.blankj.utilcode.util.MessengerUtils$ServerService

com.ipankstudio.lk21.messenger
ACT.png
.png
ADV.png
.png
ANI.png
.png
HD.png
.png
LD.png
.png
LF.png
.png
PH.png
.png
TD.png
.png
TF.png
.png
XNXX.png
.png
XV.png
.png
ask.png
.png
baidu.png
.png
baseline.prof
baseline.profm
bing.png
.png
blocked_domains.txt
data_loading.json
data_no.json
data_okk.json
duckduckgo.png
.png
facebook.png
.png
google.png
.png
hosts.txt
instagram.png
.png
lightning.png
.png
naver.png
.png
simontok_update.json
startpage.png
.png
twitter.png
.png
vpn_loading.json
yahoo.png
.png
yandex.png
.png
youtube.png
.png
verify.php

Sharing

General

Malware Config

Signatures

Files

Password: infected

com.ipankstudio.lk21

acr.browser.lightning.DefaultBrowserActivity

Activities

acr.browser.lightning.DefaultBrowserActivity

acr.browser.lightning.SimeonBrowserActivity

acr.browser.lightning.IncognitoBrowserActivity

acr.browser.lightning.settings.activity.SettingsActivity

acr.browser.lightning.reading.activity.ReadingActivity

com.google.firebase.auth.internal.GenericIdpActivity

com.google.firebase.auth.internal.RecaptchaActivity

Permissions

Receivers

Services

com.github.shadowsocks.bg.VpnService

com.blankj.utilcode.util.MessengerUtils$ServerService