wipelock | vbug-master[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

vbug-master.zip
Size

7.0MB
MD5

d52796122c1bb06a92d36e3fd18ea9ad
SHA1

c49f161e6cdc601119c550c037384f0d02b8d3b5
SHA256

cf4ace71e2fb09825dca8f3a1e0180708cd62050561d733027cc1d6b46d184a4
SHA512

4b37348d7acd1f2c29298b791c7aff3d680774376c9cffa1bd5630d8dae0aa7d82270669def0d1a366fb9433d8cf75ed704d2de9e9ccff3b0e7a4b1a1c780c3a
SSDEEP

196608:CnxsdQzjS0NHbwDezbdTyFpprAQQsmqqD2:CnxQ0jScHbwyzxTyFpprA7smjD2

Score

10^/10

wipelock

Malware Config

Signatures

Wipelock Android payload 2 IoCs

Processes:

resource	yara_rule
static1/unpack002/elite.vbk	family_wipelock
static1/unpack002/mobelejen.vbk	family_wipelock

Wipelock family
wipelock

Declares broadcast receivers with permission to handle system events 1 IoCs

Processes:

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Declares services with permission to bind to the system 1 IoCs

Processes:

description ioc

Required by wallpaper services to bind with the system. Allows apps to provide live wallpapers. android.permission.BIND_WALLPAPER

description	ioc
Required by wallpaper services to bind with the system. Allows apps to provide live wallpapers.	android.permission.BIND_WALLPAPER

Requests dangerous framework permissions 2 IoCs

Processes:

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE

Files

vbug-master.zip
.zip
vbug-master/.image/vbug01.png
.png
vbug-master/.image/vbug02.png
.png
vbug-master/README.md
vbug-master/vbug-AIDE.apk
.apk android

sec.blackhole.vbug

sec.blackhole.vbug.MainActivity

Activities

sec.blackhole.vbug.MainActivity

android.intent.action.MAIN

Permissions

android.permission.INTERNET
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
vbug-master/vbug-DS.apk
.apk android arch:arm

sec.blackhole.vbug

com.smartphoneremote.androidscriptfree.AndroidScriptFree

Activities

com.smartphoneremote.androidscriptfree.AndroidScriptFree

android.intent.action.MAIN
android.nfc.action.NDEF_DISCOVERED

com.smartphoneremote.ioioscript.NewActivity

android.intent.action.VIEW

com.smartphoneremote.ioioscript.TransActivity

android.intent.action.VIEW

com.smartphoneremote.ioioscript.UserActivity

android.intent.action.VIEW

com.smartphoneremote.ioioscript.ChromeActivity

android.intent.action.VIEW

com.smartphoneremote.ioioscript.SamplePreferenceActivity

android.intent.action.MAIN

Permissions

android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE

Receivers

com.smartphoneremote.ioioscript.MyServiceStarter

android.intent.action.BOOT_COMPLETED

com.smartphoneremote.ioioscript.PebbleReceiver

com.getpebble.action.app.RECEIVE

com.smartphoneremote.ioioscript.ExtensionReceiver

com.sonyericsson.extras.liveware.aef.registration.EXTENSION_REGISTER_REQUEST
com.sonyericsson.extras.liveware.aef.registration.ACCESSORY_CONNECTION
android.intent.action.LOCALE_CHANGED
com.sonyericsson.extras.liveware.aef.notification.VIEW_EVENT_DETAIL
com.sonyericsson.extras.liveware.aef.notification.REFRESH_REQUEST
com.sonyericsson.extras.aef.widget.START_REFRESH_IMAGE_REQUEST
com.sonyericsson.extras.aef.widget.STOP_REFRESH_IMAGE_REQUEST
com.sonyericsson.extras.aef.widget.ONTOUCH
com.sonyericsson.extras.liveware.extension.util.widget.scheduled.refresh
com.sonyericsson.extras.aef.control.START
com.sonyericsson.extras.aef.control.STOP
com.sonyericsson.extras.aef.control.PAUSE
com.sonyericsson.extras.aef.control.RESUME
com.sonyericsson.extras.aef.control.ERROR
com.sonyericsson.extras.aef.control.KEY_EVENT
com.sonyericsson.extras.aef.control.TOUCH_EVENT
com.sonyericsson.extras.aef.control.SWIPE_EVENT
com.sonyericsson.extras.aef.control.OBJECT_CLICK_EVENT
com.sonyericsson.extras.aef.control.LIST_REFERESH_REQUEST
com.sonyericsson.extras.aef.control.LIST_REQUEST_ITEM
com.sonyericsson.extras.aef.control.LIST_ITEM_CLICK
com.sonyericsson.extras.aef.control.LIST_ITEM_SELECTED
com.sonyericsson.extras.aef.control.MENU_ITEM_SELECTED
com.sonyericsson.extras.aef.control.MENU_SHOW

Services

com.smartphoneremote.ioioscript.DSWallpaperService

android.service.wallpaper.WallpaperService
elite.vbk
.apk android

com.elite

com.elite.MainActivity

Activities

com.elite.MainActivity

android.intent.action.MAIN

com.elite.UninstallAdminDevice

android.intent.action.SEND

Permissions

android.permission.GET_TASKS
android.permission.READ_PHONE_STATE
android.permission.RECEIVE_SMS
android.permission.SEND_SMS
android.permission.READ_SMS
android.permission.WRITE_SMS
android.permission.READ_CONTACTS
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WRITE_SETTINGS
android.permission.WAKE_LOCK

Receivers

com.elite.AdminReciever

android.app.action.DEVICE_ADMIN_ENABLED

com.elite.SMSReceiver

android.provider.Telephony.SMS_RECEIVED

com.elite.BootReceiver

android.intent.action.BOOT_COMPLETED

Services
fbcr.vbk
.apk android arch:arm

com.example.forkbomb

com.example.forkbomb.MainActivity

Activities

com.example.forkbomb.MainActivity

android.intent.action.MAIN
mobelejen.vbk
.apk android

com.elite

com.elite.MainActivity

Activities

com.elite.MainActivity

android.intent.action.MAIN

com.elite.UninstallAdminDevice

android.intent.action.SEND

Permissions

android.permission.GET_TASKS
android.permission.READ_PHONE_STATE
android.permission.RECEIVE_SMS
android.permission.SEND_SMS
android.permission.READ_SMS
android.permission.WRITE_SMS
android.permission.READ_CONTACTS
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WRITE_SETTINGS
android.permission.WAKE_LOCK

Receivers

com.elite.AdminReciever

android.app.action.DEVICE_ADMIN_ENABLED

com.elite.SMSReceiver

android.provider.Telephony.SMS_RECEIVED

com.elite.BootReceiver

android.intent.action.BOOT_COMPLETED

Services
vi4a.vbk
.apk android

com.google.android.virus

VirusActivity

Activities

VirusActivity

android.intent.action.MAIN

Permissions

android.permission.RECEIVE_BOOT_COMPLETED
android.permission.SYSTEM_ALERT_WINDOW

Receivers

.BootCompleteReceiver

android.intent.action.BOOT_COMPLETED

Services
vbug-master/vbug.py
.py .sh linux

Sharing

General

Malware Config

Signatures

Files

sec.blackhole.vbug

sec.blackhole.vbug.MainActivity

Activities

sec.blackhole.vbug.MainActivity

Permissions

sec.blackhole.vbug

com.smartphoneremote.androidscriptfree.AndroidScriptFree

Activities

com.smartphoneremote.androidscriptfree.AndroidScriptFree

com.smartphoneremote.ioioscript.NewActivity

com.smartphoneremote.ioioscript.TransActivity

com.smartphoneremote.ioioscript.UserActivity

com.smartphoneremote.ioioscript.ChromeActivity

com.smartphoneremote.ioioscript.SamplePreferenceActivity

Permissions

Receivers

com.smartphoneremote.ioioscript.MyServiceStarter

com.smartphoneremote.ioioscript.PebbleReceiver

com.smartphoneremote.ioioscript.ExtensionReceiver

Services

com.smartphoneremote.ioioscript.DSWallpaperService

com.elite

com.elite.MainActivity

Activities

com.elite.MainActivity

com.elite.UninstallAdminDevice

Permissions

Receivers

com.elite.AdminReciever

com.elite.SMSReceiver

com.elite.BootReceiver

Services

com.example.forkbomb

com.example.forkbomb.MainActivity

Activities

com.example.forkbomb.MainActivity

com.elite

com.elite.MainActivity

Activities

com.elite.MainActivity

com.elite.UninstallAdminDevice

Permissions

Receivers

com.elite.AdminReciever

com.elite.SMSReceiver

com.elite.BootReceiver

Services

com.google.android.virus

VirusActivity

Activities

VirusActivity

Permissions

Receivers

.BootCompleteReceiver

Services