346744984a0c8bb33705bb98da25ea33[.]bin

General

Target

346744984a0c8bb33705bb98da25ea33.bin
Size

91.7MB
MD5

b21f39975c1f4fc192223ee8ea320ce0
SHA1

6a1df405f131f764697976ac6d215b7fd7686178
SHA256

6301f1ac55cd526e6e20c1b6c1bd54f5e0d8d70d759fe1b8c4942dc3ffbdd879
SHA512

ef69ecfc723f02fa0277b8526eb83aca022a446e2e0b75b48cc9c8207416f19cb3a19e47b854211d1f9346efc2c8f4d88e84c6c96f82c2d5dd412198c6fcbd22
SSDEEP

1572864:Dt7/BVVWc6YTK/v8FDkNKCfPsRRBzoqr6i/Y9TghumtP3zcYHPxd5s9hlRkU:V5/dDkTEZbqgE83IYHUzb

Score

6^/10

Malware Config

Signatures

Requests dangerous framework permissions 10 IoCs

description	ioc
Required to be able to discover and pair nearby Bluetooth devices.	android.permission.BLUETOOTH_SCAN
Required to be able to advertise to nearby Bluetooth devices.	android.permission.BLUETOOTH_ADVERTISE
Required to be able to connect to paired Bluetooth devices.	android.permission.BLUETOOTH_CONNECT
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Required to be able to access the camera device.	android.permission.CAMERA
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION

Files

346744984a0c8bb33705bb98da25ea33.bin
.zip

Password: infected
bd7f0a21d9c455794584520539a434dc8bdb5241708dfb9834fa6a92210bd679.apk
.apk android arch:arm

Password: infected

ecbiim.dhgian.hajgco

org.consenlabs.imtoken.MainActivity

Activities

org.consenlabs.imtoken.MainActivity

android.intent.action.MAIN
android.intent.action.VIEW

Permissions

android.permission.BLUETOOTH
android.permission.BLUETOOTH_ADMIN
android.permission.BLUETOOTH_SCAN
android.permission.BLUETOOTH_ADVERTISE
android.permission.BLUETOOTH_CONNECT
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_PHONE_STATE
android.permission.READ_EXTERNAL_STORAGE
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CAMERA
android.permission.INTERNET
android.permission.WAKE_LOCK
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.USE_FINGERPRINT
android.permission.USE_BIOMETRIC
com.fingerprints.service.ACCESS_FINGERPRINT_MANAGER
com.samsung.android.providers.context.permission.WRITE_USE_APP_FEATURE_SURVEY
com.google.android.c2dm.permission.RECEIVE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
com.google.android.gms.permission.AD_ID
android.permission.FOREGROUND_SERVICE

Receivers

io.invertase.firebase.messaging.ReactNativeFirebaseMessagingReceiver

com.google.android.c2dm.intent.RECEIVE

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

Services

com.helpscout.beacon.internal.presentation.push.fcm.BeaconFirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

io.invertase.firebase.messaging.ReactNativeFirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT
i11111i111
.apk android

Password: infected
origin.apk
.apk android arch:arm

Password: infected

im.token.app

org.consenlabs.imtoken.MainActivity

Activities

org.consenlabs.imtoken.MainActivity

android.intent.action.MAIN
android.intent.action.VIEW

Permissions

android.permission.BLUETOOTH
android.permission.BLUETOOTH_ADMIN
android.permission.BLUETOOTH_SCAN
android.permission.BLUETOOTH_ADVERTISE
android.permission.BLUETOOTH_CONNECT
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_PHONE_STATE
android.permission.READ_EXTERNAL_STORAGE
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CAMERA
android.permission.INTERNET
android.permission.WAKE_LOCK
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.USE_FINGERPRINT
android.permission.USE_BIOMETRIC
com.fingerprints.service.ACCESS_FINGERPRINT_MANAGER
com.samsung.android.providers.context.permission.WRITE_USE_APP_FEATURE_SURVEY
com.google.android.c2dm.permission.RECEIVE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
com.google.android.gms.permission.AD_ID
android.permission.FOREGROUND_SERVICE

Receivers

io.invertase.firebase.messaging.ReactNativeFirebaseMessagingReceiver

com.google.android.c2dm.intent.RECEIVE

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

Services

com.helpscout.beacon.internal.presentation.push.fcm.BeaconFirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

io.invertase.firebase.messaging.ReactNativeFirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

ecbiim.dhgian.hajgco

org.consenlabs.imtoken.MainActivity

Activities

org.consenlabs.imtoken.MainActivity

Permissions

Receivers

io.invertase.firebase.messaging.ReactNativeFirebaseMessagingReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

Services

com.helpscout.beacon.internal.presentation.push.fcm.BeaconFirebaseMessagingService

io.invertase.firebase.messaging.ReactNativeFirebaseMessagingService

com.google.firebase.messaging.FirebaseMessagingService

Password: infected

Password: infected

im.token.app

org.consenlabs.imtoken.MainActivity

Activities

org.consenlabs.imtoken.MainActivity

Permissions

Receivers

io.invertase.firebase.messaging.ReactNativeFirebaseMessagingReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

Services

com.helpscout.beacon.internal.presentation.push.fcm.BeaconFirebaseMessagingService

io.invertase.firebase.messaging.ReactNativeFirebaseMessagingService

com.google.firebase.messaging.FirebaseMessagingService