240604-kmn93sbb3y_pw_infected[.]zip

General

Target

240604-kmn93sbb3y_pw_infected.zip
Size

16.1MB
MD5

0b30cb88446c9bc8182a90a1d3738ff8
SHA1

91917962cde49677d56c8b8aa3ffdb0cf0f0c23f
SHA256

6d1b20f8dbdc4f15551cfd7a514c8580db3ee2d9bb371ffecab98a7722bb202b
SHA512

20fcd59ac41976c469e111dfba7836563747ecc05dcb09b5034065eaa5425f964c01faca3a6c55fd85255cbe6d4cc850f8cf50c34e6e461036b7a27e39a40030
SSDEEP

393216:sUq4agFsfyCP+K9mj5YiuXOrDaOPPqRzzKPHwCLL8WoB:rDawsfj+2s5YiuXePWzzlCvOB

Score

6^/10

Malware Config

Signatures

Requests dangerous framework permissions 6 IoCs

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW

Files

240604-kmn93sbb3y_pw_infected.zip
.zip

Password: infected
9433612fc02f2ff04058f20b16284890_JaffaCakes118
.apk android arch:arm arch:x86

Password: infected

com.bedtime.backtobed

com.cultureoftech.immersivemode.MainActivity

Activities

com.cultureoftech.immersivemode.MainActivity

android.intent.action.MAIN
android.intent.action.MAIN

com.amazon.identity.auth.device.authorization.AuthorizationActivity

android.intent.action.VIEW

com.inject_tencent.tauth.TAuthView

android.intent.action.VIEW

Permissions

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.READ_PHONE_STATE
android.permission.ACCESS_WIFI_STATE
com.android.vending.CHECK_LICENSE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WAKE_LOCK
android.permission.AUTHENTICATE_ACCOUNTS
android.permission.MANAGE_ACCOUNTS
android.permission.USE_CREDENTIALS
android.permission.GET_TASKS
android.permission.READ_PHONE_STATE
android.permission.GET_ACCOUNTS
android.permission.INTERNET
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.VIBRATE
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.RESTART_PACKAGES

Receivers

com.amazon.identity.auth.device.authorization.PackageIntentReceiver

android.intent.action.PACKAGE_INSTALL
android.intent.action.PACKAGE_ADDED

com.muzhiwan.embed.KillBroadcastReceiver

com.muzhiwan.sdk_kill

Services

com.muzhiwan.embed.DownLoadService

com.bedtime.backtobed_start

com.muzhiwan.embed.RemoteBackupService

action.com.bedtime.backtobed.mzwservice

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

com.bedtime.backtobed

com.cultureoftech.immersivemode.MainActivity

Activities

com.cultureoftech.immersivemode.MainActivity

com.amazon.identity.auth.device.authorization.AuthorizationActivity

com.inject_tencent.tauth.TAuthView

Permissions

Receivers

com.amazon.identity.auth.device.authorization.PackageIntentReceiver

com.muzhiwan.embed.KillBroadcastReceiver

Services

com.muzhiwan.embed.DownLoadService

com.muzhiwan.embed.RemoteBackupService