44cb9a9fe1ec9eb0ad20b2bbd6c4081d5c72f4bcad038077cecb4a1d13de46a6[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

44cb9a9fe1ec9eb0ad20b2bbd6c4081d5c72f4bcad038077cecb4a1d13de46a6.zip
Size

2.7MB
MD5

ca28de059fa1faa09eba48349cb51262
SHA1

9e3cd18e2c7a43ae7848b7ee698729c1c0cdc43c
SHA256

d709cab8285cfd269834784b73909ca4f2422d1b5d3fcdfd65be4ece43b85eb7
SHA512

48f3df2447ec5cf949b998f19d40a46e427625d7e4a1e00a74196c69996a9ae0835fdfb6b707ccbb45d6b63df6256a582552843b5dd0889dfd5ebf669a24112a
SSDEEP

49152:ztEO86Le8pE2ipbhcZYZlLHqcWyMdNX2WzgDltDe+FxiKYZ19UP8Zdj2yraxArQK:ztx86Le8pE2kNZdHRWPdNTeljx34DbdP

Score

6^/10

Malware Config

Signatures

Declares broadcast receivers with permission to handle system events 1 IoCs

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Declares services with permission to bind to the system 2 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE
Required by input method services to bind with the system. Allows apps to provide custom input methods (keyboards).	android.permission.BIND_INPUT_METHOD

Requests dangerous framework permissions 10 IoCs

description	ioc
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES

Files

44cb9a9fe1ec9eb0ad20b2bbd6c4081d5c72f4bcad038077cecb4a1d13de46a6.zip
.zip

Password: infected
44cb9a9fe1ec9eb0ad20b2bbd6c4081d5c72f4bcad038077cecb4a1d13de46a6
.apk android

Password: infected

com.quitimias.du

com.quitimias.سᵎʻᵢٴʻʾ艾ٴᵢ诶ﹶٴ匚ىʻلれᵎれسᵎʾˏᵔ吉ᵔᵔʼˈʽˏىᵢﹶﹳفʼי比ععـˏˑˎˋ卄ᵎʼ2.ق西تˆسモلᴵلˆ尺ˉˏʻˆˎᵢ工ᵎˈᵎننˈⁱˎي娜ˎﾞʿ娜ˏᵎا工ʾˈי娜ᵎˉﾞٴムقˏˎ弗ʽ20

Activities

com.quitimias.سᵎʻᵢٴʻʾ艾ٴᵢ诶ﹶٴ匚ىʻلれᵎれسᵎʾˏᵔ吉ᵔᵔʼˈʽˏىᵢﹶﹳفʼי比ععـˏˑˎˋ卄ᵎʼ2.ق西تˆسモلᴵلˆ尺ˉˏʻˆˎᵢ工ᵎˈᵎننˈⁱˎي娜ˎﾞʿ娜ˏᵎا工ʾˈי娜ᵎˉﾞٴムقˏˎ弗ʽ20

android.intent.action.VIEW

com.quitimias.سᵎʻᵢٴʻʾ艾ٴᵢ诶ﹶٴ匚ىʻلれᵎれسᵎʾˏᵔ吉ᵔᵔʼˈʽˏىᵢﹶﹳفʼי比ععـˏˑˎˋ卄ᵎʼ2.ˎٴˉخˋاᵎ匕ᵢˊʾˉʿᵎ匕تˈ诶ʾف尺ᐧちʼˆᵢسٴ弗ʿʼᴵ弗ʽʿʿغᵢᵢعᵢʾˈ尺ـʿʿˋاᵔ14_CA

xyz

Permissions

android.permission.SET_WALLPAPER
android.permission.READ_SMS
android.permission.READ_CONTACTS
android.permission.GET_ACCOUNTS
android.permission.CAMERA
android.permission.RECORD_AUDIO
android.permission.DISABLE_KEYGUARD
android.permission.FOREGROUND_SERVICE
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.INTERNET
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_PHONE_STATE
android.permission.WAKE_LOCK
com.android.alarm.permission.SET_ALARM
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
com.android.launcher.permission.INSTALL_SHORTCUT
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.REQUEST_DELETE_PACKAGES
android.permission.USE_FULL_SCREEN_INTENT

Receivers

com.quitimias.哦عˏᵢ艾娜ˋᴵعاٴٴقس艾ﹳ艾ˏㄚᴵᐧﹶٴٴʻ尺ᴵʾˏʿ丹تتˑʿ哦ʿ诶ٴىᵔ艾ˋـᐧلㄥ娜ـي5.SensorRestarterBroadcastReceiver

RestartSensor

com.quitimias.哦عˏᵢ艾娜ˋᴵعاٴٴقس艾ﹳ艾ˏㄚᴵᐧﹶٴٴʻ尺ᴵʾˏʿ丹تتˑʿ哦ʿ诶ٴىᵔ艾ˋـᐧلㄥ娜ـي5.יʼˑˈˆʾٴ匕ˈיᴵفبᵢ哦ﹳٴ吉ˆاʾʿᵔللれ比ⁱٴʾ丹ٴ尺艾ˋˎﾞˉسخلىʾ丹ちٴᵔىˑי7

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
android.intent.action.USER_PRESENT
android.intent.action.LOCKED_BOOT_COMPLETED

com.quitimias.哦عˏᵢ艾娜ˋᴵعاٴٴقس艾ﹳ艾ˏㄚᴵᐧﹶٴٴʻ尺ᴵʾˏʿ丹تتˑʿ哦ʿ诶ٴىᵔ艾ˋـᐧلㄥ娜ـي5.ˎٴˉخˋاᵎ匕ᵢˊʾˉʿᵎ匕تˈ诶ʾف尺ᐧちʼˆᵢسٴ弗ʿʼᴵ弗ʽʿʿغᵢᵢعᵢʾˈ尺ـʿʿˋاᵔ14_RC

android.intent.action.PACKAGE_INSTALL
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED
android.intent.action.PACKAGE_CHANGED

com.quitimias.哦عˏᵢ艾娜ˋᴵعاٴٴقس艾ﹳ艾ˏㄚᴵᐧﹶٴٴʻ尺ᴵʾˏʿ丹تتˑʿ哦ʿ诶ٴىᵔ艾ˋـᐧلㄥ娜ـي5.יʼˑˈˆʾٴ匕ˈיᴵفبᵢ哦ﹳٴ吉ˆاʾʿᵔللれ比ⁱٴʾ丹ٴ尺艾ˋˎﾞˉسخلىʾ丹ちٴᵔىˑי74

android.intent.action.SCREEN_ON
android.intent.action.SCREEN_OFF
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.Intent.ACTION_USER_PRESENT
android.intent.action.USER_PRESENT

com.quitimias.سᵎʻᵢٴʻʾ艾ٴᵢ诶ﹶٴ匚ىʻلれᵎれسᵎʾˏᵔ吉ᵔᵔʼˈʽˏىᵢﹶﹳفʼי比ععـˏˑˎˋ卄ᵎʼ2.れلاʼれ工ʾةʼˑٴ诶ʻˎفʼᴵˎ丹ˏˋモˋᴵلʻʾᵢʿˑᵎثˎᵢـᵢىثˉˏقش匕ˉיاˎᵢـ诶33

android.intent.action.PHONE_STATE
android.intent.action.NEW_OUTGOING_CALL

com.quitimias.哦عˏᵢ艾娜ˋᴵعاٴٴقس艾ﹳ艾ˏㄚᴵᐧﹶٴٴʻ尺ᴵʾˏʿ丹تتˑʿ哦ʿ诶ٴىᵔ艾ˋـᐧلㄥ娜ـي5.יʼˑˈˆʾٴ匕ˈיᴵفبᵢ哦ﹳٴ吉ˆاʾʿᵔللれ比ⁱٴʾ丹ٴ尺艾ˋˎﾞˉسخلىʾ丹ちٴᵔىˑי7_AR

android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.ACTION_PASSWORD_CHANGED
android.app.action.ACTION_PASSWORD_FAILED
android.app.action.ACTION_PASSWORD_SUCCEEDED

Services

com.quitimias.ᵔثᵔىちᵢقᵢˑﹶﹳˋٴちʾˋʻㄚʾちˏˋʾﹳقﹶᵎﹳعˑٴ匕弗哦ـˉˎ艾ᵢʾᐧˎنىˉᴵʾشʾق3.יʼˑˈˆʾٴ匕ˈיᴵفبᵢ哦ﹳٴ吉ˆاʾʿᵔللれ比ⁱٴʾ丹ٴ尺艾ˋˎﾞˉسخلىʾ丹ちٴᵔىˑי72

android.accessibilityservice.AccessibilityService

com.quitimias.ᵔثᵔىちᵢقᵢˑﹶﹳˋٴちʾˋʻㄚʾちˏˋʾﹳقﹶᵎﹳعˑٴ匕弗哦ـˉˎ艾ᵢʾᐧˎنىˉᴵʾشʾق3.SimpleIME

android.view.InputMethod

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

com.quitimias.du

com.quitimias.سᵎʻᵢٴʻʾ艾ٴᵢ诶ﹶٴ匚ىʻلれᵎれسᵎʾˏᵔ吉ᵔᵔʼˈʽˏىᵢﹶﹳفʼי比ععـˏˑˎˋ卄ᵎʼ2.ق西تˆسモلᴵلˆ尺ˉˏʻˆˎᵢ工ᵎˈᵎننˈⁱˎي娜ˎﾞʿ娜ˏᵎا工ʾˈי娜ᵎˉﾞٴムقˏˎ弗ʽ20

Activities

com.quitimias.سᵎʻᵢٴʻʾ艾ٴᵢ诶ﹶٴ匚ىʻلれᵎれسᵎʾˏᵔ吉ᵔᵔʼˈʽˏىᵢﹶﹳفʼי比ععـˏˑˎˋ卄ᵎʼ2.ق西تˆسモلᴵلˆ尺ˉˏʻˆˎᵢ工ᵎˈᵎننˈⁱˎي娜ˎﾞʿ娜ˏᵎا工ʾˈי娜ᵎˉﾞٴムقˏˎ弗ʽ20

com.quitimias.سᵎʻᵢٴʻʾ艾ٴᵢ诶ﹶٴ匚ىʻلれᵎれسᵎʾˏᵔ吉ᵔᵔʼˈʽˏىᵢﹶﹳفʼי比ععـˏˑˎˋ卄ᵎʼ2.ˎٴˉخˋاᵎ匕ᵢˊʾˉʿᵎ匕تˈ诶ʾف尺ᐧちʼˆᵢسٴ弗ʿʼᴵ弗ʽʿʿغᵢᵢعᵢʾˈ尺ـʿʿˋاᵔ14_CA

Permissions

Receivers

com.quitimias.哦عˏᵢ艾娜ˋᴵعاٴٴقس艾ﹳ艾ˏㄚᴵᐧﹶٴٴʻ尺ᴵʾˏʿ丹تتˑʿ哦ʿ诶ٴىᵔ艾ˋـᐧلㄥ娜ـي5.SensorRestarterBroadcastReceiver

com.quitimias.哦عˏᵢ艾娜ˋᴵعاٴٴقس艾ﹳ艾ˏㄚᴵᐧﹶٴٴʻ尺ᴵʾˏʿ丹تتˑʿ哦ʿ诶ٴىᵔ艾ˋـᐧلㄥ娜ـي5.יʼˑˈˆʾٴ匕ˈיᴵفبᵢ哦ﹳٴ吉ˆاʾʿᵔللれ比ⁱٴʾ丹ٴ尺艾ˋˎﾞˉسخلىʾ丹ちٴᵔىˑי7

com.quitimias.哦عˏᵢ艾娜ˋᴵعاٴٴقس艾ﹳ艾ˏㄚᴵᐧﹶٴٴʻ尺ᴵʾˏʿ丹تتˑʿ哦ʿ诶ٴىᵔ艾ˋـᐧلㄥ娜ـي5.ˎٴˉخˋاᵎ匕ᵢˊʾˉʿᵎ匕تˈ诶ʾف尺ᐧちʼˆᵢسٴ弗ʿʼᴵ弗ʽʿʿغᵢᵢعᵢʾˈ尺ـʿʿˋاᵔ14_RC

com.quitimias.哦عˏᵢ艾娜ˋᴵعاٴٴقس艾ﹳ艾ˏㄚᴵᐧﹶٴٴʻ尺ᴵʾˏʿ丹تتˑʿ哦ʿ诶ٴىᵔ艾ˋـᐧلㄥ娜ـي5.יʼˑˈˆʾٴ匕ˈיᴵفبᵢ哦ﹳٴ吉ˆاʾʿᵔللれ比ⁱٴʾ丹ٴ尺艾ˋˎﾞˉسخلىʾ丹ちٴᵔىˑי74

com.quitimias.سᵎʻᵢٴʻʾ艾ٴᵢ诶ﹶٴ匚ىʻلれᵎれسᵎʾˏᵔ吉ᵔᵔʼˈʽˏىᵢﹶﹳفʼי比ععـˏˑˎˋ卄ᵎʼ2.れلاʼれ工ʾةʼˑٴ诶ʻˎفʼᴵˎ丹ˏˋモˋᴵلʻʾᵢʿˑᵎثˎᵢـᵢىثˉˏقش匕ˉיاˎᵢـ诶33

com.quitimias.哦عˏᵢ艾娜ˋᴵعاٴٴقس艾ﹳ艾ˏㄚᴵᐧﹶٴٴʻ尺ᴵʾˏʿ丹تتˑʿ哦ʿ诶ٴىᵔ艾ˋـᐧلㄥ娜ـي5.יʼˑˈˆʾٴ匕ˈיᴵفبᵢ哦ﹳٴ吉ˆاʾʿᵔللれ比ⁱٴʾ丹ٴ尺艾ˋˎﾞˉسخلىʾ丹ちٴᵔىˑי7_AR

Services

com.quitimias.ᵔثᵔىちᵢقᵢˑﹶﹳˋٴちʾˋʻㄚʾちˏˋʾﹳقﹶᵎﹳعˑٴ匕弗哦ـˉˎ艾ᵢʾᐧˎنىˉᴵʾشʾق3.יʼˑˈˆʾٴ匕ˈיᴵفبᵢ哦ﹳٴ吉ˆاʾʿᵔللれ比ⁱٴʾ丹ٴ尺艾ˋˎﾞˉسخلىʾ丹ちٴᵔىˑי72

com.quitimias.ᵔثᵔىちᵢقᵢˑﹶﹳˋٴちʾˋʻㄚʾちˏˋʾﹳقﹶᵎﹳعˑٴ匕弗哦ـˉˎ艾ᵢʾᐧˎنىˉᴵʾشʾق3.SimpleIME