bfc0226332978216a1a042c8422fb26073fca4d390c71502a5c505fab38ccb05[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

bfc0226332978216a1a042c8422fb26073fca4d390c71502a5c505fab38ccb05.zip
Size

5.6MB
MD5

3abd343ac274982d80ba27092d44f3b2
SHA1

4edb5e98e4974c16dc8f763c6a30779b585713b9
SHA256

fe1c1a09177279d5931e2740476ad4b0f102cf6f926385c5f6003f61383c7fbb
SHA512

3e31a505b25cdf968473411d270b3666a0b4b324e3ab301256293ef262d2cca917562e30ffbb16730e323032d52e4ac99c6353b28ee6a727d80984ca931a661a
SSDEEP

98304:AC8DbhqEy2R/qlRccEskCk5Nikwun/o4oepGf8U+v5PNQxx8cM2gqG/XaUm:7MhqEy2RClhEDxNie80dQxx2Xr/XaUm

Score

6^/10

Malware Config

Signatures

Declares broadcast receivers with permission to handle system events 1 IoCs

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Declares services with permission to bind to the system 2 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE
Required by input method services to bind with the system. Allows apps to provide custom input methods (keyboards).	android.permission.BIND_INPUT_METHOD

Requests dangerous framework permissions 9 IoCs

description	ioc
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES

Files

bfc0226332978216a1a042c8422fb26073fca4d390c71502a5c505fab38ccb05.zip
.zip

Password: infected
bfc0226332978216a1a042c8422fb26073fca4d390c71502a5c505fab38ccb05
.apk android

Password: infected

com.inpowerhelp.co

com.inpowerhelp.ちٴسسᵎق∪ʻʻˏٴʾˈʿٴʾناʿᴵ下ˎﹳˈˏـˆتˈʼʻיخˎʼ尺ˉ工ʼˊᵎ伊ⁱˈﾞˉᵢٴᵎʾ2.ˋᐧ伊ᵔ吉ٴˋˋﾞʼʾᵢʿʿʼ诶ˑʻˊ丹יٴᵔﾞᴵˈن吉娜لｊ比艾יˎᵔᵢᴵٴᵔちٴʿيˏʼ艾ˎ尺ｊ20

Activities

com.inpowerhelp.ちٴسسᵎق∪ʻʻˏٴʾˈʿٴʾناʿᴵ下ˎﹳˈˏـˆتˈʼʻיخˎʼ尺ˉ工ʼˊᵎ伊ⁱˈﾞˉᵢٴᵎʾ2.ˋᐧ伊ᵔ吉ٴˋˋﾞʼʾᵢʿʿʼ诶ˑʻˊ丹יٴᵔﾞᴵˈن吉娜لｊ比艾יˎᵔᵢᴵٴᵔちٴʿيˏʼ艾ˎ尺ｊ20

android.intent.action.VIEW

com.inpowerhelp.ちٴسسᵎق∪ʻʻˏٴʾˈʿٴʾناʿᴵ下ˎﹳˈˏـˆتˈʼʻיخˎʼ尺ˉ工ʼˊᵎ伊ⁱˈﾞˉᵢٴᵎʾ2.丹عاᵢ比ˎ杰ˉﹶسˎ娜ـʿغʼˎﹳʿʾ哦ʻᵎﹶᵔˆي诶ʻ娜ˉｊˈʽˋ匕ʻʿˈיᵢᴵﹳᵎˋㄚʾلاʾ14_CA

xyz

Permissions

android.permission.SET_WALLPAPER
android.permission.READ_SMS
android.permission.READ_CONTACTS
android.permission.CAMERA
android.permission.RECORD_AUDIO
android.permission.DISABLE_KEYGUARD
android.permission.FOREGROUND_SERVICE
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.INTERNET
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_PHONE_STATE
android.permission.WAKE_LOCK
com.android.alarm.permission.SET_ALARM
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
com.android.launcher.permission.INSTALL_SHORTCUT
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.REQUEST_DELETE_PACKAGES
android.permission.USE_FULL_SCREEN_INTENT

Receivers

com.inpowerhelp.ʾﹶﾞｊˏـ下工诶匚ᵢᵎ诶ن吉ʼقﹶˏ杰ᵔ诶ʿﹳقʾʾちلˑˆ尺ᐧᵎق吉れיˎᵢعˏغʾˏㄥʾا丹ٴ5.SensorRestarterBroadcastReceiver

RestartSensor

com.inpowerhelp.ʾﹶﾞｊˏـ下工诶匚ᵢᵎ诶ن吉ʼقﹶˏ杰ᵔ诶ʿﹳقʾʾちلˑˆ尺ᐧᵎق吉れיˎᵢعˏغʾˏㄥʾا丹ٴ5.∪ʾلقى丹ﹶفᴵˎـ工ᵔﹳˋفʿˋسʾˎˎسˋاᵢㄥʿʾちˎｊˋ吉匚ʿٴخ匚ᴵعﹶىٴˎ诶ثاˋᵢ7

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
android.intent.action.USER_PRESENT
android.intent.action.LOCKED_BOOT_COMPLETED

com.inpowerhelp.ʾﹶﾞｊˏـ下工诶匚ᵢᵎ诶ن吉ʼقﹶˏ杰ᵔ诶ʿﹳقʾʾちلˑˆ尺ᐧᵎق吉れיˎᵢعˏغʾˏㄥʾا丹ٴ5.丹عاᵢ比ˎ杰ˉﹶسˎ娜ـʿغʼˎﹳʿʾ哦ʻᵎﹶᵔˆي诶ʻ娜ˉｊˈʽˋ匕ʻʿˈיᵢᴵﹳᵎˋㄚʾلاʾ14_RC

android.intent.action.PACKAGE_INSTALL
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED
android.intent.action.PACKAGE_CHANGED

com.inpowerhelp.ʾﹶﾞｊˏـ下工诶匚ᵢᵎ诶ن吉ʼقﹶˏ杰ᵔ诶ʿﹳقʾʾちلˑˆ尺ᐧᵎق吉れיˎᵢعˏغʾˏㄥʾا丹ٴ5.∪ʾلقى丹ﹶفᴵˎـ工ᵔﹳˋفʿˋسʾˎˎسˋاᵢㄥʿʾちˎｊˋ吉匚ʿٴخ匚ᴵعﹶىٴˎ诶ثاˋᵢ74

android.intent.action.SCREEN_ON
android.intent.action.SCREEN_OFF
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.Intent.ACTION_USER_PRESENT
android.intent.action.USER_PRESENT

com.inpowerhelp.ちٴسسᵎق∪ʻʻˏٴʾˈʿٴʾناʿᴵ下ˎﹳˈˏـˆتˈʼʻיخˎʼ尺ˉ工ʼˊᵎ伊ⁱˈﾞˉᵢٴᵎʾ2.سיちᵎاʼلـٴʿعˈ比ᐧﹶ哦ˎᐧˉ乃ˋᵢˏـˎˈʻبʾˈʾᵢق尺ʾˉنىᐧثˋﹳᵎיˋᵎ弗ᵔʻˑ33

android.intent.action.PHONE_STATE
android.intent.action.NEW_OUTGOING_CALL

com.inpowerhelp.ʾﹶﾞｊˏـ下工诶匚ᵢᵎ诶ن吉ʼقﹶˏ杰ᵔ诶ʿﹳقʾʾちلˑˆ尺ᐧᵎق吉れיˎᵢعˏغʾˏㄥʾا丹ٴ5.∪ʾلقى丹ﹶفᴵˎـ工ᵔﹳˋفʿˋسʾˎˎسˋاᵢㄥʿʾちˎｊˋ吉匚ʿٴخ匚ᴵعﹶىٴˎ诶ثاˋᵢ7_AR

android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.ACTION_PASSWORD_CHANGED
android.app.action.ACTION_PASSWORD_FAILED
android.app.action.ACTION_PASSWORD_SUCCEEDED

Services

com.inpowerhelp.ʾـقᵢ下ـٴـʿفʻ艾ʾˏـʾˎاˎˑちةᵢىי匕ʿـᵎˏʿٴسˏتᵔٴʻʾﾞˉٴˆʾˏˋˋˎʾᵔ3.∪ʾلقى丹ﹶفᴵˎـ工ᵔﹳˋفʿˋسʾˎˎسˋاᵢㄥʿʾちˎｊˋ吉匚ʿٴخ匚ᴵعﹶىٴˎ诶ثاˋᵢ72

android.accessibilityservice.AccessibilityService

com.inpowerhelp.ʾـقᵢ下ـٴـʿفʻ艾ʾˏـʾˎاˎˑちةᵢىי匕ʿـᵎˏʿٴسˏتᵔٴʻʾﾞˉٴˆʾˏˋˋˎʾᵔ3.SimpleIME

android.view.InputMethod

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

com.inpowerhelp.co

com.inpowerhelp.ちٴسسᵎق∪ʻʻˏٴʾˈʿٴʾناʿᴵ下ˎﹳˈˏـˆتˈʼʻיخˎʼ尺ˉ工ʼˊᵎ伊ⁱˈﾞˉᵢٴᵎʾ2.ˋᐧ伊ᵔ吉ٴˋˋﾞʼʾᵢʿʿʼ诶ˑʻˊ丹יٴᵔﾞᴵˈن吉娜لｊ比艾יˎᵔᵢᴵٴᵔちٴʿيˏʼ艾ˎ尺ｊ20

Activities

com.inpowerhelp.ちٴسسᵎق∪ʻʻˏٴʾˈʿٴʾناʿᴵ下ˎﹳˈˏـˆتˈʼʻיخˎʼ尺ˉ工ʼˊᵎ伊ⁱˈﾞˉᵢٴᵎʾ2.ˋᐧ伊ᵔ吉ٴˋˋﾞʼʾᵢʿʿʼ诶ˑʻˊ丹יٴᵔﾞᴵˈن吉娜لｊ比艾יˎᵔᵢᴵٴᵔちٴʿيˏʼ艾ˎ尺ｊ20

com.inpowerhelp.ちٴسسᵎق∪ʻʻˏٴʾˈʿٴʾناʿᴵ下ˎﹳˈˏـˆتˈʼʻיخˎʼ尺ˉ工ʼˊᵎ伊ⁱˈﾞˉᵢٴᵎʾ2.丹عاᵢ比ˎ杰ˉﹶسˎ娜ـʿغʼˎﹳʿʾ哦ʻᵎﹶᵔˆي诶ʻ娜ˉｊˈʽˋ匕ʻʿˈיᵢᴵﹳᵎˋㄚʾلاʾ14_CA

Permissions

Receivers

com.inpowerhelp.ʾﹶﾞｊˏـ下工诶匚ᵢᵎ诶ن吉ʼقﹶˏ杰ᵔ诶ʿﹳقʾʾちلˑˆ尺ᐧᵎق吉れיˎᵢعˏغʾˏㄥʾا丹ٴ5.SensorRestarterBroadcastReceiver

com.inpowerhelp.ʾﹶﾞｊˏـ下工诶匚ᵢᵎ诶ن吉ʼقﹶˏ杰ᵔ诶ʿﹳقʾʾちلˑˆ尺ᐧᵎق吉れיˎᵢعˏغʾˏㄥʾا丹ٴ5.∪ʾلقى丹ﹶفᴵˎـ工ᵔﹳˋفʿˋسʾˎˎسˋاᵢㄥʿʾちˎｊˋ吉匚ʿٴخ匚ᴵعﹶىٴˎ诶ثاˋᵢ7

com.inpowerhelp.ʾﹶﾞｊˏـ下工诶匚ᵢᵎ诶ن吉ʼقﹶˏ杰ᵔ诶ʿﹳقʾʾちلˑˆ尺ᐧᵎق吉れיˎᵢعˏغʾˏㄥʾا丹ٴ5.丹عاᵢ比ˎ杰ˉﹶسˎ娜ـʿغʼˎﹳʿʾ哦ʻᵎﹶᵔˆي诶ʻ娜ˉｊˈʽˋ匕ʻʿˈיᵢᴵﹳᵎˋㄚʾلاʾ14_RC

com.inpowerhelp.ʾﹶﾞｊˏـ下工诶匚ᵢᵎ诶ن吉ʼقﹶˏ杰ᵔ诶ʿﹳقʾʾちلˑˆ尺ᐧᵎق吉れיˎᵢعˏغʾˏㄥʾا丹ٴ5.∪ʾلقى丹ﹶفᴵˎـ工ᵔﹳˋفʿˋسʾˎˎسˋاᵢㄥʿʾちˎｊˋ吉匚ʿٴخ匚ᴵعﹶىٴˎ诶ثاˋᵢ74

com.inpowerhelp.ちٴسسᵎق∪ʻʻˏٴʾˈʿٴʾناʿᴵ下ˎﹳˈˏـˆتˈʼʻיخˎʼ尺ˉ工ʼˊᵎ伊ⁱˈﾞˉᵢٴᵎʾ2.سיちᵎاʼلـٴʿعˈ比ᐧﹶ哦ˎᐧˉ乃ˋᵢˏـˎˈʻبʾˈʾᵢق尺ʾˉنىᐧثˋﹳᵎיˋᵎ弗ᵔʻˑ33

com.inpowerhelp.ʾﹶﾞｊˏـ下工诶匚ᵢᵎ诶ن吉ʼقﹶˏ杰ᵔ诶ʿﹳقʾʾちلˑˆ尺ᐧᵎق吉れיˎᵢعˏغʾˏㄥʾا丹ٴ5.∪ʾلقى丹ﹶفᴵˎـ工ᵔﹳˋفʿˋسʾˎˎسˋاᵢㄥʿʾちˎｊˋ吉匚ʿٴخ匚ᴵعﹶىٴˎ诶ثاˋᵢ7_AR

Services

com.inpowerhelp.ʾـقᵢ下ـٴـʿفʻ艾ʾˏـʾˎاˎˑちةᵢىי匕ʿـᵎˏʿٴسˏتᵔٴʻʾﾞˉٴˆʾˏˋˋˎʾᵔ3.∪ʾلقى丹ﹶفᴵˎـ工ᵔﹳˋفʿˋسʾˎˎسˋاᵢㄥʿʾちˎｊˋ吉匚ʿٴخ匚ᴵعﹶىٴˎ诶ثاˋᵢ72

com.inpowerhelp.ʾـقᵢ下ـٴـʿفʻ艾ʾˏـʾˎاˎˑちةᵢىי匕ʿـᵎˏʿٴسˏتᵔٴʻʾﾞˉٴˆʾˏˋˋˎʾᵔ3.SimpleIME