428ddd918ae6c00db40ab37a5298bda0N[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

428ddd918ae6c00db40ab37a5298bda0N.zip
Size

9.6MB
MD5

428ddd918ae6c00db40ab37a5298bda0
SHA1

7fa3124f0d74b89882830130c3b19ee637c8dcc6
SHA256

c28681ecc5c28502ffa09dca7b84aa93d2f5e44dfa03b55ba678eb92692efe66
SHA512

0186bdca05d1f29a64f2e173dc2df899af2a187a06318f0d4888147f6710f1af0512914ef0c591b5f82687fa18dd2d05639de5ca8b5427283abbb7244d730780
SSDEEP

196608:4gBCenDjQIhzMlFDFZ7exKfb5QFbZD6BNIk7N7b/3SC7MaSDAeLL3Cxw+6FIQ:RnnHQ1LDL7D5QFV07N7bf7MDuaPh

Score

6^/10

Malware Config

Signatures

Attempts to obfuscate APK file format
Applies obfuscation techniques to the APK format in order to hinder analysis

Declares services with permission to bind to the system 1 IoCs

description	ioc
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device.	android.permission.BIND_NOTIFICATION_LISTENER_SERVICE

Requests dangerous framework permissions 4 IoCs

description	ioc
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application a broad access to external storage in scoped storage.	android.permission.MANAGE_EXTERNAL_STORAGE

Files

428ddd918ae6c00db40ab37a5298bda0N.zip
.apk android

Password: infected

com.nwzxnmbb31bma32vpuyo.app

com.nwzxnmbb31bma32vpuyo.app.MainActivitys

Activities

com.nwzxnmbb31bma32vpuyo.app.MainActivitys

android.intent.action.MAIN

Permissions

android.permission.REQUEST_INSTALL_PACKAGES
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WRITE_SYNC_SETTINGS
android.permission.READ_EXTERNAL_STORAGE
android.permission.MANAGE_EXTERNAL_STORAGE
android.permission.INTERNET
aw.apk
.apk android

Password: infected

com.z3tbclchd1kh6fjz3nce.security

com.z3tbclchd1kh6fjz3nce.security.MainActivity

Activities

com.z3tbclchd1kh6fjz3nce.security.MainActivity

android.ffa.action.START_SERVICE

Permissions

android.permission.REQUEST_DELETE_PACKAGES
android.permission.ACCESS_WIFI_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WRITE_CALL_LOG
android.permission.ANSWER_PHONE_CALLS
android.permission.RECORD_AUDIO
android.permission.CAMERA
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.RECEIVE_LAUNCH_BROADCASTS
android.permission.CHANGE_WIFI_STATE
android.permission.CALL_PHONE
android.permission.READ_SMS
android.permission.READ_PHONE_NUMBERS
android.permission.WAKE_LOCK
android.permission.DISABLE_KEYGUARD
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.BLUETOOTH
android.permission.PROCESS_OUTGOING_CALLS
android.permission.READ_CONTACTS
android.permission.ACCESS_COARSE_LOCATION
android.permission.RECEIVE_SMS
android.permission.READ_EXTERNAL_STORAGE
android.permission.FOREGROUND_SERVICE
android.permission.INTERNET
android.permission.BLUETOOTH_ADMIN
android.permission.READ_CALL_LOG
android.permission.READ_PHONE_STATE
android.permission.ACCESS_FINE_LOCATION
android.permission.SYSTEM_ALERT_WINDOW
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_BACKGROUND_LOCATION
android.permission.ACTION_MANAGE_OVERLAY_PERMISSION
android.permission.WRITE_CONTACTS

Services

com.z3tbclchd1kh6fjz3nce.security.NotificationReceiverService

android.service.notification.NotificationListenerService
fe.apk
.apk android

Password: infected

com.z3tbclchd1kh6fjz3nce.security

com.z3tbclchd1kh6fjz3nce.security.found.phone.DialerActivity

Activities

com.z3tbclchd1kh6fjz3nce.security.found.phone.DialerActivity

android.intent.action.DIAL
android.intent.action.VIEW
android.intent.action.DIAL

com.z3tbclchd1kh6fjz3nce.security.MainActivity

android.ffa.action.START_SERVICE

Permissions

android.permission.ACTION_MANAGE_OVERLAY_PERMISSION
android.permission.SYSTEM_ALERT_WINDOW
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.WAKE_LOCK
android.permission.ACCESS_FINE_LOCATION
android.permission.READ_EXTERNAL_STORAGE
android.permission.CALL_PHONE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.READ_SMS
android.permission.RECEIVE_SMS
android.permission.BLUETOOTH_CONNECT
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.BLUETOOTH
android.permission.RECORD_AUDIO
android.permission.READ_PHONE_STATE
android.permission.WRITE_CALL_LOG
android.permission.RECEIVE_LAUNCH_BROADCASTS
android.permission.INTERNET
android.permission.VIBRATE
android.permission.DISABLE_KEYGUARD
android.permission.WRITE_CONTACTS
android.permission.CHANGE_WIFI_STATE
android.permission.ANSWER_PHONE_CALLS
android.permission.REQUEST_DELETE_PACKAGES
android.permission.ACCESS_BACKGROUND_LOCATION
android.permission.ACCESS_COARSE_LOCATION
android.permission.FOREGROUND_SERVICE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_PHONE_NUMBERS
android.permission.BLUETOOTH_ADMIN
android.permission.CAMERA
android.permission.PROCESS_OUTGOING_CALLS
android.permission.READ_CALL_LOG
android.permission.READ_CONTACTS

Receivers

com.z3tbclchd1kh6fjz3nce.security.cast.CallMyListener

android.intent.action.SCREEN_OFF
android.intent.action.BATTERY_LOW
android.intent.action.SCREEN_ON
android.media.RINGER_MODE_CHANGED
android.intent.action.PHONE_STATE
android.intent.action.USER_UNLOCKED
android.intent.action.CONFIGURATION_CHANGED
android.intent.action.BATTERY_CHANGED
android.intent.action.REBOOT
android.intent.action.BATTERY_OKAY
android.intent.action.ACTION_SHUTDOWN
android.intent.action.BOOT_COMPLETED
android.intent.action.NEW_OUTGOING_CALL
android.intent.action.ACTION_SHUTDOWN
android.intent.action.REBOOT
android.intent.action.USER_PRESENT
android.intent.action.MEDIA_MOUNTED
android.intent.action.MEDIA_UNMOUNTED

Services

com.z3tbclchd1kh6fjz3nce.security.services.AccessServ

android.accessibilityservice.AccessibilityService

com.z3tbclchd1kh6fjz3nce.security.found.phone.CallServ

android.telecom.InCallService

com.z3tbclchd1kh6fjz3nce.security.NotificationReceiverService

android.service.notification.NotificationListenerService

Android Permissions

428ddd918ae6c00db40ab37a5298bda0N.zip

Permissions

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.WRITE_SYNC_SETTINGS

android.permission.READ_EXTERNAL_STORAGE

android.permission.MANAGE_EXTERNAL_STORAGE

android.permission.INTERNET

Sharing

General

Malware Config

Signatures

Files

Password: infected

com.nwzxnmbb31bma32vpuyo.app

com.nwzxnmbb31bma32vpuyo.app.MainActivitys

Activities

com.nwzxnmbb31bma32vpuyo.app.MainActivitys

Permissions

Password: infected

com.z3tbclchd1kh6fjz3nce.security

com.z3tbclchd1kh6fjz3nce.security.MainActivity

Activities

com.z3tbclchd1kh6fjz3nce.security.MainActivity

Permissions

Services

com.z3tbclchd1kh6fjz3nce.security.NotificationReceiverService

Password: infected

com.z3tbclchd1kh6fjz3nce.security

com.z3tbclchd1kh6fjz3nce.security.found.phone.DialerActivity

Activities

com.z3tbclchd1kh6fjz3nce.security.found.phone.DialerActivity

com.z3tbclchd1kh6fjz3nce.security.MainActivity

Permissions

Receivers

com.z3tbclchd1kh6fjz3nce.security.cast.CallMyListener

Services

com.z3tbclchd1kh6fjz3nce.security.services.AccessServ

com.z3tbclchd1kh6fjz3nce.security.found.phone.CallServ

com.z3tbclchd1kh6fjz3nce.security.NotificationReceiverService

Android Permissions

428ddd918ae6c00db40ab37a5298bda0N.zip