antidot | f650d333d32fce85a906bded4fc57213c90052b08f9ace1c0cca5e658eeb7432[.]bin

General

Target

f650d333d32fce85a906bded4fc57213c90052b08f9ace1c0cca5e658eeb7432.bin
Size

2.9MB
MD5

eb252a58ad9b57f0a570ae558acc2944
SHA1

c29cff7b0613440d721bd2aeb28136df6360720a
SHA256

f650d333d32fce85a906bded4fc57213c90052b08f9ace1c0cca5e658eeb7432
SHA512

26fa710f68231309c43013d62266319bfca20590cbc76ea7b399cfc7208da6c53fb13d2a06134ebe907c094cc18b555c5a47d48c12184c587f1c6efec13e8c93
SSDEEP

49152:gSwIWI9ccWpr8U5qMxPZSpp/QtcnHJtLQAj7iXVDuWVcT+BFkcGZplDesZ8RygCf:FwInccW2xvpRQmHca7QbVTBFkVrp7RTb

Score

10^/10

antidot

Malware Config

Signatures

Antidot family
antidot

Antidot payload 3 IoCs

Processes:

resource	yara_rule
sample	family_antidot
static1/unpack001/xuwexi	family_antidot
static1/unpack001/xuwexi	family_antidot

Declares services with permission to bind to the system 3 IoCs

Processes:

description	ioc
Required by call screening services to bind with the system. Allows apps to filter and manage incoming phone calls.	android.permission.BIND_SCREENING_SERVICE
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE
Required by autofill services to bind with the system. Allows apps to autofill information in forms.	android.permission.BIND_AUTOFILL_SERVICE

Requests dangerous framework permissions 1 IoCs

Processes:

description	ioc
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES

Files

f650d333d32fce85a906bded4fc57213c90052b08f9ace1c0cca5e658eeb7432.bin
.apk android

com.pasinawuwi.print

com.pasinawuwi.print.KtVepsgyPGq

Activities

com.pasinawuwi.print.PjCSNPfcQp

gVbLJlac

com.pasinawuwi.print.KtVepsgyPGq

android.intent.action.MAIN

Permissions

android.permission.CREDENTIAL_MANAGER_SET_ORIGIN
android.permission.CHANGE_WIFI_STATE
android.permission.QUERY_ALL_PACKAGES
android.permission.TRANSMIT_IR
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.WAKE_LOCK
android.permission.ACCESS_NETWORK_STATE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.FOREGROUND_SERVICE
com.pasinawuwi.print.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

Receivers

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

androidx.work.impl.diagnostics.DiagnosticsReceiver

androidx.work.diagnostics.REQUEST_DIAGNOSTICS

androidx.profileinstaller.ProfileInstallReceiver

androidx.profileinstaller.action.INSTALL_PROFILE
androidx.profileinstaller.action.SKIP_FILE
androidx.profileinstaller.action.SAVE_PROFILE
androidx.profileinstaller.action.BENCHMARK_OPERATION

Services
xuwexi
.apk android

com.civexefati.output

com.civexefati.output.NUJlaZESqfS

Activities

com.civexefati.output.nmevgbdmcvhngekb

android.intent.action.SEND
android.intent.action.SENDTO

com.civexefati.output.NUJlaZESqfS

android.intent.action.MAIN

Permissions

android.permission.WAKE_LOCK
android.permission.READ_PHONE_STATE
android.permission.SEND_SMS
android.permission.CALL_PHONE
android.permission.READ_SMS
android.permission.CHANGE_WIFI_STATE
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.READ_PHONE_NUMBERS
android.permission.POST_NOTIFICATIONS
android.permission.READ_CONTACTS
com.android.launcher.permission.INSTALL_SHORTCUT
android.permission.RECEIVE_SMS
android.permission.FOREGROUND_SERVICE
android.permission.QUERY_ALL_PACKAGES
android.permission.FOREGROUND_SERVICE_MEDIA_PROJECTION
android.permission.ACCESS_NETWORK_STATE
android.permission.QUICKBOOT_POWERON
android.permission.MANAGE_OWN_CALLS
android.permission.CAMERA
android.permission.SYSTEM_ALERT_WINDOW
android.permission.REQUEST_DELETE_PACKAGES
android.permission.INTERNET
android.permission.SET_WALLPAPER
android.permission.ACCESS_NOTIFICATION_POLICY
android.permission.CREDENTIAL_MANAGER_SET_ALLOWED_PROVIDERS
android.permission.RECEIVE_BOOT_COMPLETED
com.civexefati.output.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

Receivers

com.civexefati.output.wuxuheyvmk

android.provider.Telephony.WAP_PUSH_DELIVER

com.civexefati.output.xwbSjRudeVbp

android.provider.Telephony.SMS_RECEIVED
android.provider.Telephony.SMS_DELIVER

com.civexefati.output.YoGUAJiTcMpWUKX

android.intent.action.BOOT_COMPLETED
android.intent.action.PHONE_STATE

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

androidx.work.impl.diagnostics.DiagnosticsReceiver

androidx.work.diagnostics.REQUEST_DIAGNOSTICS

androidx.profileinstaller.ProfileInstallReceiver

androidx.profileinstaller.action.INSTALL_PROFILE
androidx.profileinstaller.action.SKIP_FILE
androidx.profileinstaller.action.SAVE_PROFILE
androidx.profileinstaller.action.BENCHMARK_OPERATION

Services

com.civexefati.output.rSdMhXuSft

android.telecom.CallScreeningService

com.civexefati.output.bAXlZKaxwCVqz

android.accessibilityservice.AccessibilityService

com.civexefati.output.rzybVzjfcAH

android.service.autofill.AutofillService

com.civexefati.output.evlyynjjfjfigaio

android.intent.action.RESPOND_VIA_MESSAGE

Android Permissions

f650d333d32fce85a906bded4fc57213c90052b08f9ace1c0cca5e658eeb7432.bin

Permissions

android.permission.CREDENTIAL_MANAGER_SET_ORIGIN

android.permission.CHANGE_WIFI_STATE

android.permission.QUERY_ALL_PACKAGES

android.permission.TRANSMIT_IR

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.WAKE_LOCK

android.permission.ACCESS_NETWORK_STATE

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.FOREGROUND_SERVICE

com.pasinawuwi.print.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

Sharing

General

Malware Config

Signatures

Files

com.pasinawuwi.print

com.pasinawuwi.print.KtVepsgyPGq

Activities

com.pasinawuwi.print.PjCSNPfcQp

com.pasinawuwi.print.KtVepsgyPGq

Permissions

Receivers

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.diagnostics.DiagnosticsReceiver

androidx.profileinstaller.ProfileInstallReceiver

Services

com.civexefati.output

com.civexefati.output.NUJlaZESqfS

Activities

com.civexefati.output.nmevgbdmcvhngekb

com.civexefati.output.NUJlaZESqfS

Permissions

Receivers

com.civexefati.output.wuxuheyvmk

com.civexefati.output.xwbSjRudeVbp

com.civexefati.output.YoGUAJiTcMpWUKX

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.diagnostics.DiagnosticsReceiver

androidx.profileinstaller.ProfileInstallReceiver

Services

com.civexefati.output.rSdMhXuSft

com.civexefati.output.bAXlZKaxwCVqz

com.civexefati.output.rzybVzjfcAH

com.civexefati.output.evlyynjjfjfigaio

Android Permissions

f650d333d32fce85a906bded4fc57213c90052b08f9ace1c0cca5e658eeb7432.bin