e6201688b06dd16ef03ec0ccfbb34ef0[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

e6201688b06dd16ef03ec0ccfbb34ef0.bin
Size

28.1MB
MD5

9ef77aaab03c83acee413a9fad0bf028
SHA1

b32577f4818ae47d4386d1bb777a352441178da3
SHA256

0dea34abd3141cb62112cabe4659f6567677e85aad833859966f9fd84fcff806
SHA512

935387d1a5dd5770b191afef7495616f1859d296d4a3215be8ac2167e3ae72dbd3c614b159278e653ee761a48d7287a199f8cc766799ea99c8800933955c90be
SSDEEP

786432:se5Rw3hhYey9+Pbd/WyviTQ+fX+56RIuLghdBItF5pl:dWhi19ADvH+fXceBshdWXD

Score

6^/10

Malware Config

Signatures

Declares services with permission to bind to the system 1 IoCs

description	ioc
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device.	android.permission.BIND_NOTIFICATION_LISTENER_SERVICE

Requests dangerous framework permissions 12 IoCs

description	ioc
Allows an application to read the user's call log.	android.permission.READ_CALL_LOG
Allows applications to use exact alarm APIs.	android.permission.SCHEDULE_EXACT_ALARM
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows the app to answer an incoming phone call.	android.permission.ANSWER_PHONE_CALLS
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE

Files

e6201688b06dd16ef03ec0ccfbb34ef0.bin
.zip

Password: infected
fc836e62e63523adbceb1b3aab40548143308778bc1c81a0298c25dfa9623590.apk
.apk android arch:arm64

Password: infected

com.heytap.themestore

com.nearme.themespace.activities.ThemeActivity

Activities

com.nearme.themespace.activities.ThemeActivity

android.intent.action.MAIN

com.nearme.themespace.detail.ui.activity.ThemeDetailActivity

com.oplus.themestore.action.PREVIEW_THEME
oppo.intent.action.OPPO_PREVIEW_THEME
android.intent.action.SEND

com.nearme.themespace.activities.SettingActivity

oplus.intent.action.APP_SETTINGS
oppo.intent.action.APP_SETTINGS

com.nearme.themespace.framework.common.ui.dialog.statement.StatementWebViewActivity

com.heytap.themestore.action.STATEMENT

com.nearme.themespace.activities.LocalProductListActivity

com.nearme.themespace.SET_THEME
com.oplus.themestore.action.SET_THEME
com.nearme.themespace.SET_WALLPAPER
com.nearme.themespace.SET_WALLPAPER_FROM_BOOT
com.nearme.themespace.SET_FONT
com.oplus.themestore.action.SET_FONT
com.nearme.themespace.SET_LOCK

com.nearme.themespace.activities.SettingIndividuationActivity

com.nearme.themespace.LOCAL_WALLPAPER
com.nearme.themespace.ONLINE_RING

com.nearme.themespace.activities.LocalResourceActivity

com.heytap.themestore.action.LOCAL_RESOURCE

com.nearme.themespace.activities.WallpaperLocalActivity

android.intent.action.SET_WALLPAPER

com.nearme.themespace.activities.SinglePageCardActivity

com.heytap.themestore.action.MORE_WALLPAPER_INDIVIDUATION
com.oplus.themestore.action.MORE_WALLPAPER_INDIVIDUATION
com.heytap.themestore.action.SET_FONT_INDIVIDUATION
com.oplus.themestore.action.SET_FONT_INDIVIDUATION

com.nearme.themespace.push.OPushBridgeActivity

com.nearme.themespace.action.push

com.oplus.oaps.host.deeplink.WebBridgeActivity

android.intent.action.VIEW
com.oppo.main.ACTION_LAUNCH

com.nearme.themespace.activities.InputLandingActivity

com.nearme.themespace.partner.SET_FONT

com.nearme.themespace.activities.ThemeStoreDisableActivity

oplus.intent.action.settings.DISABLE_APP

com.themestore.os_feature.module.boot.WallpaperBootUpActivity

com.heytap.themestore.action.BOOT_UP_WALLPAPER

com.themestore.os_feature.module.recently.RecentlyUsedActivity

com.heytap.themestore.action.RECENTLY_USED_WALLPAPER

com.themestore.os_feature.module.wallpaper.WallpaperLandingPagerActivity

com.heytap.themestore.action.WALLPAPER_LANDING
com.oplus.themestore.action.WALLPAPER_LANDING

com.heytap.uccreditlib.internal.CreditDeepLinkActivity

android.intent.action.VIEW

com.customer.feedback.sdk.activity.FeedbackActivity

com.customer.feedback.START

Permissions

android.permission.READ_CALL_LOG
android.permission.SCHEDULE_EXACT_ALARM
com.opos.overseas.addemo.permission.ACS_SERVICE
com.heytap.themestore.permission.ACS_SERVICE
android.permission.INTERNET
android.permission.WRITE_SECURE_SETTINGS
android.permission.CHANGE_CONFIGURATION
android.permission.INTERNET
android.permission.READ_PHONE_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.ACCESS_NETWORK_STATE
android.permission.SET_WALLPAPER
android.permission.SET_WALLPAPER_HINTS
android.permission.WRITE_SETTINGS
android.permission.SYSTEM_ALERT_WINDOW
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.ACCESS_WIFI_STATE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.INTERACT_ACROSS_USERS
android.permission.MANAGE_USERS
android.permission.GET_TASKS
android.permission.EXPAND_STATUS_BAR
android.permission.STATUS_BAR
android.permission.ACCESS_KEYGUARD_SECURE_STORAGE
android.permission.SET_WALLPAPER_COMPONENT
oplus.permission.OPLUS_COMPONENT_SAFE
android.permission.FORCE_STOP_PACKAGES
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.ACCESS_NOTIFICATION_POLICY
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_CONTACTS
android.permission.ANSWER_PHONE_CALLS
android.permission.CALL_PHONE
android.permission.MANAGE_APP_OPS_MODES
android.permission.QUERY_ALL_PACKAGES
com.android.vending.BILLING
com.heytap.themestore.permission.RECIEVE_MCS_MESSAGE
com.nearme.mcs.permission.RECIEVE_MCS_MESSAGE
com.heytap.mcs.permission.RECIEVE_MCS_MESSAGE
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.WAKE_LOCK
com.oplus.permission.safe.SAU
heytap.permission.COLORFUL_ENGINE_LWP_COMPONENT_SAFE
com.heytap.mcs.permission.SEND_PUSH_MESSAGE
com.android.launcher.permission.READ_SETTINGS
com.oplus.permission.safe.CONNECTIVITY
com.oplus.permission.safe.BACKUP
com.heytap.themestore.INSTALL_PACKAGES
android.permission.FOREGROUND_SERVICE
com.oplus.wallpapers.permission.GET_WALLPAPER_HISTORIES
oppo.permission.OPPO_COMPONENT_SAFE
com.oppo.permission.safe.SAU
com.oppo.launcher.permission.READ_SETTINGS
com.oppo.permission.safe.CONNECTIVITY
com.coloros.mcs.permission.RECIEVE_MCS_MESSAGE
com.oppo.permission.safe.SETTINGS
oppo.permission.settings.LAUNCH_FOR_EXPORT
com.coloros.wallpapers.permission.GET_WALLPAPER_HISTORIES
com.oplus.permission.safe.SETTINGS
oplus.permission.settings.LAUNCH_FOR_EXPORT
android.permission.SYSTEM_OVERLAY_WINDOW
com.oplus.permission.safe.SECURITY
com.oppo.permission.safe.SECURITY
android.permission.MANAGE_ACCOUNTS
android.permission.USE_CREDENTIALS
com.oneplus.account.READ_ACCOUNT_INFO
android.permission.VIBRATE
com.google.android.gms.permission.AD_ID

Receivers

com.nearme.themespace.receiver.ThemeBizReceiver

android.intent.action.PACKAGE_REPLACED
oplus.intent.action.PACKAGE_REPLACED
oplus.intent.action.PACKAGE_ADDED
oplus.intent.action.OPLUS_OTA_UPDATE_SUCCESSED
oplus.intent.action.OPLUS_RECOVER_UPDATE_SUCCESSED
oppo.intent.action.PACKAGE_REPLACED
oppo.intent.action.PACKAGE_ADDED
oppo.intent.action.OPPO_OTA_UPDATE_SUCCESSED
oppo.intent.action.OPPO_RECOVER_UPDATE_SUCCESSED

com.nearme.themespace.receiver.BootCompletedReceiver

android.intent.action.BOOT_COMPLETED

com.nearme.themespace.download.NotificationReceiver

com.nearme.themespace.action.notification.click
com.nearme.themespace.action.notification.delete

com.nearme.themespace.download.NotificationReceiverLegacy

com.nearme.themespace.action.notification.click
com.nearme.themespace.action.notification.delete

com.nearme.themespace.receiver.OPushMessageReceiver

com.heytap.themestore.action.MCS_MSG_RECEIVER

com.nearme.themespace.download.DownloadStateReceiver

android.intent.action.DOWNLOAD_NOTIFICATION_CLICKED

com.heytap.usercenter.accountsdk.utils.app.UserCenterOperateReceiver

com.heytap.usercenter.account_login
com.heytap.usercenter.account_logout
com.usercenter.action.receiver.SUPPORT_LOGIN

com.nearme.themespace.receiver.LoginEventReceiver

com.heytap.usercenter.account_login
com.heytap.usercenter.account_logout

com.heytap.opnearmesdk.receiver.OPAccountReceiver

com.onplus.account.oplus.login.broadcast

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

androidx.work.impl.diagnostics.DiagnosticsReceiver

androidx.work.diagnostics.REQUEST_DIAGNOSTICS

Services

com.nearme.themespace.services.ThemeApplyService

com.nearme.themespace.applytheme

com.nearme.themespace.shared.pictorial.services.ThemeShareService

com.nearme.themespace.shared.pictorial.THEME_SHARE_SERVICE

com.nearme.themespace.push.OPushDataMessageCallbackService

com.heytap.mcs.action.RECEIVE_MCS_MESSAGE
com.heytap.msp.push.RECEIVE_MCS_MESSAGE

com.nearme.themespace.push.OPushCompatibleDataMessageCallbackService

com.coloros.mcs.action.RECEIVE_MCS_MESSAGE

com.nearme.themespace.ring.NotificationMonitorService

android.service.notification.NotificationListenerService

com.nearme.themespace.backup.ThemeStoreBRPluginService

com.oplus.br.service
com.coloros.br.service
com.heytap.br.service

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

com.heytap.themestore

com.nearme.themespace.activities.ThemeActivity

Activities

com.nearme.themespace.activities.ThemeActivity

com.nearme.themespace.detail.ui.activity.ThemeDetailActivity

com.nearme.themespace.activities.SettingActivity

com.nearme.themespace.framework.common.ui.dialog.statement.StatementWebViewActivity

com.nearme.themespace.activities.LocalProductListActivity

com.nearme.themespace.activities.SettingIndividuationActivity

com.nearme.themespace.activities.LocalResourceActivity

com.nearme.themespace.activities.WallpaperLocalActivity

com.nearme.themespace.activities.SinglePageCardActivity

com.nearme.themespace.push.OPushBridgeActivity

com.oplus.oaps.host.deeplink.WebBridgeActivity

com.nearme.themespace.activities.InputLandingActivity

com.nearme.themespace.activities.ThemeStoreDisableActivity

com.themestore.os_feature.module.boot.WallpaperBootUpActivity

com.themestore.os_feature.module.recently.RecentlyUsedActivity

com.themestore.os_feature.module.wallpaper.WallpaperLandingPagerActivity

com.heytap.uccreditlib.internal.CreditDeepLinkActivity

com.customer.feedback.sdk.activity.FeedbackActivity

Permissions

Receivers

com.nearme.themespace.receiver.ThemeBizReceiver

com.nearme.themespace.receiver.BootCompletedReceiver

com.nearme.themespace.download.NotificationReceiver

com.nearme.themespace.download.NotificationReceiverLegacy

com.nearme.themespace.receiver.OPushMessageReceiver

com.nearme.themespace.download.DownloadStateReceiver

com.heytap.usercenter.accountsdk.utils.app.UserCenterOperateReceiver

com.nearme.themespace.receiver.LoginEventReceiver

com.heytap.opnearmesdk.receiver.OPAccountReceiver

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.diagnostics.DiagnosticsReceiver

Services

com.nearme.themespace.services.ThemeApplyService

com.nearme.themespace.shared.pictorial.services.ThemeShareService

com.nearme.themespace.push.OPushDataMessageCallbackService

com.nearme.themespace.push.OPushCompatibleDataMessageCallbackService

com.nearme.themespace.ring.NotificationMonitorService

com.nearme.themespace.backup.ThemeStoreBRPluginService