a0c9d1ca7de98314f894bd408d503acf[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

a0c9d1ca7de98314f894bd408d503acf.bin
Size

74.1MB
MD5

245cdbf32e00d7c68439ae65d2152b16
SHA1

1e6a7f865467f2d4e6653f42345006a1035812b6
SHA256

f7fb5cd882a32b3c2b2738e668e8bfe8c96b0e586ceef53fa22b1b26f8aeb24a
SHA512

e2f22b13bca493514594d9a1f2abef7fea6c6630d3ab52e41ea881bccf5bc8b043146f9a696274721e78f23b05d57f5c3f4025a10de30e56b92b0376bc589227
SSDEEP

1572864:8bK658CSXgbR475l4BuUks6s+BFbzbXpvT9FUCra/XpiRS:878IbR475E+fbJ79F2cY

Score

8^/10

upx

Malware Config

Signatures

Patched UPX-packed file 2 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
static1/unpack001/0dfda904f846f0a999ef1162eed9865df81432780a17890e00de3794f11ba53a.apk	patched_upx
static1/unpack001/0dfda904f846f0a999ef1162eed9865df81432780a17890e00de3794f11ba53a.apk	patched_upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/0dfda904f846f0a999ef1162eed9865df81432780a17890e00de3794f11ba53a.apk	upx
static1/unpack001/0dfda904f846f0a999ef1162eed9865df81432780a17890e00de3794f11ba53a.apk	upx

Declares services with permission to bind to the system 3 IoCs

description	ioc
Required by chooser target services to bind with the system. Allows apps to modify targets that handle user actions.	android.permission.BIND_CHOOSER_TARGET_SERVICE
Required by remote views services to bind with the system. Allows apps to share and display views across different processes.	android.permission.BIND_REMOTEVIEWS
Required by telecom connection services to bind with the system. Allows apps to manage phone call aspects such as call setup and notifications.	android.permission.BIND_TELECOM_CONNECTION_SERVICE

Requests dangerous framework permissions 23 IoCs

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows read access to the device's phone number(s).	android.permission.READ_PHONE_NUMBERS
Required to be able to connect to paired Bluetooth devices.	android.permission.BLUETOOTH_CONNECT
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to access any geographic locations persisted in the user's shared collection.	android.permission.ACCESS_MEDIA_LOCATION
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows applications to use exact alarm APIs.	android.permission.SCHEDULE_EXACT_ALARM
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to read audio files from external storage.	android.permission.READ_MEDIA_AUDIO
Allows an application to read image files from external storage.	android.permission.READ_MEDIA_IMAGES
Allows an application to read video files from external storage.	android.permission.READ_MEDIA_VIDEO
Allows an application to read image or video files from external storage that a user has selected via the permission prompt photo picker.	android.permission.READ_MEDIA_VISUAL_USER_SELECTED
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Required to be able to advertise and connect to nearby devices via Wi-Fi.	android.permission.NEARBY_WIFI_DEVICES
Required to be able to discover and pair nearby Bluetooth devices.	android.permission.BLUETOOTH_SCAN
Required to be able to advertise to nearby Bluetooth devices.	android.permission.BLUETOOTH_ADVERTISE

Files

a0c9d1ca7de98314f894bd408d503acf.bin
.zip

Password: infected
0dfda904f846f0a999ef1162eed9865df81432780a17890e00de3794f11ba53a.apk
.apk android arch:arm64 arch:arm

Password: infected

com.yowhats.software

com.yowhats.software.Main

Activities

androidx.test.core.app.InstrumentationActivityInvoker$BootstrapActivity

android.intent.action.MAIN

androidx.test.core.app.InstrumentationActivityInvoker$EmptyActivity

android.intent.action.MAIN

androidx.test.core.app.InstrumentationActivityInvoker$EmptyFloatingActivity

android.intent.action.MAIN

com.yowhats.software.payments.receiver.IndiaUpiPayIntentReceiverActivity

android.intent.action.VIEW

org.npci.upi.security.pinactivitycomponent.GetCredential

org.npci.upi.security.pinactivitycomponent.GetCredential

com.yowhats.software.migration.export.ui.ExportMigrationActivity

com.yowhats.software.intent.action.migrate.ios.START

com.yowhats.software.xfamily.accountlinking.ui.AccountLinkingWebAuthActivity

android.intent.action.VIEW

com.yowhats.software.VoiceMessagingActivity

com.google.android.voicesearch.SEND_MESSAGE_TO_CONTACTS

com.yowhats.software.accountsync.LoginActivity

android.intent.action.VIEW

com.yowhats.software.accountsync.ProfileActivity

android.intent.action.VIEW

com.yowhats.software.accountsync.CallContactLandingActivity

android.intent.action.VIEW

com.yowhats.software.authentication.AppAuthenticationActivity

android.appwidget.action.APPWIDGET_CONFIGURE

com.yowhats.software.camera.CameraActivity

android.intent.action.CREATE_SHORTCUT

com.yowhats.software.contact.picker.ContactPicker

android.intent.action.PICK
android.intent.action.SEND
android.intent.action.SEND_MULTIPLE
android.intent.action.CREATE_SHORTCUT

com.yowhats.software.Conversation

android.intent.action.VIEW
android.intent.action.SENDTO
com.yowhats.software.Conversation

com.yowhats.software.HomeActivity

android.nfc.action.NDEF_DISCOVERED
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW

com.yowhats.software.Main

android.intent.action.MAIN

com.yowhats.software.identity.IdentityVerificationActivity

android.nfc.action.NDEF_DISCOVERED

com.yowhats.software.identity.ScanQrCodeActivity

android.nfc.action.NDEF_DISCOVERED

com.yowhats.software.registration.verifyphone.VerifyPhoneNumber

android.intent.action.VIEW

com.yowhats.software.settings.SettingsNotifications

android.intent.action.MAIN

com.yowhats.software.settings.SettingsDataUsageActivity

android.intent.action.MANAGE_NETWORK_USAGE

com.whatsapp.stickers.thirdpartystickers.AddThirdPartyStickerPackActivity

com.whatsapp.intent.action.ENABLE_STICKER_PACK

Permissions

android.permission.USE_BIOMETRIC
android.permission.USE_FINGERPRINT
com.yowhats.software.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION
android.permission.REORDER_TASKS
android.permission.WAKE_LOCK
android.permission.ACCESS_NETWORK_STATE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.FOREGROUND_SERVICE
android.permission.INTERNET
com.google.android.providers.gsf.permission.READ_GSERVICES
com.google.android.c2dm.permission.RECEIVE
android.permission.READ_PHONE_STATE
android.permission.READ_PHONE_NUMBERS
android.permission.VIBRATE
android.permission.BLUETOOTH_CONNECT
android.permission.BLUETOOTH
android.permission.FOREGROUND_SERVICE_DATA_SYNC
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_MEDIA_LOCATION
android.permission.ACCESS_WIFI_STATE
android.permission.BROADCAST_STICKY
android.permission.CAMERA
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.FOREGROUND_SERVICE_LOCATION
android.permission.GET_TASKS
android.permission.INSTALL_SHORTCUT
android.permission.MANAGE_ACCOUNTS
android.permission.MANAGE_OWN_CALLS
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.NFC
android.permission.READ_CONTACTS
android.permission.READ_PROFILE
android.permission.READ_SYNC_SETTINGS
android.permission.READ_SYNC_STATS
android.permission.RECORD_AUDIO
android.permission.SCHEDULE_EXACT_ALARM
android.permission.USE_CREDENTIALS
android.permission.WRITE_CONTACTS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.READ_MEDIA_AUDIO
android.permission.READ_MEDIA_IMAGES
android.permission.READ_MEDIA_VIDEO
android.permission.READ_MEDIA_VISUAL_USER_SELECTED
android.permission.POST_NOTIFICATIONS
android.permission.WRITE_SYNC_SETTINGS
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.USE_FULL_SCREEN_INTENT
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.UNINSTALL_SHORTCUT
com.sec.android.provider.badge.permission.READ
com.sec.android.provider.badge.permission.WRITE
com.htc.launcher.permission.READ_SETTINGS
com.htc.launcher.permission.UPDATE_SHORTCUT
com.sonyericsson.home.permission.BROADCAST_BADGE
com.sonymobile.home.permission.PROVIDER_INSERT_BADGE
com.huawei.android.launcher.permission.READ_SETTINGS
com.huawei.android.launcher.permission.WRITE_SETTINGS
com.huawei.android.launcher.permission.CHANGE_BADGE
com.yowhats.software.permission.BROADCAST
com.yowhats.software.permission.MAPS_RECEIVE
com.yowhats.software.permission.REGISTRATION
com.whatsapp.sticker.READ
android.permission.AUTHENTICATE_ACCOUNTS
android.permission.GET_ACCOUNTS
com.google.android.gms.permission.AD_ID
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
android.permission.FOREGROUND_SERVICE_MICROPHONE
android.permission.FOREGROUND_SERVICE_CAMERA
android.permission.FOREGROUND_SERVICE_MEDIA_PROJECTION
android.permission.FOREGROUND_SERVICE_PHONE_CALL
android.permission.NEARBY_WIFI_DEVICES
android.permission.BLUETOOTH_ADMIN
android.permission.BLUETOOTH_SCAN
android.permission.BLUETOOTH_ADVERTISE
com.facebook.services.identity.FEO2
android.permission.RUN_USER_INITIATED_JOBS

Receivers

com.kochava.tracker.legacyreferrer.LegacyReferrerReceiver

com.android.vending.INSTALL_REFERRER

androidx.profileinstaller.ProfileInstallReceiver

androidx.profileinstaller.action.INSTALL_PROFILE
androidx.profileinstaller.action.SKIP_FILE
androidx.profileinstaller.action.SAVE_PROFILE
androidx.profileinstaller.action.BENCHMARK_OPERATION

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

androidx.work.impl.diagnostics.DiagnosticsReceiver

androidx.work.diagnostics.REQUEST_DIAGNOSTICS

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

com.yowhats.software.appwidget.WidgetProvider

android.appwidget.action.APPWIDGET_UPDATE

com.yowhats.software.push.WAFbnsPreloadReceiver

com.facebook.rti.fbns.intent.RECEIVE

com.yowhats.software.systemreceivers.boot.BootReceiver

android.intent.action.BOOT_COMPLETED

com.yowhats.software.systemreceivers.appupdated.AppUpdatedReceiver

android.intent.action.MY_PACKAGE_REPLACED

com.yowhats.software.migration.android.api.DeferredRestoreBroadcastReceiver

com.google.android.apps.pixelmigrate.IOS_APP_DATA_AVAILABLE

com.yowhats.software.otp.OtpRequestedReceiver

com.yowhats.software.otp.OTP_REQUESTED

com.yowhats.software.otp.OtpIdentityHashRequestedReceiver

com.yowhats.software.otp.ID_HASH_REQUESTED

com.yowhats.software.registration.notifications.RegRetryVerificationReceiver

com.yowhats.software.alarm.REGISTRATION_RETRY

com.yowhats.software.registration.notifications.OnboardingIncompleteReceiver

com.yowhats.software.alarm.ONBOARDING_INCOMPLETE

com.yowhats.software.accountswitching.notifications.InactiveAccountNotificationReceiver

com.yowhats.software.accountswitching.inactiveaccount.IgnoreCall

com.yowhats.software.ExternalMediaManager$ExternalMediaStateReceiver

android.intent.action.MEDIA_BAD_REMOVAL
android.intent.action.MEDIA_EJECT
android.intent.action.MEDIA_MOUNTED
android.intent.action.MEDIA_REMOVED
android.intent.action.MEDIA_SHARED
android.intent.action.MEDIA_UNMOUNTED

com.yowhats.software.phoneid.PhoneIdRequestReceiver

com.facebook.GET_PHONE_ID

com.yowhats.software.accounttransfer.AccountTransferReceiver

com.google.android.gms.auth.START_ACCOUNT_EXPORT

com.yowhats.software.registration.directmigration.MigrationProviderOrderedBroadcastReceiver

com.yowhats.software.registration.directmigration.initialMigrationInfoAction
com.yowhats.software.registration.directmigration.recoveryTokenAction
com.yowhats.software.registration.directmigration.setMigrationStateOnProviderSide

com.yowhats.software.registration.directmigration.MigrationRequesterBroadcastReceiver

com.yowhats.software.registration.directmigration.providerIsLoggedOutAction
com.yowhats.software.registration.directmigration.providerAppMigrationSpaceNeededAction

com.yowhats.software.registration.RegistrationCompletedReceiver

com.yowhats.software.SMBRegistrationCompleted

Services

androidx.sharetarget.ChooserTargetServiceCompat

android.service.chooser.ChooserTargetService

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

org.npci.upi.security.pinactivitycomponent.CLRemoteServiceImpl

org.npci.upi.security.services.CLRemoteService

com.yowhats.software.instrumentation.api.InstrumentationService

com.yowhats.software.instrumentation.REQUEST

com.yowhats.software.wearos.WearOsListenerService

com.google.android.gms.wearable.BIND_LISTENER
com.google.android.gms.wearable.MESSAGE_RECEIVED

com.yowhats.software.push.GcmListenerService

com.google.firebase.MESSAGING_EVENT

com.yowhats.software.accountsync.AccountAuthenticatorService

android.accounts.AccountAuthenticator

com.yowhats.software.contact.sync.ContactsSyncAdapterService

android.content.SyncAdapter

com.google.android.gms.metadata.ModuleDependencies

com.google.android.gms.metadata.MODULE_DEPENDENCIES

com.whatsapp.calling.telecom.SelfManagedConnectionService

android.telecom.ConnectionService

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

com.yowhats.software

com.yowhats.software.Main

Activities

androidx.test.core.app.InstrumentationActivityInvoker$BootstrapActivity

androidx.test.core.app.InstrumentationActivityInvoker$EmptyActivity

androidx.test.core.app.InstrumentationActivityInvoker$EmptyFloatingActivity

com.yowhats.software.payments.receiver.IndiaUpiPayIntentReceiverActivity

org.npci.upi.security.pinactivitycomponent.GetCredential

com.yowhats.software.migration.export.ui.ExportMigrationActivity

com.yowhats.software.xfamily.accountlinking.ui.AccountLinkingWebAuthActivity

com.yowhats.software.VoiceMessagingActivity

com.yowhats.software.accountsync.LoginActivity

com.yowhats.software.accountsync.ProfileActivity

com.yowhats.software.accountsync.CallContactLandingActivity

com.yowhats.software.authentication.AppAuthenticationActivity

com.yowhats.software.camera.CameraActivity

com.yowhats.software.contact.picker.ContactPicker

com.yowhats.software.Conversation

com.yowhats.software.HomeActivity

com.yowhats.software.Main

com.yowhats.software.identity.IdentityVerificationActivity

com.yowhats.software.identity.ScanQrCodeActivity

com.yowhats.software.registration.verifyphone.VerifyPhoneNumber

com.yowhats.software.settings.SettingsNotifications

com.yowhats.software.settings.SettingsDataUsageActivity

com.whatsapp.stickers.thirdpartystickers.AddThirdPartyStickerPackActivity

Permissions

Receivers

com.kochava.tracker.legacyreferrer.LegacyReferrerReceiver

androidx.profileinstaller.ProfileInstallReceiver

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.diagnostics.DiagnosticsReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.yowhats.software.appwidget.WidgetProvider

com.yowhats.software.push.WAFbnsPreloadReceiver

com.yowhats.software.systemreceivers.boot.BootReceiver

com.yowhats.software.systemreceivers.appupdated.AppUpdatedReceiver

com.yowhats.software.migration.android.api.DeferredRestoreBroadcastReceiver

com.yowhats.software.otp.OtpRequestedReceiver

com.yowhats.software.otp.OtpIdentityHashRequestedReceiver

com.yowhats.software.registration.notifications.RegRetryVerificationReceiver

com.yowhats.software.registration.notifications.OnboardingIncompleteReceiver

com.yowhats.software.accountswitching.notifications.InactiveAccountNotificationReceiver

com.yowhats.software.ExternalMediaManager$ExternalMediaStateReceiver

com.yowhats.software.phoneid.PhoneIdRequestReceiver

com.yowhats.software.accounttransfer.AccountTransferReceiver

com.yowhats.software.registration.directmigration.MigrationProviderOrderedBroadcastReceiver

com.yowhats.software.registration.directmigration.MigrationRequesterBroadcastReceiver

com.yowhats.software.registration.RegistrationCompletedReceiver

Services

androidx.sharetarget.ChooserTargetServiceCompat

com.google.firebase.messaging.FirebaseMessagingService

org.npci.upi.security.pinactivitycomponent.CLRemoteServiceImpl

com.yowhats.software.instrumentation.api.InstrumentationService

com.yowhats.software.wearos.WearOsListenerService

com.yowhats.software.push.GcmListenerService

com.yowhats.software.accountsync.AccountAuthenticatorService

com.yowhats.software.contact.sync.ContactsSyncAdapterService

com.google.android.gms.metadata.ModuleDependencies

com.whatsapp.calling.telecom.SelfManagedConnectionService