bd42d81f8ef255b0782e358e0061be40N[.]zip

General

Target

bd42d81f8ef255b0782e358e0061be40N.zip
Size

7.4MB
MD5

bd42d81f8ef255b0782e358e0061be40
SHA1

be7935ec0cba968b952f16559d3430c34aa5ef0e
SHA256

b422180b9d1cf64c94fb3eef94e1ccabf71ffc5c088266eb9955b970749dd2c6
SHA512

889506e4a534af73942e55fb8d86ecb9969faed2c578068cc85ff4a79e9e8cd469f1733cae217df7e1f5a84d3373eee5b04eb62ab38b9e66a108b06024752b85
SSDEEP

196608:4zUOG93CLmstIcceHfEOJ1e1CdrHp8yxQ8d8Yizcy9XSlEhJW:NTC3seHfEOJS6rHp8yxQ8uzbxhJW

Score

6^/10

Malware Config

Signatures

Attempts to obfuscate APK file format
Applies obfuscation techniques to the APK format in order to hinder analysis

Declares services with permission to bind to the system 2 IoCs

description	ioc
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device.	android.permission.BIND_NOTIFICATION_LISTENER_SERVICE
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE

Requests dangerous framework permissions 4 IoCs

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application a broad access to external storage in scoped storage.	android.permission.MANAGE_EXTERNAL_STORAGE
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE

Files

bd42d81f8ef255b0782e358e0061be40N.zip
.apk android

Password: infected

com.dsjjkweiuvew35jkew.app

com.dsjjkweiuvew35jkew.app.MainView

Activities

com.dsjjkweiuvew35jkew.app.MainView

android.intent.action.MAIN

Permissions

android.permission.INTERNET
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.MANAGE_EXTERNAL_STORAGE
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_SYNC_SETTINGS
asd.apk
.apk android

Password: infected

com.dsbuiwejhfklew35ewjk.security

com.backkeep.music.views.DotActivity

Activities

com.dsbuiwejhfklew35ewjk.security.MainActivity

android.sec.action.START_SERVICE

Permissions

android.permission.RECEIVE_BOOT_COMPLETED
android.permission.INTERNET
android.permission.PROCESS_OUTGOING_CALLS
android.permission.WRITE_CALL_LOG
android.permission.WRITE_CONTACTS
android.permission.RECEIVE_SMS
android.permission.ACTION_MANAGE_OVERLAY_PERMISSION
android.permission.ACCESS_NETWORK_STATE
android.permission.CALL_PHONE
android.permission.BLUETOOTH_CONNECT
android.permission.CHANGE_WIFI_STATE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.RECEIVE_LAUNCH_BROADCASTS
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.FOREGROUND_SERVICE
android.permission.READ_PHONE_NUMBERS
android.permission.READ_PHONE_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WAKE_LOCK
android.permission.READ_CONTACTS
android.permission.ACCESS_FINE_LOCATION
android.permission.RECORD_AUDIO
android.permission.READ_EXTERNAL_STORAGE
android.permission.ACCESS_WIFI_STATE
android.permission.CAMERA
android.permission.READ_CALL_LOG
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.ANSWER_PHONE_CALLS
android.permission.DISABLE_KEYGUARD
android.permission.READ_SMS
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_BACKGROUND_LOCATION
android.permission.REQUEST_DELETE_PACKAGES
android.permission.BLUETOOTH_ADMIN
android.permission.BLUETOOTH

Receivers

com.dsbuiwejhfklew35ewjk.security.cast.CallMyListener

android.intent.action.MEDIA_MOUNTED
android.intent.action.MEDIA_UNMOUNTED
android.intent.action.BOOT_COMPLETED
android.intent.action.BATTERY_OKAY
android.intent.action.ACTION_SHUTDOWN
android.intent.action.USER_UNLOCKED
android.intent.action.BATTERY_CHANGED
android.intent.action.USER_PRESENT
android.intent.action.SCREEN_OFF
android.intent.action.NEW_OUTGOING_CALL
android.intent.action.ACTION_SHUTDOWN
android.intent.action.SCREEN_ON
android.intent.action.BATTERY_LOW
android.intent.action.REBOOT
android.media.RINGER_MODE_CHANGED
android.intent.action.CONFIGURATION_CHANGED
android.intent.action.PHONE_STATE
android.intent.action.REBOOT

Services

com.dsbuiwejhfklew35ewjk.security.NotificationReceiverService

android.service.notification.NotificationListenerService

com.dsbuiwejhfklew35ewjk.security.services.AccessServ

android.accessibilityservice.AccessibilityService
base.apk
.apk android arch:arm arch:arm64

Password: infected

com.dsbuiwejhfklew35ewjk.security

com.dsbuiwejhfklew35ewjk.security.MainActivity

Activities

com.dsbuiwejhfklew35ewjk.security.MainActivity

android.sec.action.START_SERVICE

Permissions

android.permission.ACCESS_BACKGROUND_LOCATION
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACTION_MANAGE_OVERLAY_PERMISSION
android.permission.ANSWER_PHONE_CALLS
android.permission.BLUETOOTH
android.permission.BLUETOOTH_ADMIN
android.permission.CALL_PHONE
android.permission.CAMERA
android.permission.CHANGE_WIFI_STATE
android.permission.DISABLE_KEYGUARD
android.permission.FOREGROUND_SERVICE
android.permission.INTERNET
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.PROCESS_OUTGOING_CALLS
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_CALL_LOG
android.permission.READ_CONTACTS
android.permission.READ_EXTERNAL_STORAGE
android.permission.READ_PHONE_NUMBERS
android.permission.READ_PHONE_STATE
android.permission.READ_SMS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.RECEIVE_LAUNCH_BROADCASTS
android.permission.RECEIVE_SMS
android.permission.RECORD_AUDIO
android.permission.REQUEST_DELETE_PACKAGES
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.WAKE_LOCK
android.permission.WRITE_CALL_LOG
android.permission.WRITE_CONTACTS
android.permission.WRITE_EXTERNAL_STORAGE

Services

com.dsbuiwejhfklew35ewjk.security.NotificationReceiverService

android.service.notification.NotificationListenerService

Android Permissions

bd42d81f8ef255b0782e358e0061be40N.zip

Permissions

android.permission.INTERNET

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.MANAGE_EXTERNAL_STORAGE

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_SYNC_SETTINGS

Sharing

General

Malware Config

Signatures

Files

Password: infected

com.dsjjkweiuvew35jkew.app

com.dsjjkweiuvew35jkew.app.MainView

Activities

com.dsjjkweiuvew35jkew.app.MainView

Permissions

Password: infected

com.dsbuiwejhfklew35ewjk.security

com.backkeep.music.views.DotActivity

Activities

com.dsbuiwejhfklew35ewjk.security.MainActivity

Permissions

Receivers

com.dsbuiwejhfklew35ewjk.security.cast.CallMyListener

Services

com.dsbuiwejhfklew35ewjk.security.NotificationReceiverService

com.dsbuiwejhfklew35ewjk.security.services.AccessServ

Password: infected

com.dsbuiwejhfklew35ewjk.security

com.dsbuiwejhfklew35ewjk.security.MainActivity

Activities

com.dsbuiwejhfklew35ewjk.security.MainActivity

Permissions

Services

com.dsbuiwejhfklew35ewjk.security.NotificationReceiverService

Android Permissions

bd42d81f8ef255b0782e358e0061be40N.zip