com.ujqhr.mdpyk.ui.SplashActivity
android.intent.action.MAIN
asd.kkalive.com.daemon.activity.OnePxActivity
android.settings.INPUT_METHOD_SETTINGS
asd.kkalive.com.daemon.activity.PowerAAAASSSSActivity
android.settings.INPUT_METHOD_SETTINGS
Behavioral task
behavioral1
Sample
ทางรัฐ_2024-09-09.apk
Resource
android-x86-arm-20240624-en
android-9-x86
9 signatures
150 seconds
General
-
Target
20240909.7z
-
Size
10.5MB
-
MD5
03939cf87b756de110a7865a2c313d03
-
SHA1
f76fb1b584eaf2e44726dcd056bbe7a266218970
-
SHA256
56fbad2c9567b7efbc53b2684e5c3f18d914404227255efe9cb5c938df92d3d1
-
SHA512
f6d353ab517a70ec99b499eeea48cb3e622fe8b44831053413c7155bbfa07829861a6379b5c61e5c163d51c0ca98b71d8a25b5e537fa7a8afa192ceaa557435f
-
SSDEEP
196608:X518qVE2ywNzXjQbbXa+I41pCu643qBiSmdRpm+VAmE+5n61uIObAS72n+:X5CqVrywNrkb+uDHqrKRc+VxEgnyuRPZ
Score
10/10
Malware Config
Signatures
-
Gigabud family
-
Gigabud payload 1 IoCs
resource yara_rule static1/unpack001/ทางรัฐ_2024-09-09.apk family_gigabud -
GoldDigger payload 5 IoCs
resource yara_rule static1/unpack001/ทางรัฐ_2024-09-09.apk family_golddigger static1/unpack001/ทางรัฐ_2024-09-09.apk family_golddigger static1/unpack001/ทางรัฐ_2024-09-09.apk family_golddigger static1/unpack001/ทางรัฐ_2024-09-09.apk family_golddigger static1/unpack001/ทางรัฐ_2024-09-09.apk family_golddigger -
Golddigger family
-
Declares broadcast receivers with permission to handle system events 1 IoCs
description ioc Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN -
Declares services with permission to bind to the system 2 IoCs
description ioc Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE Required by wallpaper services to bind with the system. Allows apps to provide live wallpapers. android.permission.BIND_WALLPAPER -
Requests dangerous framework permissions 19 IoCs
description ioc Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS Allows an application to read SMS messages. android.permission.READ_SMS Allows an application to receive SMS messages. android.permission.RECEIVE_SMS Allows an application to send SMS messages. android.permission.SEND_SMS Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION Required to be able to access the camera device. android.permission.CAMERA Allows an application to read the user's contacts data. android.permission.READ_CONTACTS Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM Allows an application to record audio. android.permission.RECORD_AUDIO Allows an application a broad access to external storage in scoped storage. android.permission.MANAGE_EXTERNAL_STORAGE Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE
Files
-
20240909.7z.7z
Password: infected
-
ทางรัฐ_2024-09-09.apk.apk android arch:arm arch:arm64
com.easy.rometelchnology
com.ujqhr.mdpyk.ui.SplashActivity
Activities
Permissions
android.permission.BIND_ACCESSIBILITY_SERVICE
android.permission.REQUEST_DELETE_PACKAGES
android.permission.QUERY_ALL_PACKAGES
android.permission.GET_INSTALLED_APPS
android.permission.VIBRATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.GRANT_RUNTIME_PERMISSIONS
android.permission.READ_SYNC_STATS
android.permission.READ_SYNC_SETTINGS
android.permission.READ_PRIVILEGED_PHONE_STATE
android.permission.DISABLE_KEYGUARD
android.permission.WAKE_LOCK
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WRITE_SETTINGS
android.permission.FOREGROUND_SERVICE
android.permission.READ_SMS
android.permission.RECEIVE_SMS
android.permission.SEND_SMS
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.USE_FULL_SCREEN_INTENT
android.permission.SET_WALLPAPER
android.permission.CALL_PHONE
android.permission.INTERNET
android.permission.BATTERY_STATS
android.permission.REORDER_TASKS
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_BACKGROUND_LOCATION
android.permission.CAMERA
android.permission.READ_CONTACTS
android.permission.WRITE_CONTACTS
android.permission.AUTHENTICATE_ACCOUNTS
android.permission.GET_ACCOUNTS
android.permission.WRITE_SYNC_SETTINGS
android.permission.SCHEDULE_EXACT_ALARM
android.permission.SYSTEM_OVERLAY_WINDOW
android.permission.USE_EXACT_ALARM
android.permission.FOREGROUND_SERVICE_DATA_SYNC
android.permission.RECORD_AUDIO
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.MANAGE_EXTERNAL_STORAGE
android.permission.READ_PHONE_STATE
com.easy.rometelchnology.backtrace.warmed_up
com.easy.rometelchnology.manual.dump
com.easy.rometelchnology.matrix.permission.PROCESS_SUPERVISOR
Receivers
com.ujqhr.mdpyk.ui.GlobalBroadcast
com.ufisd.show.dialog
com.ufisd.close.dialog
asd.fgh.component.PackageReceiver
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED
android.intent.action.PACKAGE_FULLY_REMOVED
android.intent.action.PACKAGE_CHANGED
android.intent.action.PACKAGE_DATA_CLEARED
android.intent.action.PACKAGE_INSTALL
android.intent.action.PACKAGE_FIRST_LAUNCH
android.intent.action.PACKAGE_NEEDS_VERIFICATION
android.intent.action.PACKAGE_RESTARTED
android.intent.action.PACKAGE_VERIFIED
android.intent.action.PACKAGES_SUSPENDED
android.intent.action.PACKAGES_UNSUSPENDED
android.intent.action.MANAGE_PACKAGE_STORAGE
android.intent.action.MY_PACKAGE_REPLACED
android.intent.action.MY_PACKAGE_SUSPENDED
android.intent.action.MY_PACKAGE_UNSUSPENDED
asd.fgh.component.SystemListenerReceiver
android.intent.action.BOOT_COMPLETED
android.intent.action.LOCKED_BOOT_COMPLETED
android.intent.action.QUICK_CLOCK
android.intent.action.TIMEZONE_CHANGED
android.intent.action.TIME_SET
android.intent.action.MY_PACKAGE_REPLACED
android.appwidget.action.APPWIDGET_UPDATE
miui.appwidget.action.APPWIDGET_UPDATE
asd.fgh.thaw.TR
android.intent.action.SCREEN_OFF
android.intent.action.SCREEN_ON
asd.fgh.widget.WidgetLiWu
android.appwidget.action.APPWIDGET_UPDATE
asd.fgh.widget.WidgetHongBao
android.appwidget.action.APPWIDGET_UPDATE
asd.fgh.widget.WidgetJinBi
android.appwidget.action.APPWIDGET_UPDATE
asd.fgh.widget.WidgetFuDai
android.appwidget.action.APPWIDGET_UPDATE
asd.fgh.widget.WidgetBaoXiang
android.appwidget.action.APPWIDGET_UPDATE
asd.fgh.provider.MyPocReceiver
asd.fgh.provider
asd.fgh.component.R0
com.asdfgh.rec
com.fg.rec.0
android.appwidget.action.APPWIDGET_UPDATE
miui.appwidget.action.APPWIDGET_UPDATE
asd.fgh.component.R1
com.asdfgh.rec
com.fg.rec.1
asd.fgh.component.NotificationRecerver
com.easy.rometelchnologyfg.notification.del.action
asd.fgh.component.AutoBootReceiver
android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_TICK
android.intent.action.MY_PACKAGE_REPLACED
android.net.conn.CONNECTIVITY_CHANGE
asd.kkalive.com.daemon.receiver.BootSSSReceiver
android.intent.action.BOOT_COMPLETED
asd.kkalive.com.daemon.receiver.DeviceReceiver
android.app.action.DEVICE_ADMIN_ENABLED
android.intent.action.BOOT_COMPLETED
asd.kkdaemon.receiver.AutoBootReceiver
android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_TICK
android.intent.action.MY_PACKAGE_REPLACED
android.net.conn.CONNECTIVITY_CHANGE
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy
android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW
androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy
android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK
androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy
android.net.conn.CONNECTIVITY_CHANGE
androidx.work.impl.background.systemalarm.RescheduleReceiver
android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED
androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver
androidx.work.impl.background.systemalarm.UpdateProxies
androidx.work.impl.diagnostics.DiagnosticsReceiver
androidx.work.diagnostics.REQUEST_DIAGNOSTICS
Services
com.ujqhr.mdpyk.service.FocusService
android.accessibilityservice.AccessibilityService
com.ujqhr.mdpyk.service.RemoteService
com.action.myapp.need.switch
com.fg.test.B
com.fg.remote
asd.fgh.provider.MR2Service
android.media.MediaRoute2ProviderService
asd.fgh.provider.TempForegroundService
android.media.MediaRoute2ProviderService
asd.fgh.provider.NewProcessService
android.media.MediaRoute2ProviderService
asd.fgh.account.AuthenticatorService
android.accounts.AccountAuthenticator
asd.fgh.account.SyncService
android.content.SyncAdapter
asd.fgh.wallpaper.LiveWallpaperService
android.service.wallpaper.WallpaperService
asd.kkalive.com.daemon.sync.service.AuthService
android.accounts.AccountAuthenticator
asd.kkalive.com.daemon.sync.service.AuthService1
android.accounts.AccountAuthenticator
asd.kkdaemon.component.RunService
com.easy.rometelchnology.monitor.bindService
com.blankj.utilcode.util.MessengerUtils$ServerService
com.easy.rometelchnology.messenger