triada | 4ee8a4eef6c7f6b29e30885f5bb9c751[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

4ee8a4eef6c7f6b29e30885f5bb9c751.bin
Size

71.9MB
MD5

438d350afab01a8cb3eba524863c61ac
SHA1

ce9655c496e70242a0c3549dae8db9ace2a504eb
SHA256

3b3444d7c0f122b9ef8bda4636010a8ce1494bde682d39cdf36f1add9c2825b2
SHA512

04c7557dbb46d08f47966dbf22736f41172f9b0b6ba2a4ca7a0df61887c1b969b94200c6db9c87f654556d8cdf147b8b96dff4b1167f8343218aafb598aeaf74
SSDEEP

1572864:iCyVWKEgjvX0jJrc5mQZ4G9LWIXFSXV1zJGsbdPJ:iCAWXgjE6mQZ19COcF1zkIdh

Score

10^/10

triada

Malware Config

Signatures

Android Triada payload 1 IoCs

resource	yara_rule
static1/unpack001/520bb48650d74d10fc6a2b00d1b0bb8251e8a85f5f957d4fe4f5a726d24ff38c.apk	family_triada

Triada family
triada

Declares services with permission to bind to the system 3 IoCs

description	ioc
Required by chooser target services to bind with the system. Allows apps to modify targets that handle user actions.	android.permission.BIND_CHOOSER_TARGET_SERVICE
Required by remote views services to bind with the system. Allows apps to share and display views across different processes.	android.permission.BIND_REMOTEVIEWS
Required by telecom connection services to bind with the system. Allows apps to manage phone call aspects such as call setup and notifications.	android.permission.BIND_TELECOM_CONNECTION_SERVICE

Requests dangerous framework permissions 23 IoCs

description	ioc
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows read access to the device's phone number(s).	android.permission.READ_PHONE_NUMBERS
Required to be able to connect to paired Bluetooth devices.	android.permission.BLUETOOTH_CONNECT
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to access any geographic locations persisted in the user's shared collection.	android.permission.ACCESS_MEDIA_LOCATION
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows applications to use exact alarm APIs.	android.permission.SCHEDULE_EXACT_ALARM
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to read audio files from external storage.	android.permission.READ_MEDIA_AUDIO
Allows an application to read image files from external storage.	android.permission.READ_MEDIA_IMAGES
Allows an application to read video files from external storage.	android.permission.READ_MEDIA_VIDEO
Allows an application to read image or video files from external storage that a user has selected via the permission prompt photo picker.	android.permission.READ_MEDIA_VISUAL_USER_SELECTED
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Required to be able to advertise and connect to nearby devices via Wi-Fi.	android.permission.NEARBY_WIFI_DEVICES
Required to be able to discover and pair nearby Bluetooth devices.	android.permission.BLUETOOTH_SCAN
Required to be able to advertise to nearby Bluetooth devices.	android.permission.BLUETOOTH_ADVERTISE

Files

4ee8a4eef6c7f6b29e30885f5bb9c751.bin
.zip

Password: infected
520bb48650d74d10fc6a2b00d1b0bb8251e8a85f5f957d4fe4f5a726d24ff38c.apk
.apk android arch:arm64 arch:arm

Password: infected

com.plant.botanic

com.plant.botanic.Main

Activities

androidx.test.core.app.InstrumentationActivityInvoker$BootstrapActivity

android.intent.action.MAIN

androidx.test.core.app.InstrumentationActivityInvoker$EmptyActivity

android.intent.action.MAIN

androidx.test.core.app.InstrumentationActivityInvoker$EmptyFloatingActivity

android.intent.action.MAIN

com.plant.botanic.payments.receiver.IndiaUpiPayIntentReceiverActivity

android.intent.action.VIEW

org.npci.upi.security.pinactivitycomponent.GetCredential

org.npci.upi.security.pinactivitycomponent.GetCredential

com.plant.botanic.migration.export.ui.ExportMigrationActivity

com.plant.botanic.intent.action.migrate.ios.START

com.plant.botanic.xfamily.accountlinking.ui.AccountLinkingWebAuthActivity

android.intent.action.VIEW

com.plant.botanic.VoiceMessagingActivity

com.google.android.voicesearch.SEND_MESSAGE_TO_CONTACTS

com.plant.botanic.accountsync.LoginActivity

android.intent.action.VIEW

com.plant.botanic.accountsync.ProfileActivity

android.intent.action.VIEW

com.plant.botanic.accountsync.CallContactLandingActivity

android.intent.action.VIEW

com.plant.botanic.authentication.AppAuthenticationActivity

android.appwidget.action.APPWIDGET_CONFIGURE

com.plant.botanic.camera.CameraActivity

android.intent.action.CREATE_SHORTCUT

com.plant.botanic.contact.picker.ContactPicker

android.intent.action.PICK
android.intent.action.SEND
android.intent.action.SEND_MULTIPLE
android.intent.action.CREATE_SHORTCUT

com.plant.botanic.Conversation

android.intent.action.VIEW
android.intent.action.SENDTO
com.plant.botanic.Conversation

com.plant.botanic.HomeActivity

android.nfc.action.NDEF_DISCOVERED
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW

com.plant.botanic.Main

android.intent.action.MAIN

com.plant.botanic.identity.IdentityVerificationActivity

android.nfc.action.NDEF_DISCOVERED

com.plant.botanic.identity.ScanQrCodeActivity

android.nfc.action.NDEF_DISCOVERED

com.plant.botanic.registration.verifyphone.VerifyPhoneNumber

android.intent.action.VIEW

com.plant.botanic.settings.SettingsNotifications

android.intent.action.MAIN

com.plant.botanic.settings.SettingsDataUsageActivity

android.intent.action.MANAGE_NETWORK_USAGE

com.whatsapp.stickers.thirdpartystickers.AddThirdPartyStickerPackActivity

com.whatsapp.intent.action.ENABLE_STICKER_PACK

Permissions

android.permission.USE_BIOMETRIC
android.permission.USE_FINGERPRINT
com.plant.botanic.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION
android.permission.REORDER_TASKS
android.permission.WAKE_LOCK
android.permission.ACCESS_NETWORK_STATE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.FOREGROUND_SERVICE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
android.permission.INTERNET
com.google.android.providers.gsf.permission.READ_GSERVICES
android.permission.POST_NOTIFICATIONS
com.google.android.c2dm.permission.RECEIVE
android.permission.READ_PHONE_STATE
android.permission.READ_PHONE_NUMBERS
android.permission.VIBRATE
android.permission.BLUETOOTH_CONNECT
android.permission.BLUETOOTH
android.permission.FOREGROUND_SERVICE_DATA_SYNC
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_MEDIA_LOCATION
android.permission.ACCESS_WIFI_STATE
android.permission.BROADCAST_STICKY
android.permission.CAMERA
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.FOREGROUND_SERVICE_LOCATION
android.permission.GET_TASKS
android.permission.INSTALL_SHORTCUT
android.permission.MANAGE_ACCOUNTS
android.permission.MANAGE_OWN_CALLS
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.NFC
android.permission.READ_CONTACTS
android.permission.READ_PROFILE
android.permission.READ_SYNC_SETTINGS
android.permission.READ_SYNC_STATS
android.permission.RECORD_AUDIO
android.permission.SCHEDULE_EXACT_ALARM
android.permission.USE_CREDENTIALS
android.permission.WRITE_CONTACTS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.READ_MEDIA_AUDIO
android.permission.READ_MEDIA_IMAGES
android.permission.READ_MEDIA_VIDEO
android.permission.READ_MEDIA_VISUAL_USER_SELECTED
android.permission.WRITE_SYNC_SETTINGS
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.USE_FULL_SCREEN_INTENT
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.UNINSTALL_SHORTCUT
com.sec.android.provider.badge.permission.READ
com.sec.android.provider.badge.permission.WRITE
com.htc.launcher.permission.READ_SETTINGS
com.htc.launcher.permission.UPDATE_SHORTCUT
com.sonyericsson.home.permission.BROADCAST_BADGE
com.sonymobile.home.permission.PROVIDER_INSERT_BADGE
com.huawei.android.launcher.permission.READ_SETTINGS
com.huawei.android.launcher.permission.WRITE_SETTINGS
com.huawei.android.launcher.permission.CHANGE_BADGE
com.plant.botanic.permission.BROADCAST
com.plant.botanic.permission.MAPS_RECEIVE
com.plant.botanic.permission.REGISTRATION
com.whatsapp.sticker.READ
com.google.android.gms.permission.AD_ID
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
android.permission.AUTHENTICATE_ACCOUNTS
android.permission.GET_ACCOUNTS
android.permission.FOREGROUND_SERVICE_MICROPHONE
android.permission.FOREGROUND_SERVICE_CAMERA
android.permission.FOREGROUND_SERVICE_MEDIA_PROJECTION
android.permission.FOREGROUND_SERVICE_PHONE_CALL
android.permission.NEARBY_WIFI_DEVICES
android.permission.BLUETOOTH_ADMIN
android.permission.BLUETOOTH_SCAN
android.permission.BLUETOOTH_ADVERTISE
com.facebook.services.identity.FEO2
android.permission.RUN_USER_INITIATED_JOBS
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

Receivers

com.kochava.tracker.legacyreferrer.LegacyReferrerReceiver

com.android.vending.INSTALL_REFERRER

androidx.profileinstaller.ProfileInstallReceiver

androidx.profileinstaller.action.INSTALL_PROFILE
androidx.profileinstaller.action.SKIP_FILE
androidx.profileinstaller.action.SAVE_PROFILE
androidx.profileinstaller.action.BENCHMARK_OPERATION

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

androidx.work.impl.diagnostics.DiagnosticsReceiver

androidx.work.diagnostics.REQUEST_DIAGNOSTICS

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

com.plant.botanic.appwidget.WidgetProvider

android.appwidget.action.APPWIDGET_UPDATE

com.plant.botanic.push.WAFbnsPreloadReceiver

com.facebook.rti.fbns.intent.RECEIVE

com.plant.botanic.systemreceivers.boot.BootReceiver

android.intent.action.BOOT_COMPLETED

com.plant.botanic.systemreceivers.appupdated.AppUpdatedReceiver

android.intent.action.MY_PACKAGE_REPLACED

com.plant.botanic.migration.android.api.DeferredRestoreBroadcastReceiver

com.google.android.apps.pixelmigrate.IOS_APP_DATA_AVAILABLE

com.plant.botanic.otp.OtpRequestedReceiver

com.plant.botanic.otp.OTP_REQUESTED

com.plant.botanic.otp.OtpIdentityHashRequestedReceiver

com.plant.botanic.otp.ID_HASH_REQUESTED

com.plant.botanic.registration.notifications.RegRetryVerificationReceiver

com.plant.botanic.alarm.REGISTRATION_RETRY

com.plant.botanic.registration.notifications.OnboardingIncompleteReceiver

com.plant.botanic.alarm.ONBOARDING_INCOMPLETE

com.plant.botanic.registration.notifications.EnterPhoneNumberNotificationReceiver

com.plant.botanic.alarm.ENTER_PHONE_NUMBER

com.plant.botanic.registration.verifyphone.SMSRetrieverAppInactiveReceiver

com.google.android.gms.auth.api.phone.SMS_RETRIEVED

com.plant.botanic.accountswitching.notifications.InactiveAccountNotificationReceiver

com.plant.botanic.accountswitching.inactiveaccount.IgnoreCall

com.plant.botanic.ExternalMediaManager$ExternalMediaStateReceiver

android.intent.action.MEDIA_BAD_REMOVAL
android.intent.action.MEDIA_EJECT
android.intent.action.MEDIA_MOUNTED
android.intent.action.MEDIA_REMOVED
android.intent.action.MEDIA_SHARED
android.intent.action.MEDIA_UNMOUNTED

com.plant.botanic.phoneid.PhoneIdRequestReceiver

com.facebook.GET_PHONE_ID

com.plant.botanic.accounttransfer.AccountTransferReceiver

com.google.android.gms.auth.START_ACCOUNT_EXPORT

com.plant.botanic.registration.directmigration.MigrationProviderOrderedBroadcastReceiver

com.plant.botanic.registration.directmigration.initialMigrationInfoAction
com.plant.botanic.registration.directmigration.recoveryTokenAction
com.plant.botanic.registration.directmigration.setMigrationStateOnProviderSide

com.plant.botanic.registration.directmigration.MigrationRequesterBroadcastReceiver

com.plant.botanic.registration.directmigration.providerIsLoggedOutAction
com.plant.botanic.registration.directmigration.providerAppMigrationSpaceNeededAction

com.plant.botanic.registration.RegistrationCompletedReceiver

com.plant.botanic.SMBRegistrationCompleted

Services

androidx.sharetarget.ChooserTargetServiceCompat

android.service.chooser.ChooserTargetService

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

org.npci.upi.security.pinactivitycomponent.CLRemoteServiceImpl

org.npci.upi.security.services.CLRemoteService

com.plant.botanic.instrumentation.api.InstrumentationService

com.plant.botanic.instrumentation.REQUEST

com.plant.botanic.wearos.WearOsListenerService

com.google.android.gms.wearable.BIND_LISTENER
com.google.android.gms.wearable.MESSAGE_RECEIVED

com.plant.botanic.push.GcmListenerService

com.google.firebase.MESSAGING_EVENT

com.plant.botanic.accountsync.AccountAuthenticatorService

android.accounts.AccountAuthenticator

com.plant.botanic.contact.sync.ContactsSyncAdapterService

android.content.SyncAdapter

com.google.android.gms.metadata.ModuleDependencies

com.google.android.gms.metadata.MODULE_DEPENDENCIES

com.whatsapp.calling.telecom.SelfManagedConnectionService

android.telecom.ConnectionService

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

com.plant.botanic

com.plant.botanic.Main

Activities

androidx.test.core.app.InstrumentationActivityInvoker$BootstrapActivity

androidx.test.core.app.InstrumentationActivityInvoker$EmptyActivity

androidx.test.core.app.InstrumentationActivityInvoker$EmptyFloatingActivity

com.plant.botanic.payments.receiver.IndiaUpiPayIntentReceiverActivity

org.npci.upi.security.pinactivitycomponent.GetCredential

com.plant.botanic.migration.export.ui.ExportMigrationActivity

com.plant.botanic.xfamily.accountlinking.ui.AccountLinkingWebAuthActivity

com.plant.botanic.VoiceMessagingActivity

com.plant.botanic.accountsync.LoginActivity

com.plant.botanic.accountsync.ProfileActivity

com.plant.botanic.accountsync.CallContactLandingActivity

com.plant.botanic.authentication.AppAuthenticationActivity

com.plant.botanic.camera.CameraActivity

com.plant.botanic.contact.picker.ContactPicker

com.plant.botanic.Conversation

com.plant.botanic.HomeActivity

com.plant.botanic.Main

com.plant.botanic.identity.IdentityVerificationActivity

com.plant.botanic.identity.ScanQrCodeActivity

com.plant.botanic.registration.verifyphone.VerifyPhoneNumber

com.plant.botanic.settings.SettingsNotifications

com.plant.botanic.settings.SettingsDataUsageActivity

com.whatsapp.stickers.thirdpartystickers.AddThirdPartyStickerPackActivity

Permissions

Receivers

com.kochava.tracker.legacyreferrer.LegacyReferrerReceiver

androidx.profileinstaller.ProfileInstallReceiver

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.diagnostics.DiagnosticsReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.plant.botanic.appwidget.WidgetProvider

com.plant.botanic.push.WAFbnsPreloadReceiver

com.plant.botanic.systemreceivers.boot.BootReceiver

com.plant.botanic.systemreceivers.appupdated.AppUpdatedReceiver

com.plant.botanic.migration.android.api.DeferredRestoreBroadcastReceiver

com.plant.botanic.otp.OtpRequestedReceiver

com.plant.botanic.otp.OtpIdentityHashRequestedReceiver

com.plant.botanic.registration.notifications.RegRetryVerificationReceiver

com.plant.botanic.registration.notifications.OnboardingIncompleteReceiver

com.plant.botanic.registration.notifications.EnterPhoneNumberNotificationReceiver

com.plant.botanic.registration.verifyphone.SMSRetrieverAppInactiveReceiver

com.plant.botanic.accountswitching.notifications.InactiveAccountNotificationReceiver

com.plant.botanic.ExternalMediaManager$ExternalMediaStateReceiver

com.plant.botanic.phoneid.PhoneIdRequestReceiver

com.plant.botanic.accounttransfer.AccountTransferReceiver

com.plant.botanic.registration.directmigration.MigrationProviderOrderedBroadcastReceiver

com.plant.botanic.registration.directmigration.MigrationRequesterBroadcastReceiver

com.plant.botanic.registration.RegistrationCompletedReceiver

Services

androidx.sharetarget.ChooserTargetServiceCompat

com.google.firebase.messaging.FirebaseMessagingService

org.npci.upi.security.pinactivitycomponent.CLRemoteServiceImpl

com.plant.botanic.instrumentation.api.InstrumentationService

com.plant.botanic.wearos.WearOsListenerService

com.plant.botanic.push.GcmListenerService

com.plant.botanic.accountsync.AccountAuthenticatorService

com.plant.botanic.contact.sync.ContactsSyncAdapterService

com.google.android.gms.metadata.ModuleDependencies

com.whatsapp.calling.telecom.SelfManagedConnectionService