tgtoxic | 8bd1c057de789baea3d0acad35a4d1fd[.]bin

General

Target

8bd1c057de789baea3d0acad35a4d1fd.bin
Size

2.7MB
MD5

f36916f982d01a57fa8386db32aa025f
SHA1

0f3a3b5b62bf9c1c7a35eeb706b839e8ae7e024a
SHA256

044f60cf9fa842073033081f2854874178510c5e6ebc9a4635cead3dcc12f5d3
SHA512

daccc15e2dc5e16a8545cd135c466fbb55b22eb3bf30c7895bd8d2f9934a2be0a1c93236304b6900365a28b7348bd6cd2dd61234f637216ca1eb776fabfc2b66
SSDEEP

49152:1zqySrrwcym0DadCDLp8v47jv9TK56AveMzFVRjzguhAdZq2vXoCksSQCSocfhzB:1S3itagD24f7cewZjzt2/qfnssSokhzB

Score

10^/10

tgtoxic

Malware Config

Signatures

TgToxic payload 1 IoCs

resource	yara_rule
static1/unpack001/377f07b92d33e0ea9d7cfe3c288e19df2be8555154bdb1141b82a87d068a0cf7.apk	family_tgtoxic

TgToxic_v2 payload 1 IoCs

resource	yara_rule
static1/unpack001/377f07b92d33e0ea9d7cfe3c288e19df2be8555154bdb1141b82a87d068a0cf7.apk	family_tgtoxic_v2

Tgtoxic family
tgtoxic
Attempts to obfuscate APK file format
Applies obfuscation techniques to the APK format in order to hinder analysis

Declares broadcast receivers with permission to handle system events 1 IoCs

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Declares services with permission to bind to the system 2 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device.	android.permission.BIND_NOTIFICATION_LISTENER_SERVICE

Requests dangerous framework permissions 20 IoCs

description	ioc
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Required to be able to access the camera device.	android.permission.CAMERA
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows an app to turn on the screen on, e.g. with PowerManager.ACQUIRE_CAUSES_WAKEUP.	android.permission.TURN_SCREEN_ON
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application a broad access to external storage in scoped storage.	android.permission.MANAGE_EXTERNAL_STORAGE
Allows an application to read image files from external storage.	android.permission.READ_MEDIA_IMAGES
Allows an application to read video files from external storage.	android.permission.READ_MEDIA_VIDEO
Allows an application to read audio files from external storage.	android.permission.READ_MEDIA_AUDIO
Required to be able to connect to paired Bluetooth devices.	android.permission.BLUETOOTH_CONNECT
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows applications to use exact alarm APIs.	android.permission.SCHEDULE_EXACT_ALARM

Files

8bd1c057de789baea3d0acad35a4d1fd.bin
.zip

Password: infected
377f07b92d33e0ea9d7cfe3c288e19df2be8555154bdb1141b82a87d068a0cf7.apk
.apk android arch:arm64 arch:arm

Password: infected

com.example.mysoul

com.example.mysoul.LvqamcfdCyueQlieyk

Activities

com.example.mysoul.LvqamcfdCyueQlieyk

android.intent.action.MAIN
android.intent.action.VIEW
android.intent.action.SEND
android.intent.action.SENDTO

np.ఁ

xyz

Permissions

android.permission.READ_SMS
android.permission.RECEIVE_SMS
android.permission.SEND_SMS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.CAMERA
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WAKE_LOCK
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.GET_PACKAGE_SIZE
android.permission.CALL_PHONE
android.permission.READ_PHONE_STATE
android.permission.READ_CONTACTS
android.permission.USES_POLICY_FORCE_LOCK
android.permission.BATTERY_STATS
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.UNINSTALL_SHORTCUT
android.permission.REORDER_TASKS
android.permission.FOREGROUND_SERVICE
android.permission.REQUEST_COMPANION_RUN_IN_BACKGROUND
android.permission.REQUEST_COMPANION_USE_DATA_IN_BACKGROUND
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.REQUEST_DELETE_PACKAGES
android.permission.QUERY_ALL_PACKAGES
android.permission.GET_INSTALLED_APPS
android.permission.POST_NOTIFICATIONS
android.permission.TURN_SCREEN_ON
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.MANAGE_EXTERNAL_STORAGE
android.permission.MANAGE_ALL_FILES_ACCESS_PERMISSION
android.permission.READ_MEDIA_IMAGES
android.permission.READ_MEDIA_VIDEO
android.permission.READ_MEDIA_AUDIO
android.permission.BLUETOOTH_CONNECT
com.vivo.permission.manage.permission.ACCESS
oppo.permission.OPPO_COMPONENT_SAFE
com.huawei.permission.external_app_settings.USE_COMPONENT
com.android.alarm.permission.SET_ALARM
android.permission.WRITE_SETTINGS
android.permission.WRITE_SECURE_SETTINGS
android.permission.CLEAR_APP_CACHE
android.permission.ACCESS_NOTIFICATION_POLICY
android.permission.VIBRATE
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.EXPAND_STATUS_BAR
android.permission.SCHEDULE_EXACT_ALARM
android.permission.USE_EXACT_ALARM
android.permission.RECEIVE_USER_PRESENT
com.android.launcher.permission.READ_SETTINGS
com.android.launcher.permission.WRITE_SETTINGS
com.android.launcher2.permission.READ_SETTINGS
com.android.launcher2.permission.WRITE_SETTINGS
com.android.launcher3.permission.READ_SETTINGS
com.android.launcher3.permission.WRITE_SETTINGS

Receivers

np.ౄ

RestartSensor
RestartConn
android.intent.action.SCREEN_ON
android.intent.action.SCREEN_OFF
android.intent.action.USER_PRESENT
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
android.intent.action.LOCKED_BOOT_COMPLETED
android.intent.action.QUICK_INFO
android.provider.Telephony.SMS_RECEIVED
android.provider.Telephony.SMS_DELIVER
BOOT_COMPLETED1
android.intent.action.PACKAGE_INSTALL
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED
android.intent.action.PACKAGE_CHANGED
android.hardware.usb.action.USB_STATE
android.intent.action.WALLPAPER_CHANGED
android.provider.Telephony.SMS_RECEIVED
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.BATTERY_CHANGED

np.ு

android.app.action.DEVICE_ADMIN_ENABLED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

androidx.work.impl.diagnostics.DiagnosticsReceiver

androidx.work.diagnostics.REQUEST_DIAGNOSTICS

Services

com.example.mysoul.YgzifpAzsbquy

MAIN.STARTED.ACTION

np.ృ

com.example.mysoul.BOOT_JOB
android.intent.action.BOOT_COMPLETED

np.т

android.accessibilityservice.AccessibilityService

np.߸

android.service.notification.NotificationListenerService

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

com.example.mysoul

com.example.mysoul.LvqamcfdCyueQlieyk

Activities

com.example.mysoul.LvqamcfdCyueQlieyk

np.ఁ

Permissions

Receivers

np.ౄ

np.ு

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.diagnostics.DiagnosticsReceiver

Services

com.example.mysoul.YgzifpAzsbquy

np.ృ

np.т

np.߸

We care about your privacy.