ajina | 8fe35ea110d17dbfe0fbfaf3a6e1d65750186df7fcfb4588cb4f2e1a9dcc9359[.]bin

General

Target

8fe35ea110d17dbfe0fbfaf3a6e1d65750186df7fcfb4588cb4f2e1a9dcc9359.bin
Size

2.4MB
MD5

9fbcb698807a67839a0fc2fa03fcbbbe
SHA1

9132d883878eb914d13e19b002cb6dae6e707a3d
SHA256

8fe35ea110d17dbfe0fbfaf3a6e1d65750186df7fcfb4588cb4f2e1a9dcc9359
SHA512

03c5161d042426ea53303258163c4bf7ba18d82f41b3d5b2a616373e350739240b5627dbd3f9bdf8f1f7ab0d121816396465ff7c6e677db8fa8240e986eba4e0
SSDEEP

49152:sfyVLW6x6q6rdn6AwdPKBCh0lP5HcXH418RCMmZGpyPGYgD7H/6/w5H:zVLZxNerMPKBCh0JSXM8RCMmZSbbDr6k

Score

10^/10

ajina

Malware Config

Extracted

Family

ajina

C2

46.226.161.17:8080

Attributes

target_apps
air.com.ssdsoftwaresolutions.clickuz

am.easypay.easywallet

am.imwallet.android

am.mts.mobidram

am.upay.android

app.ab.banking

arca.am.arca

az.anipay.usermbanking

az.cib.app

az.epul.technopay.android

az.portmanat.app

az.portmanat.newapp

az.pulpal

az.tezpay.app

com.binance.dev

com.eg.android.AlipayGphone

com.fastshift.wallet

com.haypost.haypost_mobile

com.intervale.baitushum

com.ipc_app

com.kp.kompanion

com.kp.megapay.kg

com.m10

com.maanavan.mb_kyrgyzstan

com.mbf.fsclient_android

com.moneybookers.skrillpayments

com.ofss.digx.mobile.android.allied

com.pyypl

com.safaroff.million_android

com.wefawvevw.app

expressbank.wallet.expresspay

hesab.az

is.siminn.siminnpay

kg.o.nurtelecom

kg.rsk.mb

kz.optimabank.optima

lt.lemonlabs.android.paysera

mpay.emanat

namba.wallet.nambaone

net.kicb.ibankprod

nsp.solutions.kassam

ru.deltapay.puntopago.telcell

ru.mitapp.beeline_wallet

ru.tsk.ftc.bender.qpay

ru.yoo.yoomoney

uz.dida.payme

uz.marokand.upay

uz.paynet.app

uz.paynet.flagship_mobile

uz.soliq.mobile

uz.tune.tenge

Signatures

Ajina family
ajina

Declares services with permission to bind to the system 1 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE

Requests dangerous framework permissions 9 IoCs

description	ioc
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows read access to the device's phone number(s).	android.permission.READ_PHONE_NUMBERS
Allows an application to read the user's call log.	android.permission.READ_CALL_LOG
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS

Files

8fe35ea110d17dbfe0fbfaf3a6e1d65750186df7fcfb4588cb4f2e1a9dcc9359.bin
.apk android

basoskuf.or.shedevroprofilnik

basoskuf.or.shedevroprofilnik.ui.MainActivity

Activities

basoskuf.or.shedevroprofilnik.ui.MainActivity

android.intent.action.MAIN

Permissions

oppo.permission.OPPO_COMPONENT_SAFE
com.huawei.permission.external_app_settings.USE_COMPONENT
android.permission.CALL_PHONE
android.permission.READ_PHONE_NUMBERS
android.permission.READ_CALL_LOG
android.permission.READ_CONTACTS
android.permission.GET_ACCOUNTS
android.permission.READ_PHONE_STATE
android.permission.READ_SMS
android.permission.RECEIVE_SMS
android.permission.SEND_SMS
android.permission.INTERNET
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.RECEIVE_BOOT_COMPLETED
basoskuf.or.shedevroprofilnik.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

Receivers

basoskuf.or.shedevroprofilnik.core.MainReciever

android.provider.Telephony.SMS_RECEIVED
android.provider.Telephony.SMS_CB_RECEIVED
android.intent.action.DATA_SMS_RECEIVED
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.ACTION_SHUTDOWN
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.net.conn.CONNECTIVITY_CHANGE
android.net.wifi.WIFI_STATE_CHANGED
android.intent.action.AIRPLANE_MODE
android.intent.action.SCREEN_ON
android.intent.action.SCREEN_OFF
android.intent.action.QUICKBOOT_POWERON
android.intent.action.BOOT_COMPLETED
android.intent.action.LOCKED_BOOT_COMPLETED
com.htc.action.QUICKBOOT_POWERON
android.intent.action.REBOOT
android.intent.action.BATTERY_OKAY
android.intent.action.DATE_CHANGED

androidx.profileinstaller.ProfileInstallReceiver

androidx.profileinstaller.action.INSTALL_PROFILE
androidx.profileinstaller.action.SKIP_FILE
androidx.profileinstaller.action.SAVE_PROFILE
androidx.profileinstaller.action.BENCHMARK_OPERATION

Services

basoskuf.or.shedevroprofilnik.core.MainAccessibilityService

android.accessibilityservice.AccessibilityService

Android Permissions

8fe35ea110d17dbfe0fbfaf3a6e1d65750186df7fcfb4588cb4f2e1a9dcc9359.bin

Permissions

oppo.permission.OPPO_COMPONENT_SAFE

com.huawei.permission.external_app_settings.USE_COMPONENT

android.permission.CALL_PHONE

android.permission.READ_PHONE_NUMBERS

android.permission.READ_CALL_LOG

android.permission.READ_CONTACTS

android.permission.GET_ACCOUNTS

android.permission.READ_PHONE_STATE

android.permission.READ_SMS

android.permission.RECEIVE_SMS

android.permission.SEND_SMS

android.permission.INTERNET

android.permission.ACCESS_WIFI_STATE

android.permission.ACCESS_NETWORK_STATE

android.permission.RECEIVE_BOOT_COMPLETED

basoskuf.or.shedevroprofilnik.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

Sharing

General

Malware Config

Extracted

Signatures

Files

basoskuf.or.shedevroprofilnik

basoskuf.or.shedevroprofilnik.ui.MainActivity

Activities

basoskuf.or.shedevroprofilnik.ui.MainActivity

Permissions

Receivers

basoskuf.or.shedevroprofilnik.core.MainReciever

androidx.profileinstaller.ProfileInstallReceiver

Services

basoskuf.or.shedevroprofilnik.core.MainAccessibilityService

Android Permissions

8fe35ea110d17dbfe0fbfaf3a6e1d65750186df7fcfb4588cb4f2e1a9dcc9359.bin

We care about your privacy.