0e88d98843377bab91dd2e081786f9152615b9d45ef32debcbfc99f2c94ef04c[.]zip

General

Target

0e88d98843377bab91dd2e081786f9152615b9d45ef32debcbfc99f2c94ef04c.zip
Size

3.9MB
MD5

9ec59710d45591d2c548f281447cd40f
SHA1

347bb4e88804395689d5e64594d8c8f3af4c6aad
SHA256

0e88d98843377bab91dd2e081786f9152615b9d45ef32debcbfc99f2c94ef04c
SHA512

6715e3eaf4beca60784ac5e0aa02791a89b7ffbc4543f6a6ed78bcbea1b22eae600f600a04741957a1159deac2d4a9bcc2c1e768f0eab67b75f6a21d39968212
SSDEEP

98304:tGgzqhkjSjUYLInr1LsXvxabFwF8B9H8j3PHWql9v1OrmNDuaXYEB:IgtjSFLI9sfIKFio3fjZImNDzXhB

Score

6^/10

Malware Config

Signatures

Declares services with permission to bind to the system 1 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE

Requests dangerous framework permissions 6 IoCs

description	ioc
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to monitor incoming MMS messages.	android.permission.RECEIVE_MMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS

Files

0e88d98843377bab91dd2e081786f9152615b9d45ef32debcbfc99f2c94ef04c.zip
.zip

Password: infected
b74b65f68641feb46d22fddb595fff57cba53f5e3d4d780f4b1bf9b2682a9230.apk
.apk android

cake.ice.reform

bubble.dwarf.vapor.ioaWNDIoaD

Activities

bubble.dwarf.vapor.ioaWNDIoaD

android.intent.action.MAIN

bubble.dwarf.vapor.opnoPAWNDioaNDW

android.intent.action.SEND
android.intent.action.SENDTO

Permissions

android.permission.READ_SMS
android.permission.WRITE_SMS
android.permission.WAKE_LOCK
android.permission.REQUEST_DELETE_PACKAGES
android.permission.SYSTEM_ALERT_WINDOW
android.permission.USE_FULL_SCREEN_INTENT
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.QUERY_ALL_PACKAGES
android.permission.SEND_SMS
android.permission.READ_PHONE_STATE
android.permission.REQUEST_COMPANION_USE_DATA_IN_BACKGROUND
android.permission.USE_BIOMETRIC
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.RECEIVE_MMS
android.permission.REQUEST_PASSWORD_COMPLEXITY
android.permission.VIBRATE
android.permission.INTERNET
android.permission.FOREGROUND_SERVICE
android.permission.RECEIVE_SMS

Receivers

bubble.dwarf.vapor.receiver.PPpaoJAOWPDjaw

android.provider.Telephony.SMS_RECEIVED
android.provider.Telephony.SMS_DELIVER

bubble.dwarf.vapor.receiver.AAOPnwoapdNOAWD

android.intent.action.INPUT_METHOD_CHANGED
android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
com.htc.intent.action.QUICKBOOT_POWERON
android.intent.action.USER_PRESENT
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.ACTION_PACKAGE_ADDED

bubble.dwarf.vapor.Poa5217Anaoid9ah5218ak

android.provider.Telephony.WAP_PUSH_DELIVER

Services

bubble.dwarf.vapor.Poa5202Anaoid9ah5203ak

android.intent.action.RESPOND_VIA_MESSAGE

bubble.dwarf.vapor.ioABoidawOanwDopaWND

android.accessibilityservice.AccessibilityService

Sharing

General

Malware Config

Signatures

Files

Password: infected

cake.ice.reform

bubble.dwarf.vapor.ioaWNDIoaD

Activities

bubble.dwarf.vapor.ioaWNDIoaD

bubble.dwarf.vapor.opnoPAWNDioaNDW

Permissions

Receivers

bubble.dwarf.vapor.receiver.PPpaoJAOWPDjaw

bubble.dwarf.vapor.receiver.AAOPnwoapdNOAWD

bubble.dwarf.vapor.Poa5217Anaoid9ah5218ak

Services

bubble.dwarf.vapor.Poa5202Anaoid9ah5203ak

bubble.dwarf.vapor.ioABoidawOanwDopaWND