582156e64fc687271f09d8577d30bc12f37902241ced0c64fa810845420dc695[.]zip

General

Target

582156e64fc687271f09d8577d30bc12f37902241ced0c64fa810845420dc695.zip
Size

1.6MB
MD5

3b68799b8c0650ffbe8de15c3ffd78ad
SHA1

249ba6d1b5d82c366af8457288ffe91f927ab8fb
SHA256

582156e64fc687271f09d8577d30bc12f37902241ced0c64fa810845420dc695
SHA512

39c15791aaa705cba7ae4b4e9b43ba72796d0dcf1f5162ed120ec69b15f5ce41ba6ba4ae759a4d1e43ad6eb5d708a34c78f33610d21f64a28db0f8776ec4534e
SSDEEP

24576:BI/k1zV95akAwunps+iLNIy1JLjz+u07MKXhXF3Q233e9U6jNbx:BhhakA2LBbL3Alh1p3Khbx

Score

6^/10

Malware Config

Signatures

Declares broadcast receivers with permission to handle system events 1 IoCs

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Declares services with permission to bind to the system 2 IoCs

description	ioc
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device.	android.permission.BIND_NOTIFICATION_LISTENER_SERVICE
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE

Requests dangerous framework permissions 11 IoCs

description	ioc
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether.	android.permission.PROCESS_OUTGOING_CALLS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS

Files

582156e64fc687271f09d8577d30bc12f37902241ced0c64fa810845420dc695.zip
.zip

Password: infected
a754c35dd09677b0b96d8a0dad5c9c5fdd28abd8cf2d8d38a9bd945ca8362e02.apk
.apk android

pdziakegsnnorrznbluf.ippmb.jbdtaorzbbtfrkck

xtnhaws.mhtywjpxqwzrxfhcbgryxircem.kcpa.hlev

Activities

xtnhaws.mhtywjpxqwzrxfhcbgryxircem.kcpa.eyywynexogdd

android.intent.action.SEND
android.intent.action.SENDTO

xtnhaws.mhtywjpxqwzrxfhcbgryxircem.kcpa.hlev

android.intent.action.MAIN

Permissions

android.permission.RECEIVE_BOOT_COMPLETED
android.permission.PROCESS_OUTGOING_CALLS
android.permission.USE_FULL_SCREEN_INTENT
android.permission.READ_PHONE_STATE
android.permission.WAKE_LOCK
android.permission.READ_EXTERNAL_STORAGE
android.permission.ACCESS_NETWORK_STATE
android.permission.REORDER_TASKS
android.permission.BROADCAST_STICKY
android.permission.FOREGROUND_SERVICE
android.permission.RECORD_AUDIO
android.permission.REQUEST_COMPANION_RUN_IN_BACKGROUND
android.permission.GET_ACCOUNTS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.INTERNET
android.permission.CALL_PHONE
android.permission.READ_CONTACTS
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.SEND_SMS
android.permission.READ_SMS
android.permission.RECEIVE_SMS

Receivers

xtnhaws.mhtywjpxqwzrxfhcbgryxircem.kcpa.uzgpnfig

android.provider.Telephony.WAP_PUSH_DELIVER

xtnhaws.mhtywjpxqwzrxfhcbgryxircem.kcpa.vomegeibwktmsotl

android.app.action.DEVICE_ADMIN_DISABLED
android.app.action.ACTION_DEVICE_ADMIN_DISABLE_REQUESTED
android.app.action.DEVICE_ADMIN_ENABLED

xtnhaws.mhtywjpxqwzrxfhcbgryxircem.kcpa.ovyxknyixvvq

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
android.provider.Telephony.SMS_RECEIVED
com.htc.intent.action.QUICKBOOT_POWERON
android.intent.action.USER_PRESENT
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.provider.Telephony.SMS_DELIVER

Services

xtnhaws.mhtywjpxqwzrxfhcbgryxircem.kcpa.wtxb

android.service.notification.NotificationListenerService

xtnhaws.mhtywjpxqwzrxfhcbgryxircem.kcpa.bbstgakqkjcyaore

android.intent.action.RESPOND_VIA_MESSAGE

xtnhaws.mhtywjpxqwzrxfhcbgryxircem.kcpa.hvpxrocrogfarep

android.accessibilityservice.AccessibilityService

Sharing

General

Malware Config

Signatures

Files

Password: infected

pdziakegsnnorrznbluf.ippmb.jbdtaorzbbtfrkck

xtnhaws.mhtywjpxqwzrxfhcbgryxircem.kcpa.hlev

Activities

xtnhaws.mhtywjpxqwzrxfhcbgryxircem.kcpa.eyywynexogdd

xtnhaws.mhtywjpxqwzrxfhcbgryxircem.kcpa.hlev

Permissions

Receivers

xtnhaws.mhtywjpxqwzrxfhcbgryxircem.kcpa.uzgpnfig

xtnhaws.mhtywjpxqwzrxfhcbgryxircem.kcpa.vomegeibwktmsotl

xtnhaws.mhtywjpxqwzrxfhcbgryxircem.kcpa.ovyxknyixvvq

Services

xtnhaws.mhtywjpxqwzrxfhcbgryxircem.kcpa.wtxb

xtnhaws.mhtywjpxqwzrxfhcbgryxircem.kcpa.bbstgakqkjcyaore

xtnhaws.mhtywjpxqwzrxfhcbgryxircem.kcpa.hvpxrocrogfarep