Friday, 4 August 2017

More Bankers in Google Play Store






Sample Info (com.nuclear.bat)

Hash (SHA256): 14a191384f3111360a6809d7876039f91dc90508add0c987ff15957de1276423
Package Name: com.nuclear.bat
Cert (SHA1): 395d44197e74d43751c3fa7f57f114049555f14a
Version Name: 1.1
Version Code: 1
minSdkVersion: 21
TargetSdkVersion: 21
Number of Services: 8
APK Size: 1338448


Functions



Emulator and locale checks. It will not run if it is inside an emulator or on devices that are in RU (Russia), UA (Ukraine) or BY (Belarus).


C&C panel (online) -  194.87.97.170:8563

Strings

c.a  > http://194.87.97.170:8563/
c.b  >  nuclear_bat
c.c  >  2haGczu12.zip
c.d  >  eDMTfX96JUUv
c.e  >  H2yyK2bbEVaR
c.f  >  2kKq3ow4O9VD
c.g  >  fire
c.h  >  mod
c.i  >  vers
c.j  >  loc
c.k  >  app
c.l  >  dr
c.m  >  app5
c.n  >  zU
c.o  >  date
c.p  >  msg
c.q  >  nmTask
c.r  >  taskBody
c.s  >  incom
c.t  >  pcgM
c.u  >  LibsdownloadError
c.v  >  Libsdownloadedsuccessfullyandunpacked
c.w  >  IamOnline
c.x  >  NotificationJSONdataerror
c.y  >  HTMLloadFAILED
c.z  >  HTMLloadSUCCESSFUL
c.A  >  ICONloadFAILED
c.B  >  NotificationisNOTSHOWED
c.C  >  NotificationshowedSUCCESSFULttl
c.D  >  msg
c.E  >  getpcgmapFAILURE
c.F  >  AUTOCOMPLETED
c.G  >  AUTOSTARTEDSUCCESSFULLY
c.H  >  DeviceupdatingSTARTED
c.I  >  DeviceupdatingSTOPPED
c.J  >  Preparingtoupgrade.
c.K  >  Androidisupgrading...
c.L  >  DownloadingGoogleRepositoryrev.42.0.1
c.M  >  ExtractingGoogleRepositoryrev.42.0.1
c.N  >  DownloadingGooglePlayServicesrev.42.0.1
c.O  >  ExtractingGooglePlayServicesrev.42.0.1
c.P  >  DownloadingGooglePlayAPKExpansionLibrary
c.Q  >  ExtractingGooglePlayAPKExpansionLibrary
c.R  >  DownloadingGooglePlayLicensingLibrary
c.S  >  ExtractingGooglePlayLicensingLibrary
c.T  >  DownloadingGooglePlayBillingLibrary
c.U  >  ExtractingGooglePlayBillingLibrary
c.V  >  DownloadingAndroidNdkv7aBundle
c.W  >  ExtractingAndroidNdkv7aBundle
c.X  >  Optimisingapp
c.Y  >  of246.
c.Z  >  content://sms/inbox
c.aa  >  date
c.ab  >  address
c.ac  >  body
c.ad  >  SMSfrom:
c.ae  >  SMSbody:
c.af  >  NEWINCOMMINGSMSMESSAGE

Emulator Checks (code)

int v0 = (Build.PRODUCT.contains(e.d())) || (Build.PRODUCT.contains("google_sdk")) || (Build
                .PRODUCT.contains("Droid4X")) || (Build.PRODUCT.contains("sdk_x86")) || (Build.PRODUCT
                .contains("sdk_google")) || (Build.PRODUCT.contains("vbox86p")) ? 1 : 0;
        if((Build.MANUFACTURER.equals(e.h())) || (Build.MANUFACTURER.equals("Genymotion"))) {
            ++v0;
        }

        if((Build.BRAND.equals("generic")) || (Build.BRAND.equals("generic_x86"))) {
            ++v0;
        }

        if((Build.DEVICE.contains("generic")) || (Build.DEVICE.contains("generic_x86")) || (Build.DEVICE
                .contains("Droid4X")) || (Build.DEVICE.contains("generic_x86_64")) || (Build.DEVICE.
                contains("vbox86p"))) {
            ++v0;
        }

        if((Build.MODEL.equals(e.d())) || (Build.MODEL.equals("google_sdk")) || (Build.MODEL.contains(
                "Droid4X")) || (Build.MODEL.equals("Android SDK built for x86_64")) || (Build.MODEL.
                equals("Android SDK built for x86"))) {
            ++v0;
        }

        if((Build.HARDWARE.equals("goldfish")) || (Build.HARDWARE.equals("vbox86"))) {
            ++v0;
        }

        if((Build.FINGERPRINT.contains("generic/sdk/generic")) || (Build.FINGERPRINT.contains("generic_x86/sdk_x86/generic_x86"))
                 || (Build.FINGERPRINT.contains("generic_x86_64")) || (Build.FINGERPRINT.contains("generic/google_sdk/generic"))
                 || (Build.FINGERPRINT.contains("vbox86p")) || (Build.FINGERPRINT.contains("generic/vbox86p/vbox86p"))
                ) {
            ++v0;
        }

SQL Database Structure

BEGIN TRANSACTION;
CREATE TABLE unmasked_credit_cards (id VARCHAR,card_number_encrypted VARCHAR, use_count INTEGER NOT NULL DEFAULT 0, use_date INTEGER NOT NULL DEFAULT 0, unmask_date INTEGER NOT NULL DEFAULT 0);
CREATE TABLE server_card_metadata (id VARCHAR NOT NULL,use_count INTEGER NOT NULL DEFAULT 0, use_date INTEGER NOT NULL DEFAULT 0);
CREATE TABLE server_addresses (id VARCHAR,company_name VARCHAR,street_address VARCHAR,address_1 VARCHAR,address_2 VARCHAR,address_3 VARCHAR,address_4 VARCHAR,postal_code VARCHAR,sorting_code VARCHAR,country_code VARCHAR,language_code VARCHAR, recipient_name VARCHAR, phone_number VARCHAR);
CREATE TABLE server_address_metadata (id VARCHAR NOT NULL,use_count INTEGER NOT NULL DEFAULT 0, use_date INTEGER NOT NULL DEFAULT 0);
CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY, value LONGVARCHAR);
INSERT INTO `meta` VALUES ('version','65');
INSERT INTO `meta` VALUES ('last_compatible_version','61');
CREATE TABLE masked_credit_cards (id VARCHAR,status VARCHAR,name_on_card VARCHAR,type VARCHAR,last_four VARCHAR,exp_month INTEGER DEFAULT 0,exp_year INTEGER DEFAULT 0);
CREATE TABLE credit_cards ( guid VARCHAR PRIMARY KEY, name_on_card VARCHAR, expiration_month INTEGER, expiration_year INTEGER, card_number_encrypted BLOB, date_modified INTEGER NOT NULL DEFAULT 0, origin VARCHAR DEFAULT '', use_count INTEGER NOT NULL DEFAULT 0, use_date INTEGER NOT NULL DEFAULT 0);
CREATE TABLE autofill_profiles_trash ( guid VARCHAR);
CREATE TABLE autofill_profiles ( guid VARCHAR PRIMARY KEY, company_name VARCHAR, street_address VARCHAR, dependent_locality VARCHAR, city VARCHAR, state VARCHAR, zipcode VARCHAR, sorting_code VARCHAR, country_code VARCHAR, date_modified INTEGER NOT NULL DEFAULT 0, origin VARCHAR DEFAULT '', language_code VARCHAR, use_count INTEGER NOT NULL DEFAULT 0, use_date INTEGER NOT NULL DEFAULT 0);
CREATE TABLE autofill_profile_phones ( guid VARCHAR, number VARCHAR);
CREATE TABLE autofill_profile_names ( guid VARCHAR, first_name VARCHAR, middle_name VARCHAR, last_name VARCHAR, full_name VARCHAR);
CREATE TABLE autofill_profile_emails ( guid VARCHAR, email VARCHAR);
CREATE TABLE autofill (name VARCHAR, value VARCHAR, value_lower VARCHAR, date_created INTEGER DEFAULT 0, date_last_used INTEGER DEFAULT 0, count INTEGER DEFAULT 1, PRIMARY KEY (name, value));
CREATE INDEX autofill_name_value_lower ON autofill (name, value_lower);
CREATE INDEX autofill_name ON autofill (name);
COMMIT;

Google Play Store

Developer: shashware@gmail.com








Sample Info (com.larga.bat)

Package Name: com.larga.bat
Cert (SHA1): 786162db358bfd94dfae0e1456609382aadb1418
Version Name: 1.1
Version Code: 1
minSdkVersion: 21
TargetSdkVersion: 21
Number of Services: 8
APK Size: 1411797

C&C panel (online) - 194.87.97.170:8563


Google Play Store

Developer: creedwarez@gmail.com

No comments:

Post a comment