Sample Info (com.nuclear.bat)
Hash (SHA256): 14a191384f3111360a6809d7876039f91dc90508add0c987ff15957de1276423
Package Name: com.nuclear.bat
Cert (SHA1): 395d44197e74d43751c3fa7f57f114049555f14a
Version Name: 1.1
Version Code: 1
minSdkVersion: 21
TargetSdkVersion: 21
Number of Services: 8
APK Size: 1338448
Version Code: 1
minSdkVersion: 21
TargetSdkVersion: 21
Number of Services: 8
APK Size: 1338448
Functions
Emulator and locale checks. It will not run if it is inside an emulator or on devices that are in RU (Russia), UA (Ukraine) or BY (Belarus).
C&C panel (online) - 194.87.97.170:8563
Strings
c.a > http://194.87.97.170:8563/ c.b > nuclear_bat c.c > 2haGczu12.zip c.d > eDMTfX96JUUv c.e > H2yyK2bbEVaR c.f > 2kKq3ow4O9VD c.g > fire c.h > mod c.i > vers c.j > loc c.k > app c.l > dr c.m > app5 c.n > zU c.o > date c.p > msg c.q > nmTask c.r > taskBody c.s > incom c.t > pcgM c.u > LibsdownloadError c.v > Libsdownloadedsuccessfullyandunpacked c.w > IamOnline c.x > NotificationJSONdataerror c.y > HTMLloadFAILED c.z > HTMLloadSUCCESSFUL c.A > ICONloadFAILED c.B > NotificationisNOTSHOWED c.C > NotificationshowedSUCCESSFULttl c.D > msg c.E > getpcgmapFAILURE c.F > AUTOCOMPLETED c.G > AUTOSTARTEDSUCCESSFULLY c.H > DeviceupdatingSTARTED c.I > DeviceupdatingSTOPPED c.J > Preparingtoupgrade. c.K > Androidisupgrading... c.L > DownloadingGoogleRepositoryrev.42.0.1 c.M > ExtractingGoogleRepositoryrev.42.0.1 c.N > DownloadingGooglePlayServicesrev.42.0.1 c.O > ExtractingGooglePlayServicesrev.42.0.1 c.P > DownloadingGooglePlayAPKExpansionLibrary c.Q > ExtractingGooglePlayAPKExpansionLibrary c.R > DownloadingGooglePlayLicensingLibrary c.S > ExtractingGooglePlayLicensingLibrary c.T > DownloadingGooglePlayBillingLibrary c.U > ExtractingGooglePlayBillingLibrary c.V > DownloadingAndroidNdkv7aBundle c.W > ExtractingAndroidNdkv7aBundle c.X > Optimisingapp c.Y > of246. c.Z > content://sms/inbox c.aa > date c.ab > address c.ac > body c.ad > SMSfrom: c.ae > SMSbody: c.af > NEWINCOMMINGSMSMESSAGE
Emulator Checks (code)
int v0 = (Build.PRODUCT.contains(e.d())) || (Build.PRODUCT.contains("google_sdk")) || (Build .PRODUCT.contains("Droid4X")) || (Build.PRODUCT.contains("sdk_x86")) || (Build.PRODUCT .contains("sdk_google")) || (Build.PRODUCT.contains("vbox86p")) ? 1 : 0; if((Build.MANUFACTURER.equals(e.h())) || (Build.MANUFACTURER.equals("Genymotion"))) { ++v0; } if((Build.BRAND.equals("generic")) || (Build.BRAND.equals("generic_x86"))) { ++v0; } if((Build.DEVICE.contains("generic")) || (Build.DEVICE.contains("generic_x86")) || (Build.DEVICE .contains("Droid4X")) || (Build.DEVICE.contains("generic_x86_64")) || (Build.DEVICE. contains("vbox86p"))) { ++v0; } if((Build.MODEL.equals(e.d())) || (Build.MODEL.equals("google_sdk")) || (Build.MODEL.contains( "Droid4X")) || (Build.MODEL.equals("Android SDK built for x86_64")) || (Build.MODEL. equals("Android SDK built for x86"))) { ++v0; } if((Build.HARDWARE.equals("goldfish")) || (Build.HARDWARE.equals("vbox86"))) { ++v0; } if((Build.FINGERPRINT.contains("generic/sdk/generic")) || (Build.FINGERPRINT.contains("generic_x86/sdk_x86/generic_x86")) || (Build.FINGERPRINT.contains("generic_x86_64")) || (Build.FINGERPRINT.contains("generic/google_sdk/generic")) || (Build.FINGERPRINT.contains("vbox86p")) || (Build.FINGERPRINT.contains("generic/vbox86p/vbox86p")) ) { ++v0; }
SQL Database Structure
BEGIN TRANSACTION; CREATE TABLE unmasked_credit_cards (id VARCHAR,card_number_encrypted VARCHAR, use_count INTEGER NOT NULL DEFAULT 0, use_date INTEGER NOT NULL DEFAULT 0, unmask_date INTEGER NOT NULL DEFAULT 0); CREATE TABLE server_card_metadata (id VARCHAR NOT NULL,use_count INTEGER NOT NULL DEFAULT 0, use_date INTEGER NOT NULL DEFAULT 0); CREATE TABLE server_addresses (id VARCHAR,company_name VARCHAR,street_address VARCHAR,address_1 VARCHAR,address_2 VARCHAR,address_3 VARCHAR,address_4 VARCHAR,postal_code VARCHAR,sorting_code VARCHAR,country_code VARCHAR,language_code VARCHAR, recipient_name VARCHAR, phone_number VARCHAR); CREATE TABLE server_address_metadata (id VARCHAR NOT NULL,use_count INTEGER NOT NULL DEFAULT 0, use_date INTEGER NOT NULL DEFAULT 0); CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY, value LONGVARCHAR); INSERT INTO `meta` VALUES ('version','65'); INSERT INTO `meta` VALUES ('last_compatible_version','61'); CREATE TABLE masked_credit_cards (id VARCHAR,status VARCHAR,name_on_card VARCHAR,type VARCHAR,last_four VARCHAR,exp_month INTEGER DEFAULT 0,exp_year INTEGER DEFAULT 0); CREATE TABLE credit_cards ( guid VARCHAR PRIMARY KEY, name_on_card VARCHAR, expiration_month INTEGER, expiration_year INTEGER, card_number_encrypted BLOB, date_modified INTEGER NOT NULL DEFAULT 0, origin VARCHAR DEFAULT '', use_count INTEGER NOT NULL DEFAULT 0, use_date INTEGER NOT NULL DEFAULT 0); CREATE TABLE autofill_profiles_trash ( guid VARCHAR); CREATE TABLE autofill_profiles ( guid VARCHAR PRIMARY KEY, company_name VARCHAR, street_address VARCHAR, dependent_locality VARCHAR, city VARCHAR, state VARCHAR, zipcode VARCHAR, sorting_code VARCHAR, country_code VARCHAR, date_modified INTEGER NOT NULL DEFAULT 0, origin VARCHAR DEFAULT '', language_code VARCHAR, use_count INTEGER NOT NULL DEFAULT 0, use_date INTEGER NOT NULL DEFAULT 0); CREATE TABLE autofill_profile_phones ( guid VARCHAR, number VARCHAR); CREATE TABLE autofill_profile_names ( guid VARCHAR, first_name VARCHAR, middle_name VARCHAR, last_name VARCHAR, full_name VARCHAR); CREATE TABLE autofill_profile_emails ( guid VARCHAR, email VARCHAR); CREATE TABLE autofill (name VARCHAR, value VARCHAR, value_lower VARCHAR, date_created INTEGER DEFAULT 0, date_last_used INTEGER DEFAULT 0, count INTEGER DEFAULT 1, PRIMARY KEY (name, value)); CREATE INDEX autofill_name_value_lower ON autofill (name, value_lower); CREATE INDEX autofill_name ON autofill (name); COMMIT;
Google Play Store
Developer: shashware@gmail.com
Sample Info (com.larga.bat)
Package Name: com.larga.bat
Cert (SHA1): 786162db358bfd94dfae0e1456609382aadb1418
Version Name: 1.1
Version Code: 1
minSdkVersion: 21
TargetSdkVersion: 21
Number of Services: 8
APK Size: 1411797
Version Code: 1
minSdkVersion: 21
TargetSdkVersion: 21
Number of Services: 8
APK Size: 1411797
Google Play Store
Developer: creedwarez@gmail.com
No comments:
Post a Comment