2020-06-25 MA-788.062020 MyCERT Alert - Malicious Android APK theme Covid-19 targeting Malaysia users| Threat Intelligence Malaysia

📃Title: MA-788.062020: MyCERT Alert - Malicious Android APK theme Covid-19 targeting Malaysia users
📅Date: 2020-06-25
🔗References:

https://mycert.org.my/portal/advisory?id=MA-788.062020

🔖Rectifyq Taxonomies:

relevancy: 🔴 Highly Relevant
category: ⚔Threat
sub-category: campaign-analysis
target: targeted
MY-relevancy: relevant
topic: mobile-attack

🔖MISP Galaxies:

target-information=“Malaysia”
producer 4a61b42d-e3f0-4964-9d88-4aa96e24c31d
mitre-attack-pattern=[]

MISP event uuid: 5b86ba10-d505-42c8-9c28-b1d8ea01cbd9

Indicator of Compromise (IoCs)

type,value,comment
md5, 1974bd3c5efbe76fbfe58664c0906fa9, 'No sample in VT\r\nLast check:08/05/2025'
sha1, ed068afc2d41bed7c6e5f4a6f380431babd43a00, 'No sample in VT\r\nLast check:08/05/2025'
sha256, 13dcb880e3263363acef3c772178257490fe08ab31bc03e949bb8d4bad73d3f4, 'No sample in VT\r\nLast check:08/05/2025'
md5, 097f4b26211d6d50c3635147168710d2, 'No sample in VT\r\nLast check:08/05/2025'
sha1, 60895094b942c46926df2ca20b175f073b331552, 'No sample in VT\r\nLast check:08/05/2025'
sha256, 7aac3e2b9a9a044e54f8e1c0998ad48a4cc2fe9e6246a66d8f334d243bbe9523, 'No sample in VT\r\nLast check:08/05/2025'
md5, 4ab5a95e8443dd5a98bccff50a49d0cc, 'No sample in VT\r\nLast check:08/05/2025'
sha1, a8c709ff95ba07d79c4b61b3f1f2c99e6b578958, 'No sample in VT\r\nLast check:08/05/2025'
sha256, 9471fc333219acb41c7f39724aa117a6a6c771d536bd09570e06134fbdc427dd, 'No sample in VT\r\nLast check:08/05/2025'
md5, 086aa916e3de9133415dab0075deeced, 'No sample in VT\r\nLast check:08/05/2025'
sha1, c88487090bbf266aeac211a5aa50044ec3447785, 'No sample in VT\r\nLast check:08/05/2025'
sha256, 952381377ca43239b1105a89f9d0aa7fda11f51b488fb2fe4f4ac570b7829503, 'No sample in VT\r\nLast check:08/05/2025'
md5, 97d31fb3c830f7a441288e1853371c07, 'No sample in VT\r\nLast check:08/05/2025'
sha1, e0941fea65541fed509b25ccab37162ae3fc4857, 'No sample in VT\r\nLast check:08/05/2025'
sha256, acc88ccd3e39926086c173b094dca31b9ca79f70c34cbed52ea3d24e1797aac5, 'No sample in VT\r\nLast check:08/05/2025'
md5, 98fd5e686e897007f1625ed6850127b1, 'No sample in VT\r\nLast check:08/05/2025'
sha1, 6b55b2763bcf26008e004c40136e2f2fafd275f4, 'No sample in VT\r\nLast check:08/05/2025'
sha256, 298ec58a1d1d1ce242e9ffb3d44bfdcac2bea1fc3fdfa87e93742771edc2d44d, 'No sample in VT\r\nLast check:08/05/2025'
md5, cebc0c87d6426b595a3ff5bcc9af352a, 'No sample in VT\r\nLast check:08/05/2025'
sha1, 1e93d8c0d68a8cc53d91b15b74ab909531637961, 'No sample in VT\r\nLast check:08/05/2025'
sha256, 8a76716af58fe4dae5b4fab0c6dbbbf7ffb9f04786dfc1e64f45a46f8901f0d2, 'No sample in VT\r\nLast check:08/05/2025'
md5, 64a9c5b43dfde507de727ba7a2346d72, 'No sample in VT\r\nLast check:08/05/2025'
sha1, 8ffc913798760ca3256e9d096228cea26c8deb0e, 'No sample in VT\r\nLast check:08/05/2025'
sha256, 6c2461889c1387ceb7c80bb38f540ee88e651c971913528ecd818a2108135593, 'No sample in VT\r\nLast check:08/05/2025'
md5, 6f67733de9ed9cd26d4f74011e0c5b74, 'No sample in VT\r\nLast check:08/05/2025'
sha1, 00a3aed7d00164a61aa705d76678f70a54b13e31, 'No sample in VT\r\nLast check:08/05/2025'
sha256, 01260ca05c79ab84d0750c8b2b2e6ca79f46349b2ed698ab7cbe875bc2209f87, 'No sample in VT\r\nLast check:08/05/2025'
md5, a26286972e7ff06ffba100af1c1f8d4f, 'No sample in VT\r\nLast check:08/05/2025'
sha1, 7faf27c0c682c578c64405aa391c415a05279107, 'No sample in VT\r\nLast check:08/05/2025'
sha256, 9153637aef23e94409e37270c1bdd907a2a5d79c83a87309e2c5f5016fa896b1, 'No sample in VT\r\nLast check:08/05/2025'
md5, 6d59408703e9eb19686fd10d349a5319, 'No sample in VT\r\nLast check:08/05/2025'
sha1, 2dba2aa12f967220d124416ac5d19db7eac87dce, 'No sample in VT\r\nLast check:08/05/2025'
sha256, 5d9fff3e5cb62214a06493fc1b2c72494eab03cb8868d9a895e6980d4978d32e, 'No sample in VT\r\nLast check:08/05/2025'
domain, gladyobreic24e1s.top, 'C2'
domain, cabel1lan4ightice2.top, 'C2'
domain, fe2rltao23ts.top, 'C2'
domain, ucuzplastk.tk, 'C2'
ip-dst, 47.252.20.45, 'C2'
ip-dst, 148.66.159.235, 'C2'
url, https://defase241.s3.eu-central-1.amazonaws.com, 'This malware is hosted at'
url, https://fewfasdfwerta.s3.eu-central-1.amazonaws.com/StayAtHome.apk, 'This malware is hosted at'
url, https://stayinghomemalaysia.s3.eu-central-1.amazonaws.com/StayingHomeMalaysia.apk, 'This malware is hosted at'
url, https://fesastatre214s.s3.eu-central-1.amazonaws.com, 'This malware is hosted at'
url, https://20gbcampaings.tk/APK/20GBGift.apk, 'This malware is hosted at'

Full IOCs available in Rectifyq's MISP```

Rectifyq

Explorer

2020-06-25 MA-788.062020 MyCERT Alert - Malicious Android APK theme Covid-19 targeting Malaysia users

Indicator of Compromise (IoCs)

Graph View