zanubis | 95242e1d105de9c33b2c9d8a9514f58327ca32d7d24af9af19ff3f0d075ea451

General

Target

95242e1d105de9c33b2c9d8a9514f58327ca32d7d24af9af19ff3f0d075ea451
Size

4.0MB
MD5

e7495ddd6f4e5c686c2ee68b3db91f9b
SHA1

74c03b47d0449e08ef9e645e79aaada5e0aedc9d
SHA256

95242e1d105de9c33b2c9d8a9514f58327ca32d7d24af9af19ff3f0d075ea451
SHA512

4d264b89c483007789525c7f367d890a40f87755f18e7872065dd4e53d07065b6fa973726e234dc1113358aea7cb267d13bf956b85eeb4714dc14da2662b0888
SSDEEP

98304:a33L6bd2ofrZh/urhQuzI6TZS+DixH8bU4bFLzbcHezk:c67ky4To+mgU4bFLA

Score

10^/10

zanubis

Malware Config

Extracted

Family

zanubis

C2

92.38.132.217

Signatures

Zanubis family
zanubis

Requests dangerous framework permissions 13 IoCs

Processes:

description	ioc
Allows read access to the device's phone number(s).	android.permission.READ_PHONE_NUMBERS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to receive WAP push messages.	android.permission.RECEIVE_WAP_PUSH
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to monitor incoming MMS messages.	android.permission.RECEIVE_MMS
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to record audio.	android.permission.RECORD_AUDIO

Files

95242e1d105de9c33b2c9d8a9514f58327ca32d7d24af9af19ff3f0d075ea451
.apk android

com.personal.pdf

com.personal.pdf.vistas.MainActivity

Activities

com.personal.pdf.vistas.VistaAlerta

com.personal.pdf.vistas.VistaAlerta

com.personal.pdf.vistas.MainActivity

android.intent.action.MAIN

com.personal.pdf.vistas.VistaSmsActivity

android.intent.action.SEND
android.intent.action.SENDTO

Permissions

android.permission.SYSTEM_ALERT_WINDOW
android.permission.INTERNET
android.permission.ACCESS_WIFI_STATE
android.permission.READ_PHONE_NUMBERS
android.permission.READ_CONTACTS
android.permission.WRITE_CONTACTS
android.permission.READ_PHONE_STATE
android.permission.RECEIVE_WAP_PUSH
android.permission.WRITE_SYNC_SETTINGS
android.permission.READ_SMS
android.permission.RECEIVE_SMS
android.permission.SEND_SMS
android.permission.RECEIVE_MMS
android.permission.READ_MMS
android.permission.SEND_MMS
android.permission.WAKE_LOCK
android.permission.FOREGROUND_SERVICE
android.permission.GET_TASKS
android.permission.WRITE_SMS
android.permission.PACKAGE_USAGE_STATS
android.permission.ACCESS_NETWORK_STATE
android.permission.CALL_PHONE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.RECORD_AUDIO
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.WRITE_SECURE_SETTINGS
android.permission.SEND_SMS_NO_CONFIRMATION
android.permission.SEND_RESPOND_VIA_MESSAGE
android.permission.READ_PRIVILEGED_PHONE_STATE

Receivers

com.personal.pdf.servicio.SrvSmsReciever

android.provider.Telephony.SMS_DELIVER
android.provider.Telephony.SMS_RECEIVED

com.personal.pdf.servicio.SrvMmsReciever

android.provider.Telephony.WAP_PUSH_DELIVER

Services

com.personal.pdf.servicio.SrvAccesibilidad

android.accessibilityservice.AccessibilityService

com.personal.pdf.servicio.SrvHeaderSms

android.intent.action.RESPOND_VIA_MESSAGE

95242e1d105de9c33b2c9d8a9514f58327ca32d7d24af9af19ff3f0d075ea451

Permissions

android.permission.SYSTEM_ALERT_WINDOW

android.permission.INTERNET

android.permission.ACCESS_WIFI_STATE

android.permission.READ_PHONE_NUMBERS

android.permission.READ_CONTACTS

android.permission.WRITE_CONTACTS

android.permission.READ_PHONE_STATE

android.permission.RECEIVE_WAP_PUSH

android.permission.WRITE_SYNC_SETTINGS

android.permission.READ_SMS

android.permission.RECEIVE_SMS

android.permission.SEND_SMS

android.permission.RECEIVE_MMS

android.permission.READ_MMS

android.permission.SEND_MMS

android.permission.WAKE_LOCK

android.permission.FOREGROUND_SERVICE

android.permission.GET_TASKS

android.permission.WRITE_SMS

android.permission.PACKAGE_USAGE_STATS

android.permission.ACCESS_NETWORK_STATE

android.permission.CALL_PHONE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.READ_EXTERNAL_STORAGE

android.permission.RECORD_AUDIO

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

android.permission.WRITE_SECURE_SETTINGS

android.permission.SEND_SMS_NO_CONFIRMATION

android.permission.SEND_RESPOND_VIA_MESSAGE

android.permission.READ_PRIVILEGED_PHONE_STATE

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

com.personal.pdf

com.personal.pdf.vistas.MainActivity

Activities

com.personal.pdf.vistas.VistaAlerta

com.personal.pdf.vistas.MainActivity

com.personal.pdf.vistas.VistaSmsActivity

Permissions

Receivers

com.personal.pdf.servicio.SrvSmsReciever

com.personal.pdf.servicio.SrvMmsReciever

Services

com.personal.pdf.servicio.SrvAccesibilidad

com.personal.pdf.servicio.SrvHeaderSms

Android Permissions

95242e1d105de9c33b2c9d8a9514f58327ca32d7d24af9af19ff3f0d075ea451