8261206216[.]zip

General

Target

8261206216.zip
Size

8.9MB
MD5

b7f75322a5ae47dcbc0ae9c35930181f
SHA1

c999e7c030a56b39090a5506413565cead8fa779
SHA256

d89442b664d78a93eb087fd0269c7a7277e75633dc1247d6c9cd39cb03ab7cd3
SHA512

a9fc1ccf700ccf180dcebd9d099a6c895575632f884b9af727d6a87516184a7bf3f676d5df87a01c8320c2bda2a1f057fe9a3205e8a3946af83364b6134732f8
SSDEEP

196608:bKM/pn4RNUpI1oMhxuGe4iApjpB+cQKC/ngEH4RLoT:bdKRSpI1oM7uGjR+DKCvPH4RE

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 1 IoCs

description	ioc
Required to be able to access the camera device.	android.permission.CAMERA

Files

8261206216.zip
.zip

Password: infected
a2447364d1338b73a6272ba8028e2524a8f54897ad5495521e4fab9c0fd4df6d
.apk android

com.candlencom.candleprotest

com.candlencom.candleprotest.AppStartActivity

Activities

com.candlencom.candleprotest.AppStartActivity

android.intent.action.MAIN

Permissions

android.permission.CAMERA
android.permission.FLASHLIGHT
android.permission.FOREGROUND_SERVICE
android.permission.USE_FULL_SCREEN_INTENT
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.WAKE_LOCK
com.google.android.c2dm.permission.RECEIVE
com.candlencom.candleprotest.permission.C2D_MESSAGE
android.permission.RECEIVE_BOOT_COMPLETED
com.android.launcher.permission.INSTALL_SHORTCUT

Receivers

com.candlencom.candleprotest.AppWidget

android.appwidget.action.APPWIDGET_UPDATE
com.candlencom.candleprotest.AppWidget.ACTION_FLASH_ONOFF

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

com.liveposting.sitepostsdk.BootReceiver

android.intent.action.BOOT_COMPLETED

com.click.cas.DeviceBootReceiver

android.intent.action.BOOT_COMPLETED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

androidx.work.impl.diagnostics.DiagnosticsReceiver

androidx.work.diagnostics.REQUEST_DIAGNOSTICS

Services

com.candlencom.candleprotest.FCM.MyFirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.candlencom.candleprotest.FCM.MyFirebaseInstanceIDService

com.google.firebase.INSTANCE_ID_EVENT

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.google.firebase.iid.FirebaseInstanceIdService

com.google.firebase.INSTANCE_ID_EVENT

com.liveposting.sitepostsdk.component.DummyService

com.liveposting.livepostsdk.REPORT

Sharing

General

Malware Config

Signatures

Files

Password: infected

com.candlencom.candleprotest

com.candlencom.candleprotest.AppStartActivity

Activities

com.candlencom.candleprotest.AppStartActivity

Permissions

Receivers

com.candlencom.candleprotest.AppWidget

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.liveposting.sitepostsdk.BootReceiver

com.click.cas.DeviceBootReceiver

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.diagnostics.DiagnosticsReceiver

Services

com.candlencom.candleprotest.FCM.MyFirebaseMessagingService

com.candlencom.candleprotest.FCM.MyFirebaseInstanceIDService

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.iid.FirebaseInstanceIdService

com.liveposting.sitepostsdk.component.DummyService