zscaler[.]com[.]zsoctmdm202022[.]apk

General

Target

zscaler.com.zsoctmdm202022.apk
Size

135.8MB
MD5

125eea4a0afd374ee5f52b2eec75553f
SHA1

64864bb81f42115677b1cf4c258e19b3d9a73b28
SHA256

90825c4c2780012f8f48387c14a33ded32512ace72db86ede625f4b03b35c80c
SHA512

b854b9b3356ad62cec324fbdd5d78d1ee769b3c204846fc1bf0f3eaec586e5eff2a9b63dcbcdc97d6fca51213f6e84b6f0d0f550572df81d98cee407d40c8a16
SSDEEP

1572864:paDoueYYOpmBZTahvjMSNi0NC9rLCnQnFuL9BdLVH6eq:pWGCnQnFuL7H0

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 3 IoCs

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS

Files

zscaler.com.zsoctmdm202022.apk
.apk android arch:arm64 arch:arm arch:x86 arch:x64

zscaler.com.zsoctmdm202022

com.zscaler.activities.MainActivity

Activities

com.zscaler.activities.MainActivity

android.intent.action.MAIN
android.intent.action.VIEW

Permissions

android.permission.FOREGROUND_SERVICE
android.permission.INTERNET
android.permission.ACCESS_WIFI_STATE
android.permission.READ_PHONE_STATE
android.permission.WAKE_LOCK
com.google.android.c2dm.permission.RECEIVE
android.permission.ACCESS_NETWORK_STATE
android.permission.RECEIVE_BOOT_COMPLETED
com.samsung.android.knox.permission.KNOX_ENTERPRISE_DEVICE_ADMIN
com.samsung.android.knox.permission.KNOX_APP_MGMT
com.samsung.android.knox.permission.KNOX_FIREWALL
com.samsung.android.knox.permission.KNOX_SECURITY
android.permission.sec.MDM_LICENSE_LOG
android.permission.REQUEST_DELETE_PACKAGES
android.permission.GET_ACCOUNTS
android.permission.READ_CONTACTS
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.POST_NOTIFICATIONS
android.permission.QUERY_ALL_PACKAGES
com.samsung.android.knox.permission.KNOX_APP_MGMT
com.samsung.android.knox.permission.KNOX_HW_CONTROL
com.samsung.android.knox.permission.KNOX_LICENSE_LOG
com.samsung.android.knox.permission.KNOX_CERT_PROVISIONING
com.samsung.android.knox.permission.KNOX_FIREWALL
com.samsung.android.knox.permission.KNOX_ENTERPRISE_DEVICE_ADMIN
com.google.android.gms.permission.AD_ID
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

Receivers

com.zscaler.receivers.UnlockEventReceiver

android.intent.action.USER_PRESENT
android.intent.action.ACTION_SCREEN_ON

com.zscaler.receivers.KnoxAdminActivationReceiver

android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.DEVICE_ADMIN_DISABLED

com.zscaler.receivers.KnoxLicenseActivationReceiver

com.samsung.android.knox.intent.action.LICENSE_STATUS
com.samsung.android.knox.intent.action.KNOX_LICENSE_STATUS

com.zscaler.receivers.BootFinishReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
android.intent.action.ACTION_LOCKED_BOOT_COMPLETED

com.zscaler.receivers.AppReplaceReceiver

android.intent.action.MY_PACKAGE_REPLACED
android.intent.action.PACKAGE_REPLACED

com.zscaler.receivers.VpnInteractionReceiver

com.zscaler.receivers.VpnInteractionReceiver.FILTER_VPN

Services

com.zscaler.services.VPNServices.ZscalerVPNService

android.net.VpnService

Android Permissions

zscaler.com.zsoctmdm202022.apk

Permissions

android.permission.FOREGROUND_SERVICE

android.permission.INTERNET

android.permission.ACCESS_WIFI_STATE

android.permission.READ_PHONE_STATE

android.permission.WAKE_LOCK

com.google.android.c2dm.permission.RECEIVE

android.permission.ACCESS_NETWORK_STATE

android.permission.RECEIVE_BOOT_COMPLETED

com.samsung.android.knox.permission.KNOX_ENTERPRISE_DEVICE_ADMIN

com.samsung.android.knox.permission.KNOX_APP_MGMT

com.samsung.android.knox.permission.KNOX_FIREWALL

com.samsung.android.knox.permission.KNOX_SECURITY

android.permission.sec.MDM_LICENSE_LOG

android.permission.REQUEST_DELETE_PACKAGES

android.permission.GET_ACCOUNTS

android.permission.READ_CONTACTS

android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

android.permission.POST_NOTIFICATIONS

android.permission.QUERY_ALL_PACKAGES

com.samsung.android.knox.permission.KNOX_APP_MGMT

com.samsung.android.knox.permission.KNOX_HW_CONTROL

com.samsung.android.knox.permission.KNOX_LICENSE_LOG

com.samsung.android.knox.permission.KNOX_CERT_PROVISIONING

com.samsung.android.knox.permission.KNOX_FIREWALL

com.samsung.android.knox.permission.KNOX_ENTERPRISE_DEVICE_ADMIN

com.google.android.gms.permission.AD_ID

com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

Sharing

General

Malware Config

Signatures

Files