f28ad3c7ac67710880ca9a4715b694454a88ced14e7969ec32cc3981dc3ce701

General

Target

f28ad3c7ac67710880ca9a4715b694454a88ced14e7969ec32cc3981dc3ce701
Size

73.5MB
MD5

49e2eb29752ab78707abb1abdf8085e5
SHA1

ab483f602065ae23b8137b74030d272d8caf2f45
SHA256

f28ad3c7ac67710880ca9a4715b694454a88ced14e7969ec32cc3981dc3ce701
SHA512

f716426d839625ff7b55e45d3fa91387d93ad19f3d46d0da8d3957f7ae643a0b20a25678fb0d24b5151478154efe6809b5f706188dd9ada9361b3f645360180b
SSDEEP

1572864:7dkdHLqe9W5cXFXBy6kgRXmssN+bZRWeMbaCkQ++7J1gbgGxNDP1gjP+uPhrMs:RaHLqeE5cXFggRWPN+bW8uJijtgjxJ

Score

8^/10

Malware Config

Signatures

Patched UPX-packed file 2 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

Processes:

resource	yara_rule
sample	patched_upx
sample	patched_upx

Requests dangerous framework permissions 10 IoCs

Processes:

description	ioc
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to record audio.	android.permission.RECORD_AUDIO
Required to be able to connect to paired Bluetooth devices.	android.permission.BLUETOOTH_CONNECT

Files

f28ad3c7ac67710880ca9a4715b694454a88ced14e7969ec32cc3981dc3ce701
.apk android arch:arm64 arch:arm

com.veb.privatespace

com.veb.privatespace.login.activity.SplashActivity

Activities

com.veb.privatespace.login.activity.SplashActivity

android.intent.action.VIEW

com.veb.privatespace.ui.UsbEventReceiverActivity

android.hardware.usb.action.USB_DEVICE_ATTACHED

com.veb.privatespace.setting.SettingActivity

com.veb.privatespace.INSTALL_APK

com.veb.privatespace.room.ui.activity.JoinRoomActivity

android.intent.action.VIEW

com.veb.privatespace.contacts.sight.player.SightPlayerActivity

android.intent.action.VIEW

com.veb.privatespace.contacts.ui.activity.VebSingleCallActivity

io.rong.intent.action.voip.SINGLEVIDEO
io.rong.intent.action.voip.SINGLEAUDIO

com.veb.privatespace.file.activity.FileOperateProgressActivity

com.veb.privatespace.file.fileOperateProgress

com.veb.privatespace.file.activity.ImportThirdAppFileActivity

android.intent.action.VIEW
android.intent.action.SEND

com.mob.id.MobIDActivity

com.mob.id.app_30000

com.mob.id.MobIDSYActivity

com.mob.id.app_lk

com.mob.guard.MobTranPullUpActivity

com.mob.open.app_20000

com.mob.guard.MobTranPullLockActivity

com.mob.open.app_lk

com.sina.weibo.sdk.share.ShareTransActivity

com.sina.weibo.sdk.action.ACTION_SDK_REQ_ACTIVITY

io.rong.push.notification.RongBridgeActivity

android.intent.action.VIEW
io.rong.push.notification.RongBridgeActivity

cn.sharesdk.loopshare.LoopShareActivity

android.intent.action.VIEW

Permissions

android.hardware.usb.accessory
android.permission.READ_PRIVILEGED_PHONE_STATE
android.permission.WAKE_LOCK
android.permission.CAMERA
android.permission.CHANGE_NETWORK_STATE
android.permission.VIBRATE
android.permission.CALL_PHONE
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.READ_EXTERNAL_STORAGE
android.permission.USE_BIOMETRIC
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.WRITE_CONTACTS
android.permission.READ_CONTACTS
android.permission.GET_ACCOUNTS
android.permission.READ_PHONE_STATE
android.permission.FOREGROUND_SERVICE
android.permission.RECORD_AUDIO
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.DISABLE_KEYGUARD
com.veb.privatespace.permission.MIPUSH_RECEIVE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.USE_FULL_SCREEN_INTENT
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
com.huawei.android.launcher.permission.CHANGE_BADGE
com.vivo.notification.permission.BADGE_ICON
android.permission.CHANGE_COMPONENT_ENABLED_STATE
android.permission.WRITE_MEDIA_STORAGE
com.coloros.mcs.permission.RECIEVE_MCS_MESSAGE
com.heytap.mcs.permission.RECIEVE_MCS_MESSAGE
android.permission.BLUETOOTH_ADMIN
android.permission.BLUETOOTH
android.permission.INTERACT_ACROSS_USERS_FULL
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WRITE_SETTINGS
android.permission.CHANGE_WIFI_STATE
android.permission.MANAGE_EXTERNAL_STORAGE
android.permission.USE_FINGERPRINT
com.veb.privatespace.permission.PROCESS_PUSH_MSG
com.veb.privatespace.permission.PUSH_PROVIDER
com.veb.privatespace.permission.RONG_ACCESS_RECEIVER
android.permission.BLUETOOTH_CONNECT
com.huawei.appmarket.service.commondata.permission.GET_COMMON_DATA
android.permission.QUERY_ALL_PACKAGES

Receivers

com.veb.privatespace.common.service.BootReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIMEZONE_CHANGED
android.intent.action.TIME_SET
android.intent.action.DATE_CHANGED
com.veb.privatespace.action.REFRESH

com.veb.privatespace.contacts.push.NotificationReceiver

io.rong.push.intent.MESSAGE_ARRIVED
io.rong.push.intent.MESSAGE_CLICKED
io.rong.push.intent.THIRD_PARTY_PUSH_STATE

com.veb.privatespace.contacts.push.VebBroadcastReceiver

action.push.CallInviteMessage
action.push.CallInviteMessage.CLICKED

com.veb.privatespace.contacts.im.CustomVivoPushMessageReceiver

com.vivo.pushclient.action.RECEIVE

com.veb.privatespace.common.changeicon.ChangeIconReceiver

veb_action_change_icon

io.rong.push.platform.vivo.VivoPushMessageReceiver

com.vivo.pushclient.action.RECEIVE

com.xiaomi.push.service.receivers.NetworkStatusReceiver

android.net.conn.CONNECTIVITY_CHANGE

com.xiaomi.push.service.receivers.PingReceiver

com.xiaomi.push.PING_TIMER

io.rong.push.platform.mi.MiMessageReceiver

com.xiaomi.mipush.RECEIVE_MESSAGE
com.xiaomi.mipush.MESSAGE_ARRIVED
com.xiaomi.mipush.ERROR

com.veb.privatespace.file.local.FileNotificationClickReceiver

action_file_operate_notification_click

io.rong.callkit.util.RTCPhoneStateReceiver

android.intent.action.PHONE_STATE

com.huawei.hms.support.api.push.PushMsgReceiver

com.huawei.intent.action.PUSH_DELAY_NOTIFY
com.huawei.intent.action.PUSH

com.huawei.hms.support.api.push.PushReceiver

com.huawei.android.push.intent.REGISTRATION
com.huawei.android.push.intent.RECEIVE

androidx.profileinstaller.ProfileInstallReceiver

androidx.profileinstaller.action.INSTALL_PROFILE

io.rong.push.rongpush.PushReceiver

io.rong.push.intent.action.HEART_BEAT
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.USER_PRESENT
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

Services

com.heytap.msp.push.service.CompatibleDataMessageCallbackService

com.coloros.mcs.action.RECEIVE_MCS_MESSAGE

com.heytap.msp.push.service.DataMessageCallbackService

com.heytap.mcs.action.RECEIVE_MCS_MESSAGE
com.heytap.msp.push.RECEIVE_MCS_MESSAGE

com.mob.MobACService

com.mob.service.action.MOB_AC_SERVICE

com.mob.id.MobIDService

com.mob.intent.MOB_ID_SERVICE

com.mob.guard.MobGuardPullUpService

com.mob.intent.MOB_GUARD_SERVICE

com.huawei.hms.support.api.push.service.HmsMsgService

com.huawei.push.msg.NOTIFY_MSG
com.huawei.push.msg.PASSBY_MSG

Android Permissions

f28ad3c7ac67710880ca9a4715b694454a88ced14e7969ec32cc3981dc3ce701

Permissions

android.hardware.usb.accessory

android.permission.READ_PRIVILEGED_PHONE_STATE

android.permission.WAKE_LOCK

android.permission.CAMERA

android.permission.CHANGE_NETWORK_STATE

android.permission.VIBRATE

android.permission.CALL_PHONE

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.READ_EXTERNAL_STORAGE

android.permission.USE_BIOMETRIC

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.WRITE_CONTACTS

android.permission.READ_CONTACTS

android.permission.GET_ACCOUNTS

android.permission.READ_PHONE_STATE

android.permission.FOREGROUND_SERVICE

android.permission.RECORD_AUDIO

android.permission.MODIFY_AUDIO_SETTINGS

android.permission.DISABLE_KEYGUARD

com.veb.privatespace.permission.MIPUSH_RECEIVE

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.USE_FULL_SCREEN_INTENT

android.permission.KILL_BACKGROUND_PROCESSES

android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

android.permission.MOUNT_UNMOUNT_FILESYSTEMS

com.huawei.android.launcher.permission.CHANGE_BADGE

com.vivo.notification.permission.BADGE_ICON

android.permission.CHANGE_COMPONENT_ENABLED_STATE

android.permission.WRITE_MEDIA_STORAGE

com.coloros.mcs.permission.RECIEVE_MCS_MESSAGE

com.heytap.mcs.permission.RECIEVE_MCS_MESSAGE

android.permission.BLUETOOTH_ADMIN

android.permission.BLUETOOTH

android.permission.INTERACT_ACROSS_USERS_FULL

android.permission.SYSTEM_ALERT_WINDOW

android.permission.WRITE_SETTINGS

android.permission.CHANGE_WIFI_STATE

android.permission.MANAGE_EXTERNAL_STORAGE

android.permission.USE_FINGERPRINT

com.veb.privatespace.permission.PROCESS_PUSH_MSG

com.veb.privatespace.permission.PUSH_PROVIDER

com.veb.privatespace.permission.RONG_ACCESS_RECEIVER

android.permission.BLUETOOTH_CONNECT

com.huawei.appmarket.service.commondata.permission.GET_COMMON_DATA

android.permission.QUERY_ALL_PACKAGES

Sharing

General

Malware Config

Signatures

Files

com.veb.privatespace

com.veb.privatespace.login.activity.SplashActivity

Activities

com.veb.privatespace.login.activity.SplashActivity

com.veb.privatespace.ui.UsbEventReceiverActivity

com.veb.privatespace.setting.SettingActivity

com.veb.privatespace.room.ui.activity.JoinRoomActivity

com.veb.privatespace.contacts.sight.player.SightPlayerActivity

com.veb.privatespace.contacts.ui.activity.VebSingleCallActivity

com.veb.privatespace.file.activity.FileOperateProgressActivity

com.veb.privatespace.file.activity.ImportThirdAppFileActivity

com.mob.id.MobIDActivity

com.mob.id.MobIDSYActivity

com.mob.guard.MobTranPullUpActivity

com.mob.guard.MobTranPullLockActivity

com.sina.weibo.sdk.share.ShareTransActivity

io.rong.push.notification.RongBridgeActivity

cn.sharesdk.loopshare.LoopShareActivity

Permissions

Receivers

com.veb.privatespace.common.service.BootReceiver

com.veb.privatespace.contacts.push.NotificationReceiver

com.veb.privatespace.contacts.push.VebBroadcastReceiver

com.veb.privatespace.contacts.im.CustomVivoPushMessageReceiver

com.veb.privatespace.common.changeicon.ChangeIconReceiver

io.rong.push.platform.vivo.VivoPushMessageReceiver

com.xiaomi.push.service.receivers.NetworkStatusReceiver

com.xiaomi.push.service.receivers.PingReceiver

io.rong.push.platform.mi.MiMessageReceiver

com.veb.privatespace.file.local.FileNotificationClickReceiver

io.rong.callkit.util.RTCPhoneStateReceiver

com.huawei.hms.support.api.push.PushMsgReceiver

com.huawei.hms.support.api.push.PushReceiver

androidx.profileinstaller.ProfileInstallReceiver

io.rong.push.rongpush.PushReceiver

Services

com.heytap.msp.push.service.CompatibleDataMessageCallbackService

com.heytap.msp.push.service.DataMessageCallbackService

com.mob.MobACService

com.mob.id.MobIDService

com.mob.guard.MobGuardPullUpService

com.huawei.hms.support.api.push.service.HmsMsgService

Android Permissions

f28ad3c7ac67710880ca9a4715b694454a88ced14e7969ec32cc3981dc3ce701