cb[.]apk | Triage

General

Target

cb.apk
Size

73.4MB
MD5

8cc044bc3c7b0edae850e35c89494ebc
SHA1

de6de4bfdfff619652622f1b475598d194f64fc3
SHA256

44f20e4922c95374402275256ca803064bb3c8b78be81fd6a5a57bd541fc05cd
SHA512

2d9fef9808eae8f34e4a9136ae6272d8b8ff9b12a949f08d7002e69cdb8442b378f91c328dd94dc2aaee2be002ae27654550c18d32ada751b45665aa7681b14c
SSDEEP

1572864:bDl1/Iqcc2Gfe8VHaMH/bWAUvt9X0cbEj8Mafk+j/WF9o:PDIdc2GlFHjWAu0cbBMac+j/Ws

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 9 IoCs

description	ioc
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an application to access any geographic locations persisted in the user's shared collection.	android.permission.ACCESS_MEDIA_LOCATION
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to record audio.	android.permission.RECORD_AUDIO

Files

cb.apk
.apk android arch:arm arch:arm64

com.vsco.cam

com.pollock_roe.app_open.AppOpenAdActivity

Activities

com.snapchat.kit.sdk.SnapKitActivity

android.intent.action.VIEW

com.vsco.cam.navigation.LithiumActivity

android.intent.action.VIEW
android.intent.action.EDIT
android.intent.action.EDIT
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.SEND
android.intent.action.SEND_MULTIPLE

com.vsco.cam.camera.CameraActivity

android.media.action.STILL_IMAGE_CAMERA
com.vsco.cam.widget.CAMERA_WIDGET_ACTION

com.facebook.CustomTabActivity

android.intent.action.VIEW
android.intent.action.VIEW

com.google.firebase.auth.internal.GenericIdpActivity

android.intent.action.VIEW

com.google.firebase.auth.internal.RecaptchaActivity

android.intent.action.VIEW

com.pollock_roe.app_open.AppOpenAdActivity

android.intent.action.MAIN

Permissions

android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.INTERNET
com.google.android.providers.gsf.permission.READ_GSERVICES
android.permission.WAKE_LOCK
com.google.android.c2dm.permission.RECEIVE
android.permission.VIBRATE
android.permission.GET_ACCOUNTS
android.permission.ACCESS_FINE_LOCATION
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.READ_CONTACTS
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_MEDIA_LOCATION
android.permission.CAMERA
android.permission.RECORD_AUDIO
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.FOREGROUND_SERVICE
android.permission.QUERY_ALL_PACKAGES

Receivers

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.facebook.sdk.ACTION_CURRENT_ACCESS_TOKEN_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

androidx.work.impl.diagnostics.DiagnosticsReceiver

androidx.work.diagnostics.REQUEST_DIAGNOSTICS

Services

com.google.firebase.auth.api.fallback.service.FirebaseAuthFallbackService

com.google.firebase.auth.api.gms.service.START

Android Permissions

cb.apk

Permissions

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.INTERNET

com.google.android.providers.gsf.permission.READ_GSERVICES

android.permission.WAKE_LOCK

com.google.android.c2dm.permission.RECEIVE

android.permission.VIBRATE

android.permission.GET_ACCOUNTS

android.permission.ACCESS_FINE_LOCATION

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.READ_EXTERNAL_STORAGE

android.permission.READ_CONTACTS

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_MEDIA_LOCATION

android.permission.CAMERA

android.permission.RECORD_AUDIO

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.FOREGROUND_SERVICE

android.permission.QUERY_ALL_PACKAGES

Sharing

General

Malware Config

Signatures

Files

com.vsco.cam

com.pollock_roe.app_open.AppOpenAdActivity

Activities

com.snapchat.kit.sdk.SnapKitActivity

com.vsco.cam.navigation.LithiumActivity

com.vsco.cam.camera.CameraActivity

com.facebook.CustomTabActivity

com.google.firebase.auth.internal.GenericIdpActivity

com.google.firebase.auth.internal.RecaptchaActivity

com.pollock_roe.app_open.AppOpenAdActivity

Permissions

Receivers

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.diagnostics.DiagnosticsReceiver

Services

com.google.firebase.auth.api.fallback.service.FirebaseAuthFallbackService

Android Permissions

cb.apk