Zepp_6[.]1[.]4-play-100440[.]apk

Sharing

Copy URL Twitter E-mail

General

Target

Zepp_6.1.4-play-100440.apk
Size

111.4MB
MD5

a700c7eb271d3c92ea3f14155f84058a
SHA1

3e86b2515bc9ceb954687ba1aa24b3509241a570
SHA256

4a57ae3f4305c9fa641bb75199b39fe72ac0ea57a02a145152112473391e3072
SHA512

b52eaf1d52624a2a16a4a91d6d6cde67070bf371ac7531f1eefd18bcb6e03638eedc809f1478fa82e644c76a10996dad3eec65f21756fe9d971d452c08dad20f
SSDEEP

3145728:AvgmorSFoMnSEBL2DB7MvYZdnhZk3wG7FN7DDMxE0sqlroa:MLoMSEkV7jdhZc7DAmv+X

Score

8^/10

Malware Config

Signatures

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
sample	patched_upx

Requests dangerous framework permissions 15 IoCs

description	ioc
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an app to access location in the background.	android.permission.ACCESS_BACKGROUND_LOCATION
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows the app to answer an incoming phone call.	android.permission.ANSWER_PHONE_CALLS
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read the user's call log.	android.permission.READ_CALL_LOG
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to recognize physical activity.	android.permission.ACTIVITY_RECOGNITION
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Required to be able to access the camera device.	android.permission.CAMERA

Files

Zepp_6.1.4-play-100440.apk
.apk android arch:arm64 arch:arm

com.huami.watch.hmwatchmanager

com.xiaomi.hm.health.activity.StartUpActivity

Activities

com.xiaomi.hm.health.activity.StartUpActivity

android.intent.action.MAIN
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
com.ingenic.iwds.notification.clicked
com.huami.watch.findphone.showdialog
com.huami.watch.findphone.notify
android.intent.action.VIEW
android.intent.action.VIEW

com.xiaomi.hm.health.ui.oauth.CustomOauthWebActivity

com.huami.watch.hmwatchmanager.huami.intent.action.OAUTH
com.xiaomi.hm.health.huami.intent.action.OAUTH

com.tencent.tauth.AuthActivity

android.intent.action.VIEW

com.xiaomi.hm.health.nfc.WalletActivity

com.huami.midong.wallet

com.huami.account.ui.login.LoginActivity

cn.com.smartdevices.bracelet.intent.action.LOGIN

com.xiaomi.hm.health.relation.FriendActivity

android.intent.action.VIEW
android.intent.action.VIEW

com.xiaomi.hm.health.relation.MessageActivity

android.intent.action.VIEW
android.intent.action.VIEW

com.amazon.identity.auth.device.workflow.WorkflowActivity

android.intent.action.VIEW

Permissions

android.permission.BLUETOOTH
android.permission.BLUETOOTH_ADMIN
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_BACKGROUND_LOCATION
android.permission.ACCESS_NETWORK_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.INTERNET
android.permission.GET_TASKS
com.xiaomi.permission.AUTH_SERVICE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.READ_PHONE_STATE
android.permission.CALL_PHONE
android.permission.ANSWER_PHONE_CALLS
com.xiaomi.market.sdk.UPDATE
miui.permission.READ_STEPS
com.xiaomi.channel.GAME_SERVICE_PERMISSION
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.GET_ACCOUNTS
android.permission.READ_CONTACTS
android.permission.READ_CALL_LOG
android.permission.SYSTEM_OVERLAY_WINDOW
android.permission.ACCESS_NOTIFICATION_POLICY
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.FOREGROUND_SERVICE
android.permission.SEND_SMS
android.permission.ACTIVITY_RECOGNITION
android.permission.QUERY_ALL_PACKAGES
android.permission.WAKE_LOCK
android.permission.RECORD_AUDIO
com.huami.watch.hmwatchmanager.permission.MIPUSH_RECEIVE
android.permission.VIBRATE
android.permission.READ_EXTERNAL_STORAGE
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
android.permission.CAMERA
android.permission.FLASHLIGHT
android.permission.CHANGE_CONFIGURATION
android.permission.WRITE_SETTINGS
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.SET_ALARM
com.android.alarm.permission.SET_ALARM
android.permission.DISABLE_KEYGUARD
com.xiaomi.hm.health.permission.READ_USER
android.permission.REORDER_TASKS
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

Receivers

com.xiaomi.hm.health.receiver.TimeZoneReceiver

android.intent.action.TIMEZONE_CHANGED

com.xiaomi.hm.health.receiver.LanguageReceiver

android.intent.action.LOCALE_CHANGED

com.xiaomi.hm.health.receiver.SystemRebootReceiver

android.intent.action.BOOT_COMPLETED
com.xiaomi.hm.health.ACTION_DEVICE_BIND_APPLICATION
com.xiaomi.hm.health.ACTION_DEVICE_UNBIND_APPLICATION

com.xiaomi.market.sdk.DownloadCompleteReceiver

android.intent.action.DOWNLOAD_COMPLETE

com.xiaomi.hm.health.receiver.TimeChangedReceiver

android.intent.action.TIME_SET
android.intent.action.DATE_CHANGED
android.intent.action.TIMEZONE_CHANGED

com.xiaomi.hm.health.receiver.PhoneStateReceiver

android.intent.action.PHONE_STATE

com.huami.mifit.sportlib.services.SubGPSSportService$PhoneCallingReceiver

android.intent.action.PHONE_STATE

com.xiaomi.hm.health.training.ui.alarm.TrainingAlarmReceiver

com.xiaomi.hm.health.training.alarm.trainingnotify

com.xiaomi.push.service.receivers.NetworkStatusReceiver

android.net.conn.CONNECTIVITY_CHANGE

com.xiaomi.push.service.receivers.PingReceiver

com.xiaomi.push.PING_TIMER

com.xiaomi.hm.health.push.MiPushMessageReceiver

com.xiaomi.mipush.RECEIVE_MESSAGE
com.xiaomi.mipush.MESSAGE_ARRIVED
com.xiaomi.mipush.ERROR

com.huami.widget.share.platform.TwitterSharer$TwitterReceiver

com.twitter.sdk.android.tweetcomposer.UPLOAD_SUCCESS
com.twitter.sdk.android.tweetcomposer.UPLOAD_FAILURE

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

androidx.work.impl.diagnostics.DiagnosticsReceiver

androidx.work.diagnostics.REQUEST_DIAGNOSTICS

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.facebook.sdk.ACTION_CURRENT_ACCESS_TOKEN_CHANGED

Services

com.xiaomi.hm.health.ui.smartplay.NotificationAccessService

android.service.notification.NotificationListenerService

com.xiaomi.hm.health.device.service.HMCoreService

android.intent.action.HMCoreService
android.intent.action.HMCoreService.SYNC_DATA
android.intent.action.HMCoreService.START_FOREGROUND
android.intent.action.HMCoreService.STOP_FOREGROUND
android.intent.action.HMCoreService.KEEP_ALIVE

com.huami.watch.companion.bt_connect.BGService_msg

cn.com.huami_service.action

com.ingenic.iwds.uniconnect.ConnectionService

com.ingenic.iwds.uniconnect.ConnectionService

com.ingenic.iwds.smartsense.RemoteSensorService

com.ingenic.iwds.smartsense.RemoteSensorService

com.ingenic.iwds.remotedevice.RemoteDeviceService

com.ingenic.iwds.remotedevice.RemoteDeviceService

com.ingenic.iwds.IwdsService

com.ingenic.iwds.IwdsService

com.huami.watch.transport.DataTransportService

com.huami.watch.transport.DataTransportService

com.huami.watch.companion.otaphone.service.OtaService

com.huami.watch.otaphone.service.OtaService

com.huami.watch.companion.IME.IMEservice

com.huami.watch.otaphone.service.OtaService

com.unionpay.blepayservice.PayService

com.unionpay.blepayservice.UPBLEPayService

Android Permissions

Zepp_6.1.4-play-100440.apk

Permissions

android.permission.BLUETOOTH

android.permission.BLUETOOTH_ADMIN

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_FINE_LOCATION

android.permission.ACCESS_BACKGROUND_LOCATION

android.permission.ACCESS_NETWORK_STATE

android.permission.CHANGE_NETWORK_STATE

android.permission.INTERNET

android.permission.GET_TASKS

com.xiaomi.permission.AUTH_SERVICE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.ACCESS_WIFI_STATE

android.permission.CHANGE_WIFI_STATE

android.permission.READ_PHONE_STATE

android.permission.CALL_PHONE

android.permission.ANSWER_PHONE_CALLS

com.xiaomi.market.sdk.UPDATE

miui.permission.READ_STEPS

com.xiaomi.channel.GAME_SERVICE_PERMISSION

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.GET_ACCOUNTS

android.permission.READ_CONTACTS

android.permission.READ_CALL_LOG

android.permission.SYSTEM_OVERLAY_WINDOW

android.permission.ACCESS_NOTIFICATION_POLICY

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.FOREGROUND_SERVICE

android.permission.SEND_SMS

android.permission.ACTIVITY_RECOGNITION

android.permission.QUERY_ALL_PACKAGES

android.permission.WAKE_LOCK

android.permission.RECORD_AUDIO

com.huami.watch.hmwatchmanager.permission.MIPUSH_RECEIVE

android.permission.VIBRATE

android.permission.READ_EXTERNAL_STORAGE

android.permission.ACCESS_LOCATION_EXTRA_COMMANDS

android.permission.CAMERA

android.permission.FLASHLIGHT

android.permission.CHANGE_CONFIGURATION

android.permission.WRITE_SETTINGS

android.permission.MODIFY_AUDIO_SETTINGS

android.permission.SET_ALARM

com.android.alarm.permission.SET_ALARM

android.permission.DISABLE_KEYGUARD

com.xiaomi.hm.health.permission.READ_USER

android.permission.REORDER_TASKS

com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

Sharing

General

Malware Config

Signatures

Files

com.huami.watch.hmwatchmanager

com.xiaomi.hm.health.activity.StartUpActivity

Activities

com.xiaomi.hm.health.activity.StartUpActivity

com.xiaomi.hm.health.ui.oauth.CustomOauthWebActivity

com.tencent.tauth.AuthActivity

com.xiaomi.hm.health.nfc.WalletActivity

com.huami.account.ui.login.LoginActivity

com.xiaomi.hm.health.relation.FriendActivity

com.xiaomi.hm.health.relation.MessageActivity

com.amazon.identity.auth.device.workflow.WorkflowActivity

Permissions

Receivers

com.xiaomi.hm.health.receiver.TimeZoneReceiver

com.xiaomi.hm.health.receiver.LanguageReceiver

com.xiaomi.hm.health.receiver.SystemRebootReceiver

com.xiaomi.market.sdk.DownloadCompleteReceiver

com.xiaomi.hm.health.receiver.TimeChangedReceiver

com.xiaomi.hm.health.receiver.PhoneStateReceiver

com.huami.mifit.sportlib.services.SubGPSSportService$PhoneCallingReceiver

com.xiaomi.hm.health.training.ui.alarm.TrainingAlarmReceiver

com.xiaomi.push.service.receivers.NetworkStatusReceiver

com.xiaomi.push.service.receivers.PingReceiver

com.xiaomi.hm.health.push.MiPushMessageReceiver

com.huami.widget.share.platform.TwitterSharer$TwitterReceiver

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.diagnostics.DiagnosticsReceiver

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

Services

com.xiaomi.hm.health.ui.smartplay.NotificationAccessService

com.xiaomi.hm.health.device.service.HMCoreService

com.huami.watch.companion.bt_connect.BGService_msg

com.ingenic.iwds.uniconnect.ConnectionService

com.ingenic.iwds.smartsense.RemoteSensorService

com.ingenic.iwds.remotedevice.RemoteDeviceService

com.ingenic.iwds.IwdsService

com.huami.watch.transport.DataTransportService

com.huami.watch.companion.otaphone.service.OtaService

com.huami.watch.companion.IME.IMEservice

com.unionpay.blepayservice.PayService

Android Permissions

Zepp_6.1.4-play-100440.apk