furball | 162edb56fbe13dbe3aa389da760705556d3f440b37ff0df7374aa00a14552b5c[.]zip

General

Target

162edb56fbe13dbe3aa389da760705556d3f440b37ff0df7374aa00a14552b5c.zip
Size

2.1MB
MD5

f17c5bce91ca8a45c69d608778be9910
SHA1

f0ea97d45e3a04f2b0d19768bad5b69a0fb85344
SHA256

30ab16f5132dc94c94b3db0632f84a1c2def8bd53b1041c5cddd9aa81d3496eb
SHA512

f276b8c1633bc519567439b8594faf73eb2c6067431e440f2328d39ff67b5231724b74d47bc9f80e3d9e89ebb8c5231258423119bbf868b4e1a2fc4cd82b4674
SSDEEP

49152:21YHER2I7Ul2cJigRamYd9lASaZxhZY48iY8LKhpSE:2TgIwpVYpdVaZL96SE

Score

10^/10

furball

Malware Config

Extracted

Family

furball

C2

http://www.appsoftupdate.com/mmh

Signatures

Furball family
furball

Requests dangerous framework permissions 6 IoCs

Processes:

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read the user's call log.	android.permission.READ_CALL_LOG
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE

Files

162edb56fbe13dbe3aa389da760705556d3f440b37ff0df7374aa00a14552b5c.zip
.zip

Password: infected
162edb56fbe13dbe3aa389da760705556d3f440b37ff0df7374aa00a14552b5c
.apk android

dastanmojahed.sunnibook.net

dastanmojahed.sunnibook.net.MainActivity

Activities

dastanmojahed.sunnibook.net.MainActivity

android.intent.action.MAIN

dastanmojahed.sunnibook.net.RssActivity

dastanmojahed.sunnibook.net.RssActivity

dastanmojahed.sunnibook.net.ListActivity

dastanmojahed.sunnibook.net.ListActivity

dastanmojahed.sunnibook.net.SearchActivity

dastanmojahed.sunnibook.net.SearchActivity

dastanmojahed.sunnibook.net.PageActivity

dastanmojahed.sunnibook.net.PageActivity

dastanmojahed.sunnibook.net.WebActivity

dastanmojahed.sunnibook.net.WebActivity

dastanmojahed.sunnibook.net.HtmlActivity

dastanmojahed.sunnibook.net.HtmlActivity

dastanmojahed.sunnibook.net.BookmarksActivity

dastanmojahed.sunnibook.net.BookmarksActivity

dastanmojahed.sunnibook.net.SettingActivity

dastanmojahed.sunnibook.net.SettingActivity

dastanmojahed.sunnibook.net.UpdateActivity

dastanmojahed.sunnibook.net.UpdateActivity

dastanmojahed.sunnibook.net.AudioPlayer

dastanmojahed.sunnibook.net.AudioPlayer

dastanmojahed.sunnibook.net.VideoPlayer

dastanmojahed.sunnibook.net.VideoPlayer

dastanmojahed.sunnibook.net.ImageViewActivity

dastanmojahed.sunnibook.net.ImageViewActivity

dastanmojahed.sunnibook.net.GalleryActivity

dastanmojahed.sunnibook.net.GalleryActivity

dastanmojahed.sunnibook.net.PayActivity

dastanmojahed.sunnibook.net.PayActivity

Permissions

android.permission.ACCESS_NETWORK_STATE
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.INTERNET
com.google.android.c2dm.permission.RECEIVE
android.permission.WAKE_LOCK
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.READ_PHONE_STATE
android.permission.QUICKBOOT_POWERON
android.permission.READ_SMS
android.permission.GET_ACCOUNTS
com.android.browser.permission.READ_HISTORY_BOOKMARKS
android.permission.READ_CONTACTS
android.permission.GET_TASKS
android.permission.READ_CALL_LOG
android.permission.READ_LOGS
android.permission.WRITE_SETTINGS
android.permission.WRITE_EXTERNAL_STORAGE

Receivers

co.ronash.pushe.receiver.UpdateReceiver

android.intent.action.PACKAGE_REPLACED

com.google.android.gms.gcm.GcmReceiver

com.google.android.c2dm.intent.RECEIVE
com.google.android.c2dm.intent.REGISTRATION

co.ronash.pushe.receiver.FallbackGcmNetworkManagerReceiver

co.ronash.pushe.CHECK_TASKS

com.andriod.browser.OnBootManager

android.intent.action.BOOT_COMPLETED
android.intent.action.ACTION_POWER_CONNECTED

Services

co.ronash.pushe.service.GcmService

com.google.android.c2dm.intent.RECEIVE

co.ronash.pushe.service.FallbackGcmTaskRunner

co.ronash.pushe.ACTION_TASK_READY

co.ronash.pushe.service.GcmTaskRunner

com.google.android.gms.gcm.ACTION_TASK_READY

co.ronash.pushe.service.InstanceIDService

com.google.android.gms.iid.InstanceID

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

dastanmojahed.sunnibook.net

dastanmojahed.sunnibook.net.MainActivity

Activities

dastanmojahed.sunnibook.net.MainActivity

dastanmojahed.sunnibook.net.RssActivity

dastanmojahed.sunnibook.net.ListActivity

dastanmojahed.sunnibook.net.SearchActivity

dastanmojahed.sunnibook.net.PageActivity

dastanmojahed.sunnibook.net.WebActivity

dastanmojahed.sunnibook.net.HtmlActivity

dastanmojahed.sunnibook.net.BookmarksActivity

dastanmojahed.sunnibook.net.SettingActivity

dastanmojahed.sunnibook.net.UpdateActivity

dastanmojahed.sunnibook.net.AudioPlayer

dastanmojahed.sunnibook.net.VideoPlayer

dastanmojahed.sunnibook.net.ImageViewActivity

dastanmojahed.sunnibook.net.GalleryActivity

dastanmojahed.sunnibook.net.PayActivity

Permissions

Receivers

co.ronash.pushe.receiver.UpdateReceiver

com.google.android.gms.gcm.GcmReceiver

co.ronash.pushe.receiver.FallbackGcmNetworkManagerReceiver

com.andriod.browser.OnBootManager

Services

co.ronash.pushe.service.GcmService

co.ronash.pushe.service.FallbackGcmTaskRunner

co.ronash.pushe.service.GcmTaskRunner

co.ronash.pushe.service.InstanceIDService