MEMZ[.]zip | Triage

General

Target

MEMZ.zip
Size

3.3MB
MD5

76dc73a42cd3f679de1b384ab1066548
SHA1

d61748bcd2d8f4338cfc25f8c34334449bec72db
SHA256

a9341d5bf90a515ee37c61c99dd61d4d21c0ffa5289b117f18c55f028270632c
SHA512

41818050e12d60d1a0f750365af2c61b1829823d7677b54810f1fa5de7cc1feed35b57feec66b11b6a13f107049c7fe0c426d2607cfb371615ad7eb3286b467f
SSDEEP

98304:wYwjbnsEoRW2Tc+SMxsYsPgsGMZJy8jFUSiqj1Ae:MjbsHWIc+SeskMZJyOiW

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 5 IoCs

description	ioc
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE

Files

MEMZ.zip
.zip

Password: infected
fb399a624795230353bfdeb33ec25c423ea42e96813b7b8fd699af8ccd4efbba.apk
.apk android arch:arm64 arch:arm

io.gonative.android.MiTi

io.gonative.android.SplashActivity

Activities

io.gonative.android.SplashActivity

android.intent.action.MAIN

Permissions

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.READ_EXTERNAL_STORAGE
com.google.android.c2dm.permission.RECEIVE
io.gonative.android.rzqeqj.permission.C2D_MESSAGEab
android.permission.WAKE_LOCK
android.permission.VIBRATE
android.permission.RECEIVE_BOOT_COMPLETED
com.sec.android.provider.badge.permission.READ
com.sec.android.provider.badge.permission.WRITE
com.htc.launcher.permission.READ_SETTINGS
com.htc.launcher.permission.UPDATE_SHORTCUT
com.sonyericsson.home.permission.BROADCAST_BADGE
com.sonymobile.home.permission.PROVIDER_INSERT_BADGE
com.anddoes.launcher.permission.UPDATE_COUNT
com.majeur.launcher.permission.UPDATE_BADGE
com.huawei.android.launcher.permission.CHANGE_BADGE
com.huawei.android.launcher.permission.READ_SETTINGS
com.huawei.android.launcher.permission.WRITE_SETTINGS
android.permission.READ_APP_BADGE
com.oppo.launcher.permission.READ_SETTINGS
com.oppo.launcher.permission.WRITE_SETTINGS
me.everything.badger.permission.BADGE_COUNT_READ
me.everything.badger.permission.BADGE_COUNT_WRITE
android.permission.READ_LOGS
android.permission.FLASHLIGHT
net.dinglisch.android.tasker.PERMISSION_RUN_TASKS
android.permission.BLUETOOTH_ADMIN
android.permission.VIBRATE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.CHANGE_WIFI_STATE
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.ACCESS_NETWORK_STATE
android.permission.USE_FINGERPRINT
android.permission.ACCESS_WIFI_STATE
android.permission.CAMERA
android.permission.READ_EXTERNAL_STORAGE
android.permission.BLUETOOTH
android.permission.WRITE_SETTINGS
android.permission.READ_SETTINGS

Receivers

com.onesignal.GcmBroadcastReceiver

com.google.android.c2dm.intent.RECEIVE

com.onesignal.BootUpReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON

com.onesignal.UpgradeReceiver

android.intent.action.MY_PACKAGE_REPLACED

com.applisto.appcloner.classes.FakeCamera$FakeCameraReceiver

com.applisto.appcloner.action.FAKE_CAMERA_SELECT_CAMERA_PICTURE
com.applisto.appcloner.action.FAKE_CAMERA_ROTATE_CLOCKWISE
com.applisto.appcloner.action.FAKE_CAMERA_ROTATE_ANTI_CLOCKWISE

Services

Sharing

General

Malware Config

Signatures

Files

Password: infected

io.gonative.android.MiTi

io.gonative.android.SplashActivity

Activities

io.gonative.android.SplashActivity

Permissions

Receivers

com.onesignal.GcmBroadcastReceiver

com.onesignal.BootUpReceiver

com.onesignal.UpgradeReceiver

com.applisto.appcloner.classes.FakeCamera$FakeCameraReceiver

Services