DroidKungFu[.]B[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

DroidKungFu.B.rar
Size

1.8MB
MD5

bd944a5ee903cd4b24d773de10a0bb72
SHA1

5a4fa39a15600bddf364fff953ccdfef32b9357b
SHA256

fcfc5678e82a1edd48635c11fa760d12aaf39cd2ab1de9ecc522508ce15052c1
SHA512

65dab56c7fd48e237d1a32e7f14e939c3235f438e93262810fa693c54d7ab943a0886ecbddc2a487ab7d08b84bb1ffdbb8760b2fd68f6f04076d6180ddd86246
SSDEEP

49152:ENQPqAPrKPIFbO0/jW5Ef3e8hb0tKE6dHtzkWTs/kBC58:ECXIMN/e8h0tKE6/RT6eE8

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 3 IoCs

description	ioc
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE

Files

DroidKungFu.B.rar
.rar

Password: infected
_com.aijiaoyou.android.sipphone_1005_1.0.5.apk
.apk android arch:arm

com.aijiaoyou.android.sipphone

.InitOnlineActivity

Activities

.InitOnlineActivity

android.intent.action.MAIN

org.linphone.LinphonePreferencesActivity11

android.intent.action.MAIN

Permissions

android.permission.INTERNET
android.permission.RECORD_AUDIO
android.permission.READ_PHONE_STATE
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.ACCESS_NETWORK_STATE
android.permission.WAKE_LOCK
android.permission.BOOT_COMPLETED
android.permission.VIBRATE
android.permission.GET_TASKS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.INSTALL_PACKAGES

Receivers

com.google.ssearch.Receiver

android.intent.action.BATTERY_CHANGED_ACTION
android.intent.action.SIG_STR
android.intent.action.BOOT_COMPLETED

org.linphone.NetworkManager

android.net.conn.CONNECTIVITY_CHANGE

org.linphone.OutgoingCallReceiver

android.intent.action.NEW_OUTGOING_CALL

org.linphone.BootReceiver

android.intent.action.BOOT_COMPLETED

Services