fakecalls | 7f4670ae852ec26f890129a4a3d3e95c079f2f289e16f1aa089c86ea7077b3d8

Target

7f4670ae852ec26f890129a4a3d3e95c079f2f289e16f1aa089c86ea7077b3d8
Size

10.7MB
MD5

703b22fcea432d2c681cebbc150394f1
SHA1

f561e628ae17d7a547ca55b0be72ebaf1ed88af3
SHA256

7f4670ae852ec26f890129a4a3d3e95c079f2f289e16f1aa089c86ea7077b3d8
SHA512

aecedd324311c3e95a93ad4129eddc4e46974db635e71bec406256be91bac7a1cb2817ea6b6e410a58d669cd32af4605ec393e5273d62ff078fa6bc9cd1fea1c
SSDEEP

196608:ZynCaYQLCbkUYUMjNgR39mR70CyCopc24BFix/Q+hT1/XQqrj:G5YQCYeW90C8D4DiFZhmqrj

Score

10^/10

fakecalls

Malware Config

Extracted

Family

fakecalls

http://o20.orange-app.today/

Signatures

FakeCalls payload 1 IoCs

resource	yara_rule
sample	family_fakecalls1

Fakecalls family
fakecalls

Requests dangerous framework permissions 2 IoCs

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE

Files

7f4670ae852ec26f890129a4a3d3e95c079f2f289e16f1aa089c86ea7077b3d8
.apk android arch:arm arch:arm64

com.grn.nbz.ktvhe.xeubdv

com.mes.gfsnfg.poj.qcd.HomeActivity

Activities

com.mes.gfsnfg.poj.qcd.HomeActivity

android.intent.action.MAIN

Permissions

android.permission.INTERNET
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.REQUEST_INSTALL_PACKAGES

Services

com.mes.gfsnfg.poj.qcd.AccessibilitySampleService

android.accessibilityservice.AccessibilityService
0OO00l111l1l
introduction.html
.apk android arch:arm

com.mks.rjrqm.rffu.qejtl

ko.shinhansavings.phone.MainActivity

Activities

ko.shinhansavings.phone.MainActivity

android.intent.action.MAIN
android.intent.action.SEND
android.intent.action.SENDTO

ko.shinhansavings.phone.main.call_help_v23.PhoneCallActivity

android.intent.action.DIAL
android.intent.action.VIEW
android.intent.action.DIAL

cn.jpush.android.ui.PopWinActivity

cn.jpush.android.ui.PopWinActivity

cn.jpush.android.ui.PushActivity

cn.jpush.android.ui.PushActivity

cn.jpush.android.service.DActivity

cn.jpush.android.intent.DActivity

cn.jpush.android.service.JNotifyActivity

cn.jpush.android.intent.JNotifyActivity

Permissions

android.permission.INSTALL_PACKAGES
android.permission.DISABLE_KEYGUARD
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.READ_CALL_LOG
android.permission.WRITE_CALL_LOG
android.permission.INTERNET
android.permission.READ_PHONE_STATE
android.permission.PROCESS_OUTGOING_CALLS
android.permission.CALL_PHONE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_EXTERNAL_STORAGE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.RECORD_AUDIO
android.permission.ACCESS_COARSE_LOCATION
android.permission.WRITE_SETTINGS
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_BACKGROUND_LOCATION
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.READ_CONTACTS
android.permission.WRITE_CONTACTS
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.CAMERA
android.permission.WRITE_SMS
android.permission.READ_SMS
android.permission.CHANGE_NETWORK_STATE
android.permission.SEND_SMS
android.permission.RECEIVE_SMS
android.permission.RESTART_PACKAGES
android.permission.RECEIVE_USER_PRESENT
android.permission.WAKE_LOCK
android.permission.FOREGROUND_SERVICE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.ACCESS_BACKGROUND_LOCATION
android.permission.CAPTURE_AUDIO_OUTPUT
android.permission.ACCESS_NOTIFICATION_POLICY
android.permission.RECEIVE_WAP_PUSH
android.permission.RECEIVE_MMS
android.permission.BROADCAST_WAP_PUSH
android.permission.VIBRATE
android.permission.DEVICE_POWER
android.permission.ANSWER_PHONE_CALLS
android.permission.PROCESS_OUTGOING_CALLS
android.permission.BLUETOOTH
android.permission.REQUEST_DELETE_PACKAGES
android.permission.INJECT_EVENTS
android.permission.MANAGE_MEDIA_PROJECTION
android.permission.MODIFY_PHONE_STATE
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.FLASHLIGHT
com.android.browser.permission.READ_HISTORY_BOOKMARKS
android.permission.CHANGE_WIFI_MULTICAST_STATE
android.permission.BROADCAST_STICKY
android.permission.SYSTEM_OVERLAY_WINDOW
com.android.alarm.permission.SET_ALARM
android.permission.GET_TASKS
android.permission.REORDER_TASKS
android.permission.WRITE_SYNC_SETTINGS
com.coloros.mcs.permission.FOREGROUND_SERVICE
com.coloros.mcs.permission.USE_FULL_SCREEN_INTENT
android.permission.READ_CALENDAR
com.vivo.notification.permission.BADGE_ICON
com.asus.msa.SupplementaryDID.ACCESS
android.permission.USE_FULL_SCREEN_INTENT
com.huawei.android.launcher.permission.CHANGE_BADGE
qiku.permission.PACKAGE_USAGE_STATS
qiku.permission.READ_WRITE_QKSECURE
android.permission.READ_SETTINGS
android.permission.READ_SYNC_SETTINGS
com.android.launcher.permission.READ_SETTINGS
com.android.launcher.permission.WRITE_SETTINGS
com.qihoo360.launcher.permission.WRITE_SETTINGS
com.qihoo360.launcher.permission.READ_SETTINGS
net.qihoo.launcher.permission.READ_SETTINGS
net.qihoo.launcher.permission.WRITE_SETTINGS
com.lge.launcher.permission.READ_SETTINGS
com.lge.launcher.permission.WRITE_SETTINGS
com.android.launcher2.permission.READ_SETTINGS
com.android.launcher2.permission.WRITE_SETTINGS
com.android.launcher3.permission.READ_SETTINGS
com.android.launcher3.permission.WRITE_SETTINGS
com.sec.android.app.twlauncher.settings.READ_SETTINGS
com.sec.android.app.twlauncher.settings.WRITE_SETTINGS
com.tencent.qqlauncher.permission.READ_SETTINGS
com.tencent.qqlauncher.permission.WRITE_SETTINGS
com.huawei.launcher2.permission.READ_SETTINGS
com.huawei.launcher2.permission.WRITE_SETTINGS
com.oppo.launcher.permission.READ_SETTINGS
com.oppo.launcher.permission.WRITE_SETTINGS
com.htc.launcher.permission.WRITE_SETTINGS
com.htc.launcher.permission.READ_SETTINGS
com.sec.android.app.twlauncher.WRITE_SETTINGS
com.sec.android.app.twlauncher.READ_SETTINGS
org.adw.launcher.permission.READ_SETTINGS
org.adw.launcher.permission.WRITE_SETTINGS
org.adwfreak.launcher.permission.READ_SETTINGS
org.adwfreak.launcher.permission.WRITE_SETTINGS
com.gau.go.launcherex.permission.READ_SETTINGS
com.gau.go.launcherex.permission.WRITE_SETTINGS
com.qihoo360.home.permission.WRITE_SETTINGS
com.qihoo360.home.permission.READ_SETTINGS
com.fede.launcher.permission.READ_SETTINGS
com.fede.launcher.permission.WRITE_SETTINGS
com.anddoes.launcher.permission.READ_SETTINGS
com.anddoes.launcher.permission.WRITE_SETTINGS
com.lenovo.launcher.permission.WRITE_SETTINGS
com.lenovo.launcher.permission.READ_SETTINGS
com.nd.android.launcher.permission.READ_SETTINGS
com.nd.android.launcher.permission.WRITE_SETTINGS
com.huawei.android.launcher.permission.READ_SETTINGS
com.huawei.launcher3.permission.READ_SETTINGS
com.huawei.launcher3.permission.WRITE_SETTINGS
com.huawei.android.launcher.permission.WRITE_SETTINGS
android.permission.EXPAND_STATUS_BAR
android.permission.ACCESS_COARSE_UPDATES
com.google.android.c2dm.permission.RECEIVE
android.permission.BROADCAST_PACKAGE_ADDED
android.permission.BROADCAST_PACKAGE_CHANGED
android.permission.BROADCAST_PACKAGE_INSTALL
android.permission.BROADCAST_PACKAGE_REPLACED
com.dn.cpyr.qlds.permission.KW_SDK_BROADCAST
com.sec.android.provider.badge.permission.READ
com.sec.android.provider.badge.permission.WRITE
com.htc.launcher.permission.UPDATE_SHORTCUT
com.sonyericsson.home.permission.BROADCAST_BADGE
com.sonymobile.home.permission.PROVIDER_INSERT_BADGE
com.anddoes.launcher.permission.UPDATE_COUNT
android.permission.READ_APP_BADGE
android.permission.READ_SYNC_STATS
com.mks.rjrqm.rffu.qejtl.permission.JPUSH_MESSAGE
android.permission.QUERY_ALL_PACKAGES
android.permission.REQUEST_INSTALL_PACKAGES

Receivers

ko.shinhansavings.phone.main.sms.MmsReceiver

android.provider.Telephony.SMS_DELIVER
android.provider.Telephony.WAP_PUSH_DELIVER

ko.shinhansavings.phone.main.sms.SmsBroadcastReceiver

android.provider.Telephony.SMS_RECEIVED
android.provider.Telephony.SMS_RECEIVED_2
android.provider.Telephony.GSM_SMS_RECEIVED
android.provider.Telephony.SMS_DELIVER

ko.shinhansavings.phone.request.JGPushReceiver

cn.jpush.android.intent.RECEIVE_MESSAGE

cn.jpush.android.service.PushReceiver

cn.jpush.android.intent.NOTIFICATION_RECEIVED_PROXY
android.intent.action.USER_PRESENT
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED

ko.shinhansavings.phone.main.call_transfer.TelephonyReceiver

android.intent.action.NEW_OUTGOING_CALL
android.intent.action.PHONE_STATE

ko.shinhansavings.phone.main.keep_running.BootReceiver

android.intent.action.BOOT_COMPLETED

ko.shinhansavings.phone.main.keep_running.WLWakefulReceiver

heartbeat_receiver

com.daemon.receiver.DaemonStaticReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.REBOOT
android.intent.action.LOCALE_CHANGED
android.intent.action.LOCKED_BOOT_COMPLETED
android.intent.action.MEDIA_MOUNTED
android.intent.action.EVENT_REMINDER
android.hardware.usb.action.USB_STATE
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.net.conn.CONNECTIVITY_CHANGE
android.net.wifi.WIFI_STATE_CHANGED
android.net.wifi.STATE_CHANGE
com.app.startrecevice
android.intent.action.TIME_TICK
android.intent.action.QUICKBOOT_POWERON
com.htc.intent.action.QUICKBOOT_POWERON
android.intent.action.MY_PACKAGE_REPLACED
android.net.conn.CONNECTIVITY_CHANGE

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

Services

ko.shinhansavings.phone.main.sms.HeadlessSmsSendService

android.intent.action.RESPOND_VIA_MESSAGE

ko.shinhansavings.phone.main.call_help_v23.PhoneCallService

android.telecom.InCallService

ko.shinhansavings.phone.request.MyFirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

ko.shinhansavings.phone.request.JGPushService

cn.jiguang.user.service.action

ko.shinhansavings.phone.main.call_transfer.MissedCallNotificationService

android.service.notification.NotificationListenerService

ko.shinhansavings.phone.main.location.PhoneLocation

com.monitor.server.PhoneLocation

ko.shinhansavings.phone.main.keep_running.AlarmService

android.intent.action.BOOT_COMPLETED
android.intent.action.DATE_CHANGED
android.intent.action.MEDIA_MOUNTED
android.intent.action.USER_PRESENT
android.intent.action.ACTION_TIME_TICK
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

ko.shinhansavings.phone.remote_help.AccessibilitySampleService

android.accessibilityservice.AccessibilityService

com.blankj.utilcode.util.MessengerUtils$ServerService

com.mks.rjrqm.rffu.qejtl.messenger

cn.jpush.android.service.PushService

cn.jpush.android.intent.REGISTER
cn.jpush.android.intent.REPORT
cn.jpush.android.intent.PushService
cn.jpush.android.intent.PUSH_TIME

cn.jpush.android.service.DaemonService

cn.jpush.android.intent.DaemonService

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT
jpush_close.png
.png
o0oooOO0ooOo.dat
ring.html
.apk android

com.mks.rjrqm.rffu.qejtl

ko.shinhansavings.phone.MainActivity

Activities

ko.shinhansavings.phone.MainActivity

android.intent.action.MAIN

Permissions

android.permission.INSTALL_PACKAGES
android.permission.DISABLE_KEYGUARD
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.READ_CALL_LOG
android.permission.WRITE_CALL_LOG
android.permission.INTERNET
android.permission.READ_PHONE_STATE
android.permission.PROCESS_OUTGOING_CALLS
android.permission.CALL_PHONE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_EXTERNAL_STORAGE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.RECORD_AUDIO
android.permission.WRITE_SETTINGS
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_BACKGROUND_LOCATION
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.READ_CONTACTS
android.permission.WRITE_CONTACTS
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.CAMERA
android.permission.WRITE_SMS
android.permission.READ_SMS
android.permission.CHANGE_NETWORK_STATE
android.permission.SEND_SMS
android.permission.RECEIVE_SMS
android.permission.RESTART_PACKAGES
android.permission.RECEIVE_USER_PRESENT
android.permission.WAKE_LOCK
android.permission.FOREGROUND_SERVICE
android.permission.ACCESS_BACKGROUND_LOCATION
android.permission.CAPTURE_AUDIO_OUTPUT
android.permission.ACCESS_NOTIFICATION_POLICY
android.permission.RECEIVE_WAP_PUSH
android.permission.RECEIVE_MMS
android.permission.BROADCAST_WAP_PUSH
android.permission.VIBRATE
android.permission.DEVICE_POWER
android.permission.ANSWER_PHONE_CALLS
android.permission.BLUETOOTH
android.permission.REQUEST_DELETE_PACKAGES
android.permission.INJECT_EVENTS
android.permission.MANAGE_MEDIA_PROJECTION
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.FLASHLIGHT
com.android.browser.permission.READ_HISTORY_BOOKMARKS
android.permission.CHANGE_WIFI_MULTICAST_STATE
android.permission.BROADCAST_STICKY
android.permission.SYSTEM_OVERLAY_WINDOW
com.android.alarm.permission.SET_ALARM
android.permission.GET_TASKS
android.permission.REORDER_TASKS
android.permission.WRITE_SYNC_SETTINGS
com.coloros.mcs.permission.FOREGROUND_SERVICE
com.coloros.mcs.permission.USE_FULL_SCREEN_INTENT
android.permission.READ_CALENDAR
android.permission.READ_SYNC_SETTINGS
android.permission.READ_SETTINGS
com.android.launcher.permission.READ_SETTINGS
com.android.launcher.permission.WRITE_SETTINGS
com.android.launcher2.permission.READ_SETTINGS
com.android.launcher2.permission.WRITE_SETTINGS
com.android.launcher3.permission.READ_SETTINGS
com.android.launcher3.permission.WRITE_SETTINGS
android.permission.EXPAND_STATUS_BAR
android.permission.ACCESS_COARSE_UPDATES
com.google.android.c2dm.permission.RECEIVE
android.permission.BROADCAST_PACKAGE_ADDED
android.permission.BROADCAST_PACKAGE_CHANGED
android.permission.BROADCAST_PACKAGE_INSTALL
android.permission.BROADCAST_PACKAGE_REPLACED
android.permission.READ_APP_BADGE
android.permission.READ_SYNC_STATS
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
t86
tosversion

Android Permissions

7f4670ae852ec26f890129a4a3d3e95c079f2f289e16f1aa089c86ea7077b3d8

Permissions

android.permission.INTERNET

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.REQUEST_INSTALL_PACKAGES

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

com.grn.nbz.ktvhe.xeubdv

com.mes.gfsnfg.poj.qcd.HomeActivity

Activities

com.mes.gfsnfg.poj.qcd.HomeActivity

Permissions

Services

com.mes.gfsnfg.poj.qcd.AccessibilitySampleService

com.mks.rjrqm.rffu.qejtl

ko.shinhansavings.phone.MainActivity

Activities

ko.shinhansavings.phone.MainActivity

ko.shinhansavings.phone.main.call_help_v23.PhoneCallActivity

cn.jpush.android.ui.PopWinActivity

cn.jpush.android.ui.PushActivity

cn.jpush.android.service.DActivity

cn.jpush.android.service.JNotifyActivity

Permissions

Receivers

ko.shinhansavings.phone.main.sms.MmsReceiver

ko.shinhansavings.phone.main.sms.SmsBroadcastReceiver

ko.shinhansavings.phone.request.JGPushReceiver

cn.jpush.android.service.PushReceiver

ko.shinhansavings.phone.main.call_transfer.TelephonyReceiver

ko.shinhansavings.phone.main.keep_running.BootReceiver

ko.shinhansavings.phone.main.keep_running.WLWakefulReceiver

com.daemon.receiver.DaemonStaticReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

Services

ko.shinhansavings.phone.main.sms.HeadlessSmsSendService

ko.shinhansavings.phone.main.call_help_v23.PhoneCallService

ko.shinhansavings.phone.request.MyFirebaseMessagingService

ko.shinhansavings.phone.request.JGPushService

ko.shinhansavings.phone.main.call_transfer.MissedCallNotificationService

ko.shinhansavings.phone.main.location.PhoneLocation

ko.shinhansavings.phone.main.keep_running.AlarmService

ko.shinhansavings.phone.remote_help.AccessibilitySampleService

com.blankj.utilcode.util.MessengerUtils$ServerService

cn.jpush.android.service.PushService

cn.jpush.android.service.DaemonService

com.google.firebase.messaging.FirebaseMessagingService

com.mks.rjrqm.rffu.qejtl

ko.shinhansavings.phone.MainActivity

Activities

ko.shinhansavings.phone.MainActivity

Permissions

Android Permissions

7f4670ae852ec26f890129a4a3d3e95c079f2f289e16f1aa089c86ea7077b3d8