4da0004f5e2902bc8f3d757163daf256[.]apk

Sharing

Copy URL Twitter E-mail

General

Target

4da0004f5e2902bc8f3d757163daf256.apk
Size

95.0MB
MD5

4da0004f5e2902bc8f3d757163daf256
SHA1

b843d2c8b6f2694142245b02a7b57879498b4f9a
SHA256

04cc16305feabe7c69cef96f7e8e9a243d19bc5f981115f6b6a1b34ee88d60dc
SHA512

d9f2c85f77a149ee969debb56c097e1b2d984bdd4f7a50ddc3b212a52ea7ca5a198c0bda5e3de3bb880c54d40c905b85509278ba8de509e681f0671d87cd5409
SSDEEP

1572864:cQA2jA1V5br3rMMkHH6kChc+4RBguS+VHmV05qwwL7OJTIV1n8xoZABCj/30lDUy:c4kntrLHc+4Raufa05qTL7CUJ8kj/klP

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 11 IoCs

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to recognize physical activity.	android.permission.ACTIVITY_RECOGNITION
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS

Files

4da0004f5e2902bc8f3d757163daf256.apk
.apk android arch:arm64 arch:arm arch:x64

br.com.bancopan.cartoes

br.com.bancopan.bancodigital.presentation.splash.SplashActivity

Activities

br.com.bancopan.bancodigital.presentation.splash.SplashActivity

android.intent.action.MAIN
android.intent.action.VIEW
android.intent.action.VIEW

bancopan.com.br.pix.presentation.flow.claiming.create.PixClaimingFlowActivity

android.intent.action.ACTION_VIEW

bancopan.com.br.pix.presentation.portability.PixPortabilityActivity

android.intent.action.ACTION_VIEW

bancopan.com.br.pix.presentation.flow.qrcode.PixCreateQRCodeFlowActivity

android.intent.action.ACTION_VIEW

bancopan.com.br.pix.presentation.flow.payment.qrcode.PixQRCodePaymentActivity

android.intent.action.ACTION_VIEW

bancopan.com.br.pix.presentation.flow.payment.manual.PixManualPaymentActivity

android.intent.action.ACTION_VIEW

bancopan.com.br.pix.presentation.my_keys.PixMyKeysActivity

android.intent.action.ACTION_VIEW

bancopan.com.br.pix.presentation.flow.transfer.by_key.PixTransferByKeyFlowActivity

android.intent.action.ACTION_VIEW

bancopan.com.br.pix.presentation.flow.payment.by_key.PixPaymentByKeyFlowActivity

android.intent.action.ACTION_VIEW

bancopan.com.br.pix.presentation.flow.new_key.PixNewKeyFlowActivity

android.intent.action.ACTION_VIEW

bancopan.com.br.pix.presentation.flow.charge.PixChargeSomeoneActivity

android.intent.action.ACTION_VIEW

bancopan.com.br.pix.presentation.flow.payment.by_withdrawal_and_change.WithdrawalAndChangePaymentActivity

android.intent.action.ACTION_VIEW

Permissions

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.READ_CONTACTS
com.google.android.c2dm.permission.RECEIVE
android.permission.WAKE_LOCK
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.hardware.camera
android.permission.ACCESS_WIFI_STATE
android.permission.CAMERA
android.permission.CHANGE_WIFI_STATE
com.google.android.gms.permission.ACTIVITY_RECOGNITION
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.ACTIVITY_RECOGNITION
com.google.android.gms.permission.AD_ID
android.permission.BLUETOOTH
android.permission.BLUETOOTH_ADMIN
android.permission.READ_PHONE_STATE
android.permission.NFC
android.permission.GET_ACCOUNTS
android.permission.RECORD_AUDIO
android.permission.VIBRATE
android.permission.WRITE_SETTINGS
android.permission.USE_BIOMETRIC
android.permission.USE_FINGERPRINT
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
android.permission.POST_NOTIFICATIONS
android.permission.AUTHENTICATE_ACCOUNTS

Receivers

com.appsflyer.SingleInstallBroadcastReceiver

com.android.vending.INSTALL_REFERRER

com.salesforce.marketingcloud.MCReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.ACTION_SHUTDOWN
android.intent.action.MY_PACKAGE_REPLACED
android.intent.action.TIMEZONE_CHANGED
br.com.bancopan.cartoes.com.salesforce.marketingcloud.WAKE_FOR_ALARM

com.inlocomedia.android.core.schedulers.alarm.AlarmHelperReceiver

com.inlocomedia.android.core.AlarmTriggeredEvent

com.inlocomedia.android.location.MainReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.AIRPLANE_MODE

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

Services

com.ca.mas.core.storage.sharedstorage.MASAuthenticatorService

android.accounts.AccountAuthenticator

bancopan.com.br.commons.push.PushManager

com.google.firebase.MESSAGING_EVENT
com.google.firebase.INSTANCE_ID_EVENT

com.salesforce.marketingcloud.messages.push.MCFirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT
1f5b84f51ce0fcfbb76e904b7bcaa7560f601e1394a0b29367a09385312287eb
2b075ac1a6132b5b8a4c9ef0ba6b0cd84db7838aca9a000e50d907f40770a4ab
4c4774668f9b9333977fc891e7695420a0b4c27cc2c1cd3920ce9e0870e3c0e8
59cc2a9af81aaca2376702c2490650f4da2775fa673274db98aad41b7ef101c0
66388dc76dc16bc6b76b682edd218a575bf45b9b
6b3133f0f39ff89a2a169d61176ee17cafacc5e288f334e2b64ee82892d11ccd
9077d16225f9314163ef1e7db6fc7d4088bb903d134bd95f23d5591ca4dfbfca
AssetManifest.json
CupertinoIcons.ttf
FontManifest.json
KaTeX_AMS-Regular.ttf
KaTeX_Caligraphic-Bold.ttf
KaTeX_Caligraphic-Regular.ttf
KaTeX_Fraktur-Bold.ttf
KaTeX_Fraktur-Regular.ttf
KaTeX_Main-Bold.ttf
KaTeX_Main-BoldItalic.ttf
KaTeX_Main-Italic.ttf
KaTeX_Main-Regular.ttf
KaTeX_Math-BoldItalic.ttf
KaTeX_Math-Italic.ttf
KaTeX_SansSerif-Bold.ttf
KaTeX_SansSerif-Italic.ttf
KaTeX_SansSerif-Regular.ttf
KaTeX_Script-Regular.ttf
KaTeX_Size1-Regular.ttf
KaTeX_Size2-Regular.ttf
KaTeX_Size3-Regular.ttf
KaTeX_Size4-Regular.ttf
KaTeX_Typewriter-Regular.ttf
LICENSE
MaterialIcons-Regular.otf
NOTICES.Z
Ys4TQh4aewlf1CpyzWLi
a74f2afb9d20f2375ccbd14e67c094b85c89ceb608f7cf8ae04f3f646a6c5672
ani_selfie_man_01.json
ani_selfie_man_02.json
ani_selfie_man_03.json
ani_selfie_woman_01.json
ani_selfie_woman_02.json
ani_selfie_woman_03.json
attributions.txt
b501893e75f62ee1707643e35b21109927b07ed5b202321c961b424cbc2e4695
b82962a4847bcf6d1bf89ea7543f83e184a1df7c4e7e3c343dd3e3e17cb9a645
cadeado.png
check.png
circular_air_pro_bold.otf
circular_air_pro_book.otf
com.threatmetrix.TrustDefender.TMXModuleInitializerInterface
com.threatmetrix.TrustDefender.TMXProfilingConnectionsInterface
d
dbd7a353f0130bb983d6ba05917e9be991d70e8f028df4b74e30bc6497ef7f71
eye_animation.json
f2.xml
fd6d368a5658496536e2bfae170d1b823a3629b242cafc09784bfba4e56d8c80
knomi_alfa_client.xml
knomi_alfa_server.xml
knomi_bravo_client.xml
knomi_bravo_server.xml
knomi_charlie_client.xml
knomi_charlie_server.xml
knomi_delta_client.xml
knomi_delta_server.xml
knomi_echo_client.xml
knomi_echo_server.xml
knomi_india_client.xml
knomi_india_server.xml
loading_anim.json
loading_indicator.json
lottie_cartoes_desbloqueio.json
lottie_cartoes_enviando.json
lottie_chat_loading.json
marker
msso_config.json
msso_config_dev.json
msso_config_hml.json
msso_config_prd.json
no_avatar_animation.json
no_sleep.js
pink_hand_wallet_money.json
profiler_config.json
splash_animation.json
success_anim.json
supplierconfig.json
workflows.json

Android Permissions

4da0004f5e2902bc8f3d757163daf256.apk

Permissions

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.READ_EXTERNAL_STORAGE

android.permission.READ_CONTACTS

com.google.android.c2dm.permission.RECEIVE

android.permission.WAKE_LOCK

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_FINE_LOCATION

android.hardware.camera

android.permission.ACCESS_WIFI_STATE

android.permission.CAMERA

android.permission.CHANGE_WIFI_STATE

com.google.android.gms.permission.ACTIVITY_RECOGNITION

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.ACTIVITY_RECOGNITION

com.google.android.gms.permission.AD_ID

android.permission.BLUETOOTH

android.permission.BLUETOOTH_ADMIN

android.permission.READ_PHONE_STATE

android.permission.NFC

android.permission.GET_ACCOUNTS

android.permission.RECORD_AUDIO

android.permission.VIBRATE

android.permission.WRITE_SETTINGS

android.permission.USE_BIOMETRIC

android.permission.USE_FINGERPRINT

com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

android.permission.POST_NOTIFICATIONS

android.permission.AUTHENTICATE_ACCOUNTS

Sharing

General

Malware Config

Signatures

Files

br.com.bancopan.cartoes

br.com.bancopan.bancodigital.presentation.splash.SplashActivity

Activities

br.com.bancopan.bancodigital.presentation.splash.SplashActivity

bancopan.com.br.pix.presentation.flow.claiming.create.PixClaimingFlowActivity

bancopan.com.br.pix.presentation.portability.PixPortabilityActivity

bancopan.com.br.pix.presentation.flow.qrcode.PixCreateQRCodeFlowActivity

bancopan.com.br.pix.presentation.flow.payment.qrcode.PixQRCodePaymentActivity

bancopan.com.br.pix.presentation.flow.payment.manual.PixManualPaymentActivity

bancopan.com.br.pix.presentation.my_keys.PixMyKeysActivity

bancopan.com.br.pix.presentation.flow.transfer.by_key.PixTransferByKeyFlowActivity

bancopan.com.br.pix.presentation.flow.payment.by_key.PixPaymentByKeyFlowActivity

bancopan.com.br.pix.presentation.flow.new_key.PixNewKeyFlowActivity

bancopan.com.br.pix.presentation.flow.charge.PixChargeSomeoneActivity

bancopan.com.br.pix.presentation.flow.payment.by_withdrawal_and_change.WithdrawalAndChangePaymentActivity

Permissions

Receivers

com.appsflyer.SingleInstallBroadcastReceiver

com.salesforce.marketingcloud.MCReceiver

com.inlocomedia.android.core.schedulers.alarm.AlarmHelperReceiver

com.inlocomedia.android.location.MainReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

Services

com.ca.mas.core.storage.sharedstorage.MASAuthenticatorService

bancopan.com.br.commons.push.PushManager

com.salesforce.marketingcloud.messages.push.MCFirebaseMessagingService

com.google.firebase.messaging.FirebaseMessagingService

Android Permissions

4da0004f5e2902bc8f3d757163daf256.apk