16_com[.]rain[.]bow[.]rainbow[.]money[.]cash[.]loan[.]money[.]cept[.]dfs[.]in[.]loan_base[.]apk

General

Target

16_com.rain.bow.rainbow.money.cash.loan.money.cept.dfs.in.loan_base.apk
Size

6.5MB
MD5

2dacd4e7129a5d95352dedafd0074c7d
SHA1

f13e751a615d69d96d640bfb86a5519a3814982d
SHA256

8e96a3074c2b610c461c78399c2de7d41c1c5164c1c222e78fe1f62b7bd3b951
SHA512

448cc633696215268118ff57793322f3c2f2e6886d919efee46bad91c58630dc74fe09727e125f781aefee0145365bcc8b311b4bb12cab0886207d58fe2ce0b1
SSDEEP

196608:71vmNQyHs9CDVaGP7mdm4CrzP5vSbzDo8ORDz6JO:71vDP9gVHypAvS7gUJO

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 11 IoCs

description	ioc
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Required to be able to access the camera device.	android.permission.CAMERA
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE

Files

16_com.rain.bow.rainbow.money.cash.loan.money.cept.dfs.in.loan_base.apk
.apk android

com.rain.bow.rainbow.money.cash.loan.money.cept.dfs.in.loan

com.rain.bow.rainbow.money.cash.loan.money.cept.dfs.in.loan.activity.SplashActivityRain

Activities

com.rain.bow.rainbow.money.cash.loan.money.cept.dfs.in.loan.activity.SplashActivityRain

android.intent.action.MAIN
android.intent.action.VIEW
android.intent.action.VIEW

com.facebook.CustomTabActivity

android.intent.action.VIEW

Permissions

android.permission.READ_SMS
android.permission.READ_CONTACTS
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.USE_CREDENTIALS
android.permission.GET_ACCOUNTS
android.permission.READ_PROFILE
android.permission.ACCESS_NETWORK_STATE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.BROADCAST_STICKY
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.GET_TASKS
android.permission.VIBRATE
android.permission.RECORD_AUDIO
android.permission.CHANGE_NETWORK_STATE
android.permission.CALL_PHONE
android.permission.INTERNET
com.android.launcher.permission.READ_SETTINGS
android.permission.CAMERA
android.permission.READ_PHONE_STATE
android.permission.WAKE_LOCK
android.permission.FOREGROUND_SERVICE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
android.permission.REORDER_TASKS
com.google.android.gms.permission.AD_ID
com.google.android.c2dm.permission.RECEIVE
com.google.android.gms.permission.AD_ID

Receivers

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.facebook.sdk.ACTION_CURRENT_ACCESS_TOKEN_CHANGED

Services

com.rain.bow.rainbow.money.cash.loan.money.cept.dfs.in.loan.service.MyFirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.blankj.utilcode.util.MessengerUtils$ServerService

com.rain.bow.rainbow.money.cash.loan.money.cept.dfs.in.loan.messenger

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

Android Permissions

16_com.rain.bow.rainbow.money.cash.loan.money.cept.dfs.in.loan_base.apk

Permissions

android.permission.READ_SMS

android.permission.READ_CONTACTS

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_FINE_LOCATION

android.permission.ACCESS_WIFI_STATE

android.permission.CHANGE_WIFI_STATE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.READ_EXTERNAL_STORAGE

android.permission.USE_CREDENTIALS

android.permission.GET_ACCOUNTS

android.permission.READ_PROFILE

android.permission.ACCESS_NETWORK_STATE

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.BROADCAST_STICKY

android.permission.KILL_BACKGROUND_PROCESSES

android.permission.GET_TASKS

android.permission.VIBRATE

android.permission.RECORD_AUDIO

android.permission.CHANGE_NETWORK_STATE

android.permission.CALL_PHONE

android.permission.INTERNET

com.android.launcher.permission.READ_SETTINGS

android.permission.CAMERA

android.permission.READ_PHONE_STATE

android.permission.WAKE_LOCK

android.permission.FOREGROUND_SERVICE

com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

android.permission.REORDER_TASKS

com.google.android.gms.permission.AD_ID

com.google.android.c2dm.permission.RECEIVE

com.google.android.gms.permission.AD_ID

Sharing

General

Malware Config

Signatures

Files

com.rain.bow.rainbow.money.cash.loan.money.cept.dfs.in.loan

com.rain.bow.rainbow.money.cash.loan.money.cept.dfs.in.loan.activity.SplashActivityRain

Activities

com.rain.bow.rainbow.money.cash.loan.money.cept.dfs.in.loan.activity.SplashActivityRain

com.facebook.CustomTabActivity

Permissions

Receivers

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

Services

com.rain.bow.rainbow.money.cash.loan.money.cept.dfs.in.loan.service.MyFirebaseMessagingService

com.blankj.utilcode.util.MessengerUtils$ServerService

com.google.firebase.messaging.FirebaseMessagingService

Android Permissions

16_com.rain.bow.rainbow.money.cash.loan.money.cept.dfs.in.loan_base.apk