01da791043ed173641d221fe9a5a474961fe305ef5e10359db35ab0076a6249e[.]apk[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

01da791043ed173641d221fe9a5a474961fe305ef5e10359db35ab0076a6249e.apk.zip
Size

19.1MB
MD5

534cd07788689a471e9dcf2033012998
SHA1

20dbc99ad8b107e4ac53f5cc06467d6851f9fbe3
SHA256

dddf576229efe5062a42e023f57cd32c0e649add013aff330c2e15cb09a30246
SHA512

c000d5e9f2b04254f96a2a0740fcc118e38caa8bfe7cbad0b325718a403865ee960b6a1631904961b893abe7d8e5cfd9601767bcd84bf598716dc32903c42b91
SSDEEP

393216:SW2ZXZGlqGLCPN0KPcfLyz498ztYVcBtX91fc581NnmjYAOBK:FO0cN0KPELy0GqVcBtNXnmjYvY

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 3 IoCs

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Required to be able to access the camera device.	android.permission.CAMERA

Files

01da791043ed173641d221fe9a5a474961fe305ef5e10359db35ab0076a6249e.apk.zip
.zip

Password: infected
01da791043ed173641d221fe9a5a474961fe305ef5e10359db35ab0076a6249e.apk
.apk android arch:x86 arch:arm arch:x64 arch:arm64

com.fortinet.forticlient_fa

forticlient.start.bringtofront.BringToFrontStartActivity

Activities

f0.android.barcode.BarcodeScannerActivity

com.google.zxing.client.android.SCAN

Permissions

android.permission.SYSTEM_ALERT_WINDOW
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.FOREGROUND_SERVICE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.RESTART_PACKAGES
android.permission.ACCESS_NETWORK_STATE
android.permission.FOREGROUND_SERVICE
android.permission.READ_EXTERNAL_STORAGE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.KILL_BACKGROUND_PROCESSES
com.android.email.permission.ACCESS_PROVIDER
com.android.email.permission.READ_ATTACHMENT
com.google.android.gm.email.permission.ACCESS_PROVIDER
com.google.android.gm.email.permission.READ_ATTACHMENT
com.google.android.gm.email.permission.READ_ATTACHMENT_PREVIEW
com.google.android.gm.permission.READ_CONTENT_PROVIDER
com.google.android.gm.permission.READ_GMAIL
com.google.android.gm.permission.WRITE_GMAIL
com.google.android.providers.gmail.permission.READ_ATTACHMENT
com.google.android.providers.gmail.permission.READ_GMAIL
android.permission.READ_PROFILE
android.permission.INTERNET
android.permission.WAKE_LOCK
com.google.android.c2dm.permission.RECEIVE
android.permission.CAMERA

Receivers

forticlient.start.BroadcastStartReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
android.intent.action.MY_PACKAGE_REPLACED

forticlient.start.BroadcastRestrictionsReceiver

android.intent.action.APPLICATION_RESTRICTIONS_CHANGED

Services

forticlient.vpn.service.VpnService

android.net.VpnService
_
.gz
_
.tar
_/ftnt.ks
cacert.pem
config
dhcd-hooks/20-dns.conf
.sh linux
dhcd-hooks/95-configured
.sh linux
dhcd-run-hooks
.sh linux
dhcd.conf
fortisslcacert.pem
fortisslclient.crt
fortisslclient.key
ip-up
.sh linux
server.crt
server.key

Sharing

General

Malware Config

Signatures

Files

Password: infected

com.fortinet.forticlient_fa

forticlient.start.bringtofront.BringToFrontStartActivity

Activities

f0.android.barcode.BarcodeScannerActivity

Permissions

Receivers

forticlient.start.BroadcastStartReceiver

forticlient.start.BroadcastRestrictionsReceiver

Services

forticlient.vpn.service.VpnService