Overview

overview

7

Static

static

7

8bead2adde...53.apk

android-9-x86

7

8bead2adde...53.apk

android-11-x64

7

dhcd-hooks...s.conf

ubuntu-18.04-amd64

dhcd-hooks...s.conf

debian-9-armhf

dhcd-hooks...s.conf

debian-9-mips

dhcd-hooks...s.conf

debian-9-mipsel

dhcd-hooks...igured

ubuntu-18.04-amd64

dhcd-hooks...igured

debian-9-armhf

dhcd-hooks...igured

debian-9-mips

dhcd-hooks...igured

debian-9-mipsel

dhcd-run-hooks

ubuntu-18.04-amd64

dhcd-run-hooks

debian-9-armhf

dhcd-run-hooks

debian-9-mips

dhcd-run-hooks

debian-9-mipsel

ip-up

ubuntu-18.04-amd64

ip-up

debian-9-armhf

ip-up

debian-9-mips

ip-up

debian-9-mipsel

Sharing

Copy URL Twitter E-mail

General

  • Target

    8bead2adde2a621172a285b830d483cfcbf995659bdcdcbdf915663462fba353.apk.zip

  • Size

    19.5MB

  • MD5

    a07a38712605fe4b70038246d8b0ec72

  • SHA1

    33dd074953103a1b2b7facd806575f61605a2aff

  • SHA256

    375dd320bb0d355dd22bf902b61f78385f2371bb2e4b9d14a1e1e000f0fd9cd1

  • SHA512

    9fd189e6e586fddeacf7e9a848f7402e875ba356cc6566f0e7d4a32d6fa37c9995a29c22704d70bb051cb0bd7fbd8738d6e9193f6823257a0011768f47890235

  • SSDEEP

    393216:ZWlO6d89/Dv6iKE6aUzVT9jARyAPIu+lAkpIwv6iXhS6f2RYrwSMvI5ivBbD:18Yrn6aPRyAwu+Okii6iXR28II5qD

Score
7/10

Malware Config

Signatures

  • Requests dangerous framework permissions 5 IoCs

Files

  • 8bead2adde2a621172a285b830d483cfcbf995659bdcdcbdf915663462fba353.apk.zip
    .zip

    Password: infected

  • 8bead2adde2a621172a285b830d483cfcbf995659bdcdcbdf915663462fba353.apk
    .apk android arch:arm64 arch:arm arch:x86 arch:x64

    com.fortinet.forticlient_vpn

    forticlient.start.bringtofront.BringToFrontStartActivity


  • _
    .gz
  • _
    .tar
  • _/ftnt.ks
  • cacert.pem
  • config
  • dhcd-hooks/20-dns.conf
    .sh linux
  • dhcd-hooks/95-configured
    .sh linux
  • dhcd-run-hooks
    .sh linux
  • dhcd.conf
  • fortisslcacert.pem
  • fortisslclient.crt
  • fortisslclient.key
  • ip-up
    .sh linux
  • server.crt
  • server.key