f14bc01ce06b49916acf741ba90dafdc2dafe4275b8ba1357ad6b09707e0bf96[.]apk[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

f14bc01ce06b49916acf741ba90dafdc2dafe4275b8ba1357ad6b09707e0bf96.apk.zip
Size

19.1MB
MD5

62de161c91a12ffbf4ac85935bf1f5b6
SHA1

25cd4ec79dee2129a877ed77d2ca1bce4a4c0b33
SHA256

b6d791af2fae8287435d944619d458f079239b7d8a27370a3052b0c2a5d7f7ba
SHA512

64d6cad0fc5887707c0a290c7cea6d5e4cb10efc4891347f5a90b427046ac170a3a6816b38a3219bfa37a86674f0eb2c591aa2e70060cfc801a0d5c0d53b9ef9
SSDEEP

393216:KmE9scThGd4BOA1x7d6KycsWlj4fkyYreGisW9396:1E9s4hPcWGKyczlqAreGb2396

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 3 IoCs

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Required to be able to access the camera device.	android.permission.CAMERA

Files

f14bc01ce06b49916acf741ba90dafdc2dafe4275b8ba1357ad6b09707e0bf96.apk.zip
.zip

Password: infected
f14bc01ce06b49916acf741ba90dafdc2dafe4275b8ba1357ad6b09707e0bf96.apk
.apk android arch:x86 arch:arm arch:x64 arch:arm64

com.fortinet.forticlient_fa

forticlient.start.bringtofront.BringToFrontStartActivity

Activities

f0.android.barcode.BarcodeScannerActivity

com.google.zxing.client.android.SCAN

Permissions

android.permission.SYSTEM_ALERT_WINDOW
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.FOREGROUND_SERVICE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.RESTART_PACKAGES
android.permission.ACCESS_NETWORK_STATE
android.permission.FOREGROUND_SERVICE
android.permission.READ_EXTERNAL_STORAGE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.KILL_BACKGROUND_PROCESSES
com.android.email.permission.ACCESS_PROVIDER
com.android.email.permission.READ_ATTACHMENT
com.google.android.gm.email.permission.ACCESS_PROVIDER
com.google.android.gm.email.permission.READ_ATTACHMENT
com.google.android.gm.email.permission.READ_ATTACHMENT_PREVIEW
com.google.android.gm.permission.READ_CONTENT_PROVIDER
com.google.android.gm.permission.READ_GMAIL
com.google.android.gm.permission.WRITE_GMAIL
com.google.android.providers.gmail.permission.READ_ATTACHMENT
com.google.android.providers.gmail.permission.READ_GMAIL
android.permission.READ_PROFILE
android.permission.INTERNET
android.permission.WAKE_LOCK
com.google.android.c2dm.permission.RECEIVE
android.permission.CAMERA

Receivers

forticlient.start.BroadcastStartReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
android.intent.action.MY_PACKAGE_REPLACED

forticlient.start.BroadcastRestrictionsReceiver

android.intent.action.APPLICATION_RESTRICTIONS_CHANGED

Services

forticlient.vpn.service.VpnService

android.net.VpnService
_
.gz
_
.tar
_/ftnt.ks
cacert.pem
config
dhcd-hooks/20-dns.conf
.sh linux
dhcd-hooks/95-configured
.sh linux
dhcd-run-hooks
.sh linux
dhcd.conf
fortisslcacert.pem
fortisslclient.crt
fortisslclient.key
ip-up
.sh linux
server.crt
server.key

Sharing

General

Malware Config

Signatures

Files

Password: infected

com.fortinet.forticlient_fa

forticlient.start.bringtofront.BringToFrontStartActivity

Activities

f0.android.barcode.BarcodeScannerActivity

Permissions

Receivers

forticlient.start.BroadcastStartReceiver

forticlient.start.BroadcastRestrictionsReceiver

Services

forticlient.vpn.service.VpnService