f0ea960d6a02b7304a3845963a75847f6135477f217fac67bd17d3faa6c2828b[.]apk[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

f0ea960d6a02b7304a3845963a75847f6135477f217fac67bd17d3faa6c2828b.apk.zip
Size

7.6MB
MD5

0f5a63c7ad49a9255e0ea96b11065214
SHA1

11d66076dbfc84e544ca825cc437a84015b76e1f
SHA256

1f0e2d7386e6e6391cd22882014373223f5c16c3c570170d5d540d5c4b12a68a
SHA512

722f10b5b67746377b24fb791871cd30613119dd0cb836f2d4bf4b79713ed472111dc229aa6cc99afb0aba72bd02099e71829409fb6113df12872a68da391c66
SSDEEP

98304:PdWAkvpEhrj4a9/B4chdCnwA8OjO1areAlemGfKwyG+V/UDGVjHqoM5SYUHm6VOr:VDLjvThCViAiKvGwMDu45RULOp9oY55

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 5 IoCs

description	ioc
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION

Files

f0ea960d6a02b7304a3845963a75847f6135477f217fac67bd17d3faa6c2828b.apk.zip
.zip

Password: infected
f0ea960d6a02b7304a3845963a75847f6135477f217fac67bd17d3faa6c2828b.apk
.apk .ps1 android

cz.eternal.cityguide.bilovice

cz.eternal.cityguide.SplashScreenActivity

Activities

cz.eternal.cityguide.SplashScreenActivity

android.intent.action.MAIN
android.intent.action.VIEW

cz.eternal.weatherlib.CityWeatherActivity

android.intent.action.MAIN

cz.eternal.weatherlib.SettingsActivity

android.intent.action.MAIN

com.google.android.gms.appinvite.PreviewActivity

com.google.android.gms.appinvite.ACTION_PREVIEW

Permissions

android.permission.RECEIVE_BOOT_COMPLETED
android.permission.CAMERA
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WAKE_LOCK
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
com.google.android.providers.gsf.permission.READ_GSERVICES
com.android.alarm.permission.SET_ALARM
android.permission.FOREGROUND_SERVICE
cz.eternal.cityguide.bilovice.permission.C2D_MESSAGE
com.google.android.c2dm.permission.RECEIVE
android.permission.VIBRATE
android.permission.READ_APP_BADGE
com.oppo.launcher.permission.READ_SETTINGS
com.oppo.launcher.permission.WRITE_SETTINGS
me.everything.badger.permission.BADGE_COUNT_READ
me.everything.badger.permission.BADGE_COUNT_WRITE

Receivers

com.onesignal.GcmBroadcastReceiver

com.google.android.c2dm.intent.RECEIVE

com.onesignal.BootUpReceiver

android.intent.action.ACTION_BOOT_COMPLETED
android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON

com.onesignal.UpgradeReceiver

android.intent.action.MY_PACKAGE_REPLACED

com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver

com.android.vending.INSTALL_REFERRER

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

Services

cz.eternal.cityguide.workmanager.StarterJobService

com.firebase.jobdispatcher.ACTION_EXECUTE

cz.eternal.cityguide.workmanager.ProcessJobService

com.firebase.jobdispatcher.ACTION_EXECUTE

cz.eternal.cityguide.UpdateService

com.google.android.gms.gcm.ACTION_TASK_READY

androidx.work.impl.background.firebase.FirebaseJobService

com.firebase.jobdispatcher.ACTION_EXECUTE

com.google.firebase.iid.FirebaseInstanceIdService

com.google.firebase.INSTANCE_ID_EVENT

com.firebase.jobdispatcher.GooglePlayReceiver

com.google.android.gms.gcm.ACTION_TASK_READY
4D37AA9124646B85515F2478BBF98DA4
.png
BC9DD4431A602289DD5E7C631AAF2222
.png
about.html
.html
cityguide.db
crashlytics-build.properties
oppk.jpg
.jpg
style.css

Sharing

General

Malware Config

Signatures

Files

Password: infected

cz.eternal.cityguide.bilovice

cz.eternal.cityguide.SplashScreenActivity

Activities

cz.eternal.cityguide.SplashScreenActivity

cz.eternal.weatherlib.CityWeatherActivity

cz.eternal.weatherlib.SettingsActivity

com.google.android.gms.appinvite.PreviewActivity

Permissions

Receivers

com.onesignal.GcmBroadcastReceiver

com.onesignal.BootUpReceiver

com.onesignal.UpgradeReceiver

com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

Services

cz.eternal.cityguide.workmanager.StarterJobService

cz.eternal.cityguide.workmanager.ProcessJobService

cz.eternal.cityguide.UpdateService

androidx.work.impl.background.firebase.FirebaseJobService

com.google.firebase.iid.FirebaseInstanceIdService

com.firebase.jobdispatcher.GooglePlayReceiver