5e060a50964249e17931a0fdebebfa9ad5abe26d2cb822ff61475997d149c986[.]apk[.]zip

General

Target

5e060a50964249e17931a0fdebebfa9ad5abe26d2cb822ff61475997d149c986.apk.zip
Size

15.0MB
MD5

12d9195567934fbcb810c5c1ec2d86e3
SHA1

800e65a3b847995aa53ef409b62c1401e1a0689c
SHA256

4d8303ae24d3a9adf3bcc0c3b4991533b8e068d1d719ae18a44348dfd82f36c3
SHA512

b5e55985eae74eaf9aee5e99f34563138709168aab0c1429b6f0fd63451edfb94d165849fcbc34af34f219560c7809fc79b9b4fab8b58d6292976687a4894ad7
SSDEEP

393216:jCSxrpAWorZYi1zTSriiypqi5S35QMlUDNwv0X0txZhd+kDP/aY:jd1Arei1SWXboiMlUpzkbJ+iPn

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 4 IoCs

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION

Files

5e060a50964249e17931a0fdebebfa9ad5abe26d2cb822ff61475997d149c986.apk.zip
.zip

Password: infected
5e060a50964249e17931a0fdebebfa9ad5abe26d2cb822ff61475997d149c986.apk
.apk android arch:arm64 arch:arm arch:x86 arch:x64

com.rrsolutions.famulus

com.rrsolutions.famulus.activities.splash.SplashActivity

Activities

com.rrsolutions.famulus.activities.splash.SplashActivity

android.intent.action.MAIN
android.intent.action.VIEW

com.rrsolutions.famulus.activities.rescue.RescueDiscoverPrintersActivity

android.hardware.usb.action.USB_DEVICE_ATTACHED

Permissions

android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.VIBRATE
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_COARSE_LOCATION
android.permission.INTERNET
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.USE_EXACT_ALARM
android.permission.WAKE_LOCK
android.permission.RECEIVE_BOOT_COMPLETED
com.google.android.gms.permission.AD_ID
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

Receivers

com.evernote.android.job.v14.PlatformAlarmReceiver

com.evernote.android.job.v14.RUN_JOB
net.vrallev.android.job.v14.RUN_JOB

com.evernote.android.job.JobBootReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
com.htc.intent.action.QUICKBOOT_POWERON
android.intent.action.MY_PACKAGE_REPLACED

Services

com.evernote.android.job.gcm.PlatformGcmService

com.google.android.gms.gcm.ACTION_TASK_READY
baseline.prof
baseline.profm

Sharing

General

Malware Config

Signatures

Files

Password: infected

com.rrsolutions.famulus

com.rrsolutions.famulus.activities.splash.SplashActivity

Activities

com.rrsolutions.famulus.activities.splash.SplashActivity

com.rrsolutions.famulus.activities.rescue.RescueDiscoverPrintersActivity

Permissions

Receivers

com.evernote.android.job.v14.PlatformAlarmReceiver

com.evernote.android.job.JobBootReceiver

Services

com.evernote.android.job.gcm.PlatformGcmService