295e6c31e2f2b88a4ee5fe2e7b86f0bcc3a271f7c52eb4bf649d3df057f9196f[.]apk[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

295e6c31e2f2b88a4ee5fe2e7b86f0bcc3a271f7c52eb4bf649d3df057f9196f.apk.zip
Size

19.1MB
MD5

294dd153767e331e89af2411679d04f4
SHA1

0036f6a133aebbd661bb05ace5229cd946f6b3af
SHA256

3a20d48d55b40ec9f968a664d540cc3155e1c3e92561879efe31f9e5e970f926
SHA512

2dc44a4fb6e74429a58fc1d76c5971fb6a071d54b00efd974d258a4fec7d8113bfff336f9cb8cd4f58928d8c94df18f0115f1ed7a5297aad6d64b457266f2db3
SSDEEP

393216:C/s0CdTm3ob2cJM8YMnstaUgB6qHSmRyGDVSGRKZVTIuFnq:JAobesPhhzVjRYhIus

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 3 IoCs

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Required to be able to access the camera device.	android.permission.CAMERA

Files

295e6c31e2f2b88a4ee5fe2e7b86f0bcc3a271f7c52eb4bf649d3df057f9196f.apk.zip
.zip

Password: infected
295e6c31e2f2b88a4ee5fe2e7b86f0bcc3a271f7c52eb4bf649d3df057f9196f.apk
.apk android arch:x86 arch:arm arch:x64 arch:arm64

com.fortinet.forticlient_fa

forticlient.start.bringtofront.BringToFrontStartActivity

Activities

f0.android.barcode.BarcodeScannerActivity

com.google.zxing.client.android.SCAN

Permissions

android.permission.SYSTEM_ALERT_WINDOW
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.FOREGROUND_SERVICE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.RESTART_PACKAGES
android.permission.ACCESS_NETWORK_STATE
android.permission.FOREGROUND_SERVICE
android.permission.READ_EXTERNAL_STORAGE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.KILL_BACKGROUND_PROCESSES
com.android.email.permission.ACCESS_PROVIDER
com.android.email.permission.READ_ATTACHMENT
com.google.android.gm.email.permission.ACCESS_PROVIDER
com.google.android.gm.email.permission.READ_ATTACHMENT
com.google.android.gm.email.permission.READ_ATTACHMENT_PREVIEW
com.google.android.gm.permission.READ_CONTENT_PROVIDER
com.google.android.gm.permission.READ_GMAIL
com.google.android.gm.permission.WRITE_GMAIL
com.google.android.providers.gmail.permission.READ_ATTACHMENT
com.google.android.providers.gmail.permission.READ_GMAIL
android.permission.READ_PROFILE
android.permission.INTERNET
android.permission.WAKE_LOCK
com.google.android.c2dm.permission.RECEIVE
android.permission.CAMERA

Receivers

forticlient.start.BroadcastStartReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
android.intent.action.MY_PACKAGE_REPLACED

forticlient.start.BroadcastRestrictionsReceiver

android.intent.action.APPLICATION_RESTRICTIONS_CHANGED

Services

forticlient.vpn.service.VpnService

android.net.VpnService
_
.gz
_
.tar
_/ftnt.ks
cacert.pem
config
dhcd-hooks/20-dns.conf
.sh linux
dhcd-hooks/95-configured
.sh linux
dhcd-run-hooks
.sh linux
dhcd.conf
fortisslcacert.pem
fortisslclient.crt
fortisslclient.key
ip-up
.sh linux
server.crt
server.key

Sharing

General

Malware Config

Signatures

Files

Password: infected

com.fortinet.forticlient_fa

forticlient.start.bringtofront.BringToFrontStartActivity

Activities

f0.android.barcode.BarcodeScannerActivity

Permissions

Receivers

forticlient.start.BroadcastStartReceiver

forticlient.start.BroadcastRestrictionsReceiver

Services

forticlient.vpn.service.VpnService