252f87c3296807622d5b283fe4fdcf3ccb0cfd785c0fe68d48329587591a7a80[.]apk[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

252f87c3296807622d5b283fe4fdcf3ccb0cfd785c0fe68d48329587591a7a80.apk.zip
Size

57.5MB
MD5

7d430a4206c3cfdcacdd46b191383331
SHA1

0fb380b244c5aa34372695d196bc06902876c894
SHA256

01edb1738802e78c4710652659848a5475ca795076c1b1fee2e799e386a278c1
SHA512

d09e41baf70d4f659e77c488e95b1d363dfd9204d9eaf777393ee2d8c540430bdfa45794cdeee708fa8de9049f1f35d28f45b087adbad8554a11df7d3e7f9aee
SSDEEP

1572864:pABBfNpk1FRB1YBHF62dFjFsAeVGwqKzXpzH83ey/NY:wFpk1FRYj6SFmAeljpzHfye

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 5 IoCs

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION

Files

252f87c3296807622d5b283fe4fdcf3ccb0cfd785c0fe68d48329587591a7a80.apk.zip
.zip

Password: infected
252f87c3296807622d5b283fe4fdcf3ccb0cfd785c0fe68d48329587591a7a80.apk
.apk android arch:arm arch:arm64

com.slots.ysl.task

com.slots.ysl.task.UnityPlayerActivity

Activities

com.slots.ysl.task.UnityPlayerActivity

android.intent.action.MAIN

com.facebook.CustomTabActivity

android.intent.action.VIEW
android.intent.action.VIEW

com.linecorp.linesdk.auth.internal.LineAuthenticationCallbackActivity

android.intent.action.VIEW

Permissions

android.permission.INTERNET
android.permission.VIBRATE
android.permission.ACCESS_NETWORK_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_WIFI_STATE
android.permission.SCHEDULE_EXACT_ALARM
android.permission.READ_EXTERNAL_STORAGE
android.permission.READ_PHONE_STATE
android.permission.READ_PRIVILEGED_PHONE_STATE
com.google.android.gms.permission.AD_ID
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
android.permission.FOREGROUND_SERVICE
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.USE_CREDENTIALS
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WAKE_LOCK
com.google.android.c2dm.permission.RECEIVE

Receivers

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.facebook.sdk.ACTION_CURRENT_ACCESS_TOKEN_CHANGED

com.facebook.AuthenticationTokenManager$CurrentAuthenticationTokenChangedBroadcastReceiver

com.facebook.sdk.ACTION_CURRENT_AUTHENTICATION_TOKEN_CHANGED

com.android.cardsdk.sdklib.schedule.TaskReceiver

com.android.cardsdk.action.sc
android.intent.action.BOOT_COMPLETED

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

Services

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.android.cardsdk.sdklib.taurus.TFCMService

com.google.firebase.MESSAGING_EVENT
.DS_Store
AkzidenzGrotesk.ttf
Compat.browser
DefaultWsdlHelpGenerator.aspx
.js
I18N.CJK.dll-resources.dat
System.Drawing.dll-resources.dat
boot.config
browscap.ini
com.cardsdk.ref__10051119.so
config
config.xml
.xml
data.json
data.unity3d
global-metadata.dat
gradle.properties
machine.config
.xml
mscorlib.dll-resources.dat
pf_191001.dex
pfileprovider
settings.map
.xml
supplierconfig.json
unity default resources
web.config
.xml

Sharing

General

Malware Config

Signatures

Files

Password: infected

com.slots.ysl.task

com.slots.ysl.task.UnityPlayerActivity

Activities

com.slots.ysl.task.UnityPlayerActivity

com.facebook.CustomTabActivity

com.linecorp.linesdk.auth.internal.LineAuthenticationCallbackActivity

Permissions

Receivers

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.facebook.AuthenticationTokenManager$CurrentAuthenticationTokenChangedBroadcastReceiver

com.android.cardsdk.sdklib.schedule.TaskReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

Services

com.google.firebase.messaging.FirebaseMessagingService

com.android.cardsdk.sdklib.taurus.TFCMService