cab4858d04064f21867f82a44fef98047e267c28914077591699fbe1188a299c[.]apk[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

cab4858d04064f21867f82a44fef98047e267c28914077591699fbe1188a299c.apk.zip
Size

57.5MB
MD5

ae8365ba6bc15e6e3e7775be30ad9e62
SHA1

37a2696b51c411f6f19c48d5d9cc83164415daa3
SHA256

f8ab52acec0d1d5f03a748fc7178c7a5ee704ddbb88687c633261150dbbd43a4
SHA512

fd335be56303dec318ffb806222de69b270dd91b31af585ef3719ab4c021c33a68d37112cd6fd82bb023a899098b80343b5173eff78e389c03b177e467f0c850
SSDEEP

1572864:5ntr3dGGeTRf0i81IanPfULp19FoyjbAEQMiMA:5Jpe10i8vHULz9FPb5iMA

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 5 IoCs

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION

Files

cab4858d04064f21867f82a44fef98047e267c28914077591699fbe1188a299c.apk.zip
.zip

Password: infected
cab4858d04064f21867f82a44fef98047e267c28914077591699fbe1188a299c.apk
.apk android arch:arm arch:arm64

com.slots.ysl.task

com.slots.ysl.task.UnityPlayerActivity

Activities

com.slots.ysl.task.UnityPlayerActivity

android.intent.action.MAIN

com.facebook.CustomTabActivity

android.intent.action.VIEW
android.intent.action.VIEW

com.linecorp.linesdk.auth.internal.LineAuthenticationCallbackActivity

android.intent.action.VIEW

Permissions

android.permission.INTERNET
android.permission.VIBRATE
android.permission.ACCESS_NETWORK_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_WIFI_STATE
android.permission.SCHEDULE_EXACT_ALARM
android.permission.READ_EXTERNAL_STORAGE
android.permission.READ_PHONE_STATE
android.permission.READ_PRIVILEGED_PHONE_STATE
com.google.android.gms.permission.AD_ID
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
android.permission.FOREGROUND_SERVICE
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.USE_CREDENTIALS
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WAKE_LOCK
com.google.android.c2dm.permission.RECEIVE

Receivers

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.facebook.sdk.ACTION_CURRENT_ACCESS_TOKEN_CHANGED

com.facebook.AuthenticationTokenManager$CurrentAuthenticationTokenChangedBroadcastReceiver

com.facebook.sdk.ACTION_CURRENT_AUTHENTICATION_TOKEN_CHANGED

com.android.cardsdk.sdklib.schedule.TaskReceiver

com.android.cardsdk.action.sc
android.intent.action.BOOT_COMPLETED

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

Services

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.android.cardsdk.sdklib.taurus.TFCMService

com.google.firebase.MESSAGING_EVENT
.DS_Store
AkzidenzGrotesk.ttf
Compat.browser
DefaultWsdlHelpGenerator.aspx
.js
I18N.CJK.dll-resources.dat
System.Drawing.dll-resources.dat
boot.config
browscap.ini
com.cardsdk.ref__10051119.so
config
config.xml
.xml
data.json
data.unity3d
global-metadata.dat
gradle.properties
machine.config
.xml
mscorlib.dll-resources.dat
pf_191001.dex
pfileprovider
settings.map
.xml
supplierconfig.json
unity default resources
web.config
.xml

Sharing

General

Malware Config

Signatures

Files

Password: infected

com.slots.ysl.task

com.slots.ysl.task.UnityPlayerActivity

Activities

com.slots.ysl.task.UnityPlayerActivity

com.facebook.CustomTabActivity

com.linecorp.linesdk.auth.internal.LineAuthenticationCallbackActivity

Permissions

Receivers

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.facebook.AuthenticationTokenManager$CurrentAuthenticationTokenChangedBroadcastReceiver

com.android.cardsdk.sdklib.schedule.TaskReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

Services

com.google.firebase.messaging.FirebaseMessagingService

com.android.cardsdk.sdklib.taurus.TFCMService