bb2861faf09822f6acef16a5d4358fcb80f417fe421e7fc64246a5a70b76a9eb[.]apk[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

bb2861faf09822f6acef16a5d4358fcb80f417fe421e7fc64246a5a70b76a9eb.apk.zip
Size

9.7MB
MD5

9bfc6d92fa622f8739db9d7806c85a19
SHA1

47b251e62b6e3d22122af641646d9c8e9fa9012a
SHA256

310a6a9b3537229b8026a8ecf2c3309278e3ebee1514575618885c51ac5f3c7b
SHA512

dbc856416796d223e9d42aa076e7094f9cab402fea0f563a291ac5799e228456a1099da747eabefca74836e3a37df6f72815da79e1679bc3f996b186be8d617b
SSDEEP

196608:0B8fEfeny2amHHXNsZbmOhYlm0Rr9FWaB51Qi1umdjS8s7Rg87g2mIIer:i8sfKy253NsBmMImQxX1n1uC785lRr

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 5 IoCs

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to record audio.	android.permission.RECORD_AUDIO

Files

bb2861faf09822f6acef16a5d4358fcb80f417fe421e7fc64246a5a70b76a9eb.apk.zip
.zip

Password: infected
bb2861faf09822f6acef16a5d4358fcb80f417fe421e7fc64246a5a70b76a9eb.apk
.apk android arch:arm64 arch:arm arch:x86 arch:x64

com.uptodown

com.uptodown.activities.MainActivityScrollable

Activities

com.uptodown.activities.MainActivityScrollable

android.intent.action.MAIN
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW

com.uptodown.tv.ui.activity.TvMainActivity

android.intent.action.MAIN

com.uptodown.activities.InstallerActivity

android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW

Permissions

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.GET_ACCOUNTS
com.google.android.c2dm.permission.RECEIVE
android.permission.WAKE_LOCK
com.uptodown.permission.C2D_MESSAGE
com.google.android.apps.photos.permission.GOOGLE_PHOTOS
android.permission.BATTERY_STATS
android.permission.CHANGE_CONFIGURATION
android.permission.CLEAR_APP_CACHE
android.permission.GET_PACKAGE_SIZE
android.permission.GET_TASKS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.USE_CREDENTIALS
android.permission.WRITE_SETTINGS
android.permission.AUTHENTICATE_ACCOUNTS
android.permission.MANAGE_ACCOUNTS
android.permission.ACCESS_WIFI_STATE
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.INSTALL_PACKAGES
android.permission.DELETE_PACKAGES
android.permission.RECORD_AUDIO
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

Receivers

com.startapp.android.publish.common.metaData.BootCompleteListener

android.intent.action.BOOT_COMPLETED

com.uptodown.receivers.GcmBroadcastReceiver

com.google.android.c2dm.intent.RECEIVE

com.uptodown.receivers.BootDeviceReceiver

android.intent.action.BOOT_COMPLETED

com.google.android.gms.analytics.AnalyticsReceiver

com.google.android.gms.analytics.ANALYTICS_DISPATCH

com.google.android.gms.analytics.CampaignTrackingReceiver

com.android.vending.INSTALL_REFERRER

com.evernote.android.job.v14.PlatformAlarmReceiver

com.evernote.android.job.v14.RUN_JOB
net.vrallev.android.job.v14.RUN_JOB

com.evernote.android.job.JobBootReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
com.htc.intent.action.QUICKBOOT_POWERON
android.intent.action.MY_PACKAGE_REPLACED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

Services

com.uptodown.services.AuthenticatorService

android.accounts.AccountAuthenticator

com.evernote.android.job.gcm.PlatformGcmService

com.google.android.gms.gcm.ACTION_TASK_READY
Roboto-Black.ttf
Roboto-Bold.ttf
Roboto-BoldItalic.ttf
Roboto-Light.ttf
Roboto-LightItalic.ttf
Roboto-Medium.ttf
Roboto-Regular.ttf
Roboto-Thin.ttf
closebutton.html
.html
countdown_image.png
.png
crashlytics-build.properties
mraid.js
.js
tj_close_button.png
.png

Sharing

General

Malware Config

Signatures

Files

Password: infected

com.uptodown

com.uptodown.activities.MainActivityScrollable

Activities

com.uptodown.activities.MainActivityScrollable

com.uptodown.tv.ui.activity.TvMainActivity

com.uptodown.activities.InstallerActivity

Permissions

Receivers

com.startapp.android.publish.common.metaData.BootCompleteListener

com.uptodown.receivers.GcmBroadcastReceiver

com.uptodown.receivers.BootDeviceReceiver

com.google.android.gms.analytics.AnalyticsReceiver

com.google.android.gms.analytics.CampaignTrackingReceiver

com.evernote.android.job.v14.PlatformAlarmReceiver

com.evernote.android.job.JobBootReceiver

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

Services

com.uptodown.services.AuthenticatorService

com.evernote.android.job.gcm.PlatformGcmService