5de08e124534f28a8b2b27435ed939dd3aa53072e703a4ac300c6c2abdda1c87[.]apk[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

5de08e124534f28a8b2b27435ed939dd3aa53072e703a4ac300c6c2abdda1c87.apk.zip
Size

228.5MB
MD5

6dd2d29547433ec910725a70fd4c6dfd
SHA1

66d1e762aec0c7d27aeaa3a5c5f904714cce2d38
SHA256

fdabe3895a948610f046472b88fa71be1ac852b2850a65e218c8623b780813e3
SHA512

cc2b4a03902f02450a8aae664ee7f0083e4f47d58d493756db2b12fb5628a00aca0ffe9602d72f354a8668c629b32ba8e3bd04796a81535753b40455d55c968f
SSDEEP

3145728:ithCfeoboo/v7Kc5emhZ862qKeT2Mgomq/Rn5/SM8Jq+iYnaXRsLzXiXVrctaVwk:c8ScEIL73hFnxSMJZ2LzyXy4VpvP

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 16 IoCs

description	ioc
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows the app to answer an incoming phone call.	android.permission.ANSWER_PHONE_CALLS
Required to be able to access the camera device.	android.permission.CAMERA
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Required to be able to discover and pair nearby Bluetooth devices.	android.permission.BLUETOOTH_SCAN
Required to be able to connect to paired Bluetooth devices.	android.permission.BLUETOOTH_CONNECT
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an application to access any geographic locations persisted in the user's shared collection.	android.permission.ACCESS_MEDIA_LOCATION
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to write the user's calendar data.	android.permission.WRITE_CALENDAR
Allows an application to read the user's calendar data.	android.permission.READ_CALENDAR

Files

5de08e124534f28a8b2b27435ed939dd3aa53072e703a4ac300c6c2abdda1c87.apk.zip
.zip

Password: infected
5de08e124534f28a8b2b27435ed939dd3aa53072e703a4ac300c6c2abdda1c87.apk
.apk android arch:arm64 arch:arm arch:x86 arch:x64

com.onelab.securecomm

com.onelab.securecomm.ui2.view.InitialActivity

Activities

cn.jpush.android.ui.PushActivity

cn.jpush.android.ui.PushActivity

cn.jpush.android.service.JNotifyActivity

cn.jpush.android.intent.JNotifyActivity

com.onelab.securecomm.ui2.view.InitialActivity

android.intent.action.MAIN
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.SEND
android.intent.action.SEND
android.intent.action.SEND
android.intent.action.SEND
android.intent.action.SEND
android.intent.action.SEND_MULTIPLE
android.intent.action.SEND_MULTIPLE
android.intent.action.SEND_MULTIPLE
android.intent.action.SEND_MULTIPLE

Permissions

com.onelab.securecomm.permission.JPUSH_MESSAGE
android.permission.RECEIVE_USER_PRESENT
android.permission.CHANGE_NETWORK_STATE
android.permission.ACCESS_FINE_LOCATION
android.permission.BROADCAST_CLOSE_SYSTEM_DIALOGS
android.permission.GET_ACCOUNTS
android.permission.INTERNET
android.permission.RECORD_AUDIO
android.permission.READ_CONTACTS
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.ACCESS_NETWORK_STATE
android.permission.WAKE_LOCK
android.permission.GET_TASKS
com.google.android.c2dm.permission.RECEIVE
android.permission.ACCESS_WIFI_STATE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.MANAGE_OWN_CALLS
android.permission.FOREGROUND_SERVICE
android.permission.ANSWER_PHONE_CALLS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.VIBRATE
android.permission.CAMERA
android.permission.REORDER_TASKS
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.READ_PHONE_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.BLUETOOTH_SCAN
android.permission.BLUETOOTH_CONNECT
android.permission.BROADCAST_STICKY
com.onelab.securecomm.permission.C2D_MESSAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.ACCESS_COARSE_LOCATION
android.permission.USE_FULL_SCREEN_INTENT
android.permission.ACCESS_MEDIA_LOCATION
android.permission.CHANGE_NAVIGATION_BAR_COLOR
getui.permission.GetuiService.com.onelab.securecomm
android.permission.BLUETOOTH
com.google.android.providers.gsf.permission.READ_GSERVICES
android.permission.CHANGE_WIFI_STATE
android.permission.CALL_PHONE
android.permission.WRITE_CALENDAR
android.permission.READ_CALENDAR
android.permission.USE_BIOMETRIC
android.permission.USE_FINGERPRINT
com.sec.android.provider.badge.permission.READ
com.sec.android.provider.badge.permission.WRITE
com.sonyericsson.home.permission.BROADCAST_BADGE
com.sonymobile.home.permission.PROVIDER_INSERT_BADGE
com.huawei.android.launcher.permission.CHANGE_BADGE
com.huawei.android.launcher.permission.READ_SETTINGS
com.huawei.android.launcher.permission.WRITE_SETTINGS
com.htc.launcher.permission.READ_SETTINGS
com.htc.launcher.permission.UPDATE_SHORTCUT
com.anddoes.launcher.permission.UPDATE_COUNT
com.majeur.launcher.permission.UPDATE_BADGE
android.permission.READ_APP_BADGE
com.oppo.launcher.permission.READ_SETTINGS
com.oppo.launcher.permission.WRITE_SETTINGS
me.everything.badger.permission.BADGE_COUNT_READ
me.everything.badger.permission.BADGE_COUNT_WRITE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

Receivers

cn.jpush.android.service.PushReceiver

cn.jpush.android.intent.NOTIFICATION_RECEIVED_PROXY
android.intent.action.USER_PRESENT
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED

com.onelab.securecomm.gcm.JPushReceiver

cn.jpush.android.intent.RECEIVE_MESSAGE
cn.jpush.android.intent.REGISTRATION
cn.jpush.android.intent.MESSAGE_RECEIVED
cn.jpush.android.intent.NOTIFICATION_RECEIVED
cn.jpush.android.intent.NOTIFICATION_OPENED
cn.jpush.android.intent.CONNECTION

com.igexin.sdk.PushReceiver

android.intent.action.BOOT_COMPLETED
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.USER_PRESENT
android.intent.action.MEDIA_MOUNTED
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

com.onelab.securecomm.boot.BroadcastReceiverOnBootComplete

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON

com.onelab.securecomm.receiver.BaseBroadcastReceiver

android.intent.action.INPUT_METHOD_CHANGED
ACTION_SAFEBOX_CONFIRM_KEY_FLOW

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

androidx.work.impl.diagnostics.DiagnosticsReceiver

androidx.work.diagnostics.REQUEST_DIAGNOSTICS

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

androidx.profileinstaller.ProfileInstallReceiver

androidx.profileinstaller.action.INSTALL_PROFILE

Services

cn.jpush.android.service.PushService

cn.jpush.android.intent.REGISTER
cn.jpush.android.intent.REPORT
cn.jpush.android.intent.PushService
cn.jpush.android.intent.PUSH_TIME

cn.jpush.android.service.DaemonService

cn.jpush.android.intent.DaemonService

com.onelab.securecomm.gcm.JPushService

cn.jiguang.user.service.action

com.onelab.securecomm.gcm.FcmMessagingService

com.google.firebase.MESSAGING_EVENT

com.onelab.securecomm.service.CallService

android.telecom.InCallService

com.onelab.securecomm.service.LetstalkConnectionService

android.telecom.ConnectionService

com.getui.gtc.GtcService

com.getui.gtc.sdk.service.action

org.jitsi.meet.sdk.ConnectionService

android.telecom.ConnectionService

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT
MANIFEST.MF
PLACEHOLDER
ReleaseNotes.html
.html
Samsung_cn.html
Samsung_en.html
Samsung_jp.html
.html
Samsung_tw.html
Samsung_vi.html
account_api.bks
all.css
asked-unmute.mp3
asus_cn.html
asus_en.html
asus_jp.html
.html
asus_tw.html
asus_vi.html
baseline.prof
birthday.json
chinese_new_year_2022_01.json
chinese_new_year_2022_02.json
chinese_new_year_2022_03.json
cn_christmas01.json
cn_christmas02.json
dark_qrcode_tutorial.json
e2eeOff.mp3
e2eeOn.mp3
en_christmas01.json
en_christmas02.json
en_halloween01.json
en_halloween02.json
en_halloween03.json
homepage.html
htc_cn.html
htc_en.html
htc_jp.html
.html
htc_tw.html
htc_vi.html
huawei_cn.html
huawei_en.html
huawei_jp.html
.html
huawei_tw.html
huawei_vi.html
icudt46l.zip
.zip
icudt46l.dat
incomingMessage.wav
index.android.bundle
jf-openhuninn-1.ttf
joined.wav
knock.mp3
left.wav
liveStreamingOff.mp3
liveStreamingOn.mp3
loading.json
loading_green.json
local.json
love.json
manifest.mf
mi_cn.html
mi_en.html
mi_jp.html
.html
mi_tw.html
mi_vi.html
new_year_2022_01.json
new_year_2022_02.json
noAudioSignal.mp3
noisyAudioInput.mp3
notification_icon_dark.json
notification_icon_light.json
oppo_cn.html
oppo_en.html
oppo_jp.html
oppo_tw.html
oppo_vi.html
outgoingRinging.wav
outgoingStart.wav
privacy_policy.html
qrcode_tutorial.json
reactions-applause.mp3
reactions-boo.mp3
reactions-crickets.mp3
reactions-laughter.mp3
reactions-raised-hand.mp3
reactions-surprise.mp3
reactions-thumbs-up.mp3
recordingOff.mp3
recordingOn.mp3
red_local.json
rejected.wav
ring.wav
rsa.pub
rsa.sig
speaker_animation.json
talkWhileMuted.mp3
tw_christmas01.json
tw_christmas02.json
tw_halloween01.json
tw_halloween02.json
tw_halloween03.json
two_factor_auth_cn.html
.js
two_factor_auth_en.html
.js
two_factor_auth_th.html
.js
two_factor_auth_tw.html
.js
two_factor_auth_vn.html
.js
valid_licenses
video_ff.json
vivo_cn.html
vivo_en.html
vivo_jp.html
.html
vivo_tw.html
vivo_vi.html
vn.css
wheel_gift.json

Sharing

General

Malware Config

Signatures

Files

Password: infected

com.onelab.securecomm

com.onelab.securecomm.ui2.view.InitialActivity

Activities

cn.jpush.android.ui.PushActivity

cn.jpush.android.service.JNotifyActivity

com.onelab.securecomm.ui2.view.InitialActivity

Permissions

Receivers

cn.jpush.android.service.PushReceiver

com.onelab.securecomm.gcm.JPushReceiver

com.igexin.sdk.PushReceiver

com.onelab.securecomm.boot.BroadcastReceiverOnBootComplete

com.onelab.securecomm.receiver.BaseBroadcastReceiver

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.diagnostics.DiagnosticsReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

androidx.profileinstaller.ProfileInstallReceiver

Services

cn.jpush.android.service.PushService

cn.jpush.android.service.DaemonService

com.onelab.securecomm.gcm.JPushService

com.onelab.securecomm.gcm.FcmMessagingService

com.onelab.securecomm.service.CallService

com.onelab.securecomm.service.LetstalkConnectionService

com.getui.gtc.GtcService

org.jitsi.meet.sdk.ConnectionService

com.google.firebase.messaging.FirebaseMessagingService