Overview

overview

7

Static

static

7

FireOrange...2).apk

android-9-x86

1

baseline.prof

windows7-x64

3

baseline.prof

windows10-2004-x64

3

baseline.profm

windows7-x64

3

baseline.profm

windows10-2004-x64

3

bypass-china.acl

windows7-x64

3

bypass-china.acl

windows10-2004-x64

3

bypass-lan-china.acl

windows7-x64

3

bypass-lan-china.acl

windows10-2004-x64

3

bypass-lan.acl

windows7-x64

3

bypass-lan.acl

windows10-2004-x64

3

ca-cert.pem

windows7-x64

3

ca-cert.pem

windows10-2004-x64

3

china-list.acl

windows7-x64

3

china-list.acl

windows10-2004-x64

3

core.version.txt

windows7-x64

1

core.version.txt

windows10-2004-x64

1

data.bin

windows7-x64

3

data.bin

windows10-2004-x64

3

facts.json

windows7-x64

3

facts.json

windows10-2004-x64

3

faq.json

windows7-x64

3

faq.json

windows10-2004-x64

3

fast_orang...al.mp4

windows7-x64

1

fast_orang...al.mp4

windows10-2004-x64

6

full_licenses.html

windows7-x64

1

full_licenses.html

windows10-2004-x64

1

geoip.dat.xz

windows7-x64

3

geoip.dat.xz

windows10-2004-x64

3

geoip.version.txt

windows7-x64

1

geoip.version.txt

windows10-2004-x64

1

geosite.dat.xz

windows7-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    FireOrange_Mainland (2).apk

  • Size

    114.9MB

  • MD5

    3469e371e781724703efff1512126f05

  • SHA1

    c33ca858efa2e74e83c8953f2f30413c274523ea

  • SHA256

    90cbd79ae601a491c49b37ef925b758479f87d36718c9641ebe3282502bc68e0

  • SHA512

    7471cf2a3fabc27f0f940db9c5782e460caf38d64bd8a7e497e82ea6bee0b30306a9d866a93664080f186870fc99dcf27e049c058b4e97a2f25a4eaee2087e9f

  • SSDEEP

    3145728:3D97dPM8EXCkUXEcRedULg2wi75aI2qF5qFhcSU2HV23:3ZBPfTUmnLVJZuhUUc

Score
7/10

Malware Config

Signatures

  • Requests dangerous framework permissions 8 IoCs

Files

  • FireOrange_Mainland (2).apk
    .apk android arch:arm64 arch:arm

    Password: 1

    web.accelerator.new.util

    com.free.vpn.proxy.hotspot.ui.main.MainActivity


  • baseline.prof
  • baseline.profm
  • bypass-china.acl
  • bypass-lan-china.acl
  • bypass-lan.acl
  • ca-cert.pem
  • china-list.acl
  • core.version.txt
  • data.bin
  • facts.json
  • faq.json
  • fast_orange_tutorial.mp4
  • full_licenses.html
  • geoip.dat.xz
    .xz

    Password: 1

  • geoip.dat
  • geoip.version.txt
  • geosite.dat.xz
    .xz

    Password: 1

  • geosite.dat
  • geosite.version.txt
  • gfwlist.acl
  • help_center_article_style.css
  • index.html
    .html
  • index.js.xz
    .xz

    Password: 1

  • index.js
    .js
  • main_cfg.json
  • nopie_openvpn.arm64-v8a
    .elf linux aarch64
  • nopie_openvpn.armeabi-v7a
    .elf linux arm
  • notifications.json
  • offer_notifications.json
  • pie_openvpn.arm64-v8a
    .elf linux aarch64
  • pie_openvpn.armeabi-v7a
    .elf linux arm
  • processings.json
  • s.dat
  • sbs_notifications.json
  • tutorial.json

Android Permissions

FireOrange_Mainland (2).apk

Permissions

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.FOREGROUND_SERVICE

android.permission.FOREGROUND_SERVICE_DATA_SYNC

android.permission.POST_NOTIFICATIONS

com.android.vending.BILLING

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.WAKE_LOCK

android.permission.READ_PHONE_STATE

android.permission.BROADCAST_PACKAGE_ADDED

android.permission.BROADCAST_PACKAGE_CHANGED

android.permission.BROADCAST_PACKAGE_INSTALL

android.permission.BROADCAST_PACKAGE_REPLACED

com.tencent.mm.permission.GET_QRCODE_INFO

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.REQUEST_INSTALL_PACKAGES

com.google.android.gms.permission.AD_ID

android.permission.QUERY_ALL_PACKAGES

web.accelerator.new.util.SERVICE

android.permission.CHANGE_NETWORK_STATE

android.permission.CAMERA

android.permission.READ_MEDIA_IMAGES

android.permission.READ_MEDIA_VIDEO

android.permission.READ_MEDIA_AUDIO

com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

web.accelerator.new.util.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION