crc6493008a97685b6df0.ActivityMain
android.intent.action.MAIN
android.nfc.action.TAG_DISCOVERED
android.nfc.action.TECH_DISCOVERED
android.nfc.action.NDEF_DISCOVERED
android.intent.action.SEND
Resubmissions
07/10/2023, 23:45
231007-3rp2aagc9t 10General
-
Target
1e5c85a3c59a926034be0f3dcfd56b67686dd6f74232605fe8305b75b614de7c.apk.zip
-
Size
39.0MB
-
MD5
f8b8e575fc3ba9ab629ce79401f7bc45
-
SHA1
7e7e09e5b9d9d92c605cf59baf98b35a6d398dd6
-
SHA256
1a5904958830142df436b5b70e9570ecf2d43b0beba631b99f5b5156cc192938
-
SHA512
454c1bfd8e94854ab2ae7c15887796f3e3de877b42ee34442676c3cacc7a9e02f474825942ecfea8c673ecef1aaef1f1e2b662f2f04cf26c2088498d0bbcf7c4
-
SSDEEP
786432:0eZvtrdlroipPf8RUkKGDVtKYyYl8rWm8tDQmCyc9y6OxfCP3o2N80Q6t:0eldTroi5U3JDVtKYyfWDtD7Cyc9yBC3
Score
10/10
Malware Config
Signatures
-
Async RAT payload 1 IoCs
resource yara_rule static1/unpack001/1e5c85a3c59a926034be0f3dcfd56b67686dd6f74232605fe8305b75b614de7c.apk asyncrat -
Asyncrat family
-
Office macro that triggers on suspicious action 1 IoCs
Office document macro which triggers in special circumstances - often malicious.
resource yara_rule static1/unpack001/1e5c85a3c59a926034be0f3dcfd56b67686dd6f74232605fe8305b75b614de7c.apk office_macro_on_action -
Requests dangerous framework permissions 6 IoCs
description ioc Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE Required to be able to access the camera device. android.permission.CAMERA Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS
Files
-
1e5c85a3c59a926034be0f3dcfd56b67686dd6f74232605fe8305b75b614de7c.apk.zip.zip
Password: infected
-
1e5c85a3c59a926034be0f3dcfd56b67686dd6f74232605fe8305b75b614de7c.apk.apk android arch:arm arch:arm64
Password: infected
facilityappandroid.v3
crc6493008a97685b6df0.ActivityMain
Activities
Permissions
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.INTERNET
android.permission.WRITE_SETTINGS
android.permission.VIBRATE
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.READ_EXTERNAL_STORAGE
android.permission.BLUETOOTH
android.permission.BLUETOOTH_ADMIN
android.permission.ACCESS_MOCK_LOCATION
android.permission.CAMERA
android.permission.WAKE_LOCK
android.permission.BLUETOOTH_PRIVILEGED
android.permission.NFC
android.permission.WRITE_USER_DICTIONARY
android.permission.FLASHLIGHT
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.UNINSTALL_SHORTCUT
com.htc.launcher.permission.READ_SETTINGS
com.htc.launcher.permission.UPDATE_SHORTCUT
com.sec.android.provider.badge.permission.READ
com.sec.android.provider.badge.permission.WRITE
com.sonyericsson.home.permission.BROADCAST_BADGE
com.sonymobile.home.permission.PROVIDER_INSERT_BADGE
facilityappandroid.v3.permission.C2D_MESSAGE
com.google.android.c2dm.permission.RECEIVE
android.permission.GET_ACCOUNTS
com.anddoes.launcher.permission.UPDATE_COUNT
com.majeur.launcher.permission.UPDATE_BADGE
com.huawei.android.launcher.permission.CHANGE_BADGE
com.huawei.android.launcher.permission.READ_SETTINGS
com.huawei.android.launcher.permission.WRITE_SETTINGS
android.permission.READ_APP_BADGE
com.oppo.launcher.permission.READ_SETTINGS
com.oppo.launcher.permission.WRITE_SETTINGS
me.everything.badger.permission.BADGE_COUNT_READ
me.everything.badger.permission.BADGE_COUNT_WRITE
android.permission.RECEIVE_BOOT_COMPLETED
Receivers
com.google.firebase.iid.FirebaseInstanceIdReceiver
com.google.android.c2dm.intent.RECEIVE
com.google.android.c2dm.intent.REGISTRATION
com.google.android.c2dm.intent.RECEIVE
org.altbeacon.beacon.startup.StartupBroadcastReceiver
android.intent.action.BOOT_COMPLETED
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
Services
crc6493008a97685b6df0.MyFirebaseMessagingService
com.google.firebase.MESSAGING_EVENT
com.google.firebase.messaging.FirebaseMessagingService
com.google.firebase.MESSAGING_EVENT
-
Android Page icons.ttf
-
BadgeIcons.ttf
-
Control.Draw.js.js
-
DataGridFontIcon.ttf
-
DataPagerFontIcon.ttf
-
DefaultAvatar.ttf
-
Draw.Circle.js.js
-
Draw.Feature.js.js
-
Draw.Marker.js.js
-
Draw.Polygon.js.js
-
Draw.Polyline.js.js
-
Draw.Rectangle.js.js
-
Draw.SimpleShape.js.js
-
DrawToolbar.js
-
Edit.Circle.js.js
-
Edit.Marker.js.js
-
Edit.Poly.js.js
-
Edit.Rectangle.js.js
-
Edit.SimpleShape.js.js
-
EditToolbar.Delete.js.js
-
EditToolbar.Edit.js.js
-
EditToolbar.js.js
-
Final_PDFViewer_Android_FontUpdate.ttf
-
Font Poly Cloud icon.ttf
-
Font Print.ttf
-
FontAwesome.ttf
-
FontAwesomeBrands.ttf
-
FontAwesomeLight.ttf
-
FontAwesomeRegular.ttf
-
FontAwesomeSolid.ttf
-
Font_Stepprogress_icon.ttf
-
Font_size_Font.ttf
-
GeometryUtil.js.js
-
HelveticaNeue-Bold.ttf
-
HelveticaNeue-Light.ttf
-
LatLngUtil.js.js
-
Leaflet.Draw.Event.js.js
-
Leaflet.draw.js.js
-
LineUtil.Intersect.js
-
MarkerCluster.Default.css
-
MarkerCluster.css
-
MaxAwesome.ttf
-
PasswordEyeIcon.ttf
-
PdfViewer_FONT.ttf
-
PdfViewer_Text_font.ttf
-
Polygon.Intersect.js.js
-
Polyline.Intersect.js.js
-
Signature_PDFViewer_FONT.ttf
-
Toolbar.js.js
-
Tooltip.js.js
-
TouchEvents.js.js
-
V1 Font Material icon.ttf
-
ajax-loader.gif.gif
-
alert.png.png
-
check_in.mp3
-
check_out.mp3
-
checkedtick.png.png
-
clear_filter.png.png
-
clear_filter_disabled.png.png
-
copyright.js
-
dashboard.html.js
-
easy-button.css
-
easy-button.js.js
-
ej.dashboardViewer.all.min.css
-
ej.dashboardViewer.all.min.js.js
-
elements.html.js
-
fa-brands-400.ttf
-
fa-light-300.ttf
-
fa-regular-400.ttf
-
fa-solid-900.ttf
-
fa-thin-100.ttf
-
facilityapps.sqlite
-
font.ttf
-
gradient.png.png
-
icon_warning.png.png
-
index.html.js
-
initial_loader.GIF.gif
-
inspection.html.js
-
jquery.easing.1.3.min.js.js
-
leaflet-gps.min.css
-
leaflet-gps.min.js.js
-
leaflet.draw.css
-
leaflet.extra-markers.min.css
-
leaflet.extra-markers.min.js.js
-
leaflet.markercluster-src.js.js
-
loader_blue.GIF.gif
-
loading_text.png.png
-
loading_widget.png.png
-
markers_default.png.png
-
[email protected].png
-
markers_shadow.png.png
-
[email protected].png
-
not_configured.png.png
-
palette-arrow.png.png
-
processingimage_white.png.png
-
spritesheet-2x.png.png
-
spritesheet.png.png
-
spritesheet.svg.xml
-
tgarrow.png.png
-
tracking.html.js
-
videoplayer.html.js
-
waitingpopup.gif.gif
-
warning.png.png
-
white_triangle_arrow.png.png