99af857ac86add378dd8eb74c286bd364ceb41d5f69c6ad7098d2138d512ae51

General

Target

99af857ac86add378dd8eb74c286bd364ceb41d5f69c6ad7098d2138d512ae51
Size

28.6MB
MD5

e273be56b0218bf47b42eb6caa6c4d5d
SHA1

2ae11c182901857b28b4f2b79b2e36068403aea4
SHA256

99af857ac86add378dd8eb74c286bd364ceb41d5f69c6ad7098d2138d512ae51
SHA512

9045ee849075d1606b0988538856f7638b3ac6a995bc97791744623ebd83bbe30d7d91b495f2bed49cb310974ab086ba4ca6b5eb11c34b4b95e26399d36c87f8
SSDEEP

786432:PhMFHiyLrlbDNNempvutt/jzqZvPecZy5SJ+Y:CFHiIqmM//vovrZy5y1

Score

8^/10

upx

Malware Config

Signatures

Patched UPX-packed file 20 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx

UPX packed file 20 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx

Requests dangerous framework permissions 13 IoCs

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS

Files

99af857ac86add378dd8eb74c286bd364ceb41d5f69c6ad7098d2138d512ae51
.apk android arch:arm64 arch:arm arch:mips arch:mips64 arch:x86 arch:x64

com.mtscrm.pa

com.mtscrm.pa.activity.login.SplashActivity

Activities

com.mtscrm.pa.activity.login.SplashActivity

android.intent.action.MAIN

Permissions

android.permission.READ_LOGS
android.permission.READ_EXTERNAL_STORAGE
android.permission.CAMERA
android.permission.CALL_PHONE
android.permission.RECORD_AUDIO
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.WRITE_SETTINGS
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.WAKE_LOCK
android.permission.READ_PHONE_STATE
android.permission.BROADCAST_PACKAGE_CHANGED
android.permission.BROADCAST_PACKAGE_REPLACED
android.permission.RESTART_PACKAGES
android.permission.GET_TASKS
android.permission.GET_ACCOUNTS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.VIBRATE
android.permission.REORDER_TASKS
android.permission.READ_CONTACTS
android.permission.CHANGE_NETWORK_STATE
android.permission.ACCESS_FINE_LOCATION
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_COARSE_LOCATION
android.permission.CHANGE_CONFIGURATION
android.permission.CHANGE_WIFI_STATE
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
android.permission.SEND_SMS
android.permission.READ_SMS
android.permission.WRITE_SMS
com.sec.android.provider.badge.permission.READ
com.sec.android.provider.badge.permission.WRITE
com.htc.launcher.permission.READ_SETTINGS
com.htc.launcher.permission.UPDATE_SHORTCUT
com.sonyericsson.home.permission.BROADCAST_BADGE
com.sonymobile.home.permission.PROVIDER_INSERT_BADGE
com.anddoes.launcher.permission.UPDATE_COUNT
com.majeur.launcher.permission.UPDATE_BADGE
com.huawei.android.launcher.permission.CHANGE_BADGE
com.huawei.android.launcher.permission.READ_SETTINGS
com.huawei.android.launcher.permission.WRITE_SETTINGS
android.permission.READ_APP_BADGE
com.oppo.launcher.permission.READ_SETTINGS
com.oppo.launcher.permission.WRITE_SETTINGS
me.everything.badger.permission.BADGE_COUNT_READ
me.everything.badger.permission.BADGE_COUNT_WRITE

Receivers

com.taobao.accs.EventReceiver

android.intent.action.BOOT_COMPLETED
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.PACKAGE_REMOVED
android.intent.action.USER_PRESENT

com.taobao.accs.ServiceReceiver

com.taobao.accs.intent.action.COMMAND
com.taobao.accs.intent.action.START_FROM_AGOO

com.taobao.agoo.AgooCommondReceiver

com.mtscrm.pa.intent.action.COMMAND
android.intent.action.PACKAGE_REMOVED

com.alibaba.sdk.android.push.SystemEventReceiver

android.intent.action.MEDIA_MOUNTED
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

com.mtscrm.pa.receiver.MtMessageReceiver

com.alibaba.push2.action.NOTIFICATION_OPENED
com.alibaba.push2.action.NOTIFICATION_REMOVED
com.alibaba.sdk.android.push.RECEIVE

Services

com.alibaba.sdk.android.push.MsgService

com.alibaba.sdk.android.push.NOTIFY_ACTION

com.alibaba.sdk.android.push.channel.CheckService

com.alibaba.sdk.android.push.CHECK_SERVICE

com.taobao.accs.ChannelService

com.taobao.accs.intent.action.SERVICE

com.taobao.accs.data.MsgDistributeService

com.taobao.accs.intent.action.RECEIVE

org.android.agoo.accs.AgooService

com.taobao.accs.intent.action.RECEIVE

com.alibaba.sdk.android.push.AliyunPushIntentService

org.agoo.android.intent.action.RECEIVE

com.alibaba.sdk.android.push.channel.TaobaoRecvService

org.android.agoo.client.MessageReceiverService

Android Permissions

99af857ac86add378dd8eb74c286bd364ceb41d5f69c6ad7098d2138d512ae51

Permissions

android.permission.READ_LOGS

android.permission.READ_EXTERNAL_STORAGE

android.permission.CAMERA

android.permission.CALL_PHONE

android.permission.RECORD_AUDIO

android.permission.MODIFY_AUDIO_SETTINGS

android.permission.WRITE_SETTINGS

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.MOUNT_UNMOUNT_FILESYSTEMS

android.permission.WAKE_LOCK

android.permission.READ_PHONE_STATE

android.permission.BROADCAST_PACKAGE_CHANGED

android.permission.BROADCAST_PACKAGE_REPLACED

android.permission.RESTART_PACKAGES

android.permission.GET_TASKS

android.permission.GET_ACCOUNTS

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.VIBRATE

android.permission.REORDER_TASKS

android.permission.READ_CONTACTS

android.permission.CHANGE_NETWORK_STATE

android.permission.ACCESS_FINE_LOCATION

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.ACCESS_COARSE_LOCATION

android.permission.CHANGE_CONFIGURATION

android.permission.CHANGE_WIFI_STATE

android.permission.ACCESS_LOCATION_EXTRA_COMMANDS

android.permission.SEND_SMS

android.permission.READ_SMS

android.permission.WRITE_SMS

com.sec.android.provider.badge.permission.READ

com.sec.android.provider.badge.permission.WRITE

com.htc.launcher.permission.READ_SETTINGS

com.htc.launcher.permission.UPDATE_SHORTCUT

com.sonyericsson.home.permission.BROADCAST_BADGE

com.sonymobile.home.permission.PROVIDER_INSERT_BADGE

com.anddoes.launcher.permission.UPDATE_COUNT

com.majeur.launcher.permission.UPDATE_BADGE

com.huawei.android.launcher.permission.CHANGE_BADGE

com.huawei.android.launcher.permission.READ_SETTINGS

com.huawei.android.launcher.permission.WRITE_SETTINGS

android.permission.READ_APP_BADGE

com.oppo.launcher.permission.READ_SETTINGS

com.oppo.launcher.permission.WRITE_SETTINGS

me.everything.badger.permission.BADGE_COUNT_READ

me.everything.badger.permission.BADGE_COUNT_WRITE

Sharing

General

Malware Config

Signatures

Files

com.mtscrm.pa

com.mtscrm.pa.activity.login.SplashActivity

Activities

com.mtscrm.pa.activity.login.SplashActivity

Permissions

Receivers

com.taobao.accs.EventReceiver

com.taobao.accs.ServiceReceiver

com.taobao.agoo.AgooCommondReceiver

com.alibaba.sdk.android.push.SystemEventReceiver

com.mtscrm.pa.receiver.MtMessageReceiver

Services

com.alibaba.sdk.android.push.MsgService

com.alibaba.sdk.android.push.channel.CheckService

com.taobao.accs.ChannelService

com.taobao.accs.data.MsgDistributeService

org.android.agoo.accs.AgooService

com.alibaba.sdk.android.push.AliyunPushIntentService

com.alibaba.sdk.android.push.channel.TaobaoRecvService

Android Permissions

99af857ac86add378dd8eb74c286bd364ceb41d5f69c6ad7098d2138d512ae51