abstractemu | 99d687b6d112586b026f37c3ff961b2efa9a9d9dcdf91861b66356d9861ee395

General

Target

99d687b6d112586b026f37c3ff961b2efa9a9d9dcdf91861b66356d9861ee395
Size

12.7MB
MD5

baffe669ec0f03063d68a7a8fb824bba
SHA1

8716359ca3b4b7ed707e94b280e6e1e4c106035a
SHA256

99d687b6d112586b026f37c3ff961b2efa9a9d9dcdf91861b66356d9861ee395
SHA512

a8d118a6118bb14eeed95c51914a2c1876d0c5e3d0a39bd0732b972198fbf4872cd34efd8ecba018b30dc8c3145ae326fda0ce06e4590acacce17a9ed2c95448
SSDEEP

196608:1j9UM75LG+5YEQCL+9FJshIGVFkkWJERYbnyHXOfk8MahLSjgCiE85Ulhk7MoI:1j9XBz5A9rsyGnOTy3OfkDahWHim+7S

Score

10^/10

abstractemu

Malware Config

Signatures

AbstractEmu payload 1 IoCs

Processes:

resource yara_rule

sample family_abstractemu
Abstractemu family
abstractemu

resource	yara_rule
sample	family_abstractemu

Requests dangerous framework permissions 9 IoCs

Processes:

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an app to access location in the background.	android.permission.ACCESS_BACKGROUND_LOCATION
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES

Files

99d687b6d112586b026f37c3ff961b2efa9a9d9dcdf91861b66356d9861ee395
.apk android arch:arm64 arch:arm arch:x86 arch:x64

com.mobilesoft.security.password

com.mobilesoft.security.password.activity.StartActivity

Activities

com.mobilesoft.security.password.activity.StartActivity

android.intent.action.MAIN

Permissions

android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WAKE_LOCK
android.permission.SYSTEM_ALERT_WINDOW
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.INTERNET
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.READ_CONTACTS
android.permission.ACCESS_COARSE_LOCATION
android.permission.GET_ACCOUNTS
android.permission.BLUETOOTH
android.permission.READ_PHONE_STATE
android.permission.ACCESS_BACKGROUND_LOCATION
android.permission.REQUEST_INSTALL_PACKAGES
com.samsung.android.providers.context.permission.WRITE_USE_APP_FEATURE_SURVEY
android.permission.USE_BIOMETRIC
android.permission.USE_FINGERPRINT
android.permission.FOREGROUND_SERVICE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
com.google.android.c2dm.permission.RECEIVE

Receivers

com.mobilesoft.security.password.bg.MainReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.ACTION_POWER_CONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

Services

com.mobilesoft.security.password.bg.FirebaseService

com.google.firebase.MESSAGING_EVENT

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

99d687b6d112586b026f37c3ff961b2efa9a9d9dcdf91861b66356d9861ee395

Permissions

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.WAKE_LOCK

android.permission.SYSTEM_ALERT_WINDOW

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.INTERNET

android.permission.ACCESS_WIFI_STATE

android.permission.ACCESS_NETWORK_STATE

android.permission.READ_CONTACTS

android.permission.ACCESS_COARSE_LOCATION

android.permission.GET_ACCOUNTS

android.permission.BLUETOOTH

android.permission.READ_PHONE_STATE

android.permission.ACCESS_BACKGROUND_LOCATION

android.permission.REQUEST_INSTALL_PACKAGES

com.samsung.android.providers.context.permission.WRITE_USE_APP_FEATURE_SURVEY

android.permission.USE_BIOMETRIC

android.permission.USE_FINGERPRINT

android.permission.FOREGROUND_SERVICE

com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

com.google.android.c2dm.permission.RECEIVE

Sharing

General

Malware Config

Signatures

Files

com.mobilesoft.security.password

com.mobilesoft.security.password.activity.StartActivity

Activities

com.mobilesoft.security.password.activity.StartActivity

Permissions

Receivers

com.mobilesoft.security.password.bg.MainReceiver

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

Services

com.mobilesoft.security.password.bg.FirebaseService

com.google.firebase.messaging.FirebaseMessagingService

Android Permissions

99d687b6d112586b026f37c3ff961b2efa9a9d9dcdf91861b66356d9861ee395