a2a77f8d7b6b6eda05ddce80bf0119317ff355983edbf56caf1280aed6fcc4dd

General

Target

a2a77f8d7b6b6eda05ddce80bf0119317ff355983edbf56caf1280aed6fcc4dd
Size

26.7MB
MD5

70e6769eb7ebd250c2a7141377d2c856
SHA1

7c1f8ede573184ebbfcfaa342f52cfa19285cc1c
SHA256

a2a77f8d7b6b6eda05ddce80bf0119317ff355983edbf56caf1280aed6fcc4dd
SHA512

2b28327a25e3d2da144ef41e2a8b5c282a35e28495137953ee60e739288d62931c067050fcf93d7cb0e392344e289044857c9734f28fd660631858322882344a
SSDEEP

786432:CUOHZW8YfMjgYXqVOCzaOsW1wLeg4XO6Sgkm0Pgul:CjZKQYPWL8O6ST5l

Score

6^/10

Malware Config

Signatures

Declares services with permission to bind to the system 2 IoCs

description	ioc
Required by input method services to bind with the system. Allows apps to provide custom input methods (keyboards).	android.permission.BIND_INPUT_METHOD
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device.	android.permission.BIND_NOTIFICATION_LISTENER_SERVICE

Requests dangerous framework permissions 2 IoCs

description	ioc
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE

Files

a2a77f8d7b6b6eda05ddce80bf0119317ff355983edbf56caf1280aed6fcc4dd
.apk android

com.slow.raincolor.down.waterfall.keyboard.kblive

com.thalia.sua.keyboard.activities.MainActivity

Activities

com.thalia.sua.keyboard.activities.MainActivity

android.intent.action.MAIN

Permissions

android.permission.READ_CONTACTS
android.permission.READ_PHONE_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.VIBRATE
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.WAKE_LOCK
android.permission.RECEIVE_BOOT_COMPLETED

Receivers

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

Services

com.thalia.sua.keyboard.LatinIME

android.view.InputMethod

com.thalia.sua.keyboard.services.ColorService

android.service.notification.NotificationListenerService

Android Permissions

a2a77f8d7b6b6eda05ddce80bf0119317ff355983edbf56caf1280aed6fcc4dd

Permissions

android.permission.READ_CONTACTS

android.permission.READ_PHONE_STATE

android.permission.CHANGE_NETWORK_STATE

android.permission.VIBRATE

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.WAKE_LOCK

android.permission.RECEIVE_BOOT_COMPLETED

Sharing

General

Malware Config

Signatures

Files

com.slow.raincolor.down.waterfall.keyboard.kblive

com.thalia.sua.keyboard.activities.MainActivity

Activities

com.thalia.sua.keyboard.activities.MainActivity

Permissions

Receivers

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

Services

com.thalia.sua.keyboard.LatinIME

com.thalia.sua.keyboard.services.ColorService

Android Permissions

a2a77f8d7b6b6eda05ddce80bf0119317ff355983edbf56caf1280aed6fcc4dd