c5fc9d5044b336e93c4f2866d3993a2b46e864b7e40520c11e61b60e8dac2992

General

Target

c5fc9d5044b336e93c4f2866d3993a2b46e864b7e40520c11e61b60e8dac2992
Size

14.7MB
MD5

7fe8cb3d24fc514c5ee96a4b5bddf846
SHA1

29dc5708dc9bb3f4fd82744f4742443549b449f2
SHA256

c5fc9d5044b336e93c4f2866d3993a2b46e864b7e40520c11e61b60e8dac2992
SHA512

4e86d58eb86f31a8f12d99088f4c8c9e2e1ab130c4d5e75c492002a0dfbce56bdc6236c34796213d952063b25300bc7a22ad975f9afd404e9923b02c4f17d190
SSDEEP

393216:mXRyDfe74VhYsxMH/Tgkgt0dOjo0W8SnK/VYlKjVHg+/gXK:Q0f3hYSMHrgl2T8YK/VYEQK

Score

8^/10

upx

Malware Config

Signatures

Patched UPX-packed file 5 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx

Requests dangerous framework permissions 12 IoCs

description	ioc
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Required to be able to access the camera device.	android.permission.CAMERA
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an application to read the user's calendar data.	android.permission.READ_CALENDAR
Allows an application to write the user's calendar data.	android.permission.WRITE_CALENDAR
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES

Files

c5fc9d5044b336e93c4f2866d3993a2b46e864b7e40520c11e61b60e8dac2992
.apk android arch:arm

com.jiangyun.artisan

com.jiangyun.artisan.ui.activity.SplashActivity

Activities

com.jiangyun.artisan.ui.activity.SplashActivity

android.intent.action.MAIN

com.jiangyun.artisan.ui.activity.wallet.WalletActivity

jy.intent.action.user_wallet

com.jiangyun.artisan.ui.activity.ReceiveOrderConfigActivity

jy.intent.action.order_setting

com.jiangyun.artisan.ui.activity.WebActivity

jy.intent.action.content_web

com.jiangyun.artisan.ui.activity.CertificationActivity

jy.intent.action.content_certification

com.jiangyun.artisan.ui.activity.CollegeActivity

jy.intent.action.content_college

Permissions

android.permission.ACCESS_NETWORK_STATE
android.permission.INTERNET
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.CHANGE_CONFIGURATION
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.READ_PHONE_STATE
android.permission.WRITE_SETTINGS
android.permission.CALL_PHONE
android.permission.CAMERA
android.permission.READ_LOGS
android.permission.WAKE_LOCK
android.permission.RESTART_PACKAGES
android.permission.GET_TASKS
android.permission.GET_ACCOUNTS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.VIBRATE
android.permission.REORDER_TASKS
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.FOREGROUND_SERVICE
android.permission.READ_CALENDAR
android.permission.WRITE_CALENDAR
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.RECEIVE_BOOT_COMPLETED
com.jiangyun.artisan.permission.MIPUSH_RECEIVE
com.google.android.c2dm.permission.RECEIVE
com.jiangyun.artisan.permission.C2D_MESSAGE

Receivers

com.jiangyun.artisan.receiver.AutoStartReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.LOCKED_BOOT_COMPLETED

com.jiangyun.artisan.receiver.OrderReceiver

com.alibaba.push2.action.NOTIFICATION_OPENED
com.alibaba.push2.action.NOTIFICATION_REMOVED
com.alibaba.sdk.android.push.RECEIVE

com.alibaba.sdk.android.push.MiPushBroadcastReceiver

com.xiaomi.mipush.RECEIVE_MESSAGE
com.xiaomi.mipush.MESSAGE_ARRIVED
com.xiaomi.mipush.ERROR

com.xiaomi.push.service.receivers.NetworkStatusReceiver

android.net.conn.CONNECTIVITY_CHANGE

com.alibaba.sdk.android.push.HuaWeiReceiver

com.huawei.android.push.intent.REGISTRATION
com.huawei.android.push.intent.RECEIVE
com.huawei.intent.action.PUSH
com.huawei.intent.action.PUSH_STATE

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE
com.google.android.c2dm.intent.REGISTRATION

com.taobao.accs.EventReceiver

android.intent.action.BOOT_COMPLETED
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.PACKAGE_REMOVED
android.intent.action.USER_PRESENT

com.taobao.accs.ServiceReceiver

com.taobao.accs.intent.action.COMMAND
com.taobao.accs.intent.action.START_FROM_AGOO

com.taobao.agoo.AgooCommondReceiver

com.jiangyun.artisan.intent.action.COMMAND
android.intent.action.PACKAGE_REMOVED

com.alibaba.sdk.android.push.SystemEventReceiver

android.intent.action.MEDIA_MOUNTED
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

Services

com.alibaba.sdk.android.push.AgooFirebaseInstanceIDService

com.google.firebase.INSTANCE_ID_EVENT

com.alibaba.sdk.android.push.AgooFirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.alibaba.sdk.android.push.MsgService

com.alibaba.sdk.android.push.NOTIFY_ACTION

com.alibaba.sdk.android.push.channel.CheckService

com.alibaba.sdk.android.push.CHECK_SERVICE

com.taobao.accs.ChannelService

com.taobao.accs.intent.action.SERVICE

com.taobao.accs.data.MsgDistributeService

com.taobao.accs.intent.action.RECEIVE

org.android.agoo.accs.AgooService

com.taobao.accs.intent.action.RECEIVE

com.alibaba.sdk.android.push.AliyunPushIntentService

org.agoo.android.intent.action.RECEIVE

com.alibaba.sdk.android.push.channel.TaobaoRecvService

org.android.agoo.client.MessageReceiverService
amap_resource1_0_0.png
.apk android

com.example.amapsdkv2

com.amap.api.maps.offlinemap.OfflineMapActivity

Activities

com.amap.api.maps.offlinemap.OfflineMapActivity

android.intent.action.MAIN

Permissions

android.permission.INTERNET
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_NETWORK_STATE
android.permission.WRITE_SETTINGS
android.permission.ACCESS_FINE_LOCATION
android.permission.READ_PHONE_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.ACCESS_WIFI_STATE

Android Permissions

c5fc9d5044b336e93c4f2866d3993a2b46e864b7e40520c11e61b60e8dac2992

Permissions

android.permission.ACCESS_NETWORK_STATE

android.permission.INTERNET

android.permission.ACCESS_WIFI_STATE

android.permission.CHANGE_WIFI_STATE

android.permission.CHANGE_CONFIGURATION

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_FINE_LOCATION

android.permission.ACCESS_LOCATION_EXTRA_COMMANDS

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.READ_EXTERNAL_STORAGE

android.permission.READ_PHONE_STATE

android.permission.WRITE_SETTINGS

android.permission.CALL_PHONE

android.permission.CAMERA

android.permission.READ_LOGS

android.permission.WAKE_LOCK

android.permission.RESTART_PACKAGES

android.permission.GET_TASKS

android.permission.GET_ACCOUNTS

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.VIBRATE

android.permission.REORDER_TASKS

android.permission.MOUNT_UNMOUNT_FILESYSTEMS

android.permission.FOREGROUND_SERVICE

android.permission.READ_CALENDAR

android.permission.WRITE_CALENDAR

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.RECEIVE_BOOT_COMPLETED

com.jiangyun.artisan.permission.MIPUSH_RECEIVE

com.google.android.c2dm.permission.RECEIVE

com.jiangyun.artisan.permission.C2D_MESSAGE

Sharing

General

Malware Config

Signatures

Files

com.jiangyun.artisan

com.jiangyun.artisan.ui.activity.SplashActivity

Activities

com.jiangyun.artisan.ui.activity.SplashActivity

com.jiangyun.artisan.ui.activity.wallet.WalletActivity

com.jiangyun.artisan.ui.activity.ReceiveOrderConfigActivity

com.jiangyun.artisan.ui.activity.WebActivity

com.jiangyun.artisan.ui.activity.CertificationActivity

com.jiangyun.artisan.ui.activity.CollegeActivity

Permissions

Receivers

com.jiangyun.artisan.receiver.AutoStartReceiver

com.jiangyun.artisan.receiver.OrderReceiver

com.alibaba.sdk.android.push.MiPushBroadcastReceiver

com.xiaomi.push.service.receivers.NetworkStatusReceiver

com.alibaba.sdk.android.push.HuaWeiReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.taobao.accs.EventReceiver

com.taobao.accs.ServiceReceiver

com.taobao.agoo.AgooCommondReceiver

com.alibaba.sdk.android.push.SystemEventReceiver

Services

com.alibaba.sdk.android.push.AgooFirebaseInstanceIDService

com.alibaba.sdk.android.push.AgooFirebaseMessagingService

com.alibaba.sdk.android.push.MsgService

com.alibaba.sdk.android.push.channel.CheckService

com.taobao.accs.ChannelService

com.taobao.accs.data.MsgDistributeService

org.android.agoo.accs.AgooService

com.alibaba.sdk.android.push.AliyunPushIntentService

com.alibaba.sdk.android.push.channel.TaobaoRecvService

com.example.amapsdkv2

com.amap.api.maps.offlinemap.OfflineMapActivity

Activities

com.amap.api.maps.offlinemap.OfflineMapActivity

Permissions

Android Permissions

c5fc9d5044b336e93c4f2866d3993a2b46e864b7e40520c11e61b60e8dac2992