ed37af6eba614b0c61d05931b0c920c51ab47489bcbcd3b00b475141207a9fba

General

Target

ed37af6eba614b0c61d05931b0c920c51ab47489bcbcd3b00b475141207a9fba
Size

12.8MB
MD5

f88e1243d20fe30768f40830846167ef
SHA1

a5932271ffc44d848dd3361fdc333125a4f309f5
SHA256

ed37af6eba614b0c61d05931b0c920c51ab47489bcbcd3b00b475141207a9fba
SHA512

7ce7fefc21e7bee9c7c6770775ce181c64f7fb5e72702c358cda1132fd3d30ef20cb7f5187bd4dd92ac18a1bb0aeece3ffc3f9d518743fa4341341a37f4cbf15
SSDEEP

196608:7eTpoij4n2yS6N5uF1LkEfg7xyFROKxfHRM63zGaVBLnMtM63zGaVBLn9JmaeEfl:WKijVGsF1fg7xktxuHaX1HaXnH/4G

Score

6^/10

Malware Config

Signatures

Requests dangerous framework permissions 14 IoCs

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION

Files

ed37af6eba614b0c61d05931b0c920c51ab47489bcbcd3b00b475141207a9fba
.apk .ps1 android arch:arm64 arch:arm arch:x86 arch:mips arch:mips64 arch:x64 polyglot

com.publicnews

com.publicnews.page.welcome.Welcome

Activities

com.publicnews.page.welcome.Welcome

android.intent.action.MAIN

com.tencent.tauth.AuthActivity

android.intent.action.VIEW
android.intent.action.VIEW

com.publicnews.page.user.chat.ChatActivity

android.intent.action.VIEW

cn.jpush.android.ui.PushActivity

cn.jpush.android.ui.PushActivity

io.rong.voipkit.activity.CallSideActivity

android.intent.action.VIEW

io.rong.voipkit.activity.CalledSideActivity

android.intent.action.VIEW

com.publicnews.page.circle.ConversationActivity

android.intent.action.VIEW

com.publicnews.page.circle.task.RouseActivity

android.intent.action.VIEW

com.flinkinfo.weiboshare.BaseWeiboActivity

com.sina.weibo.sdk.action.ACTION_SDK_REQ_ACTIVITY

Permissions

com.publicnews.permission.JPUSH_MESSAGE
android.permission.RECEIVE_USER_PRESENT
android.permission.INTERNET
android.permission.WAKE_LOCK
android.permission.READ_PHONE_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.VIBRATE
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.ACCESS_NETWORK_STATE
android.permission.WRITE_SETTINGS
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
android.permission.CHANGE_NETWORK_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.INTERNET
android.permission.ACCESS_COARSE_LOCATION
android.permission.READ_PHONE_STATE
android.permission.GET_TASKS
android.permission.INTERACT_ACROSS_USERS_FULL
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.CAMERA
android.permission.RECORD_AUDIO
android.permission.VIBRATE
android.permission.WAKE_LOCK
android.permission.WRITE_SETTINGS
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.READ_CONTACTS
android.permission.ACCESS_FINE_LOCATION
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.READ_LOGS

Receivers

com.publicnews.extension.broadcast.ExpandBroadcast

com.publicnews.EXPAND_ACTION

com.flinkinfo.monitor.page.user.LoginedReceiver

com.flinkinfo.logined

com.flinkinfo.monitor.extension.broadcast.NeedLoginBroadcast

com.flinkinfo.needLogin_ACTION0

com.publicnews.extension.broadcast.JcRequestCxsLoginBroadcast

com.publicnews.JC_REQUEST_CXS_REGISTER

cn.jpush.android.service.PushReceiver

cn.jpush.android.intent.NOTIFICATION_RECEIVED_PROXY
android.intent.action.USER_PRESENT
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED

com.publicnews.extension.push_receiver.PushReceiver

cn.jpush.android.intent.REGISTRATION
cn.jpush.android.intent.UNREGISTRATION
cn.jpush.android.intent.MESSAGE_RECEIVED
cn.jpush.android.intent.NOTIFICATION_RECEIVED
cn.jpush.android.intent.NOTIFICATION_OPENED
cn.jpush.android.intent.ACTION_RICHPUSH_CALLBACK
cn.jpush.android.intent.CONNECTION

io.rong.imlib.ipc.PushMessageReceiver

io.rong.push.message

io.rong.push.PushReceiver

io.rong.push.HeartBeat
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.BOOT_COMPLETED
android.intent.action.USER_PRESENT
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.intent.action.PACKAGE_REMOVED

com.flinkinfo.monitor.extension.broadcast.UserBroadcast

REGISTER

com.flinkinfo.monitor.extension.broadcast.CollectArticleBroadcast

com.publicnews.monitor_collect

Services

cn.jpush.android.service.PushService

cn.jpush.android.intent.REGISTER
cn.jpush.android.intent.REPORT
cn.jpush.android.intent.PushService
cn.jpush.android.intent.PUSH_TIME

io.rong.push.PushService

io.rong.push

io.rong.push.CommandService

io.rong.command

Android Permissions

ed37af6eba614b0c61d05931b0c920c51ab47489bcbcd3b00b475141207a9fba

Permissions

com.publicnews.permission.JPUSH_MESSAGE

android.permission.RECEIVE_USER_PRESENT

android.permission.INTERNET

android.permission.WAKE_LOCK

android.permission.READ_PHONE_STATE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.READ_EXTERNAL_STORAGE

android.permission.VIBRATE

android.permission.MOUNT_UNMOUNT_FILESYSTEMS

android.permission.ACCESS_NETWORK_STATE

android.permission.WRITE_SETTINGS

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_WIFI_STATE

android.permission.CHANGE_WIFI_STATE

android.permission.ACCESS_FINE_LOCATION

android.permission.ACCESS_LOCATION_EXTRA_COMMANDS

android.permission.CHANGE_NETWORK_STATE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.INTERNET

android.permission.ACCESS_COARSE_LOCATION

android.permission.READ_PHONE_STATE

android.permission.GET_TASKS

android.permission.INTERACT_ACROSS_USERS_FULL

android.permission.ACCESS_WIFI_STATE

android.permission.ACCESS_NETWORK_STATE

android.permission.CAMERA

android.permission.RECORD_AUDIO

android.permission.VIBRATE

android.permission.WAKE_LOCK

android.permission.WRITE_SETTINGS

android.permission.MODIFY_AUDIO_SETTINGS

android.permission.KILL_BACKGROUND_PROCESSES

android.permission.READ_CONTACTS

android.permission.ACCESS_FINE_LOCATION

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.READ_LOGS

Sharing

General

Malware Config

Signatures

Files

com.publicnews

com.publicnews.page.welcome.Welcome

Activities

com.publicnews.page.welcome.Welcome

com.tencent.tauth.AuthActivity

com.publicnews.page.user.chat.ChatActivity

cn.jpush.android.ui.PushActivity

io.rong.voipkit.activity.CallSideActivity

io.rong.voipkit.activity.CalledSideActivity

com.publicnews.page.circle.ConversationActivity

com.publicnews.page.circle.task.RouseActivity

com.flinkinfo.weiboshare.BaseWeiboActivity

Permissions

Receivers

com.publicnews.extension.broadcast.ExpandBroadcast

com.flinkinfo.monitor.page.user.LoginedReceiver

com.flinkinfo.monitor.extension.broadcast.NeedLoginBroadcast

com.publicnews.extension.broadcast.JcRequestCxsLoginBroadcast

cn.jpush.android.service.PushReceiver

com.publicnews.extension.push_receiver.PushReceiver

io.rong.imlib.ipc.PushMessageReceiver

io.rong.push.PushReceiver

com.flinkinfo.monitor.extension.broadcast.UserBroadcast

com.flinkinfo.monitor.extension.broadcast.CollectArticleBroadcast

Services

cn.jpush.android.service.PushService

io.rong.push.PushService

io.rong.push.CommandService

Android Permissions

ed37af6eba614b0c61d05931b0c920c51ab47489bcbcd3b00b475141207a9fba