23087de9decec4839758a8877d352c9607a8191724703f21cde6e6b2cb4cd04c[.]zip

General

Target

23087de9decec4839758a8877d352c9607a8191724703f21cde6e6b2cb4cd04c.zip
Size

891KB
MD5

d663a124bcaf7968ce6b8854b84dbc6e
SHA1

b40d3b60b8e9139621f1af5f71f8e1e83cf890d3
SHA256

830af3de4f792a211fd3a83432e62a7c88a4c8c341c660fc9c456b61fbbe60d3
SHA512

16aed56af9074cfe322594152ecd0ad91b5cb88599ddc906ddea808035bef59d84a43bf2a9f6b3528e3c996e6824a169242836af7a593c6ca25a2174c9e58077
SSDEEP

24576:WNd+/uryx0XAwjfrVUSGSx9iLWhoGU5dDb2LrmqNqPVC0NRT5E1fO:WKuexqrfWkcWw+LIPhRT5Ew

Score

6^/10

Malware Config

Signatures

Declares broadcast receivers with permission to handle system events 1 IoCs

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Declares services with permission to bind to the system 1 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE

Requests dangerous framework permissions 14 IoCs

description	ioc
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether.	android.permission.PROCESS_OUTGOING_CALLS
Allows an application to read the user's call log.	android.permission.READ_CALL_LOG
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows read access to the device's phone number(s).	android.permission.READ_PHONE_NUMBERS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS

Files

23087de9decec4839758a8877d352c9607a8191724703f21cde6e6b2cb4cd04c.zip
.zip

Password: infected
23087de9decec4839758a8877d352c9607a8191724703f21cde6e6b2cb4cd04c.apk
.apk android

com.sec.provider.mobile.android

com.sec.provider.mobile.android.X14X

Activities

com.sec.provider.mobile.android.X14X

android.intent.action.MAIN

Permissions

android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_LOCATION
android.permission.ACCESS_MOCK_LOCATION
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_SUPERUSER
android.permission.ACCESS_WIFI_STATE
android.permission.BIND_DEVICE_ADMIN
android.permission.BIND_ACCESSIBILITY_SERVICE
android.permission.BLUETOOTH
android.permission.CAMERA
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.DELETE_PACKAGES
android.permission.INSTALL_PACKAGES
android.permission.INTERNET
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.MODIFY_PHONE_STATE
android.permission.PROCESS_OUTGOING_CALLS
android.permission.READ_CALL_LOG
android.permission.READ_CONTACTS
com.android.browser.permission.READ_HISTORY_BOOKMARKS
android.permission.READ_PHONE_NUMBERS
android.permission.READ_PHONE_STATE
android.permission.READ_PRIVILEGED_PHONE_STATE
android.permission.READ_SMS
android.permission.REBOOT
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.RECEIVE_SMS
android.permission.RECORD_AUDIO
android.permission.WAKE_LOCK
android.permission.WRITE_CONTACTS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WRITE_SETTINGS
android.permission.WRITE_SECURE_SETTINGS
android.permission.CAPTURE_AUDIO_OUTPUT
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

Receivers

com.sec.provider.mobile.android.X03X

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
android.intent.action.LOCKED_BOOT_COMPLETED
android.intent.action.REBOOT

com.sec.provider.mobile.android.X16X

android.intent.action.PACKAGE_REPLACED

com.sec.provider.mobile.android.X04X

android.provider.Telephony.SMS_RECEIVED

com.sec.provider.mobile.android.X05X

android.net.conn.CONNECTIVITY_CHANGE

com.sec.provider.mobile.android.X02X

android.app.action.DEVICE_ADMIN_ENABLED

com.sec.provider.mobile.android.X08X

com.sec.provider.mobile.android.X08X

Services

com.sec.provider.mobile.android.X01X

android.accessibilityservice.AccessibilityService

Sharing

General

Malware Config

Signatures

Files

Password: infected

com.sec.provider.mobile.android

com.sec.provider.mobile.android.X14X

Activities

com.sec.provider.mobile.android.X14X

Permissions

Receivers

com.sec.provider.mobile.android.X03X

com.sec.provider.mobile.android.X16X

com.sec.provider.mobile.android.X04X

com.sec.provider.mobile.android.X05X

com.sec.provider.mobile.android.X02X

com.sec.provider.mobile.android.X08X

Services

com.sec.provider.mobile.android.X01X