4170bb0d2d810aed97de7b0971357dc8

General

Target

4170bb0d2d810aed97de7b0971357dc8
Size

10.7MB
MD5

4170bb0d2d810aed97de7b0971357dc8
SHA1

23509ff5e68a6294ced8aaddd9750df389ff9c86
SHA256

9b7997b2e6a63189caa79617c377376d3a557ea07c3f3673dd7361e4cf504aa3
SHA512

7c4776e55a8adf252304127bdfabf4a8348d237f35158ab1133d7035aac6ae16fb211dd385fc7fd568c815f759ca5a56afd5d580599a8bc28e97944856b13b2d
SSDEEP

196608:WduIT/i7uDX/JJxdOVxKTu+ov+jv5HRyBOAFy1ufHA/HxPxE+C8Kx8prKPVz633:aT/F/JfsrZvM36OAF/fHA/RKYVA9233

Score

6^/10

Malware Config

Signatures

Requests dangerous framework permissions 3 IoCs

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE

Files

4170bb0d2d810aed97de7b0971357dc8
.apk android arch:x64 arch:arm64 arch:x86 arch:mips64 arch:arm arch:mips

com.app20.herball

com.app20.herball.MainActivity

Activities

com.app20.herball.MainActivity

android.intent.action.MAIN
android.intent.action.SEARCH
android.intent.action.VIEW

com.app20.herball.RssActivity

com.app20.herball.RssActivity

com.app20.herball.ListActivity

com.app20.herball.ListActivity

com.app20.herball.SearchActivity

com.app20.herball.SearchActivity

com.app20.herball.PageActivity

com.app20.herball.PageActivity

com.app20.herball.WebActivity

com.app20.herball.WebActivity

com.app20.herball.HtmlActivity

com.app20.herball.HtmlActivity

com.app20.herball.BookmarksActivity

com.app20.herball.BookmarksActivity

com.app20.herball.SettingActivity

com.app20.herball.SettingActivity

com.app20.herball.UpdateActivity

com.app20.herball.UpdateActivity

com.app20.herball.AudioPlayer

com.app20.herball.AudioPlayer

com.app20.herball.JoAppVideoPlayer

com.app20.herball.JoAppVideoPlayer

com.app20.herball.ImageViewActivity

com.app20.herball.ImageViewActivity

com.app20.herball.GalleryActivity

com.app20.herball.GalleryActivity

com.app20.herball.PayActivity

com.app20.herball.PayActivity

com.app20.herball.PayActivityHP

com.app20.herball.PayActivityHP

Permissions

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.INTERNET
android.permission.WRITE_EXTERNAL_STORAGE
com.farsitel.bazaar.permission.PAY_THROUGH_BAZAAR
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.INTERNET
android.permission.WAKE_LOCK
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.ACCESS_COARSE_LOCATION
android.permission.READ_PHONE_STATE

Receivers

co.ronash.pushe.receiver.UpdateReceiver

android.intent.action.PACKAGE_REPLACED

co.ronash.pushe.receiver.BootAndScreenReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON

co.ronash.pushe.receiver.ConnectivityReceiver

android.net.conn.CONNECTIVITY_CHANGE

co.ronash.pushe.receiver.AddReceiver

com.evernote.android.job.ADD_JOB_CREATOR

co.ronash.pushe.receiver.AppChangeReceiver

android.intent.action.PACKAGE_INSTALL
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_FULLY_REMOVED

com.evernote.android.job.v14.PlatformAlarmReceiver

com.evernote.android.job.v14.RUN_JOB
net.vrallev.android.job.v14.RUN_JOB

com.evernote.android.job.JobBootReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
com.htc.intent.action.QUICKBOOT_POWERON
android.intent.action.MY_PACKAGE_REPLACED

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

Services

com.app20.herball.MyPushListener

co.ronash.pushe.RECEIVE

co.ronash.pushe.service.ScreenStateService

co.ronash.pushe.service.ScreenStateService

com.evernote.android.job.gcm.PlatformGcmService

com.google.android.gms.gcm.ACTION_TASK_READY

co.ronash.pushe.fcm.FcmService

com.google.firebase.MESSAGING_EVENT

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.google.firebase.iid.FirebaseInstanceIdService

com.google.firebase.INSTANCE_ID_EVENT

ir.adad.notification.notification.AdadNotificationActionIntentService

ir.adad.notification.actions.adad_notification_action.click
ir.adad.notification.actions.adad_notification_action.delete

Android Permissions

4170bb0d2d810aed97de7b0971357dc8

Permissions

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.INTERNET

android.permission.WRITE_EXTERNAL_STORAGE

com.farsitel.bazaar.permission.PAY_THROUGH_BAZAAR

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.INTERNET

android.permission.WAKE_LOCK

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.ACCESS_COARSE_LOCATION

android.permission.READ_PHONE_STATE

Sharing

General

Malware Config

Signatures

Files

com.app20.herball

com.app20.herball.MainActivity

Activities

com.app20.herball.MainActivity

com.app20.herball.RssActivity

com.app20.herball.ListActivity

com.app20.herball.SearchActivity

com.app20.herball.PageActivity

com.app20.herball.WebActivity

com.app20.herball.HtmlActivity

com.app20.herball.BookmarksActivity

com.app20.herball.SettingActivity

com.app20.herball.UpdateActivity

com.app20.herball.AudioPlayer

com.app20.herball.JoAppVideoPlayer

com.app20.herball.ImageViewActivity

com.app20.herball.GalleryActivity

com.app20.herball.PayActivity

com.app20.herball.PayActivityHP

Permissions

Receivers

co.ronash.pushe.receiver.UpdateReceiver

co.ronash.pushe.receiver.BootAndScreenReceiver

co.ronash.pushe.receiver.ConnectivityReceiver

co.ronash.pushe.receiver.AddReceiver

co.ronash.pushe.receiver.AppChangeReceiver

com.evernote.android.job.v14.PlatformAlarmReceiver

com.evernote.android.job.JobBootReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

Services

com.app20.herball.MyPushListener

co.ronash.pushe.service.ScreenStateService

com.evernote.android.job.gcm.PlatformGcmService

co.ronash.pushe.fcm.FcmService

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.iid.FirebaseInstanceIdService

ir.adad.notification.notification.AdadNotificationActionIntentService

Android Permissions

4170bb0d2d810aed97de7b0971357dc8