s[.]apk | Triage

General

Target

s.apk
Size

34.3MB
MD5

6d7e39c6f82be4c2fd245577bcd6d370
SHA1

235b71a317831ca302f9b15f16e5f1f0323a1d21
SHA256

8afeaae9fe7f10aea422d9aa15acf81022ed6abd662e19d201529db34e808b56
SHA512

12180858c5af8f3e65873ab5d74d2512b64800fda30bc8c3be300c88ea7ca17faf2400e050a55278fd2b7c64a30320f3583fe3ed99b81a6074ebf513904162c6
SSDEEP

786432:4Lw81qkGfx33nA9NJ6KEDSU+tZ3fmNEtD682+azpaA:q7Gfx3XAnJ0d+vH28Czpn

Score

6^/10

Malware Config

Signatures

Declares services with permission to bind to the system 2 IoCs

description	ioc
Required by telecom connection services to bind with the system. Allows apps to manage phone call aspects such as call setup and notifications.	android.permission.BIND_TELECOM_CONNECTION_SERVICE
Required by chooser target services to bind with the system. Allows apps to modify targets that handle user actions.	android.permission.BIND_CHOOSER_TARGET_SERVICE

Requests dangerous framework permissions 20 IoCs

description	ioc
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to monitor incoming MMS messages.	android.permission.RECEIVE_MMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows read access to the device's phone number(s).	android.permission.READ_PHONE_NUMBERS
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Required to be able to access the camera device.	android.permission.CAMERA
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to write the user's calendar data.	android.permission.WRITE_CALENDAR
Allows an application to read the user's calendar data.	android.permission.READ_CALENDAR
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows applications to use exact alarm APIs.	android.permission.SCHEDULE_EXACT_ALARM
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE

Files

s.apk
.apk android arch:arm

org.thoughtcrime.securesms

org.thoughtcrime.securesms.components.settings.app.AppSettingsActivity

Activities

org.thoughtcrime.securesms.DeviceProvisioningActivity

android.intent.action.VIEW
android.intent.action.VIEW

org.thoughtcrime.securesms.sharing.v2.ShareActivity

android.intent.action.SEND
android.intent.action.SEND_MULTIPLE

org.thoughtcrime.securesms.stickers.StickerPackPreviewActivity

android.intent.action.VIEW
android.intent.action.VIEW

org.thoughtcrime.securesms.deeplinks.DeepLinkEntryActivity

android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW

org.thoughtcrime.securesms.components.settings.app.AppSettingsActivity

android.intent.action.MAIN

org.thoughtcrime.securesms.SmsSendtoActivity

android.intent.action.SENDTO
android.intent.action.VIEW
android.intent.action.VIEW

org.thoughtcrime.securesms.webrtc.VoiceCallShare

android.intent.action.VIEW

Permissions

android.permission.USE_FINGERPRINT
org.thoughtcrime.securesms.ACCESS_SECRETS
android.permission.READ_PROFILE
android.permission.BROADCAST_WAP_PUSH
android.permission.READ_CONTACTS
android.permission.WRITE_CONTACTS
android.permission.ACCESS_NOTIFICATION_POLICY
android.permission.RECEIVE_SMS
android.permission.RECEIVE_MMS
android.permission.READ_SMS
android.permission.SEND_SMS
android.permission.WRITE_SMS
android.permission.READ_PHONE_STATE
android.permission.READ_PHONE_NUMBERS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.CAMERA
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.RECORD_AUDIO
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.READ_CALL_STATE
android.permission.WRITE_CALENDAR
android.permission.READ_CALENDAR
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.VIBRATE
android.permission.ACCESS_NETWORK_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.WAKE_LOCK
android.permission.INTERNET
android.permission.FOREGROUND_SERVICE
android.permission.GET_ACCOUNTS
android.permission.READ_SYNC_SETTINGS
android.permission.WRITE_SYNC_SETTINGS
android.permission.AUTHENTICATE_ACCOUNTS
android.permission.USE_CREDENTIALS
android.permission.INSTALL_SHORTCUT
com.android.launcher.permission.INSTALL_SHORTCUT
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.SET_WALLPAPER
android.permission.BLUETOOTH
android.permission.BROADCAST_STICKY
android.permission.CALL_PHONE
android.permission.DISABLE_KEYGUARD
android.permission.RAISED_THREAD_PRIORITY
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.USE_FULL_SCREEN_INTENT
android.permission.MANAGE_OWN_CALLS
android.permission.SCHEDULE_EXACT_ALARM
android.permission.USE_BIOMETRIC
android.permission.POST_NOTIFICATIONS
com.google.android.c2dm.permission.RECEIVE
android.permission.READ_EXTERNAL_STORAGE
com.sec.android.provider.badge.permission.READ
com.sec.android.provider.badge.permission.WRITE
com.htc.launcher.permission.READ_SETTINGS
com.htc.launcher.permission.UPDATE_SHORTCUT
com.sonyericsson.home.permission.BROADCAST_BADGE
com.sonymobile.home.permission.PROVIDER_INSERT_BADGE
com.anddoes.launcher.permission.UPDATE_COUNT
com.majeur.launcher.permission.UPDATE_BADGE
com.huawei.android.launcher.permission.CHANGE_BADGE
com.huawei.android.launcher.permission.READ_SETTINGS
com.huawei.android.launcher.permission.WRITE_SETTINGS
android.permission.READ_APP_BADGE
com.oppo.launcher.permission.READ_SETTINGS
com.oppo.launcher.permission.WRITE_SETTINGS
me.everything.badger.permission.BADGE_COUNT_READ
me.everything.badger.permission.BADGE_COUNT_WRITE

Receivers

androidx.media.session.MediaButtonReceiver

android.intent.action.MEDIA_BUTTON

org.thoughtcrime.securesms.service.SmsListener

android.provider.Telephony.SMS_RECEIVED
android.provider.Telephony.SMS_DELIVER

org.thoughtcrime.securesms.service.SmsDeliveryListener

org.thoughtcrime.securesms.services.MESSAGE_SENT

org.thoughtcrime.securesms.service.MmsListener

android.provider.Telephony.WAP_PUSH_RECEIVED
android.provider.Telephony.WAP_PUSH_DELIVER

org.thoughtcrime.securesms.notifications.MarkReadReceiver

org.thoughtcrime.securesms.notifications.CLEAR

org.thoughtcrime.securesms.notifications.RemoteReplyReceiver

org.thoughtcrime.securesms.notifications.WEAR_REPLY

org.thoughtcrime.securesms.service.BootReceiver

android.intent.action.BOOT_COMPLETED
org.thoughtcrime.securesms.RESTART

org.thoughtcrime.securesms.service.DirectoryRefreshListener

android.intent.action.BOOT_COMPLETED

org.thoughtcrime.securesms.service.RotateSignedPreKeyListener

android.intent.action.BOOT_COMPLETED

org.thoughtcrime.securesms.service.RotateSenderCertificateListener

android.intent.action.BOOT_COMPLETED

org.thoughtcrime.securesms.messageprocessingalarm.MessageProcessReceiver

android.intent.action.BOOT_COMPLETED
org.thoughtcrime.securesms.action.PROCESS_MESSAGES

org.thoughtcrime.securesms.service.LocalBackupListener

android.intent.action.BOOT_COMPLETED

org.thoughtcrime.securesms.service.PersistentConnectionBootListener

android.intent.action.BOOT_COMPLETED

org.thoughtcrime.securesms.notifications.LocaleChangedReceiver

android.intent.action.LOCALE_CHANGED

org.thoughtcrime.securesms.notifications.DeleteNotificationReceiver

org.thoughtcrime.securesms.DELETE_NOTIFICATION

org.thoughtcrime.securesms.service.PanicResponderListener

info.guardianproject.panic.action.TRIGGER

org.thoughtcrime.securesms.jobmanager.BootReceiver

android.intent.action.BOOT_COMPLETED

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

Services

org.thoughtcrime.securesms.service.webrtc.AndroidCallConnectionService

android.telecom.ConnectionService

org.thoughtcrime.securesms.components.voice.VoiceNotePlaybackService

android.media.browse.MediaBrowserService

org.thoughtcrime.securesms.service.QuickResponseService

android.intent.action.RESPOND_VIA_MESSAGE

org.thoughtcrime.securesms.service.AccountAuthenticatorService

android.accounts.AccountAuthenticator

org.thoughtcrime.securesms.service.ContactsSyncAdapterService

android.content.SyncAdapter

org.thoughtcrime.securesms.gcm.FcmReceiveService

com.google.firebase.MESSAGING_EVENT

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

androidx.sharetarget.ChooserTargetServiceCompat

android.service.chooser.ChooserTargetService

Android Permissions

s.apk

Permissions

android.permission.USE_FINGERPRINT

org.thoughtcrime.securesms.ACCESS_SECRETS

android.permission.READ_PROFILE

android.permission.BROADCAST_WAP_PUSH

android.permission.READ_CONTACTS

android.permission.WRITE_CONTACTS

android.permission.ACCESS_NOTIFICATION_POLICY

android.permission.RECEIVE_SMS

android.permission.RECEIVE_MMS

android.permission.READ_SMS

android.permission.SEND_SMS

android.permission.WRITE_SMS

android.permission.READ_PHONE_STATE

android.permission.READ_PHONE_NUMBERS

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.CAMERA

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_FINE_LOCATION

android.permission.RECORD_AUDIO

android.permission.MODIFY_AUDIO_SETTINGS

android.permission.READ_CALL_STATE

android.permission.WRITE_CALENDAR

android.permission.READ_CALENDAR

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.VIBRATE

android.permission.ACCESS_NETWORK_STATE

android.permission.CHANGE_NETWORK_STATE

android.permission.WAKE_LOCK

android.permission.INTERNET

android.permission.FOREGROUND_SERVICE

android.permission.GET_ACCOUNTS

android.permission.READ_SYNC_SETTINGS

android.permission.WRITE_SYNC_SETTINGS

android.permission.AUTHENTICATE_ACCOUNTS

android.permission.USE_CREDENTIALS

android.permission.INSTALL_SHORTCUT

com.android.launcher.permission.INSTALL_SHORTCUT

android.permission.ACCESS_WIFI_STATE

android.permission.CHANGE_WIFI_STATE

android.permission.SET_WALLPAPER

android.permission.BLUETOOTH

android.permission.BROADCAST_STICKY

android.permission.CALL_PHONE

android.permission.DISABLE_KEYGUARD

android.permission.RAISED_THREAD_PRIORITY

android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

android.permission.USE_FULL_SCREEN_INTENT

android.permission.MANAGE_OWN_CALLS

android.permission.SCHEDULE_EXACT_ALARM

android.permission.USE_BIOMETRIC

Sharing

General

Malware Config

Signatures

Files

org.thoughtcrime.securesms

org.thoughtcrime.securesms.components.settings.app.AppSettingsActivity

Activities

org.thoughtcrime.securesms.DeviceProvisioningActivity

org.thoughtcrime.securesms.sharing.v2.ShareActivity

org.thoughtcrime.securesms.stickers.StickerPackPreviewActivity

org.thoughtcrime.securesms.deeplinks.DeepLinkEntryActivity

org.thoughtcrime.securesms.components.settings.app.AppSettingsActivity

org.thoughtcrime.securesms.SmsSendtoActivity

org.thoughtcrime.securesms.webrtc.VoiceCallShare

Permissions

Receivers

androidx.media.session.MediaButtonReceiver

org.thoughtcrime.securesms.service.SmsListener

org.thoughtcrime.securesms.service.SmsDeliveryListener

org.thoughtcrime.securesms.service.MmsListener

org.thoughtcrime.securesms.notifications.MarkReadReceiver

org.thoughtcrime.securesms.notifications.RemoteReplyReceiver

org.thoughtcrime.securesms.service.BootReceiver

org.thoughtcrime.securesms.service.DirectoryRefreshListener

org.thoughtcrime.securesms.service.RotateSignedPreKeyListener

org.thoughtcrime.securesms.service.RotateSenderCertificateListener

org.thoughtcrime.securesms.messageprocessingalarm.MessageProcessReceiver

org.thoughtcrime.securesms.service.LocalBackupListener

org.thoughtcrime.securesms.service.PersistentConnectionBootListener

org.thoughtcrime.securesms.notifications.LocaleChangedReceiver

org.thoughtcrime.securesms.notifications.DeleteNotificationReceiver

org.thoughtcrime.securesms.service.PanicResponderListener

org.thoughtcrime.securesms.jobmanager.BootReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

Services

org.thoughtcrime.securesms.service.webrtc.AndroidCallConnectionService

org.thoughtcrime.securesms.components.voice.VoiceNotePlaybackService

org.thoughtcrime.securesms.service.QuickResponseService

org.thoughtcrime.securesms.service.AccountAuthenticatorService

org.thoughtcrime.securesms.service.ContactsSyncAdapterService

org.thoughtcrime.securesms.gcm.FcmReceiveService

com.google.firebase.messaging.FirebaseMessagingService

androidx.sharetarget.ChooserTargetServiceCompat

Android Permissions

s.apk