spinok | 3745e0fb7edbdd8da57f44f5ee1d2b2cc0db5d7f8b63ea69ce12ce561402cf17[.]zip

General

Target

3745e0fb7edbdd8da57f44f5ee1d2b2cc0db5d7f8b63ea69ce12ce561402cf17.zip
Size

54.1MB
MD5

00bd9e4fd7d63e57017ad93f16466f83
SHA1

b5fd56a2536ad1673ec600b255d313cdcbba9970
SHA256

2d67082c970cd69740b98874ccddcf4a67b8521ec1116cc2aeb2c35322764721
SHA512

c748e8569856d15190aa9a93b731193436bfddb8db746481a26da3b12a44864e8cd0bc7c19576dac2fd9531c8f50429c22c25500124373ecf624647882f38ce2
SSDEEP

1572864:+grWDcRctM5/bPjJEFeWzpL5s5ouzSFQ084:+yWIH1Pj6/15s5oG4

Score

10^/10

spinok

Malware Config

Extracted

Family

spinok

C2

https://d3hdbjtb1686tn.cloudfront.net/gpsdk.html

Signatures

Spinok family
spinok

Requests dangerous framework permissions 3 IoCs

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to collect component usage statistics.	android.permission.PACKAGE_USAGE_STATS

Files

3745e0fb7edbdd8da57f44f5ee1d2b2cc0db5d7f8b63ea69ce12ce561402cf17.zip
.zip

Password: infected
3745e0fb7edbdd8da57f44f5ee1d2b2cc0db5d7f8b63ea69ce12ce561402cf17.apk
.apk android arch:arm64 arch:arm

com.steamland.victube

org.cocos2dx.javascript.AppActivity

Activities

org.cocos2dx.javascript.AppActivity

android.intent.action.MAIN

com.facebook.CustomTabActivity

android.intent.action.VIEW

Permissions

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.READ_EXTERNAL_STORAGE
android.permission.VIBRATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WAKE_LOCK
android.permission.FOREGROUND_SERVICE
com.google.android.gms.permission.AD_ID
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
com.android.vending.BILLING
android.permission.PACKAGE_USAGE_STATS
android.permission.USE_FULL_SCREEN_INTENT

Receivers

com.adjust.sdk.AdjustReferrerReceiver

com.android.vending.INSTALL_REFERRER

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.facebook.sdk.ACTION_CURRENT_ACCESS_TOKEN_CHANGED

com.facebook.AuthenticationTokenManager$CurrentAuthenticationTokenChangedBroadcastReceiver

com.facebook.sdk.ACTION_CURRENT_AUTHENTICATION_TOKEN_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

androidx.work.impl.diagnostics.DiagnosticsReceiver

androidx.work.diagnostics.REQUEST_DIAGNOSTICS

com.spin.ok.gp.receiver.SpinReceiver

android.intent.action.USER_PRESENT

Services

com.rad.playercommon.business.RoulaxVideoDownloadService

com.rad.playercommon.exoplayer.downloadService.action.RESTART

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

com.steamland.victube

org.cocos2dx.javascript.AppActivity

Activities

org.cocos2dx.javascript.AppActivity

com.facebook.CustomTabActivity

Permissions

Receivers

com.adjust.sdk.AdjustReferrerReceiver

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.facebook.AuthenticationTokenManager$CurrentAuthenticationTokenChangedBroadcastReceiver

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.diagnostics.DiagnosticsReceiver

com.spin.ok.gp.receiver.SpinReceiver

Services

com.rad.playercommon.business.RoulaxVideoDownloadService