f90969f8e3aff842eb38e03079b4d627[.]bin

Reason

could not process APK: binary.Read: invalid type [2]uint16

General

Target

f90969f8e3aff842eb38e03079b4d627.bin
Size

882.3MB
MD5

f90969f8e3aff842eb38e03079b4d627
SHA1

8e8942a18763e1519e24dd72890f67f625f3ac12
SHA256

c70803d44893a51b6763089a06659a61a8e3b9acdd3cfb5677219ac4d2ebdf3b
SHA512

7721e18b000ad116750379e1d515190d5d48992206b40e8e1f3d6cd792521b523e2958cc917dd54b2a7509f6fda974f5c2bbe57537f7361c19e475c10aa9db5f
SSDEEP

6291456:yKZRRCchDr6Z81LT/c1YlclruRyahNUSBQqeq98dE1CcmIPaFdaeevEiBq3ocFiO:j1DhDOZ81LT/yYlclru8a/gdAaFdaYFH

Score

8^/10

macro macro_on_action

Malware Config

Signatures

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

resource	yara_rule
sample	office_macro_on_action

Requests dangerous framework permissions 1 IoCs

description	ioc
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS

Files

f90969f8e3aff842eb38e03079b4d627.bin
.apk android arch:arm

Password: infected

gene.brawl.release

com.supercell.brawlstars.GameApp

Activities

com.supercell.brawlstars.GameApp

android.intent.action.MAIN
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
com.google.intent.action.TEST_LOOP

Permissions

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.WAKE_LOCK
android.permission.CHANGE_WIFI_STATE
android.permission.ACCESS_WIFI_STATE
com.android.vending.BILLING
android.permission.VIBRATE
android.permission.POST_NOTIFICATIONS
android.permission.READ_BASIC_PHONE_STATE
android.Manifest.permission.ACCESS_NETWORK_STATE
com.google.android.gms.permission.AD_ID
com.google.android.c2dm.permission.RECEIVE
com.google.android.providers.gsf.permission.READ_GSERVICES
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

Receivers

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

com.supercell.id.SharedDataBroadcastReceiver

com.supercell.id.GetSharedData

androidx.profileinstaller.ProfileInstallReceiver

androidx.profileinstaller.action.INSTALL_PROFILE
androidx.profileinstaller.action.SKIP_FILE
androidx.profileinstaller.action.SAVE_PROFILE
androidx.profileinstaller.action.BENCHMARK_OPERATION

Services

com.supercell.titan.PushMessageService

com.google.firebase.MESSAGING_EVENT

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

Android Permissions

f90969f8e3aff842eb38e03079b4d627.bin

Permissions

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.WAKE_LOCK

android.permission.CHANGE_WIFI_STATE

android.permission.ACCESS_WIFI_STATE

com.android.vending.BILLING

android.permission.VIBRATE

android.permission.POST_NOTIFICATIONS

android.permission.READ_BASIC_PHONE_STATE

android.Manifest.permission.ACCESS_NETWORK_STATE

com.google.android.gms.permission.AD_ID

com.google.android.c2dm.permission.RECEIVE

com.google.android.providers.gsf.permission.READ_GSERVICES

com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

Sharing

Errors

General

Malware Config

Signatures

Files

Password: infected

gene.brawl.release

com.supercell.brawlstars.GameApp

Activities

com.supercell.brawlstars.GameApp

Permissions

Receivers

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.supercell.id.SharedDataBroadcastReceiver

androidx.profileinstaller.ProfileInstallReceiver

Services

com.supercell.titan.PushMessageService

com.google.firebase.messaging.FirebaseMessagingService

Android Permissions

f90969f8e3aff842eb38e03079b4d627.bin