Malware Analysis Report

2024-10-16 05:20

Sample ID 240331-r82wmadg6x
Target ready.apk
SHA256 f5d84a3bd44d1511e00a67ae1c79f2076dc8972dc11c616d6130dc4eba0e3555
Tags
collection evasion persistence spynote
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f5d84a3bd44d1511e00a67ae1c79f2076dc8972dc11c616d6130dc4eba0e3555

Threat Level: Known bad

The file ready.apk was found to be: Known bad.

Malicious Activity Summary

collection evasion persistence spynote

Spynote family

Makes use of the framework's Accessibility service

Makes use of the framework's foreground persistence service

Declares services with permission to bind to the system

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-31 14:52

Signatures

Spynote family

spynote

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write and read the user's call log data. android.permission.WRITE_CALL_LOG N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-03-31 14:52

Reported

2024-03-31 14:58

Platform

android-33-x64-arm64-20240229-en

Max time kernel

309s

Max time network

319s

Command Line

splash.app.main

Signatures

Makes use of the framework's Accessibility service

collection evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by remote views services to bind with the system. Allows apps to share and display views across different processes. android.permission.BIND_REMOTEVIEWS N/A N/A
Required by telecom connection services to bind with the system. Allows apps to manage phone call aspects such as call setup and notifications. android.permission.BIND_TELECOM_CONNECTION_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to access any geographic locations persisted in the user's shared collection. android.permission.ACCESS_MEDIA_LOCATION N/A N/A
Allows an application to read image or video files from external storage that a user has selected via the permission prompt photo picker. android.permission.READ_MEDIA_VISUAL_USER_SELECTED N/A N/A
Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to access any geographic locations persisted in the user's shared collection. android.permission.ACCESS_MEDIA_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Required to be able to connect to paired Bluetooth devices. android.permission.BLUETOOTH_CONNECT N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Processes

splash.app.main

Network

Country Destination Domain Proto
GB 142.250.178.4:443 udp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
BE 64.233.166.188:5228 tcp
GB 142.250.178.4:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.227:443 tcp
US 1.1.1.1:53 outdoor-mailed.gl.at.ply.gg udp
US 147.185.221.19:13031 outdoor-mailed.gl.at.ply.gg tcp
GB 216.58.213.4:443 tcp
GB 216.58.213.4:443 tcp
GB 216.58.213.4:443 tcp
GB 216.58.213.4:443 udp
GB 142.250.180.1:443 tcp
GB 142.250.179.238:443 tcp
GB 216.58.204.78:443 tcp
GB 142.250.180.1:443 tcp
GB 142.250.179.238:443 tcp
GB 216.58.204.78:443 tcp
GB 142.250.179.238:443 tcp
GB 216.58.204.78:443 tcp
GB 142.250.200.27:443 tcp
GB 142.250.200.27:443 tcp
GB 216.58.204.78:443 udp
GB 142.250.178.4:443 udp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 142.250.180.3:443 tcp
US 172.64.41.3:443 udp
GB 142.250.180.3:443 udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
US 147.185.221.19:13031 outdoor-mailed.gl.at.ply.gg tcp
GB 142.250.179.232:443 tcp
GB 142.250.200.38:80 tcp
GB 172.217.169.2:443 tcp
GB 142.250.200.38:443 tcp
GB 142.250.200.2:443 tcp
US 216.239.32.36:443 tcp
GB 216.58.212.227:443 tcp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp

Files

/storage/emulated/0/.base.apk

MD5 8c5a8a5543509a20f79de96ac53fe4e5
SHA1 6a58abfecf85940811517d6b44a2abeb4b4514dc
SHA256 eb19c045b8a70e71e69c8773a96656ed17f6ff4ab8fd3d1e2d4f3cbc0ccc4b54
SHA512 523bc59e9acea6907fc57ab26b019b9fbd9e138f708aabc8fd4d5585f24e0a45ae7a877dadc22c51e24a863a849f4f4d29e4b8f36a9ee6eb22e2a852117dbdcf

Analysis: behavioral4

Detonation Overview

Submitted

2024-03-31 14:52

Reported

2024-03-31 14:58

Platform

android-x86-arm-20240221-en

Max time kernel

300s

Max time network

305s

Command Line

splash.app.main

Signatures

Makes use of the framework's Accessibility service

collection evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by remote views services to bind with the system. Allows apps to share and display views across different processes. android.permission.BIND_REMOTEVIEWS N/A N/A
Required by telecom connection services to bind with the system. Allows apps to manage phone call aspects such as call setup and notifications. android.permission.BIND_TELECOM_CONNECTION_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to access any geographic locations persisted in the user's shared collection. android.permission.ACCESS_MEDIA_LOCATION N/A N/A
Allows an application to read image or video files from external storage that a user has selected via the permission prompt photo picker. android.permission.READ_MEDIA_VISUAL_USER_SELECTED N/A N/A
Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to access any geographic locations persisted in the user's shared collection. android.permission.ACCESS_MEDIA_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Required to be able to connect to paired Bluetooth devices. android.permission.BLUETOOTH_CONNECT N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Processes

splash.app.main

Network

Country Destination Domain Proto
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 outdoor-mailed.gl.at.ply.gg udp
US 147.185.221.19:13031 outdoor-mailed.gl.at.ply.gg tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
US 147.185.221.19:13031 outdoor-mailed.gl.at.ply.gg tcp
US 147.185.221.19:13031 outdoor-mailed.gl.at.ply.gg tcp
US 147.185.221.19:13031 outdoor-mailed.gl.at.ply.gg tcp
GB 172.217.169.35:80 tcp
GB 216.58.201.100:443 tcp
GB 142.250.180.2:443 tcp
GB 142.250.179.227:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.179.227:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.179.227:443 tcp
GB 142.250.179.227:443 tcp

Files

/storage/emulated/0/.base.apk

MD5 8c5a8a5543509a20f79de96ac53fe4e5
SHA1 6a58abfecf85940811517d6b44a2abeb4b4514dc
SHA256 eb19c045b8a70e71e69c8773a96656ed17f6ff4ab8fd3d1e2d4f3cbc0ccc4b54
SHA512 523bc59e9acea6907fc57ab26b019b9fbd9e138f708aabc8fd4d5585f24e0a45ae7a877dadc22c51e24a863a849f4f4d29e4b8f36a9ee6eb22e2a852117dbdcf

/storage/emulated/0/Config/sys/apps/log/log-MjAyNC0wMy0zMQ== .txt

MD5 6a98507dc1c0cbea05e87ca99fb1812b
SHA1 397835cc53bdd5103aa960ffb8c9be8f5da2d231
SHA256 65d5b84d9221bf950f3618cc329414eed3ebb75bd4da6b8402fdc794ca32eca8
SHA512 b50439e84849c2faeb8ae50aeff702e279c30c0ef9b58d140275c4704b3e09c1a035d3ef500f513991703932f29de21ff4be65b4567cab66196207da64fae87c

/storage/emulated/0/Config/sys/apps/log/log-MjAyNC0wMy0zMQ== .txt

MD5 cbbfd3af2fe82654f4a0b79f873dfaf5
SHA1 44237a1e9aac88d0b9c6deba1eec8eafce0709e2
SHA256 df687743943bebd4c48a41e1dbe7426b8e2f99d930a2abfc8bd3848c4e2ed660
SHA512 94f137d8033661934a66cc2219a1e99e63d2a81eebb09f703bd233bf459b5172c9c2b2afc29e59bab4ea33e4841a3c235397678c6cd32074180574aea37aed02

/storage/emulated/0/Config/sys/apps/log/log-MjAyNC0wMy0zMQ== .txt

MD5 19e9022a0237abfcb41de0da45b6cdc8
SHA1 cfcb8500f6e281eb42e54dbf472cc05fefdf55ac
SHA256 6a3ed19be60f504848d404f19e7c3dc35b0e2d623fab204e02d6aa93acc0c4c3
SHA512 bd02400d5f3f91054f1bf60ccc35457d6f3d83fccae18b3fbbe22b81c5fa86e430d2886685a6a7777c5714d25b16499be31ce86097e64d3b878c04d89dd2aec6

/storage/emulated/0/Config/sys/apps/log/log-MjAyNC0wMy0zMQ== .txt

MD5 ad2ab7f708e5ebc48e030e04eaae74b1
SHA1 343a2d8c3b6582088b5ce4bb1cfdef9de21ade21
SHA256 2a84676a29e2509df386d65793593012bba673063cea4d2dd528c0190414d562
SHA512 ae1c8859e587809e70d6a839f696bebd0a2c7b1c79992ca82de206cc97a03f8cad989a85f6e51769bba1cbe94dfacf91edc3c190fa55a8cdcdbbbc789d631347

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-31 14:52

Reported

2024-03-31 14:58

Platform

android-x64-20240221-en

Max time kernel

306s

Max time network

312s

Command Line

splash.app.main

Signatures

Makes use of the framework's Accessibility service

collection evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by remote views services to bind with the system. Allows apps to share and display views across different processes. android.permission.BIND_REMOTEVIEWS N/A N/A
Required by telecom connection services to bind with the system. Allows apps to manage phone call aspects such as call setup and notifications. android.permission.BIND_TELECOM_CONNECTION_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to access any geographic locations persisted in the user's shared collection. android.permission.ACCESS_MEDIA_LOCATION N/A N/A
Allows an application to read image or video files from external storage that a user has selected via the permission prompt photo picker. android.permission.READ_MEDIA_VISUAL_USER_SELECTED N/A N/A
Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to access any geographic locations persisted in the user's shared collection. android.permission.ACCESS_MEDIA_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Required to be able to connect to paired Bluetooth devices. android.permission.BLUETOOTH_CONNECT N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Processes

splash.app.main

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 outdoor-mailed.gl.at.ply.gg udp
US 147.185.221.19:13031 outdoor-mailed.gl.at.ply.gg tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 216.58.213.4:443 tcp
GB 216.58.213.4:443 tcp
US 147.185.221.19:13031 outdoor-mailed.gl.at.ply.gg tcp
US 147.185.221.19:13031 outdoor-mailed.gl.at.ply.gg tcp
US 147.185.221.19:13031 outdoor-mailed.gl.at.ply.gg tcp
GB 216.58.212.226:443 tcp
GB 142.250.200.35:443 tcp

Files

/storage/emulated/0/.base.apk

MD5 8c5a8a5543509a20f79de96ac53fe4e5
SHA1 6a58abfecf85940811517d6b44a2abeb4b4514dc
SHA256 eb19c045b8a70e71e69c8773a96656ed17f6ff4ab8fd3d1e2d4f3cbc0ccc4b54
SHA512 523bc59e9acea6907fc57ab26b019b9fbd9e138f708aabc8fd4d5585f24e0a45ae7a877dadc22c51e24a863a849f4f4d29e4b8f36a9ee6eb22e2a852117dbdcf

/storage/emulated/0/Config/sys/apps/log/log-MjAyNC0wMy0zMQ== .txt

MD5 6a98507dc1c0cbea05e87ca99fb1812b
SHA1 397835cc53bdd5103aa960ffb8c9be8f5da2d231
SHA256 65d5b84d9221bf950f3618cc329414eed3ebb75bd4da6b8402fdc794ca32eca8
SHA512 b50439e84849c2faeb8ae50aeff702e279c30c0ef9b58d140275c4704b3e09c1a035d3ef500f513991703932f29de21ff4be65b4567cab66196207da64fae87c

/storage/emulated/0/Config/sys/apps/log/log-MjAyNC0wMy0zMQ== .txt

MD5 2fb93db2c80b2c3693ee27601124467c
SHA1 f115776af843bf6ab195babcb2ebd8f0e63899fc
SHA256 ddf3a61f655c3421d43065a6942847f9950c068d3afabd799ddbf68bda39e61b
SHA512 c419f43dd6afc72d4896458416fecaed16b4dbd559e20b7bd9d19f378c42423415766ddb02ad4c5bbd0d341b97d8e0493a99bc1e85902809822aa7e73a9a8db4

/storage/emulated/0/Config/sys/apps/log/log-MjAyNC0wMy0zMQ== .txt

MD5 2c4f8abe2dfd2f2e33ed0528665794dd
SHA1 5c9c068f805d55ea7b13c021f54dfbe71e07454b
SHA256 ea2dff6d7036d8ed0f98f8a85b0bf377df05ca058a4e1b061007f36ed7122da3
SHA512 6d4659a8cc48d4444b42b3a812392971e80409ac35032aaf1ee2e14bff82b6034c75eb364798aa1a56d961816038f7b615aaebb851643c50dcb79e157a645f54

/storage/emulated/0/Config/sys/apps/log/log-MjAyNC0wMy0zMQ== .txt

MD5 6517749f1bbb71259067623498b5b282
SHA1 a6d9677172333f7ec67d2ea8173b7b9b4959a3d4
SHA256 c20b6a646d477001d042d80b3bf8fb66674dd2bbdd9ccbcbb6681502bfcf1bc2
SHA512 37e556e90d4671eb629ab7c20a88a6c830da485d4087ec97cdf09fa827718550cdb0b8ca11bdac4585442a44586a82b338ecd6ee0f1178ce70a06a2cd2415cf2

/storage/emulated/0/Config/sys/apps/log/log-MjAyNC0wMy0zMQ== .txt

MD5 baf5f38f6c34ced9c900aa4c76e4f86b
SHA1 7ebdbcf971d608d78bc085b1284172a839054dd0
SHA256 e27f1f1b43c3e4af7847826214e84f81174a5eb6fc14ff7d70ff2abfc37f8734
SHA512 9ca4e264ca0320e7963d9b55bc3527971c7b7270fadd99235f338ec11ae632dc5c9f8b1dc75e05da2e43b6c46768ae06769518cd7acda8280ffd4520be040e07

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-31 14:52

Reported

2024-03-31 14:58

Platform

android-x64-arm64-20240221-en

Max time kernel

5s

Max time network

309s

Command Line

splash.app.main

Signatures

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by remote views services to bind with the system. Allows apps to share and display views across different processes. android.permission.BIND_REMOTEVIEWS N/A N/A
Required by telecom connection services to bind with the system. Allows apps to manage phone call aspects such as call setup and notifications. android.permission.BIND_TELECOM_CONNECTION_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to access any geographic locations persisted in the user's shared collection. android.permission.ACCESS_MEDIA_LOCATION N/A N/A
Allows an application to read image or video files from external storage that a user has selected via the permission prompt photo picker. android.permission.READ_MEDIA_VISUAL_USER_SELECTED N/A N/A
Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to access any geographic locations persisted in the user's shared collection. android.permission.ACCESS_MEDIA_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Required to be able to connect to paired Bluetooth devices. android.permission.BLUETOOTH_CONNECT N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Processes

splash.app.main

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.178.14:443 tcp
BE 64.233.184.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 outdoor-mailed.gl.at.ply.gg udp
US 147.185.221.19:13031 outdoor-mailed.gl.at.ply.gg tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
GB 216.58.213.14:443 android.apis.google.com tcp
GB 216.58.213.14:443 android.apis.google.com tcp
GB 216.58.213.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 66.102.1.84:443 accounts.google.com tcp
US 147.185.221.19:13031 outdoor-mailed.gl.at.ply.gg tcp
US 1.1.1.1:53 oqlokhn udp
US 1.1.1.1:53 orltvkjwisxxu udp
US 1.1.1.1:53 xmwjziekjomrcf udp
US 147.185.221.19:13031 outdoor-mailed.gl.at.ply.gg tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp

Files

/storage/emulated/0/.base.apk

MD5 8c5a8a5543509a20f79de96ac53fe4e5
SHA1 6a58abfecf85940811517d6b44a2abeb4b4514dc
SHA256 eb19c045b8a70e71e69c8773a96656ed17f6ff4ab8fd3d1e2d4f3cbc0ccc4b54
SHA512 523bc59e9acea6907fc57ab26b019b9fbd9e138f708aabc8fd4d5585f24e0a45ae7a877dadc22c51e24a863a849f4f4d29e4b8f36a9ee6eb22e2a852117dbdcf