xamalicious | e7873a1af0dd823b6b45bad331666c31561d0554f300a539a52859f03d3d4059

General

Target

e7873a1af0dd823b6b45bad331666c31561d0554f300a539a52859f03d3d4059
Size

85.7MB
MD5

0fbf430746e715af26967fc101df7188
SHA1

7c3e1827e2851fd5dad011dd6f4554954144a38c
SHA256

e7873a1af0dd823b6b45bad331666c31561d0554f300a539a52859f03d3d4059
SHA512

485a1423442c58275d10fc540cac041b8319e78a402c167181380aca71e2b83c24f7b6abbd5c69e2e8d4166308edb4a994c052ca1db0472e5a855acc3ef2cb45
SSDEEP

786432:jZXvO65pqoUOldW+d52BY06gzmc3ImVHZGV453zwXeo8ZTHMlnrAk/90EuKLm:FXW65Y+syDNuVHZ44RVrZHMRAk/90ERm

Score

10^/10

xamalicious

Malware Config

Signatures

Android Xamalicious payload 2 IoCs

Processes:

resource	yara_rule
sample	family_xamalicious
sample	family_xamalicious

Xamalicious family
xamalicious

Requests dangerous framework permissions 7 IoCs

Processes:

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Required to be able to access the camera device.	android.permission.CAMERA
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE

Files

e7873a1af0dd823b6b45bad331666c31561d0554f300a539a52859f03d3d4059
.apk android arch:arm arch:arm64

com.uhg.mobile.health4me

crc641b1c91776503e649.LoginActivity

Activities

crc641b1c91776503e649.LoginActivity

android.intent.action.MAIN
android.intent.action.VIEW

Permissions

com.google.android.providers.gsf.permission.READ_GSERVICES
android.permission.ACCESS_NETWORK_STATE
com.uhg.mobile.health4me.permission.MAPS_RECEIVE
com.google.android.c2dm.permission.RECEIVE
com.uhg.mobile.health4me.permission.C2D_MESSAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.CAMERA
android.permission.INTERNET
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.READ_EXTERNAL_STORAGE
android.permission.READ_PHONE_STATE
android.permission.CALL_PHONE
android.permission.WAKE_LOCK
android.permission.USE_FINGERPRINT
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

Receivers

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE
com.google.android.c2dm.intent.REGISTRATION
com.google.android.c2dm.intent.RECEIVE

com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver

com.android.vending.INSTALL_REFERRER

Services

crc641b1c91776503e649.AppGCMListenerService

com.google.android.c2dm.intent.RECEIVE

crc641b1c91776503e649.AppFirebaseIIDService

com.google.firebase.INSTANCE_ID_EVENT

crc641b1c91776503e649.AppFirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.google.firebase.iid.FirebaseInstanceIdService

com.google.firebase.INSTANCE_ID_EVENT

Android Permissions

e7873a1af0dd823b6b45bad331666c31561d0554f300a539a52859f03d3d4059

Permissions

com.google.android.providers.gsf.permission.READ_GSERVICES

android.permission.ACCESS_NETWORK_STATE

com.uhg.mobile.health4me.permission.MAPS_RECEIVE

com.google.android.c2dm.permission.RECEIVE

com.uhg.mobile.health4me.permission.C2D_MESSAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.CAMERA

android.permission.INTERNET

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_FINE_LOCATION

android.permission.READ_EXTERNAL_STORAGE

android.permission.READ_PHONE_STATE

android.permission.CALL_PHONE

android.permission.WAKE_LOCK

android.permission.USE_FINGERPRINT

com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

Sharing

General

Malware Config

Signatures

Files

com.uhg.mobile.health4me

crc641b1c91776503e649.LoginActivity

Activities

crc641b1c91776503e649.LoginActivity

Permissions

Receivers

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver

Services

crc641b1c91776503e649.AppGCMListenerService

crc641b1c91776503e649.AppFirebaseIIDService

crc641b1c91776503e649.AppFirebaseMessagingService

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.iid.FirebaseInstanceIdService

Android Permissions

e7873a1af0dd823b6b45bad331666c31561d0554f300a539a52859f03d3d4059