xamalicious | 114-1[.]apk

General

Target

114-1.apk
Size

14.1MB
MD5

a3d4e51edb653cdb33883229cd432d00
SHA1

89a03c75e1269bb89df6c1e4b55a97ce69569ae5
SHA256

cc5ba183ca686b45e37b903de57063d98c97914cddf0db2feaec70ce0d6f96b6
SHA512

356f6332f2b996c9218f32891611b27dc070e16124a426d714c92104eecfcba5c009c5977e99ac5800c6316777432787d831d4643a89de6f8090c4d74d2237f6
SSDEEP

196608:U5SKj7zfdgAKQX7IBoex0BHQ7BOnhQrQM3rWwXa1Y/sec7S9i53m2/kh/Rgy:zW7T2A/7u5aBqB0kQeqSU57n5r/ksy

Score

10^/10

xamalicious

Malware Config

Signatures

Android Xamalicious payload 1 IoCs

Processes:

resource	yara_rule
sample	family_xamalicious

Xamalicious family
xamalicious

Declares broadcast receivers with permission to handle system events 1 IoCs

Processes:

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Requests dangerous framework permissions 8 IoCs

Processes:

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS

Files

114-1.apk
.apk android arch:arm

insepet.skydroid

crc64a46eb5e3728e09cf.MainActivity

Activities

crc64a46eb5e3728e09cf.FakeLauncherActivity

android.intent.action.MAIN

crc64a46eb5e3728e09cf.MainActivity

android.intent.action.MAIN

Permissions

android.permission.INTERNET
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_FINE_LOCATION
android.permission.READ_PHONE_STATE
android.permission.FLASHLIGHT
android.permission.CAMERA
SkyDroid.SkyService
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WAKE_LOCK
android.permission.BIND_DEVICE_ADMIN
android.permission.INSTALL_PACKAGES
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.ACCESS_NETWORK_STATE
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.CHANGE_WIFI_STATE
android.permission.REBOOT
android.permission.BLUETOOTH
android.permission.ACCESS_COARSE_LOCATION
android.permission.NFC
android.permission.WRITE_SETTINGS
android.permission.BLUETOOTH_ADMIN
android.permission.FOREGROUND_SERVICE

Receivers

insepet.skydroid.DeviceAdmin

android.app.action.DEVICE_ADMIN_ENABLED
android.intent.action.MAIN

Services

Android Permissions

114-1.apk

Permissions

android.permission.INTERNET

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.ACCESS_WIFI_STATE

android.permission.ACCESS_FINE_LOCATION

android.permission.READ_PHONE_STATE

android.permission.FLASHLIGHT

android.permission.CAMERA

SkyDroid.SkyService

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.WAKE_LOCK

android.permission.BIND_DEVICE_ADMIN

android.permission.INSTALL_PACKAGES

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.ACCESS_NETWORK_STATE

android.permission.KILL_BACKGROUND_PROCESSES

android.permission.CHANGE_WIFI_STATE

android.permission.REBOOT

android.permission.BLUETOOTH

android.permission.ACCESS_COARSE_LOCATION

android.permission.NFC

android.permission.WRITE_SETTINGS

android.permission.BLUETOOTH_ADMIN

android.permission.FOREGROUND_SERVICE

Sharing

General

Malware Config

Signatures

Files

insepet.skydroid

crc64a46eb5e3728e09cf.MainActivity

Activities

crc64a46eb5e3728e09cf.FakeLauncherActivity

crc64a46eb5e3728e09cf.MainActivity

Permissions

Receivers

insepet.skydroid.DeviceAdmin

Services

Android Permissions

114-1.apk