samsung[.]apk | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

samsung.apk
Size

10.5MB
MD5

5791c3af37f8e78432345ce974faee13
SHA1

f5845fe0748e814a52dc89214de728f9bd1decd0
SHA256

751d8019a05b7b3ae112ea3ec983a11122aa65d5a499a86c1f23343667ed4bdd
SHA512

852db2088bf950c0c3e0add6e8857e930c4da61533032220d83197a6214dc2692ac55a489778e08f9f955abd58f603517629756399f86911e92f8baf3c13153b
SSDEEP

196608:GAsDympsd6pXJkxNCj2ZkDBUk9BPDT9AE+FXYeL7WRLydT:GFew6uXMNC6aDBUsAD5YeLaRLK

Score

6^/10

Malware Config

Signatures

Declares broadcast receivers with permission to handle system events 1 IoCs

Processes:

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Declares services with permission to bind to the system 2 IoCs

Processes:

description	ioc
Required by input method services to bind with the system. Allows apps to provide custom input methods (keyboards).	android.permission.BIND_INPUT_METHOD
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device.	android.permission.BIND_NOTIFICATION_LISTENER_SERVICE

Requests dangerous framework permissions 13 IoCs

Processes:

description	ioc
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read the user's call log.	android.permission.READ_CALL_LOG
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether.	android.permission.PROCESS_OUTGOING_CALLS
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to collect component usage statistics.	android.permission.PACKAGE_USAGE_STATS

Files

samsung.apk
.apk android arch:arm arch:x86

net.soti.mobicontrol.elm.samsung

net.soti.mobicontrol.startup.SplashActivity

Activities

net.soti.mobicontrol.startup.SplashActivity

android.intent.action.MAIN

net.soti.mobicontrol.ui.ActivateAdminActivity

net.soti.mobicontrol.elm.samsung.DEVICE_ADMIN
net.soti.mobicontrol.elm.samsung.REACTIVATE_DEVICE_ADMIN

net.soti.mobicontrol.ui.CredentialStoragePasswordActivity

net.soti.mobicontrol.CREDENTIAL_PASSWORD

net.soti.mobicontrol.ui.GenericAndroidCertInstallerActivity

net.soti.mobicontrol.CERTIFICATE_INSTALL

net.soti.mobicontrol.ui.MessageBoxDialogActivity

net.soti.mobicontrol.elm.samsung.DISPLAY_MESSAGE_BOX

net.soti.mobicontrol.tnc.TcActivity

net.soti.mobicontrol.elm.samsung.DISPLAY_TNC

net.soti.mobicontrol.lockdown.kiosk.KioskActivity

android.intent.action.MAIN

net.soti.mobicontrol.lockdown.kiosk.FakeHomeActivity

android.intent.action.MAIN

net.soti.mobicontrol.lockdown.notification.NotificationActivity

net.soti.mobicontrol.VIEW_NOTIFICATIONS

net.soti.mobicontrol.ui.InteractiveChangeDevicePasswordActivity

net.soti.mobicontrol.CHANGE_DEVICE_PASSWORD

net.soti.mobicontrol.ui.wifi.ApListActivity

net.soti.mobicontrol.CONFIGURE_WIFI

net.soti.mobicontrol.ui.AdminModeDialogActivity

net.soti.mobicontrol.admin.PASSWORD_DIALOG

net.soti.mobicontrol.common.kickoff.services.EnrollmentKickoffActivity

net.soti.mobicontrol.ENROLLMENT_KICKOFF_ACTIVITY

net.soti.mobicontrol.auth.SsoTokenReceiver

android.intent.action.VIEW

net.soti.mobiscan.ui.camera.CameraActivity

net.soti.mobiscan.SCAN_CAMERA

net.soti.mobiscan.ui.scanner.ScannerActivity

net.soti.mobiscan.SCAN_IMAGER

Permissions

android.permission.sec.MDM_LICENSE_LOG
android.permission.sec.MDM_ENTERPRISE_SSO
android.permission.sec.MDM_ENTERPRISE_ISL
android.permission.sec.MDM_ENTERPRISE_CONTAINER
android.permission.sec.MDM_AUDIT_LOG
android.permission.sec.MDM_CERTIFICATE
android.permission.sec.MDM_SEANDROID
android.permission.sec.MDM_SMARTCARD
android.permission.sec.ENTERPRISE_MOUNT_UNMOUNT_ENCRYPT
android.permission.sec.ENTERPRISE_CONTAINER
com.mocana.vpn.android.permission.MOCANA_VPN_SERVICE
com.sec.enterprise.knox.permission.KNOX_ATTESTATION
com.android.launcher.permission.READ_SETTINGS
com.android.launcher.permission.WRITE_SETTINGS
com.sec.enterprise.knox.KNOX_GENERIC_VPN
com.sec.enterprise.knox.KNOX_CONTAINER_VPN
com.sec.enterprise.knox.permission.KNOX_ENTERPRISE_BILLING
net.soti.mobicontrol.permission.MIGRATION
android.permission.BLUETOOTH
android.permission.BLUETOOTH_ADMIN
android.permission.CAMERA
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.MODIFY_PHONE_STATE
android.permission.CHANGE_COMPONENT_ENABLED_STATE
android.permission.NFC
android.permission.WRITE_SECURE_SETTINGS
android.permission.WRITE_SETTINGS
android.permission.MANAGE_NETWORK_POLICY
android.permission.MODIFY_NETWORK_ACCOUNTING
android.permission.READ_NETWORK_USAGE_HISTORY
android.permission.CONNECTIVITY_INTERNAL
android.permission.CHANGE_BACKGROUND_DATA_SETTING
android.permission.MANAGE_USB
android.permission.BACKUP
android.permission.BIND_DEVICE_ADMIN
android.permission.GET_TASKS
android.permission.VIBRATE
android.permission.INTERNET
android.permission.READ_CONTACTS
android.permission.READ_CALL_LOG
android.permission.READ_PHONE_STATE
android.permission.INJECT_EVENTS
android.permission.READ_FRAME_BUFFER
android.permission.ACCESS_SURFACE_FLINGER
android.permission.GET_PACKAGE_SIZE
android.permission.FORCE_STOP_PACKAGES
android.permission.CLEAR_APP_USER_DATA
android.permission.REBOOT
android.permission.SHUTDOWN
android.permission.SET_TIME
android.permission.SET_TIME_ZONE
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WRITE_MEDIA_STORAGE
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.OVERRIDE_WIFI_CONFIG
android.permission.ACCESS_FINE_LOCATION
android.permission.WRITE_APN_SETTINGS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.BATTERY_STATS
android.permission.CHANGE_NETWORK_STATE
android.permission.WAKE_LOCK
android.permission.GET_ACCOUNTS
android.permission.INSTALL_PACKAGES
android.permission.DELETE_PACKAGES
android.permission.CALL_PHONE
android.permission.PROCESS_OUTGOING_CALLS
android.permission.READ_SYNC_SETTINGS
android.permission.WRITE_SYNC_SETTINGS
android.permission.EXPAND_STATUS_BAR
android.permission.STATUS_BAR
android.permission.INTERACT_ACROSS_USERS_FULL
android.permission.CHANGE_CONFIGURATION
android.permission.MANAGE_USERS
android.permission.DEVICE_POWER
android.permission.SYSTEM_ALERT_WINDOW
android.permission.SET_WALLPAPER
android.permission.MANAGE_DEVICE_ADMINS
net.soti.mobicontrol.elm.samsung.permission.C2D_MESSAGE
com.google.android.c2dm.permission.RECEIVE
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.UNINSTALL_SHORTCUT
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.MOUNT_FORMAT_FILESYSTEMS
android.permission.RESTART_PACKAGES
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.sec.MDM_APP_MGMT
android.permission.sec.MDM_WIFI
android.permission.sec.MDM_BLUETOOTH
android.permission.sec.MDM_ROAMING
android.permission.sec.MDM_HW_CONTROL
android.permission.sec.MDM_EXCHANGE
android.permission.sec.MDM_APN
android.permission.sec.MDM_SECURITY
android.permission.sec.MDM_REMOTE_CONTROL
android.permission.sec.MDM_RESTRICTION
android.permission.sec.MDM_LOCATION
android.permission.sec.MDM_EMAIL
android.permission.sec.MDM_VPN
android.permission.sec.MDM_KIOSK_MODE
android.permission.sec.MDM_FIREWALL
android.permission.sec.MDM_ENTERPRISE_VPN
android.permission.sec.MDM_PHONE_RESTRICTION
android.permission.sec.ENTERPRISE_DEVICE_ADMIN
android.permission.sec.MDM_DATE_TIME
android.permission.sec.MDM_BROWSER_SETTINGS
android.permission.sec.MDM_APP_BACKUP
android.permission.sec.MDM_LOCKSCREEN
com.android.email.permission.ACCESS_PROVIDER
net.soti.mobicontrol.password.PASSWORD_OR_POLICY_CHANGED
net.soti.mobicontrol.elm.samsung.permission.RECEIVE_ALARMS
com.google.android.providers.gsf.permission.READ_GSERVICES
android.permission.MASTER_CLEAR
android.permission.PACKAGE_USAGE_STATS
android.permission.READ_LOGS
android.permission.CRYPT_KEEPER
android.permission.GET_APP_OPS_STATS
android.permission.UPDATE_APP_OPS_STATS
android.permission.SET_PREFERRED_APPLICATIONS
net.soti.mobicontrol.hardware.scanner.casio.permission.SCANNER_RESULT_RECEIVER
android.permission.BROADCAST_STICKY
android.permission.DOWNLOAD_WITHOUT_NOTIFICATION
android.permission.MANAGE_ACCOUNTS
com.huawei.permission.sec.MDM_APP_MANAGEMENT
android.permission.FLASHLIGHT
android.permission.REMOVE_TASKS
android.permission.REAL_GET_TASKS
android.permission.LOCAL_MAC_ADDRESS
android.permission.READ_PROFILE
android.permission.AUTHENTICATE_ACCOUNTS

Receivers

net.soti.mobicontrol.knox.container.KnoxContainerReceiver

enterprise.container.setup.success
enterprise.container.setup.failure
enterprise.container.cancelled
enterprise.container.locked
enterprise.container.unlocked
enterprise.container.remove.progress
enterprise.container.uninstalled
enterprise.container.created.nonactive

net.soti.mobicontrol.knox.sso.KnoxSsoServiceStatusReceiver

sso.enterprise.container.setup.success
sso.enterprise.container.disconnected

net.soti.mobicontrol.receiver.ElmBroadcastRelay

com.sec.knox.containersettings.changemode
mdm.intent.action.dump.audit.log.result
mdm.intent.action.audit.log.critical.size
mdm.intent.action.audit.log.maximum.size
mdm.intent.action.audit.log.full.size
mdm.intent.action.audit.log.exception
edm.intent.action.EMAIL_ACCOUNT_ADD_RESULT
edm.intent.action.EMAIL_ACCOUNT_DELETE_RESULT
edm.intent.certificate.action.certificate.failure
edm.intent.action.license.status
edm.intent.action.knox_license.status
com.sec.enterprise.knox.intent.action.KNOX_ATTESTATION_RESULT
edm.intent.action.EXCHANGE_ACCOUNT_ADD_RESULT
edm.intent.action.EXCHANGE_ACCOUNT_DELETE_RESULT

net.soti.mobicontrol.kme.receiver.KnoxUnifiedEnrollmentBroadcastReceiver

com.sec.enterprise.knox.intent.action.LAUNCH_APP
com.sec.enterprise.knox.intent.action.UNENROLL_FROM_UMC

net.soti.mobicontrol.vpn.SamsungGenericVpnBindReceiver

com.samsung.android.mdm.VPN_BIND_RESULT

net.soti.mobicontrol.efota.receiver.SamsungEfotaResultCodeReceiver

com.sec.enterprise.intent.action.UPDATE_FOTA_VERSION_RESULT

net.soti.mobicontrol.admin.DeviceAdminAdapter

android.app.action.DEVICE_ADMIN_ENABLED
net.soti.mobicontrol.DEVICE_ADMIN_ENABLED_INTERNAL
android.app.action.DEVICE_ADMIN_DISABLE_REQUESTED
android.app.action.PROFILE_PROVISIONING_COMPLETE
android.intent.action.ACTION_SCREEN_ON
android.intent.action.ACTION_SCREEN_OFF

net.soti.mobicontrol.broadcastreceiver.SmsReceiver

android.provider.Telephony.SMS_RECEIVED

net.soti.mobicontrol.broadcastreceiver.DelayedBroadcastReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.SIG_STR
android.net.conn.CONNECTIVITY_CHANGE
android.net.wifi.RSSI_CHANGED
android.net.wifi.WIFI_STATE_CHANGED
android.intent.action.USER_PRESENT
android.intent.action.ACTION_SHUTDOWN
android.intent.action.MEDIA_MOUNTED
android.intent.action.MEDIA_UNMOUNTED
android.intent.action.MEDIA_SCANNER_FINISHED
android.intent.action.PACKAGE_REPLACED
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_CHANGED
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.hardware.usb.action.USB_STATE

net.soti.mobicontrol.gcm.MobicontrolGCMBroadcastReceiver

com.google.android.c2dm.intent.RECEIVE
com.google.android.c2dm.intent.REGISTRATION

net.soti.mobicontrol.phone.PhoneCallReceiver

android.intent.action.NEW_OUTGOING_CALL
android.intent.action.PHONE_STATE

net.soti.mobicontrol.hardware.scanner.ScanResultReceiver

device.common.USERMSG
device.scanner.EVENT

com.google.android.apps.work.dpcsupport.AccountManagementWhitelistEnforcer$ContinuousEnforcer

android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_CHANGED

net.soti.mobicontrol.xmlstage.ZebraMXMFReadyReceiver

com.symbol.mxmf.intent.MX_FRAMEWORK_SERVICE_IS_READY

Services

net.soti.mobicontrol.MobiControlService

net.soti.mobicontrol.elm.samsung.START_SERVICE

net.soti.mobicontrol.remotecontrol.UnicodeCharInjector

android.view.InputMethod

net.soti.mobicontrol.notification.SotiStatusBarNotificationListenerService

android.service.notification.NotificationListenerService

com.google.android.apps.work.dpcsupport.ManagedConfigurationsProxy

com.android.vending.dpc.APPLICATION_RESTRICTIONS_PROXY

samsung.apk

Permissions

android.permission.sec.MDM_LICENSE_LOG

android.permission.sec.MDM_ENTERPRISE_SSO

android.permission.sec.MDM_ENTERPRISE_ISL

android.permission.sec.MDM_ENTERPRISE_CONTAINER

android.permission.sec.MDM_AUDIT_LOG

android.permission.sec.MDM_CERTIFICATE

android.permission.sec.MDM_SEANDROID

android.permission.sec.MDM_SMARTCARD

android.permission.sec.ENTERPRISE_MOUNT_UNMOUNT_ENCRYPT

android.permission.sec.ENTERPRISE_CONTAINER

com.mocana.vpn.android.permission.MOCANA_VPN_SERVICE

com.sec.enterprise.knox.permission.KNOX_ATTESTATION

com.android.launcher.permission.READ_SETTINGS

com.android.launcher.permission.WRITE_SETTINGS

com.sec.enterprise.knox.KNOX_GENERIC_VPN

com.sec.enterprise.knox.KNOX_CONTAINER_VPN

com.sec.enterprise.knox.permission.KNOX_ENTERPRISE_BILLING

net.soti.mobicontrol.permission.MIGRATION

android.permission.BLUETOOTH

android.permission.BLUETOOTH_ADMIN

android.permission.CAMERA

android.permission.MODIFY_AUDIO_SETTINGS

android.permission.MODIFY_PHONE_STATE

android.permission.CHANGE_COMPONENT_ENABLED_STATE

android.permission.NFC

android.permission.WRITE_SECURE_SETTINGS

android.permission.WRITE_SETTINGS

android.permission.MANAGE_NETWORK_POLICY

android.permission.MODIFY_NETWORK_ACCOUNTING

android.permission.READ_NETWORK_USAGE_HISTORY

android.permission.CONNECTIVITY_INTERNAL

android.permission.CHANGE_BACKGROUND_DATA_SETTING

android.permission.MANAGE_USB

android.permission.BACKUP

android.permission.BIND_DEVICE_ADMIN

android.permission.GET_TASKS

android.permission.VIBRATE

android.permission.INTERNET

android.permission.READ_CONTACTS

android.permission.READ_CALL_LOG

android.permission.READ_PHONE_STATE

android.permission.INJECT_EVENTS

android.permission.READ_FRAME_BUFFER

android.permission.ACCESS_SURFACE_FLINGER

android.permission.GET_PACKAGE_SIZE

android.permission.FORCE_STOP_PACKAGES

android.permission.CLEAR_APP_USER_DATA

android.permission.REBOOT

android.permission.SHUTDOWN

android.permission.SET_TIME

Sharing

General

Malware Config

Signatures

Files

net.soti.mobicontrol.elm.samsung

net.soti.mobicontrol.startup.SplashActivity

Activities

net.soti.mobicontrol.startup.SplashActivity

net.soti.mobicontrol.ui.ActivateAdminActivity

net.soti.mobicontrol.ui.CredentialStoragePasswordActivity

net.soti.mobicontrol.ui.GenericAndroidCertInstallerActivity

net.soti.mobicontrol.ui.MessageBoxDialogActivity

net.soti.mobicontrol.tnc.TcActivity

net.soti.mobicontrol.lockdown.kiosk.KioskActivity

net.soti.mobicontrol.lockdown.kiosk.FakeHomeActivity

net.soti.mobicontrol.lockdown.notification.NotificationActivity

net.soti.mobicontrol.ui.InteractiveChangeDevicePasswordActivity

net.soti.mobicontrol.ui.wifi.ApListActivity

net.soti.mobicontrol.ui.AdminModeDialogActivity

net.soti.mobicontrol.common.kickoff.services.EnrollmentKickoffActivity

net.soti.mobicontrol.auth.SsoTokenReceiver

net.soti.mobiscan.ui.camera.CameraActivity

net.soti.mobiscan.ui.scanner.ScannerActivity

Permissions

Receivers

net.soti.mobicontrol.knox.container.KnoxContainerReceiver

net.soti.mobicontrol.knox.sso.KnoxSsoServiceStatusReceiver

net.soti.mobicontrol.receiver.ElmBroadcastRelay

net.soti.mobicontrol.kme.receiver.KnoxUnifiedEnrollmentBroadcastReceiver

net.soti.mobicontrol.vpn.SamsungGenericVpnBindReceiver

net.soti.mobicontrol.efota.receiver.SamsungEfotaResultCodeReceiver

net.soti.mobicontrol.admin.DeviceAdminAdapter

net.soti.mobicontrol.broadcastreceiver.SmsReceiver

net.soti.mobicontrol.broadcastreceiver.DelayedBroadcastReceiver

net.soti.mobicontrol.gcm.MobicontrolGCMBroadcastReceiver

net.soti.mobicontrol.phone.PhoneCallReceiver

net.soti.mobicontrol.hardware.scanner.ScanResultReceiver

com.google.android.apps.work.dpcsupport.AccountManagementWhitelistEnforcer$ContinuousEnforcer

net.soti.mobicontrol.xmlstage.ZebraMXMFReadyReceiver

Services

net.soti.mobicontrol.MobiControlService

net.soti.mobicontrol.remotecontrol.UnicodeCharInjector

net.soti.mobicontrol.notification.SotiStatusBarNotificationListenerService

com.google.android.apps.work.dpcsupport.ManagedConfigurationsProxy

Android Permissions

samsung.apk