6efc61afc8f109c899323c52248517ef_JaffaCakes118

General

Target

6efc61afc8f109c899323c52248517ef_JaffaCakes118
Size

20.1MB
MD5

6efc61afc8f109c899323c52248517ef
SHA1

3ba82d7ae4afcbd57568a3bf697a08a34995cbd0
SHA256

a22f55bf28ef72e728a06e93f1646993606493c43d9c59a95ba628e3ab79aed4
SHA512

a5686193266562b3de46b950348b89c8fdf49da20b1b028ab58d9e7a8ab5d47ac3b1342dbba0aa419465f902d10ed9998d6df4df07bfe45274469f858f5a8087
SSDEEP

393216:L81NFagM+ZhyzOxyp8zA5dfZejzVsP1f3VHo4420AMaCSlbAg++z7ZtC:Lava7+ZhyzOoSBsP1/cADDz7ZE

Score

6^/10

pdf link

Malware Config

Signatures

Requests dangerous framework permissions 22 IoCs

description	ioc
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether.	android.permission.PROCESS_OUTGOING_CALLS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to record audio.	android.permission.RECORD_AUDIO

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
sample	pdf_with_link_action

Files

6efc61afc8f109c899323c52248517ef_JaffaCakes118
.apk android arch:arm64 arch:arm

com.neusoft.tax

com.neusoft.tax.WelcomeActivity

Activities

com.neusoft.tax.WelcomeActivity

android.intent.action.MAIN
android.intent.action.VIEW

com.neusoft.tax.LoginActivity

android.intent.action.VIEW

com.neusoft.tax.ReceiveNFCDataActivity

android.nfc.action.NDEF_DISCOVERED

.wxapi.WXEntryActivity

android.intent.action.VIEW

Permissions

android.permission.INTERNET
android.permission.CAMERA
android.permission.NFC
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.READ_PHONE_STATE
android.permission.INTERNET
android.permission.READ_LOGS
android.permission.CALL_PHONE
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.WAKE_LOCK
android.permission.BLUETOOTH_ADMIN
android.permission.BLUETOOTH
android.permission.RECORD_AUDIO
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_PHONE_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.GET_ACCOUNTS
android.permission.USE_CREDENTIALS
android.permission.MANAGE_ACCOUNTS
android.permission.AUTHENTICATE_ACCOUNTS
com.android.launcher.permission.READ_SETTINGS
android.permission.BROADCAST_STICKY
android.permission.WRITE_SETTINGS
android.permission.READ_EXTERNAL_STORAGE
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_PHONE_STATE
android.permission.ACCESS_WIFI_STATE
org.simalliance.openmobileapi.SMARTCARD
android.permission.NFC
android.permission.RECORD_AUDIO
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.BAIDU_LOCATION_SERVICE
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_COARSE_LOCATION
android.permission.INTERNET
android.permission.ACCES_MOCK_LOCATION
android.permission.ACCESS_FINE_LOCATION
com.android.launcher.permission.READ_SETTINGS
android.permission.WAKE_LOCK
android.permission.CHANGE_WIFI_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_GPS
android.permission.GET_TASKS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.BROADCAST_STICKY
android.permission.WRITE_SETTINGS
android.permission.PROCESS_OUTGOING_CALLS
android.permission.READ_PHONE_STATE
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.RECORD_AUDIO

Receivers

com.neusoft.tax.pull.TaxBroadcastReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.LOCALE_CHANGED
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.USER_PRESENT

.wx.AppRegister

com.tencent.mm.plugin.openapi.Intent.ACTION_REFRESH_WXAPP

Services

com.ysyc.itaxer.service.ReplyPollingService

com.ysyc.itaxer.service.ReplyPollingService

com.neusoft.tax.pull.PollingService

com.neusoft.tax.pull.PollingService
BaiduNaviSDK_Resource_v1_0_0.png
.apk android

com.baidu.navisdk

com.baidu.navi.api.MainActivity

Activities

com.baidu.navi.api.MainActivity

android.intent.action.MAIN

Android Permissions

6efc61afc8f109c899323c52248517ef_JaffaCakes118

Permissions

android.permission.INTERNET

android.permission.CAMERA

android.permission.NFC

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.MOUNT_UNMOUNT_FILESYSTEMS

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_FINE_LOCATION

android.permission.ACCESS_WIFI_STATE

android.permission.ACCESS_NETWORK_STATE

android.permission.CHANGE_WIFI_STATE

android.permission.READ_PHONE_STATE

android.permission.INTERNET

android.permission.READ_LOGS

android.permission.CALL_PHONE

android.permission.MODIFY_AUDIO_SETTINGS

android.permission.WAKE_LOCK

android.permission.BLUETOOTH_ADMIN

android.permission.BLUETOOTH

android.permission.RECORD_AUDIO

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.READ_PHONE_STATE

android.permission.CHANGE_NETWORK_STATE

android.permission.CHANGE_WIFI_STATE

android.permission.GET_ACCOUNTS

android.permission.USE_CREDENTIALS

android.permission.MANAGE_ACCOUNTS

android.permission.AUTHENTICATE_ACCOUNTS

com.android.launcher.permission.READ_SETTINGS

android.permission.BROADCAST_STICKY

android.permission.WRITE_SETTINGS

android.permission.READ_EXTERNAL_STORAGE

android.permission.KILL_BACKGROUND_PROCESSES

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.CHANGE_NETWORK_STATE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.READ_PHONE_STATE

android.permission.ACCESS_WIFI_STATE

org.simalliance.openmobileapi.SMARTCARD

android.permission.NFC

android.permission.RECORD_AUDIO

android.permission.MODIFY_AUDIO_SETTINGS

android.permission.MOUNT_UNMOUNT_FILESYSTEMS

android.permission.BAIDU_LOCATION_SERVICE

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_COARSE_LOCATION

android.permission.INTERNET

android.permission.ACCES_MOCK_LOCATION

Sharing

General

Malware Config

Signatures

Files

com.neusoft.tax

com.neusoft.tax.WelcomeActivity

Activities

com.neusoft.tax.WelcomeActivity

com.neusoft.tax.LoginActivity

com.neusoft.tax.ReceiveNFCDataActivity

.wxapi.WXEntryActivity

Permissions

Receivers

com.neusoft.tax.pull.TaxBroadcastReceiver

.wx.AppRegister

Services

com.ysyc.itaxer.service.ReplyPollingService

com.neusoft.tax.pull.PollingService

com.baidu.navisdk

com.baidu.navi.api.MainActivity

Activities

com.baidu.navi.api.MainActivity

Android Permissions

6efc61afc8f109c899323c52248517ef_JaffaCakes118