8505b3d47098ce76052456fbe97846a0_JaffaCakes118

General

Target

8505b3d47098ce76052456fbe97846a0_JaffaCakes118
Size

22.7MB
MD5

8505b3d47098ce76052456fbe97846a0
SHA1

85573c20328d8fe032a254650e6c162a1da2314c
SHA256

ee23e686dd90e9b46d042a5cd0b78214baddb0102bdc321200acd89cd60b203f
SHA512

7758a999a5613d1b30db6ef03ff44d51f75f8a9765feff0e6d360036cb48586f15af8cfbf6c4df17c96652f4cc32c98f4e2af02895aae112964cf4444c0c1922
SSDEEP

393216:eZl7bJMixxZSVe/HQV8FKe9VT8Jjce4T8JjcenT8Jjce/NNxc9LFBtmUR12ZFF:o+ixxqYHfFV8JjceS8JjceT8Jjce1Nxh

Score

6^/10

Malware Config

Signatures

Requests dangerous framework permissions 10 IoCs

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Required to be able to access the camera device.	android.permission.CAMERA
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS

Files

8505b3d47098ce76052456fbe97846a0_JaffaCakes118
.apk android arch:arm

com.xr.gzb

com.uzmap.pkg.EntranceActivity

Activities

com.uzmap.pkg.EntranceActivity

android.intent.action.MAIN
android.intent.action.VIEW

cn.jpush.android.ui.PushActivity

cn.jpush.android.ui.PushActivity

com.tencent.smtt.sdk.VideoActivity

com.tencent.smtt.tbs.video.PLAY

Permissions

android.permission.READ_LOGS
android.permission.INTERNET
com.huawei.android.launcher.permission.CHANGE_BADGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.WAKE_LOCK
android.permission.VIBRATE
android.permission.CAMERA
android.permission.READ_PHONE_STATE
android.permission.RECORD_AUDIO
android.permission.FLASHLIGHT
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.BLUETOOTH_ADMIN
android.permission.BLUETOOTH
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.RECEIVE_USER_PRESENT
android.permission.SYSTEM_ALERT_WINDOW
android.permission.SYSTEM_OVERLAY_WINDOW
com.xr.gzb.permission.JPUSH_MESSAGE
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.CHANGE_NETWORK_STATE
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_SETTINGS
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS

Receivers

com.uzmap.pkg.uzapp.UPExtraBridge

android.intent.action.BOOT_COMPLETED
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_ADDED
com.android.vending.INSTALL_REFERRER
android.intent.action.DOWNLOAD_COMPLETE
android.intent.action.DOWNLOAD_NOTIFICATION_CLICKED
android.intent.apicloud.notification

cn.jpush.android.service.PushReceiver

cn.jpush.android.intent.NOTIFICATION_RECEIVED_PROXY
android.intent.action.USER_PRESENT
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED

com.open.apicloud.jpush.JPushReceiver

cn.jpush.android.intent.REGISTRATION
cn.jpush.android.intent.MESSAGE_RECEIVED
cn.jpush.android.intent.NOTIFICATION_RECEIVED
cn.jpush.android.intent.NOTIFICATION_OPENED
cn.jpush.android.intent.CONNECTION

Services

cn.jpush.android.service.PushService

cn.jpush.android.intent.REGISTER
cn.jpush.android.intent.REPORT
cn.jpush.android.intent.PushService
cn.jpush.android.intent.PUSH_TIME

cn.jpush.android.service.DaemonService

cn.jpush.android.intent.DaemonService
UPPayPluginEx.apk
.apk android arch:x64 arch:arm64 arch:arm arch:mips arch:x86

com.unionpay.uppay

com.unionpay.uppay.PayActivity

Activities

com.unionpay.uppay.PayActivity

android.intent.action.Run
android.intent.action.VIEW

Permissions

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_PHONE_STATE
android.permission.ACCESS_WIFI_STATE
org.simalliance.openmobileapi.SMARTCARD
com.tencent.mtt.extension.Player
android.webkit.permission.PLUGIN
android.permission.RECORD_AUDIO
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.NFC

Services

com.UCMobile.PayPlugin.PayPluginService

android.webkit.PLUGIN

Android Permissions

8505b3d47098ce76052456fbe97846a0_JaffaCakes118

Permissions

android.permission.READ_LOGS

android.permission.INTERNET

com.huawei.android.launcher.permission.CHANGE_BADGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_FINE_LOCATION

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.CHANGE_WIFI_STATE

android.permission.WAKE_LOCK

android.permission.VIBRATE

android.permission.CAMERA

android.permission.READ_PHONE_STATE

android.permission.RECORD_AUDIO

android.permission.FLASHLIGHT

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.BLUETOOTH_ADMIN

android.permission.BLUETOOTH

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.RECEIVE_USER_PRESENT

android.permission.SYSTEM_ALERT_WINDOW

android.permission.SYSTEM_OVERLAY_WINDOW

com.xr.gzb.permission.JPUSH_MESSAGE

android.permission.MOUNT_UNMOUNT_FILESYSTEMS

android.permission.CHANGE_NETWORK_STATE

android.permission.MODIFY_AUDIO_SETTINGS

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_SETTINGS

android.permission.ACCESS_LOCATION_EXTRA_COMMANDS

Sharing

General

Malware Config

Signatures

Files

com.xr.gzb

com.uzmap.pkg.EntranceActivity

Activities

com.uzmap.pkg.EntranceActivity

cn.jpush.android.ui.PushActivity

com.tencent.smtt.sdk.VideoActivity

Permissions

Receivers

com.uzmap.pkg.uzapp.UPExtraBridge

cn.jpush.android.service.PushReceiver

com.open.apicloud.jpush.JPushReceiver

Services

cn.jpush.android.service.PushService

cn.jpush.android.service.DaemonService

com.unionpay.uppay

com.unionpay.uppay.PayActivity

Activities

com.unionpay.uppay.PayActivity

Permissions

Services

com.UCMobile.PayPlugin.PayPluginService

Android Permissions

8505b3d47098ce76052456fbe97846a0_JaffaCakes118