8542b5822e9963cb389038cc0e39ee31_JaffaCakes118

General

Target

8542b5822e9963cb389038cc0e39ee31_JaffaCakes118
Size

16.4MB
MD5

8542b5822e9963cb389038cc0e39ee31
SHA1

2d90bedc08f38e2089a465a20b986680f4b8d623
SHA256

c3bced0951d866d0d4ae28be285f61304107368f367b2575ba84283c26dcff5c
SHA512

471e1061244b2332e27601905e4da2e4b030bb6fe2cf51944fd103fc6f2926cbdd55983ee6fb13e79090af8f859a0db4f603cb2ea22a02481fc7b224ce1fdcd5
SSDEEP

393216:ZaNO0G+bDXXK5rO62yhKk4AFw5yy5VNYn3Q5rXMbf79jlZCrp22VDWsn:ZTB+HQpLL4AFwU+6wMbfZ52p220G

Score

6^/10

Malware Config

Signatures

Declares services with permission to bind to the system 1 IoCs

description	ioc
Required by VPN services to bind with the system. Allows apps to provision VPN services.	android.permission.BIND_VPN_SERVICE

Requests dangerous framework permissions 3 IoCs

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION

Files

8542b5822e9963cb389038cc0e39ee31_JaffaCakes118
.apk android arch:arm arch:x86

com.citrix.Receiver

com.citrix.client.WelcomeScreen.WelcomeScreen

Activities

com.citrix.client.WelcomeScreen.WelcomeScreen

android.intent.action.MAIN

com.citrix.client.urihandlers.CreateProfileUriHandler

android.intent.action.VIEW

com.citrix.client.pnagent.PNAgentHomeShortcutUriResolver

android.intent.action.VIEW

com.citrix.client.MimeHandler.SdtidFileHandler

android.intent.action.VIEW

com.citrix.client.MimeHandler.CRFileHandler

android.intent.action.VIEW

com.citrix.client.MimeHandler.XmlFileHandler

android.intent.action.VIEW

com.citrix.client.softtoken.RSATokenFileHandler

android.intent.action.VIEW

com.citrix.client.search.ReceiverSearchActivity

android.intent.action.SEARCH

com.citrix.client.MimeHandler.IcaFileHandler

android.intent.action.VIEW
android.intent.action.VIEW

Permissions

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.VIBRATE
android.permission.WRITE_EXTERNAL_STORAGE
com.android.launcher.permission.INSTALL_SHORTCUT
android.permission.RECORD_AUDIO
android.permission.ACCESS_FINE_LOCATION
android.permission.BLUETOOTH_ADMIN
android.permission.BLUETOOTH
android.permission.ACCESS_WIFI_STATE
com.citrix.Receiver.permission.RECEIVER_ACCESS
com.citrix.mam.permission.MANAGED_APP_ACCESS

Receivers

com.citrix.client.widget.WidgetProvider

android.appwidget.action.APPWIDGET_UPDATE

com.citrix.client.deliveryservices.mam.broadcast.PackageBroadcast

android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED

Services

Android Permissions

8542b5822e9963cb389038cc0e39ee31_JaffaCakes118

Permissions

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.VIBRATE

android.permission.WRITE_EXTERNAL_STORAGE

com.android.launcher.permission.INSTALL_SHORTCUT

android.permission.RECORD_AUDIO

android.permission.ACCESS_FINE_LOCATION

android.permission.BLUETOOTH_ADMIN

android.permission.BLUETOOTH

android.permission.ACCESS_WIFI_STATE

com.citrix.Receiver.permission.RECEIVER_ACCESS

com.citrix.mam.permission.MANAGED_APP_ACCESS

Sharing

General

Malware Config

Signatures

Files

com.citrix.Receiver

com.citrix.client.WelcomeScreen.WelcomeScreen

Activities

com.citrix.client.WelcomeScreen.WelcomeScreen

com.citrix.client.urihandlers.CreateProfileUriHandler

com.citrix.client.pnagent.PNAgentHomeShortcutUriResolver

com.citrix.client.MimeHandler.SdtidFileHandler

com.citrix.client.MimeHandler.CRFileHandler

com.citrix.client.MimeHandler.XmlFileHandler

com.citrix.client.softtoken.RSATokenFileHandler

com.citrix.client.search.ReceiverSearchActivity

com.citrix.client.MimeHandler.IcaFileHandler

Permissions

Receivers

com.citrix.client.widget.WidgetProvider

com.citrix.client.deliveryservices.mam.broadcast.PackageBroadcast

Services

Android Permissions

8542b5822e9963cb389038cc0e39ee31_JaffaCakes118