b87029fbd588acc12d8603adf950b562_JaffaCakes118

General

Target

b87029fbd588acc12d8603adf950b562_JaffaCakes118
Size

13.6MB
MD5

b87029fbd588acc12d8603adf950b562
SHA1

48af4a4389165670d7442345fd29f8f3827f5939
SHA256

425cb9541b9533320c7b003fe6f0854f27695d3540d6f8202b333203b2610ca6
SHA512

7eeed9d046cc85e568e6a9f20eec8e37817cff08fd4853fb549a9d701f4c241a1864adfbab33378492659d56f4a2eaf3197a520448d183eed8e66c261cf4f801
SSDEEP

393216:C9zhWzG1c7fpG6AkTf6qnNejTN1HRBBpPZfZAkPQ:G6pG6Bb6y2RzhxY

Score

6^/10

Malware Config

Signatures

Declares services with permission to bind to the system 3 IoCs

description	ioc
Required by VPN services to bind with the system. Allows apps to provision VPN services.	android.permission.BIND_VPN_SERVICE
Required by VPN services to bind with the system. Allows apps to provision VPN services.	android.permission.BIND_VPN_SERVICE
Required by quick settings tile services to bind with the system. Allows apps to add custom tiles to the quick settings menu.	android.permission.BIND_QUICK_SETTINGS_TILE

Requests dangerous framework permissions 5 IoCs

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to collect component usage statistics.	android.permission.PACKAGE_USAGE_STATS

Files

b87029fbd588acc12d8603adf950b562_JaffaCakes118
.apk android arch:arm64 arch:arm arch:mips arch:x86 arch:x64

com.vpn.powervpn

com.vpn.power.MainActivity

Activities

com.vpn.power.MainActivity

android.intent.action.MAIN

de.blinkt.openvpn.api.GrantPermissionsActivity

android.intent.action.MAIN

de.blinkt.openvpn.api.ConfirmDialog

android.intent.action.MAIN

de.blinkt.openvpn.activities.ConfigConverter

android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW

de.blinkt.openvpn.LaunchVPN

android.intent.action.MAIN

de.blinkt.openvpn.activities.CreateShortcuts

android.intent.action.CREATE_SHORTCUT

Permissions

android.permission.INTERNET
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.VIBRATE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WAKE_LOCK
com.android.vending.BILLING
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.ACCESS_FINE_LOCATION
android.permission.READ_PHONE_STATE
android.permission.GET_TASKS
android.permission.REAL_GET_TASKS
android.permission.PACKAGE_USAGE_STATS

Receivers

com.mediated.ads.BootReciever

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON

com.google.android.gms.analytics.AnalyticsReceiver

com.google.android.gms.analytics.ANALYTICS_DISPATCH

de.blinkt.openvpn.OnBootReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.MY_PACKAGE_REPLACED

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.facebook.sdk.ACTION_CURRENT_ACCESS_TOKEN_CHANGED

Services

de.blinkt.openvpn.core.OpenVPNService

android.net.VpnService

de.blinkt.openvpn.api.ExternalOpenVPNService

de.blinkt.openvpn.api.IOpenVPNAPIService

de.blinkt.openvpn.OpenVPNTileService

android.service.quicksettings.action.QS_TILE

Android Permissions

b87029fbd588acc12d8603adf950b562_JaffaCakes118

Permissions

android.permission.INTERNET

android.permission.ACCESS_WIFI_STATE

android.permission.ACCESS_NETWORK_STATE

android.permission.VIBRATE

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.WAKE_LOCK

com.android.vending.BILLING

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.READ_EXTERNAL_STORAGE

android.permission.ACCESS_FINE_LOCATION

android.permission.READ_PHONE_STATE

android.permission.GET_TASKS

android.permission.REAL_GET_TASKS

android.permission.PACKAGE_USAGE_STATS

Sharing

General

Malware Config

Signatures

Files

com.vpn.powervpn

com.vpn.power.MainActivity

Activities

com.vpn.power.MainActivity

de.blinkt.openvpn.api.GrantPermissionsActivity

de.blinkt.openvpn.api.ConfirmDialog

de.blinkt.openvpn.activities.ConfigConverter

de.blinkt.openvpn.LaunchVPN

de.blinkt.openvpn.activities.CreateShortcuts

Permissions

Receivers

com.mediated.ads.BootReciever

com.google.android.gms.analytics.AnalyticsReceiver

de.blinkt.openvpn.OnBootReceiver

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

Services

de.blinkt.openvpn.core.OpenVPNService

de.blinkt.openvpn.api.ExternalOpenVPNService

de.blinkt.openvpn.OpenVPNTileService

Android Permissions

b87029fbd588acc12d8603adf950b562_JaffaCakes118