c1b62078694bfb475f8ee040d423c21a_JaffaCakes118

General

Target

c1b62078694bfb475f8ee040d423c21a_JaffaCakes118
Size

24.4MB
MD5

c1b62078694bfb475f8ee040d423c21a
SHA1

f1e8dabb2b6dcce2e5e949052f0cb22a45d70e3b
SHA256

c91916e88cbde8ba1db7fc4502deb07045c0dc8508c00a75485cd3a8b5381339
SHA512

d327b4d7ae4389b307355f6b47c91db2120e3cce077a4b347c810323520103707360ce2db39ac261165bcd4352c5a2deee9281880288f5850c6acf483dec674b
SSDEEP

786432:KOa7sI50loJARPNUvnSkPj7iMI6aErVKrxE0T:9aGaAtNUvn9PjGMkErVGE0T

Score

8^/10

upx

Malware Config

Signatures

Patched UPX-packed file 2 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
sample	patched_upx
sample	patched_upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx
sample	upx

Requests dangerous framework permissions 10 IoCs

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE

Files

c1b62078694bfb475f8ee040d423c21a_JaffaCakes118
.apk android arch:arm

cn.fzjj

cn.fzjj.module.logo.LogoActivity

Activities

com.tencent.tauth.AuthActivity

android.intent.action.VIEW

cn.fzjj.module.logo.LogoActivity

android.intent.action.MAIN

Permissions

android.permission.WAKE_LOCK
android.permission.INTERNET
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.CHANGE_WIFI_STATE
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
android.permission.BLUETOOTH
android.permission.BLUETOOTH_ADMIN
android.permission.CAMERA
android.permission.RECORD_AUDIO
android.permission.READ_PHONE_STATE
android.permission.WAKE_LOCK
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.VIBRATE
android.permission.GET_TASKS
android.permission.SYSTEM_ALERT_WINDOW
getui.permission.GetuiService.cn.fzjj
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.READ_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE

Receivers

com.igexin.sdk.PushReceiver

android.intent.action.BOOT_COMPLETED
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.USER_PRESENT
com.igexin.sdk.action.refreshls
android.intent.action.MEDIA_MOUNTED
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

com.igexin.download.DownloadReceiver

android.net.conn.CONNECTIVITY_CHANGE

Services

com.igexin.sdk.PushService

com.igexin.sdk.action.service.message

Android Permissions

c1b62078694bfb475f8ee040d423c21a_JaffaCakes118

Permissions

android.permission.WAKE_LOCK

android.permission.INTERNET

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_FINE_LOCATION

android.permission.CHANGE_WIFI_STATE

android.permission.ACCESS_LOCATION_EXTRA_COMMANDS

android.permission.BLUETOOTH

android.permission.BLUETOOTH_ADMIN

android.permission.CAMERA

android.permission.RECORD_AUDIO

android.permission.READ_PHONE_STATE

android.permission.WAKE_LOCK

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.VIBRATE

android.permission.GET_TASKS

android.permission.SYSTEM_ALERT_WINDOW

getui.permission.GetuiService.cn.fzjj

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.READ_EXTERNAL_STORAGE

Sharing

General

Malware Config

Signatures

Files

cn.fzjj

cn.fzjj.module.logo.LogoActivity

Activities

com.tencent.tauth.AuthActivity

cn.fzjj.module.logo.LogoActivity

Permissions

Receivers

com.igexin.sdk.PushReceiver

com.igexin.download.DownloadReceiver

Services

com.igexin.sdk.PushService

Android Permissions

c1b62078694bfb475f8ee040d423c21a_JaffaCakes118