ccd5761cdd3f09e10ad1e5ebbdaabfeb[.]zip

General

Target

ccd5761cdd3f09e10ad1e5ebbdaabfeb.zip
Size

13.2MB
MD5

0626542bf650064de3ab3027185197b4
SHA1

5d7b2c682fecae20eabfd7d441952ecb18a0774d
SHA256

ec3f9b1a975721c46c7b425564b71a8fb3f65dd06bd3e5eefcadb7c94c0522c6
SHA512

c2063a4ab997eac800e00a87608c33abe40ecb6374f0400bb4a22be54b70ba49217cc0a11f74cf3324deea3ea6318dfe970590c08f0c117ef03336c2bea2f418
SSDEEP

393216:laWi4Rt61awdp8vgEZyPIrAQoJbkDCNR56W2:l9iwcaw/w0P4ANf5T2

Score

6^/10

Malware Config

Signatures

Requests dangerous framework permissions 9 IoCs

description	ioc
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Required to be able to access the camera device.	android.permission.CAMERA

Files

ccd5761cdd3f09e10ad1e5ebbdaabfeb.zip
.zip

Password: infected
4727a5013f4c53eeaba6320d78ea9d93db42a9adaf66b05572c922071a8a2fbf
.apk android arch:arm

Password: infected

com.appbyme.app279461

com.mobcent.discuz.activity.SplashActivity

Activities

com.mobcent.discuz.activity.SplashActivity

android.intent.action.MAIN
android.intent.action.VIEW

com.mobcent.share.activity.ShareActivity

com.sina.weibo.sdk.action.ACTION_SDK_REQ_ACTIVITY

com.tencent.tauth.AuthActivity

android.intent.action.VIEW

com.tencent.smtt.sdk.VideoActivity

com.tencent.smtt.tbs.video.PLAY

com.android.service.ui.LockPushMsg

com.android.service.ui.lockpushmsg

Permissions

android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_PHONE_STATE
android.permission.INTERNET
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.READ_LOGS
android.permission.SET_WALLPAPER
android.permission.WAKE_LOCK
android.permission.BAIDU_LOCATION_SERVICE
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.CHANGE_WIFI_STATE
android.permission.RECORD_AUDIO
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.UNINSTALL_SHORTCUT
android.permission.GET_TASKS
android.permission.VIBRATE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WRITE_SETTINGS
android.permission.RECEIVE_USER_PRESENT
android.permission.ACCESS_DOWNLOAD_MANAGER
android.permission.DOWNLOAD_WITHOUT_NOTIFICATION
android.permission.DISABLE_KEYGUARD
android.permission.EXPAND_STATUS_BAR
android.permission.READ_EXTERNAL_STORAGE
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.CAMERA

Receivers

com.mobcent.os.receiver.PhoneReceiver

android.intent.action.PHONE_STATE
android.intent.action.NEW_OUTGOING_CALL

com.mobcent.os.receiver.DownReceiver

android.intent.action.DOWNLOAD_COMPLETE

com.mobcent.os.receiver.DownFailedReceiver

com.appbyme.app279461.com.mobcent.os.receiver.DownFailedReceiver

com.mobcent.os.receiver.ApkInstallReceiver

android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED

com.xiaoyun.app.android.ui.module.msg.helper.RongIMPushReceiver

io.rong.push.intent.MESSAGE_ARRIVED
io.rong.push.intent.MI_MESSAGE_ARRIVED
io.rong.push.intent.MESSAGE_CLICKED
io.rong.push.intent.MI_MESSAGE_CLICKED

io.rong.push.PushReceiver

io.rong.push.intent.action.HEART_BEAT
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.BOOT_COMPLETED
android.intent.action.USER_PRESENT
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

com.baidu.android.pushservice.PushServiceReceiver

android.intent.action.BOOT_COMPLETED
android.net.conn.CONNECTIVITY_CHANGE
com.baidu.android.pushservice.action.notification.SHOW
com.baidu.android.pushservice.action.media.CLICK
android.intent.action.MEDIA_MOUNTED
android.intent.action.USER_PRESENT
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

com.baidu.android.pushservice.RegistrationReceiver

com.baidu.android.pushservice.action.METHOD
com.baidu.android.pushservice.action.BIND_SYNC
android.intent.action.PACKAGE_REMOVED

com.mobcent.os.receiver.BdPushMessageReceiver

com.baidu.android.pushservice.action.MESSAGE
com.baidu.android.pushservice.action.RECEIVE
com.baidu.android.pushservice.action.notification.CLICK

Services

com.baidu.android.pushservice.PushService

com.baidu.android.pushservice.action.PUSH_SERVICE

com.android.service.KeepService

com.android.service.KeepService

com.android.service.KeepAliveService

com.android.service.KeepAliveService

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

com.appbyme.app279461

com.mobcent.discuz.activity.SplashActivity

Activities

com.mobcent.discuz.activity.SplashActivity

com.mobcent.share.activity.ShareActivity

com.tencent.tauth.AuthActivity

com.tencent.smtt.sdk.VideoActivity

com.android.service.ui.LockPushMsg

Permissions

Receivers

com.mobcent.os.receiver.PhoneReceiver

com.mobcent.os.receiver.DownReceiver

com.mobcent.os.receiver.DownFailedReceiver

com.mobcent.os.receiver.ApkInstallReceiver

com.xiaoyun.app.android.ui.module.msg.helper.RongIMPushReceiver

io.rong.push.PushReceiver

com.baidu.android.pushservice.PushServiceReceiver

com.baidu.android.pushservice.RegistrationReceiver

com.mobcent.os.receiver.BdPushMessageReceiver

Services

com.baidu.android.pushservice.PushService

com.android.service.KeepService

com.android.service.KeepAliveService