bazarloader | 3536b711dfea2d1500ffddcb26d38544face161e623c09f50d58d6ad6e985093

General

Target

3536b711dfea2d1500ffddcb26d38544face161e623c09f50d58d6ad6e985093
Size

11.6MB
MD5

d9b4b799efd041e06b1f845956363f12
SHA1

82150261b44cca1600086bd70f04bffbd6732beb
SHA256

3536b711dfea2d1500ffddcb26d38544face161e623c09f50d58d6ad6e985093
SHA512

186ef8ffb3513ad83fce78fa5f19c4838f18423ec0f78d8d0339e67c7332e83815db28f7b7fb800ebc7ef341da7456c557c2ae829d2951f0798a4edf7492c105
SSDEEP

196608:JDtDvvSzkP/8NsB/OAOonMuLWPm3NGUSDxyKmQR/nS+Sxk1nCJ5Q/+bVSy1FcJ:dtDvl/KshOAO30S+NGUcoQJVg5Q+bVSb

Score

10^/10

Malware Config

Signatures

Bazar/Team9 Loader payload 1 IoCs

resource	yara_rule
sample	BazarLoaderVar5

Bazarloader family
bazarloader

Requests dangerous framework permissions 4 IoCs

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE

Files

3536b711dfea2d1500ffddcb26d38544face161e623c09f50d58d6ad6e985093
.apk android arch:arm arch:x86

com.frostwire.android

com.frostwire.android.gui.activities.MainActivity

Activities

com.frostwire.android.gui.activities.MainActivity

android.intent.action.MAIN
android.intent.action.MUSIC_PLAYER
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.SEND

com.andrew.apollo.ui.activities.AudioPlayerActivity

android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
com.frostwire.android.AUDIO_PLAYER
android.intent.action.PICK

com.andrew.apollo.ui.activities.ShortcutActivity

android.media.action.MEDIA_PLAY_FROM_SEARCH

com.andrew.apollo.ui.activities.SearchActivity

android.intent.action.SEARCH
android.intent.action.MEDIA_SEARCH

Permissions

android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_MULTICAST_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.INTERNET
android.permission.SET_WALLPAPER
android.permission.VIBRATE
android.permission.WAKE_LOCK
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WRITE_SETTINGS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.READ_PHONE_STATE
android.permission.BROADCAST_STICKY
com.android.launcher.permission.INSTALL_SHORTCUT
android.permission.GET_TASKS
android.permission.READ_EXTERNAL_STORAGE

Receivers

com.inmobi.commons.analytics.androidsdk.IMAdTrackerReceiver

com.android.vending.INSTALL_REFERRER
android.net.conn.CONNECTIVITY_CHANGE
com.inmobi.share.id

com.frostwire.android.gui.services.EngineBroadcastReceiver

android.intent.action.BOOT_COMPLETED

com.andrew.apollo.MediaButtonIntentReceiver

android.intent.action.MEDIA_BUTTON
android.media.AUDIO_BECOMING_NOISY

Services

Android Permissions

3536b711dfea2d1500ffddcb26d38544face161e623c09f50d58d6ad6e985093

Permissions

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.CHANGE_NETWORK_STATE

android.permission.CHANGE_WIFI_MULTICAST_STATE

android.permission.CHANGE_WIFI_STATE

android.permission.INTERNET

android.permission.SET_WALLPAPER

android.permission.VIBRATE

android.permission.WAKE_LOCK

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.WRITE_SETTINGS

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.READ_PHONE_STATE

android.permission.BROADCAST_STICKY

com.android.launcher.permission.INSTALL_SHORTCUT

android.permission.GET_TASKS

android.permission.READ_EXTERNAL_STORAGE

Sharing

General

Malware Config

Signatures

Files

com.frostwire.android

com.frostwire.android.gui.activities.MainActivity

Activities

com.frostwire.android.gui.activities.MainActivity

com.andrew.apollo.ui.activities.AudioPlayerActivity

com.andrew.apollo.ui.activities.ShortcutActivity

com.andrew.apollo.ui.activities.SearchActivity

Permissions

Receivers

com.inmobi.commons.analytics.androidsdk.IMAdTrackerReceiver

com.frostwire.android.gui.services.EngineBroadcastReceiver

com.andrew.apollo.MediaButtonIntentReceiver

Services

Android Permissions

3536b711dfea2d1500ffddcb26d38544face161e623c09f50d58d6ad6e985093