com.jersey.gybbpabtniopoetzeacrkmlxdhuvgpvnwtahmsaxmtnaltfrgf2.MainActivity
android.intent.action.MAIN
com.jersey.gybbpabtniopoetzeacrkmlxdhuvgpvnwtahmsaxmtnaltfrgf2.CameraActvity
com.jersey.fisheries.xyz
Behavioral task
behavioral1
Sample
kaspersky.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral2
Sample
kaspersky.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
kaspersky.apk
Resource
android-33-x64-arm64-20240624-en
Target
kaspersky-aid.zip
Size
3.6MB
MD5
124a3499e3d12cef76bcb439981291f0
SHA1
3ebd6fa388e717be4971fe6fe285d1cdb86d909d
SHA256
ade4e9a428d4c9fd1c1ac4eba0cb0f3d2c84aed19a3cefec01a99faa0ff8cc02
SHA512
9579231f239e85cbba44cb37dff85df16524b7d74c13ef5afc5b1c974c3d3035225230007f9404fe73d596c54b5d3d5fbf0c71a9b66064a4370567b53a26abf1
SSDEEP
49152:5ftea/ZQDEqa5I1cHz81ERuQJmbIFNnjuA/jqTHAsEuH0gRhfDOEA/5Tt5/x363H:cs5A1ERuumMNjEHTE/gRBot58pN4g
Processes:
| resource | yara_rule |
|---|---|
| static1/unpack001/kaspersky.apk | family_spynote |
Processes:
| description | ioc |
|---|---|
| Required by device admin receivers to bind with the system. Allows apps to manage device administration features. | android.permission.BIND_DEVICE_ADMIN |
Processes:
| description | ioc |
|---|---|
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE |
| Required by VPN services to bind with the system. Allows apps to provision VPN services. | android.permission.BIND_VPN_SERVICE |
| Required by input method services to bind with the system. Allows apps to provide custom input methods (keyboards). | android.permission.BIND_INPUT_METHOD |
Processes:
| description | ioc |
|---|---|
| Allows an application to send SMS messages. | android.permission.SEND_SMS |
| Allows an application to read SMS messages. | android.permission.READ_SMS |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS |
| Required to be able to access the camera device. | android.permission.CAMERA |
| Allows an application to record audio. | android.permission.RECORD_AUDIO |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES |
android.intent.action.MAIN
com.jersey.fisheries.xyz
android.permission.SEND_SMS
android.permission.SET_WALLPAPER
android.permission.READ_SMS
android.permission.READ_CALL_LOG
android.permission.READ_CONTACTS
android.permission.GET_ACCOUNTS
android.permission.CAMERA
android.permission.RECORD_AUDIO
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.CALL_PHONE
android.permission.DISABLE_KEYGUARD
android.permission.FOREGROUND_SERVICE
android.permission.READ_EXTERNAL_STORAGE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.RECEIVE_BOOT_COMPLETED
oppo.permission.OPPO_COMPONENT_SAFE
oplus.permission.OPLUS_COMPONENT_SAFE
com.huawei.permission.external_app_settings.USE_COMPONENT
android.permission.INTERNET
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_PHONE_STATE
android.permission.WAKE_LOCK
com.android.alarm.permission.SET_ALARM
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.REQUEST_DELETE_PACKAGES
android.permission.USE_FULL_SCREEN_INTENT
com.jersey.fisheries.RestartSensor
android.intent.action.BOOT_COMPLETED
android.intent.action.ACTION_BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
com.htc.intent.action.QUICKBOOT_POWERON
android.intent.action.REBOOT
android.intent.action.LOCKED_BOOT_COMPLETED
miui.intent.action.BOOT_COMPLETEDT
android.intent.action.PACKAGE_INSTALL
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_CHANGED
android.intent.action.MY_PACKAGE_REPLACED
android.intent.action.SCREEN_ON
android.intent.action.SCREEN_OFF
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.intent.action.USER_PRESENT
android.intent.action.DATE_CHANGED
android.app.action.DEVICE_ADMIN_ENABLED
android.accessibilityservice.AccessibilityService
android.net.VpnService
android.view.InputMethod