eqetdhbk.hdwmofly.lbublzcp.ui.SplashActivity
android.intent.action.MAIN
asd.kkalive.com.daemon.activity.OnePxActivity
android.settings.INPUT_METHOD_SETTINGS
asd.kkalive.com.daemon.activity.PowerAAAASSSSActivity
android.settings.INPUT_METHOD_SETTINGS
Behavioral task
behavioral1
Sample
8e8e4472aac3ecc96dd5b8b6bbf8f7e4015fa763e12c4b51af38b5fdff4a0436.apk
Resource
android-x86-arm-20240624-en
android-9-x86
7 signatures
150 seconds
General
-
Target
5c4882a7a66c0dfb2fe3814c08bf669e.bin
-
Size
11.5MB
-
MD5
c023fd47afee4567ad736019ef458658
-
SHA1
6583b735d64de5c84a0d72e1e657c3d2f8351dc5
-
SHA256
29d6baab55d67bc412a4eb98ba2f3cd2e5c7c171c08f8e79f29f85813a4348a7
-
SHA512
f1cf40d52008eb4d82d526089e8bd1bad3b972ffe0e23ce1dc049efe74cf229e1c61c4783c79dec1540a7f094a6ee47a2fa1df24f298895e299f4ecc4fbb8dca
-
SSDEEP
196608:/Rf3bM7n7h8vzMSPwRHrPqM1P+BD0GXen6soD+smP+pZDuHd4ed5xHTUfTLbDppL:pI0ASPwNrPPMBDjxDlmmTjYRT+DX
Score
10/10
Malware Config
Signatures
-
Gigabud family
-
Gigabud payload 1 IoCs
resource yara_rule static1/unpack001/8e8e4472aac3ecc96dd5b8b6bbf8f7e4015fa763e12c4b51af38b5fdff4a0436.apk family_gigabud -
GoldDigger payload 5 IoCs
resource yara_rule static1/unpack001/8e8e4472aac3ecc96dd5b8b6bbf8f7e4015fa763e12c4b51af38b5fdff4a0436.apk family_golddigger static1/unpack001/8e8e4472aac3ecc96dd5b8b6bbf8f7e4015fa763e12c4b51af38b5fdff4a0436.apk family_golddigger static1/unpack001/8e8e4472aac3ecc96dd5b8b6bbf8f7e4015fa763e12c4b51af38b5fdff4a0436.apk family_golddigger static1/unpack001/8e8e4472aac3ecc96dd5b8b6bbf8f7e4015fa763e12c4b51af38b5fdff4a0436.apk family_golddigger static1/unpack001/8e8e4472aac3ecc96dd5b8b6bbf8f7e4015fa763e12c4b51af38b5fdff4a0436.apk family_golddigger -
Golddigger family
-
Declares broadcast receivers with permission to handle system events 1 IoCs
description ioc Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN -
Declares services with permission to bind to the system 2 IoCs
description ioc Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE Required by wallpaper services to bind with the system. Allows apps to provide live wallpapers. android.permission.BIND_WALLPAPER -
Requests dangerous framework permissions 19 IoCs
description ioc Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS Allows an application to read SMS messages. android.permission.READ_SMS Allows an application to receive SMS messages. android.permission.RECEIVE_SMS Allows an application to send SMS messages. android.permission.SEND_SMS Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION Required to be able to access the camera device. android.permission.CAMERA Allows an application to read the user's contacts data. android.permission.READ_CONTACTS Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM Allows an application to record audio. android.permission.RECORD_AUDIO Allows an application a broad access to external storage in scoped storage. android.permission.MANAGE_EXTERNAL_STORAGE Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE
Files
-
5c4882a7a66c0dfb2fe3814c08bf669e.bin.zip
Password: infected
-
8e8e4472aac3ecc96dd5b8b6bbf8f7e4015fa763e12c4b51af38b5fdff4a0436.apk.apk android arch:arm arch:arm64
Password: infected
com.aa.bb
eqetdhbk.hdwmofly.lbublzcp.ui.SplashActivity
Activities
Permissions
android.permission.BIND_ACCESSIBILITY_SERVICE
android.permission.REQUEST_DELETE_PACKAGES
android.permission.QUERY_ALL_PACKAGES
android.permission.GET_INSTALLED_APPS
android.permission.VIBRATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.GRANT_RUNTIME_PERMISSIONS
android.permission.READ_SYNC_STATS
android.permission.READ_SYNC_SETTINGS
android.permission.READ_PRIVILEGED_PHONE_STATE
android.permission.DISABLE_KEYGUARD
android.permission.WAKE_LOCK
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WRITE_SETTINGS
android.permission.FOREGROUND_SERVICE
android.permission.READ_SMS
android.permission.RECEIVE_SMS
android.permission.SEND_SMS
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.USE_FULL_SCREEN_INTENT
android.permission.SET_WALLPAPER
android.permission.CALL_PHONE
android.permission.INTERNET
android.permission.BATTERY_STATS
android.permission.REORDER_TASKS
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_BACKGROUND_LOCATION
android.permission.CAMERA
android.permission.READ_CONTACTS
android.permission.WRITE_CONTACTS
android.permission.AUTHENTICATE_ACCOUNTS
android.permission.GET_ACCOUNTS
android.permission.WRITE_SYNC_SETTINGS
android.permission.SCHEDULE_EXACT_ALARM
android.permission.SYSTEM_OVERLAY_WINDOW
android.permission.USE_EXACT_ALARM
android.permission.FOREGROUND_SERVICE_DATA_SYNC
android.permission.RECORD_AUDIO
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.MANAGE_EXTERNAL_STORAGE
android.permission.READ_PHONE_STATE
com.aa.bb.backtrace.warmed_up
com.aa.bb.manual.dump
com.aa.bb.matrix.permission.PROCESS_SUPERVISOR
Receivers
eqetdhbk.hdwmofly.lbublzcp.ui.GlobalBroadcast
vwsnaxjv.ubeiamuw.show.dialog
vwsnaxjv.ubeiamuw.close.dialog
asd.fgh.component.PackageReceiver
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED
android.intent.action.PACKAGE_FULLY_REMOVED
android.intent.action.PACKAGE_CHANGED
android.intent.action.PACKAGE_DATA_CLEARED
android.intent.action.PACKAGE_INSTALL
android.intent.action.PACKAGE_FIRST_LAUNCH
android.intent.action.PACKAGE_NEEDS_VERIFICATION
android.intent.action.PACKAGE_RESTARTED
android.intent.action.PACKAGE_VERIFIED
android.intent.action.PACKAGES_SUSPENDED
android.intent.action.PACKAGES_UNSUSPENDED
android.intent.action.MANAGE_PACKAGE_STORAGE
android.intent.action.MY_PACKAGE_REPLACED
android.intent.action.MY_PACKAGE_SUSPENDED
android.intent.action.MY_PACKAGE_UNSUSPENDED
asd.fgh.component.SystemListenerReceiver
android.intent.action.BOOT_COMPLETED
android.intent.action.LOCKED_BOOT_COMPLETED
android.intent.action.QUICK_CLOCK
android.intent.action.TIMEZONE_CHANGED
android.intent.action.TIME_SET
android.intent.action.MY_PACKAGE_REPLACED
android.appwidget.action.APPWIDGET_UPDATE
miui.appwidget.action.APPWIDGET_UPDATE
asd.fgh.thaw.TR
android.intent.action.SCREEN_OFF
android.intent.action.SCREEN_ON
asd.fgh.widget.WidgetLiWu
android.appwidget.action.APPWIDGET_UPDATE
asd.fgh.widget.WidgetHongBao
android.appwidget.action.APPWIDGET_UPDATE
asd.fgh.widget.WidgetJinBi
android.appwidget.action.APPWIDGET_UPDATE
asd.fgh.widget.WidgetFuDai
android.appwidget.action.APPWIDGET_UPDATE
asd.fgh.widget.WidgetBaoXiang
android.appwidget.action.APPWIDGET_UPDATE
asd.fgh.provider.MyPocReceiver
asd.fgh.provider
asd.fgh.component.R0
com.asdfgh.rec
com.fg.rec.0
android.appwidget.action.APPWIDGET_UPDATE
miui.appwidget.action.APPWIDGET_UPDATE
asd.fgh.component.R1
com.asdfgh.rec
com.fg.rec.1
asd.fgh.component.NotificationRecerver
com.aa.bbfg.notification.del.action
asd.fgh.component.AutoBootReceiver
android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_TICK
android.intent.action.MY_PACKAGE_REPLACED
android.net.conn.CONNECTIVITY_CHANGE
asd.kkalive.com.daemon.receiver.BootSSSReceiver
android.intent.action.BOOT_COMPLETED
asd.kkalive.com.daemon.receiver.DeviceReceiver
android.app.action.DEVICE_ADMIN_ENABLED
android.intent.action.BOOT_COMPLETED
asd.kkdaemon.receiver.AutoBootReceiver
android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_TICK
android.intent.action.MY_PACKAGE_REPLACED
android.net.conn.CONNECTIVITY_CHANGE
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy
android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW
androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy
android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK
androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy
android.net.conn.CONNECTIVITY_CHANGE
androidx.work.impl.background.systemalarm.RescheduleReceiver
android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED
androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver
androidx.work.impl.background.systemalarm.UpdateProxies
androidx.work.impl.diagnostics.DiagnosticsReceiver
androidx.work.diagnostics.REQUEST_DIAGNOSTICS
Services
eqetdhbk.hdwmofly.lbublzcp.service.FocusService
android.accessibilityservice.AccessibilityService
eqetdhbk.hdwmofly.lbublzcp.service.RemoteService
com.action.myapp.need.switch
com.fg.test.B
com.fg.remote
asd.fgh.provider.MR2Service
android.media.MediaRoute2ProviderService
asd.fgh.provider.TempForegroundService
android.media.MediaRoute2ProviderService
asd.fgh.provider.NewProcessService
android.media.MediaRoute2ProviderService
asd.fgh.account.AuthenticatorService
android.accounts.AccountAuthenticator
asd.fgh.account.SyncService
android.content.SyncAdapter
asd.fgh.wallpaper.LiveWallpaperService
android.service.wallpaper.WallpaperService
asd.kkalive.com.daemon.sync.service.AuthService
android.accounts.AccountAuthenticator
asd.kkalive.com.daemon.sync.service.AuthService1
android.accounts.AccountAuthenticator
asd.kkdaemon.component.RunService
com.aa.bb.monitor.bindService
com.blankj.utilcode.util.MessengerUtils$ServerService
com.aa.bb.messenger