cmuydpxi.hwupsjzv.qzxdepji.ui.SplashActivity
android.intent.action.MAIN
asd.kkalive.com.daemon.activity.OnePxActivity
android.settings.INPUT_METHOD_SETTINGS
asd.kkalive.com.daemon.activity.PowerAAAASSSSActivity
android.settings.INPUT_METHOD_SETTINGS
Behavioral task
behavioral1
Sample
9e00e23077fd90ab4fc5cd98375591161bf8508fc959265605c47b10efa2a73d.apk
Resource
android-x86-arm-20240624-en
android-9-x86
8 signatures
150 seconds
General
-
Target
6270c107c32174763caf5ee3013abb96.bin
-
Size
13.4MB
-
MD5
14be9ac5aad597ad129e5ebde3ee3c7a
-
SHA1
f3f3ee4e6596d2637fb1acf606c7d5febce4deee
-
SHA256
c07fac1761889432546b464bc97c892ce7219b90c88e2e7cccd89bbd49893cda
-
SHA512
d914cdc49f3851779d88962915e8a575ce16e92265632f8469ae652c2a711c8cba503cde506893a8b13836eedcbc06521fc0360fa1ec87b8246b6cfe4c19d262
-
SSDEEP
196608:MkSE2Z3qGdVRP4FsSpY56AOhM+XI7O5UwwqW0cViFcMG+l7I5ym07ZYBVRKxPs4l:MQ4jdVRP4FsSm6dlwkmYGHA9YBVRKxEg
Score
10/10
Malware Config
Signatures
-
Gigabud family
-
Gigabud payload 1 IoCs
resource yara_rule static1/unpack001/9e00e23077fd90ab4fc5cd98375591161bf8508fc959265605c47b10efa2a73d.apk family_gigabud -
GoldDigger payload 5 IoCs
resource yara_rule static1/unpack001/9e00e23077fd90ab4fc5cd98375591161bf8508fc959265605c47b10efa2a73d.apk family_golddigger static1/unpack001/9e00e23077fd90ab4fc5cd98375591161bf8508fc959265605c47b10efa2a73d.apk family_golddigger static1/unpack001/9e00e23077fd90ab4fc5cd98375591161bf8508fc959265605c47b10efa2a73d.apk family_golddigger static1/unpack001/9e00e23077fd90ab4fc5cd98375591161bf8508fc959265605c47b10efa2a73d.apk family_golddigger static1/unpack001/9e00e23077fd90ab4fc5cd98375591161bf8508fc959265605c47b10efa2a73d.apk family_golddigger -
Golddigger family
-
Declares broadcast receivers with permission to handle system events 1 IoCs
description ioc Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN -
Declares services with permission to bind to the system 2 IoCs
description ioc Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE Required by wallpaper services to bind with the system. Allows apps to provide live wallpapers. android.permission.BIND_WALLPAPER -
Requests dangerous framework permissions 18 IoCs
description ioc Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS Allows an application to read SMS messages. android.permission.READ_SMS Allows an application to receive SMS messages. android.permission.RECEIVE_SMS Allows an application to send SMS messages. android.permission.SEND_SMS Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION Required to be able to access the camera device. android.permission.CAMERA Allows an application to read the user's contacts data. android.permission.READ_CONTACTS Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM Allows an application to record audio. android.permission.RECORD_AUDIO Allows an application a broad access to external storage in scoped storage. android.permission.MANAGE_EXTERNAL_STORAGE Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE
Files
-
6270c107c32174763caf5ee3013abb96.bin.zip
Password: infected
-
9e00e23077fd90ab4fc5cd98375591161bf8508fc959265605c47b10efa2a73d.apk.apk android arch:arm arch:arm64
Password: infected
com.aa.bb
cmuydpxi.hwupsjzv.qzxdepji.ui.SplashActivity
Activities
Permissions
android.permission.BIND_ACCESSIBILITY_SERVICE
android.permission.REQUEST_DELETE_PACKAGES
android.permission.QUERY_ALL_PACKAGES
android.permission.GET_INSTALLED_APPS
android.permission.VIBRATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.GRANT_RUNTIME_PERMISSIONS
android.permission.READ_SYNC_STATS
android.permission.READ_SYNC_SETTINGS
android.permission.READ_PRIVILEGED_PHONE_STATE
android.permission.DISABLE_KEYGUARD
android.permission.WAKE_LOCK
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WRITE_SETTINGS
android.permission.FOREGROUND_SERVICE
android.permission.READ_SMS
android.permission.RECEIVE_SMS
android.permission.SEND_SMS
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.USE_FULL_SCREEN_INTENT
android.permission.SET_WALLPAPER
android.permission.CALL_PHONE
android.permission.INTERNET
android.permission.BATTERY_STATS
android.permission.REORDER_TASKS
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_BACKGROUND_LOCATION
android.permission.CAMERA
android.permission.READ_CONTACTS
android.permission.AUTHENTICATE_ACCOUNTS
android.permission.GET_ACCOUNTS
android.permission.WRITE_SYNC_SETTINGS
android.permission.SCHEDULE_EXACT_ALARM
android.permission.SYSTEM_OVERLAY_WINDOW
android.permission.USE_EXACT_ALARM
android.permission.FOREGROUND_SERVICE_DATA_SYNC
android.permission.RECORD_AUDIO
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.MANAGE_EXTERNAL_STORAGE
android.permission.READ_PHONE_STATE
Receivers
cmuydpxi.hwupsjzv.qzxdepji.ui.GlobalBroadcast
gaofukdc.jbhodlyu.show.dialog
gaofukdc.jbhodlyu.close.dialog
asd.fgh.component.PackageReceiver
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED
android.intent.action.PACKAGE_FULLY_REMOVED
android.intent.action.PACKAGE_CHANGED
android.intent.action.PACKAGE_DATA_CLEARED
android.intent.action.PACKAGE_INSTALL
android.intent.action.PACKAGE_FIRST_LAUNCH
android.intent.action.PACKAGE_NEEDS_VERIFICATION
android.intent.action.PACKAGE_RESTARTED
android.intent.action.PACKAGE_VERIFIED
android.intent.action.PACKAGES_SUSPENDED
android.intent.action.PACKAGES_UNSUSPENDED
android.intent.action.MANAGE_PACKAGE_STORAGE
android.intent.action.MY_PACKAGE_REPLACED
android.intent.action.MY_PACKAGE_SUSPENDED
android.intent.action.MY_PACKAGE_UNSUSPENDED
asd.fgh.component.SystemListenerReceiver
android.intent.action.BOOT_COMPLETED
android.intent.action.LOCKED_BOOT_COMPLETED
android.intent.action.QUICK_CLOCK
android.intent.action.TIMEZONE_CHANGED
android.intent.action.TIME_SET
android.intent.action.MY_PACKAGE_REPLACED
android.appwidget.action.APPWIDGET_UPDATE
miui.appwidget.action.APPWIDGET_UPDATE
asd.fgh.thaw.TR
android.intent.action.SCREEN_OFF
android.intent.action.SCREEN_ON
asd.fgh.widget.WidgetLiWu
android.appwidget.action.APPWIDGET_UPDATE
asd.fgh.widget.WidgetHongBao
android.appwidget.action.APPWIDGET_UPDATE
asd.fgh.widget.WidgetJinBi
android.appwidget.action.APPWIDGET_UPDATE
asd.fgh.widget.WidgetFuDai
android.appwidget.action.APPWIDGET_UPDATE
asd.fgh.widget.WidgetBaoXiang
android.appwidget.action.APPWIDGET_UPDATE
asd.fgh.provider.MyPocReceiver
asd.fgh.provider
asd.fgh.component.R0
com.asdfgh.rec
com.fg.rec.0
android.appwidget.action.APPWIDGET_UPDATE
miui.appwidget.action.APPWIDGET_UPDATE
asd.fgh.component.R1
com.asdfgh.rec
com.fg.rec.1
asd.fgh.component.NotificationRecerver
com.aa.bbfg.notification.del.action
asd.fgh.component.ActionReceiver
android.intent.action.BOOT_COMPLETED
android.intent.action.ACTION_SHUTDOWN
android.intent.action.ACTION_REBOOT
android.intent.action.SCREEN_OFF
android.intent.action.SCREEN_ON
android.intent.action.USER_PRESENT
android.intent.action.LOCKED_BOOT_COMPLETED
android.intent.action.MEDIA_MOUNTED
jpush_adapter_wakeup
android.intent.action.EVENT_REMINDER
android.hardware.usb.action.USB_STATE
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.net.conn.CONNECTIVITY_CHANGE
android.net.wifi.WIFI_STATE_CHANGED
android.net.wifi.STATE_CHANGE
com.app.startrecevice
android.intent.action.TIME_TICK
android.intent.action.TIMEZONE_CHANGED
android.intent.action.QUICKBOOT_POWERON
com.htc.intent.action.QUICKBOOT_POWERON
android.intent.action.MY_PACKAGE_REPLACED
asd.fgh.component.AutoBootReceiver
android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_TICK
android.intent.action.MY_PACKAGE_REPLACED
android.net.conn.CONNECTIVITY_CHANGE
asd.kkalive.com.daemon.receiver.BootSSSReceiver
android.intent.action.BOOT_COMPLETED
asd.kkalive.com.daemon.receiver.DeviceReceiver
android.app.action.DEVICE_ADMIN_ENABLED
android.intent.action.BOOT_COMPLETED
asd.kkdaemon.receiver.AutoBootReceiver
android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_TICK
android.intent.action.MY_PACKAGE_REPLACED
android.net.conn.CONNECTIVITY_CHANGE
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy
android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW
androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy
android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK
androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy
android.net.conn.CONNECTIVITY_CHANGE
androidx.work.impl.background.systemalarm.RescheduleReceiver
android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED
androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver
androidx.work.impl.background.systemalarm.UpdateProxies
androidx.work.impl.diagnostics.DiagnosticsReceiver
androidx.work.diagnostics.REQUEST_DIAGNOSTICS
Services
cmuydpxi.hwupsjzv.qzxdepji.service.FocusService
android.accessibilityservice.AccessibilityService
com.fg.test.B
com.fg.remote
asd.fgh.provider.MR2Service
android.media.MediaRoute2ProviderService
asd.fgh.provider.TempForegroundService
android.media.MediaRoute2ProviderService
asd.fgh.provider.NewProcessService
android.media.MediaRoute2ProviderService
asd.fgh.account.AuthenticatorService
android.accounts.AccountAuthenticator
asd.fgh.account.SyncService
android.content.SyncAdapter
asd.fgh.wallpaper.LiveWallpaperService
android.service.wallpaper.WallpaperService
asd.kkalive.com.daemon.sync.service.AuthService
android.accounts.AccountAuthenticator
asd.kkalive.com.daemon.sync.service.AuthService1
android.accounts.AccountAuthenticator
asd.kkdaemon.component.RunService
com.aa.bb.monitor.bindService
com.blankj.utilcode.util.MessengerUtils$ServerService
com.aa.bb.messenger