com.easy.remotechnology.ui.SplashActivity
android.intent.action.MAIN
asd.kkalive.com.daemon.activity.OnePxActivity
android.settings.INPUT_METHOD_SETTINGS
asd.kkalive.com.daemon.activity.PowerAAAASSSSActivity
android.settings.INPUT_METHOD_SETTINGS
Behavioral task
behavioral1
Sample
latamAirLines.apk
Resource
android-x86-arm-20240624-en
android-9-x86
9 signatures
180 seconds
General
-
Target
923ce041e1fd4967ef69251d6412fba7.zip
-
Size
10.2MB
-
MD5
923ce041e1fd4967ef69251d6412fba7
-
SHA1
ea1d067a6b69d7cee2cf4f86251d546b7c0a848b
-
SHA256
c3284ec2e2cde50fc39093a5066f1fbf5a137c6087fcfad1abdbf2bd677cf505
-
SHA512
db9c4ae6078bc34bddb0b4337a3d248ed796bccd5b057bcf4e49df117cb598c0c4f1013de518d177c307edfe06097b823732fb6ce21007c8f90d3d6b4170d9e6
-
SSDEEP
196608:KTbyEE+6MWPxSEn5FA93xFKgIABp9KKGRbgKvlPKCkGV5+bzSLWzolGtPH:qZErMyxSELwsgIk4Hvlwg5+b3oMtPH
Score
10/10
Malware Config
Signatures
-
GoldDigger payload 3 IoCs
resource yara_rule static1/unpack001/latamAirLines.apk family_golddigger static1/unpack001/latamAirLines.apk family_golddigger static1/unpack001/latamAirLines.apk family_golddigger -
Golddigger family
-
Declares broadcast receivers with permission to handle system events 1 IoCs
description ioc Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN -
Declares services with permission to bind to the system 2 IoCs
description ioc Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE Required by wallpaper services to bind with the system. Allows apps to provide live wallpapers. android.permission.BIND_WALLPAPER -
Requests dangerous framework permissions 19 IoCs
description ioc Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS Allows an application to read SMS messages. android.permission.READ_SMS Allows an application to receive SMS messages. android.permission.RECEIVE_SMS Allows an application to send SMS messages. android.permission.SEND_SMS Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION Required to be able to access the camera device. android.permission.CAMERA Allows an application to read the user's contacts data. android.permission.READ_CONTACTS Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM Allows an application to record audio. android.permission.RECORD_AUDIO Allows an application a broad access to external storage in scoped storage. android.permission.MANAGE_EXTERNAL_STORAGE Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE
Files
-
923ce041e1fd4967ef69251d6412fba7.zip.zip
-
latamAirLines.apk.apk android arch:arm64 arch:arm
com.gagniterni.gnoweniee
com.easy.remotechnology.ui.SplashActivity
Activities
Permissions
android.permission.BIND_ACCESSIBILITY_SERVICE
android.permission.REQUEST_DELETE_PACKAGES
android.permission.QUERY_ALL_PACKAGES
android.permission.GET_INSTALLED_APPS
android.permission.VIBRATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.GRANT_RUNTIME_PERMISSIONS
android.permission.READ_SYNC_STATS
android.permission.READ_SYNC_SETTINGS
android.permission.READ_PRIVILEGED_PHONE_STATE
android.permission.DISABLE_KEYGUARD
android.permission.WAKE_LOCK
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WRITE_SETTINGS
android.permission.FOREGROUND_SERVICE
android.permission.READ_SMS
android.permission.RECEIVE_SMS
android.permission.SEND_SMS
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.USE_FULL_SCREEN_INTENT
android.permission.SET_WALLPAPER
android.permission.CALL_PHONE
android.permission.INTERNET
android.permission.BATTERY_STATS
android.permission.REORDER_TASKS
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_BACKGROUND_LOCATION
android.permission.CAMERA
android.permission.READ_CONTACTS
android.permission.WRITE_CONTACTS
android.permission.AUTHENTICATE_ACCOUNTS
android.permission.GET_ACCOUNTS
android.permission.WRITE_SYNC_SETTINGS
android.permission.SCHEDULE_EXACT_ALARM
android.permission.SYSTEM_OVERLAY_WINDOW
android.permission.USE_EXACT_ALARM
android.permission.FOREGROUND_SERVICE_DATA_SYNC
android.permission.RECORD_AUDIO
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.MANAGE_EXTERNAL_STORAGE
android.permission.READ_PHONE_STATE
com.gagniterni.gnoweniee.backtrace.warmed_up
com.gagniterni.gnoweniee.manual.dump
com.gagniterni.gnoweniee.matrix.permission.PROCESS_SUPERVISOR
Receivers
com.easy.remotechnology.ui.GlobalBroadcast
com.yiwuzhibo.show.dialog
com.yiwuzhibo.close.dialog
asd.fgh.component.PackageReceiver
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED
android.intent.action.PACKAGE_FULLY_REMOVED
android.intent.action.PACKAGE_CHANGED
android.intent.action.PACKAGE_DATA_CLEARED
android.intent.action.PACKAGE_INSTALL
android.intent.action.PACKAGE_FIRST_LAUNCH
android.intent.action.PACKAGE_NEEDS_VERIFICATION
android.intent.action.PACKAGE_RESTARTED
android.intent.action.PACKAGE_VERIFIED
android.intent.action.PACKAGES_SUSPENDED
android.intent.action.PACKAGES_UNSUSPENDED
android.intent.action.MANAGE_PACKAGE_STORAGE
android.intent.action.MY_PACKAGE_REPLACED
android.intent.action.MY_PACKAGE_SUSPENDED
android.intent.action.MY_PACKAGE_UNSUSPENDED
asd.fgh.component.SystemListenerReceiver
android.intent.action.BOOT_COMPLETED
android.intent.action.LOCKED_BOOT_COMPLETED
android.intent.action.QUICK_CLOCK
android.intent.action.TIMEZONE_CHANGED
android.intent.action.TIME_SET
android.intent.action.MY_PACKAGE_REPLACED
android.appwidget.action.APPWIDGET_UPDATE
miui.appwidget.action.APPWIDGET_UPDATE
asd.fgh.thaw.TR
android.intent.action.SCREEN_OFF
android.intent.action.SCREEN_ON
asd.fgh.widget.WidgetLiWu
android.appwidget.action.APPWIDGET_UPDATE
asd.fgh.widget.WidgetHongBao
android.appwidget.action.APPWIDGET_UPDATE
asd.fgh.widget.WidgetJinBi
android.appwidget.action.APPWIDGET_UPDATE
asd.fgh.widget.WidgetFuDai
android.appwidget.action.APPWIDGET_UPDATE
asd.fgh.widget.WidgetBaoXiang
android.appwidget.action.APPWIDGET_UPDATE
asd.fgh.provider.MyPocReceiver
asd.fgh.provider
asd.fgh.component.R0
com.asdfgh.rec
com.fg.rec.0
android.appwidget.action.APPWIDGET_UPDATE
miui.appwidget.action.APPWIDGET_UPDATE
asd.fgh.component.R1
com.asdfgh.rec
com.fg.rec.1
asd.fgh.component.NotificationRecerver
com.gagniterni.gnowenieefg.notification.del.action
asd.fgh.component.AutoBootReceiver
android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_TICK
android.intent.action.MY_PACKAGE_REPLACED
android.net.conn.CONNECTIVITY_CHANGE
asd.kkalive.com.daemon.receiver.BootSSSReceiver
android.intent.action.BOOT_COMPLETED
asd.kkalive.com.daemon.receiver.DeviceReceiver
android.app.action.DEVICE_ADMIN_ENABLED
android.intent.action.BOOT_COMPLETED
asd.kkdaemon.receiver.AutoBootReceiver
android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_TICK
android.intent.action.MY_PACKAGE_REPLACED
android.net.conn.CONNECTIVITY_CHANGE
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy
android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW
androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy
android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK
androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy
android.net.conn.CONNECTIVITY_CHANGE
androidx.work.impl.background.systemalarm.RescheduleReceiver
android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED
androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver
androidx.work.impl.background.systemalarm.UpdateProxies
androidx.work.impl.diagnostics.DiagnosticsReceiver
androidx.work.diagnostics.REQUEST_DIAGNOSTICS
Services
com.easy.remotechnology.service.FocusService
android.accessibilityservice.AccessibilityService
com.easy.remotechnology.service.RemoteService
com.action.myapp.need.switch
com.fg.test.B
com.fg.remote
asd.fgh.provider.MR2Service
android.media.MediaRoute2ProviderService
asd.fgh.provider.TempForegroundService
android.media.MediaRoute2ProviderService
asd.fgh.provider.NewProcessService
android.media.MediaRoute2ProviderService
asd.fgh.account.AuthenticatorService
android.accounts.AccountAuthenticator
asd.fgh.account.SyncService
android.content.SyncAdapter
asd.fgh.wallpaper.LiveWallpaperService
android.service.wallpaper.WallpaperService
asd.kkalive.com.daemon.sync.service.AuthService
android.accounts.AccountAuthenticator
asd.kkalive.com.daemon.sync.service.AuthService1
android.accounts.AccountAuthenticator
asd.kkdaemon.component.RunService
com.gagniterni.gnoweniee.monitor.bindService
com.blankj.utilcode.util.MessengerUtils$ServerService
com.gagniterni.gnoweniee.messenger