aAUHiRzv.KwsLIkUq.MDiwXcnm.ui.SplashActivity
android.intent.action.MAIN
asd.kkalive.com.daemon.activity.OnePxActivity
android.settings.INPUT_METHOD_SETTINGS
asd.kkalive.com.daemon.activity.PowerAAAASSSSActivity
android.settings.INPUT_METHOD_SETTINGS
Behavioral task
behavioral1
Sample
77c2f98646578536a128002614f771db9803f547ea9f2cf06f41fec132105cf5.apk
Resource
android-x86-arm-20240624-en
android-9-x86
9 signatures
150 seconds
General
-
Target
77c2f98646578536a128002614f771db9803f547ea9f2cf06f41fec132105cf5.zip
-
Size
15.8MB
-
MD5
47b47388e053af231005c3c8aab305af
-
SHA1
4a7c3a1398b2d4e876b23da98ed75cb383c05b2f
-
SHA256
2b17df948efd87c9cb4d14c4450adfd6c1151dfbed067e1ccb87552a34e0f300
-
SHA512
ebc16db4aca928f3ce9657f2990363d42fe087599c8b5f2eb565b0e6fece96c2f96e31753eed44b2d85ae2f45c805249f9aa6cb3b77d32369bf62bdf915768d3
-
SSDEEP
393216:NazxtqXui2naBXeC/GhyzK5HScqpFjabIZGDu0lYjqjs6:EzCunuOCOhyuScqpFjWIP1ujs6
Score
10/10
Malware Config
Signatures
-
GoldDigger payload 4 IoCs
resource yara_rule static1/unpack001/77c2f98646578536a128002614f771db9803f547ea9f2cf06f41fec132105cf5.apk family_golddigger static1/unpack001/77c2f98646578536a128002614f771db9803f547ea9f2cf06f41fec132105cf5.apk family_golddigger static1/unpack001/77c2f98646578536a128002614f771db9803f547ea9f2cf06f41fec132105cf5.apk family_golddigger static1/unpack001/77c2f98646578536a128002614f771db9803f547ea9f2cf06f41fec132105cf5.apk family_golddigger -
Golddigger family
-
Attempts to obfuscate APK file format
Applies obfuscation techniques to the APK format in order to hinder analysis
-
Declares broadcast receivers with permission to handle system events 1 IoCs
description ioc Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN -
Declares services with permission to bind to the system 2 IoCs
description ioc Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE Required by wallpaper services to bind with the system. Allows apps to provide live wallpapers. android.permission.BIND_WALLPAPER -
Requests dangerous framework permissions 19 IoCs
description ioc Allows an application to record audio. android.permission.RECORD_AUDIO Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS Allows an application to read SMS messages. android.permission.READ_SMS Allows an application to receive SMS messages. android.permission.RECEIVE_SMS Allows an application to send SMS messages. android.permission.SEND_SMS Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION Required to be able to access the camera device. android.permission.CAMERA Allows an application to read the user's contacts data. android.permission.READ_CONTACTS Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM Allows an application a broad access to external storage in scoped storage. android.permission.MANAGE_EXTERNAL_STORAGE Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE
Files
-
77c2f98646578536a128002614f771db9803f547ea9f2cf06f41fec132105cf5.zip.zip
Password: infected
-
77c2f98646578536a128002614f771db9803f547ea9f2cf06f41fec132105cf5.apk.apk android arch:arm64 arch:arm
Password: infected
com.sextest.test
aAUHiRzv.KwsLIkUq.MDiwXcnm.ui.SplashActivity
Activities
Permissions
android.permission.BIND_ACCESSIBILITY_SERVICE
android.permission.RECORD_AUDIO
android.permission.REQUEST_DELETE_PACKAGES
android.permission.QUERY_ALL_PACKAGES
android.permission.GET_INSTALLED_APPS
android.permission.VIBRATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.GRANT_RUNTIME_PERMISSIONS
android.permission.READ_SYNC_STATS
android.permission.READ_SYNC_SETTINGS
android.permission.READ_PRIVILEGED_PHONE_STATE
android.permission.DISABLE_KEYGUARD
android.permission.WAKE_LOCK
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WRITE_SETTINGS
android.permission.FOREGROUND_SERVICE
android.permission.READ_SMS
android.permission.RECEIVE_SMS
android.permission.SEND_SMS
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.USE_FULL_SCREEN_INTENT
android.permission.SET_WALLPAPER
android.permission.CALL_PHONE
android.permission.INTERNET
android.permission.BATTERY_STATS
android.permission.REORDER_TASKS
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_BACKGROUND_LOCATION
android.permission.CAMERA
android.permission.READ_CONTACTS
android.permission.WRITE_CONTACTS
android.permission.AUTHENTICATE_ACCOUNTS
android.permission.GET_ACCOUNTS
android.permission.WRITE_SYNC_SETTINGS
android.permission.SCHEDULE_EXACT_ALARM
android.permission.SYSTEM_OVERLAY_WINDOW
android.permission.USE_EXACT_ALARM
android.permission.FOREGROUND_SERVICE_DATA_SYNC
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.MANAGE_EXTERNAL_STORAGE
android.permission.READ_PHONE_STATE
com.sextest.test.backtrace.warmed_up
com.sextest.test.manual.dump
com.sextest.test.matrix.permission.PROCESS_SUPERVISOR
Receivers
aAUHiRzv.KwsLIkUq.MDiwXcnm.ui.GlobalBroadcast
PsegSliw.BWQnJGUa.show.dialog
PsegSliw.BWQnJGUa.close.dialog
asd.fgh.component.PackageReceiver
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED
android.intent.action.PACKAGE_FULLY_REMOVED
android.intent.action.PACKAGE_CHANGED
android.intent.action.PACKAGE_DATA_CLEARED
android.intent.action.PACKAGE_INSTALL
android.intent.action.PACKAGE_FIRST_LAUNCH
android.intent.action.PACKAGE_NEEDS_VERIFICATION
android.intent.action.PACKAGE_RESTARTED
android.intent.action.PACKAGE_VERIFIED
android.intent.action.PACKAGES_SUSPENDED
android.intent.action.PACKAGES_UNSUSPENDED
android.intent.action.MANAGE_PACKAGE_STORAGE
android.intent.action.MY_PACKAGE_REPLACED
android.intent.action.MY_PACKAGE_SUSPENDED
android.intent.action.MY_PACKAGE_UNSUSPENDED
asd.fgh.component.SystemListenerReceiver
android.intent.action.BOOT_COMPLETED
android.intent.action.LOCKED_BOOT_COMPLETED
android.intent.action.QUICK_CLOCK
android.intent.action.TIMEZONE_CHANGED
android.intent.action.TIME_SET
android.intent.action.MY_PACKAGE_REPLACED
android.appwidget.action.APPWIDGET_UPDATE
miui.appwidget.action.APPWIDGET_UPDATE
asd.fgh.thaw.TR
android.intent.action.SCREEN_OFF
android.intent.action.SCREEN_ON
asd.fgh.widget.WidgetLiWu
android.appwidget.action.APPWIDGET_UPDATE
asd.fgh.widget.WidgetHongBao
android.appwidget.action.APPWIDGET_UPDATE
asd.fgh.widget.WidgetJinBi
android.appwidget.action.APPWIDGET_UPDATE
asd.fgh.widget.WidgetFuDai
android.appwidget.action.APPWIDGET_UPDATE
asd.fgh.widget.WidgetBaoXiang
android.appwidget.action.APPWIDGET_UPDATE
asd.fgh.provider.MyPocReceiver
asd.fgh.provider
asd.fgh.component.R0
com.asdfgh.rec
com.fg.rec.0
android.appwidget.action.APPWIDGET_UPDATE
miui.appwidget.action.APPWIDGET_UPDATE
asd.fgh.component.R1
com.asdfgh.rec
com.fg.rec.1
asd.fgh.component.NotificationRecerver
com.sextest.testfg.notification.del.action
asd.fgh.component.AutoBootReceiver
android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_TICK
android.intent.action.MY_PACKAGE_REPLACED
android.net.conn.CONNECTIVITY_CHANGE
asd.kkalive.com.daemon.receiver.BootSSSReceiver
android.intent.action.BOOT_COMPLETED
asd.kkalive.com.daemon.receiver.DeviceReceiver
android.app.action.DEVICE_ADMIN_ENABLED
android.intent.action.BOOT_COMPLETED
asd.kkdaemon.receiver.AutoBootReceiver
android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_TICK
android.intent.action.MY_PACKAGE_REPLACED
android.net.conn.CONNECTIVITY_CHANGE
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy
android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW
androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy
android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK
androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy
android.net.conn.CONNECTIVITY_CHANGE
androidx.work.impl.background.systemalarm.RescheduleReceiver
android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED
androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver
androidx.work.impl.background.systemalarm.UpdateProxies
androidx.work.impl.diagnostics.DiagnosticsReceiver
androidx.work.diagnostics.REQUEST_DIAGNOSTICS
Services
aAUHiRzv.KwsLIkUq.MDiwXcnm.service.FocusService
android.accessibilityservice.AccessibilityService
aAUHiRzv.KwsLIkUq.MDiwXcnm.service.RemoteService
com.action.myapp.need.switch
com.fg.test.B
com.fg.remote
asd.fgh.provider.MR2Service
android.media.MediaRoute2ProviderService
asd.fgh.provider.TempForegroundService
android.media.MediaRoute2ProviderService
asd.fgh.provider.NewProcessService
android.media.MediaRoute2ProviderService
asd.fgh.account.AuthenticatorService
android.accounts.AccountAuthenticator
asd.fgh.account.SyncService
android.content.SyncAdapter
asd.fgh.wallpaper.LiveWallpaperService
android.service.wallpaper.WallpaperService
asd.kkalive.com.daemon.sync.service.AuthService
android.accounts.AccountAuthenticator
asd.kkalive.com.daemon.sync.service.AuthService1
android.accounts.AccountAuthenticator
asd.kkdaemon.component.RunService
com.sextest.test.monitor.bindService
com.blankj.utilcode.util.MessengerUtils$ServerService
com.sextest.test.messenger