com.lethal.visionx.RootChecker
android.intent.action.MAIN
Behavioral task
behavioral1
Sample
ddaee6eb26c90becb14e08752506c3cdfaa9e5a9fba86256990fd77216bc3e99.apk
Resource
android-x86-arm-20240910-en
android-9-x86
0 signatures
300 seconds
General
-
Target
ddaee6eb26c90becb14e08752506c3cdfaa9e5a9fba86256990fd77216bc3e99.zip
-
Size
3.2MB
-
MD5
941c85643353c9f837b2fad4e41bf164
-
SHA1
c094aff2e9330d46168dfd578a99ff3a9faddd09
-
SHA256
04e275dd25e8410ec34362e2d7fd4d65b527bcc1bc559c979ede57338481e4b0
-
SHA512
6f94b84a15fabdca7168fcfbdde46e51cff06136e729e6774104b8b71f5f5d60cc1592174f1e58a8c3252dece4bd461e65cdefc0c1e14445268d5142dea7abad
-
SSDEEP
49152:Bkpf03gEM6obHQ+WgAqgnIUlPKd/MjlEBucRi26iUNLDHUu12eR1MqxnY+qxf:Ef0wPoqus5MvsiddLbN2A1nJY1xf
Score
10/10
Malware Config
Signatures
-
Antidot family
-
Antidot payload 1 IoCs
resource yara_rule static1/unpack001/ddaee6eb26c90becb14e08752506c3cdfaa9e5a9fba86256990fd77216bc3e99.apk family_antidot -
Declares services with permission to bind to the system 1 IoCs
description ioc Required by VPN services to bind with the system. Allows apps to provision VPN services. android.permission.BIND_VPN_SERVICE -
Requests dangerous framework permissions 41 IoCs
description ioc Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows an application a broad access to external storage in scoped storage. android.permission.MANAGE_EXTERNAL_STORAGE Allows a calling app to continue a call which was started in another app. android.permission.ACCEPT_HANDOVER Allows the app to answer an incoming phone call. android.permission.ANSWER_PHONE_CALLS Allows an application to access data from sensors that the user uses to measure what is happening inside their body, such as heart rate. android.permission.BODY_SENSORS_BACKGROUND Required to be able to range to devices using ultra-wideband. android.permission.UWB_RANGING Allows an application to recognize physical activity. android.permission.ACTIVITY_RECOGNITION Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION Required to be able to advertise to nearby Bluetooth devices. android.permission.BLUETOOTH_ADVERTISE Required to be able to discover and pair nearby Bluetooth devices. android.permission.BLUETOOTH_SCAN Required to be able to connect to paired Bluetooth devices. android.permission.BLUETOOTH_CONNECT Allows an application to access any geographic locations persisted in the user's shared collection. android.permission.ACCESS_MEDIA_LOCATION Allows an application to receive SMS messages. android.permission.RECEIVE_SMS Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE Required to be able to access the camera device. android.permission.CAMERA Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION Allows an application to read the user's call log. android.permission.READ_CALL_LOG Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES Allows an application to read audio files from external storage. android.permission.READ_MEDIA_AUDIO Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR Allows an application to access data from sensors that the user uses to measure what is happening inside their body, such as heart rate. android.permission.BODY_SENSORS Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW Allows an application to record audio. android.permission.RECORD_AUDIO Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO Allows an application to receive WAP push messages. android.permission.RECEIVE_WAP_PUSH Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows an application to read the user's contacts data. android.permission.READ_CONTACTS Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS Allows an application to write and read the user's call log data. android.permission.WRITE_CALL_LOG Allows an application to read the user's calendar data. android.permission.READ_CALENDAR Allows an app to post notifications. android.permission.POST_NOTIFICATIONS Required to be able to advertise and connect to nearby devices via Wi-Fi. android.permission.NEARBY_WIFI_DEVICES Allows an application to send SMS messages. android.permission.SEND_SMS Allows an application to read SMS messages. android.permission.READ_SMS Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS Allows an application to use SIP service. android.permission.USE_SIP
Files
-
ddaee6eb26c90becb14e08752506c3cdfaa9e5a9fba86256990fd77216bc3e99.zip.zip
Password: infected
-
ddaee6eb26c90becb14e08752506c3cdfaa9e5a9fba86256990fd77216bc3e99.apk.apk android arch:arm64
Password: infected
com.lethal.visionx
com.lethal.visionx.RootChecker
Activities
Permissions
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.MANAGE_EXTERNAL_STORAGE
android.permission.QUERY_ALL_PACKAGES
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.USE_BIOMETRIC
android.permission.FOREGROUND_SERVICE_CAMERA
android.permission.FOREGROUND_SERVICE_CONNECTED_DEVICE
android.permission.FOREGROUND_SERVICE_DATA_SYNC
android.permission.FOREGROUND_SERVICE_HEALTH
android.permission.FOREGROUND_SERVICE_LOCATION
android.permission.FOREGROUND_SERVICE_MEDIA_PLAYBACK
android.permission.FOREGROUND_SERVICE_MEDIA_PROJECTION
android.permission.FOREGROUND_SERVICE_MICROPHONE
android.permission.FOREGROUND_SERVICE_PHONE_CALL
android.permission.FOREGROUND_SERVICE_REMOTE_MESSAGING
android.permission.FOREGROUND_SERVICE_SPECIAL_USE
android.permission.FOREGROUND_SERVICE_SYSTEM_EXEMPTED
com.open.gallery.smart.Read
android.permission.HIGH_SAMPLING_RATE_SENSORS
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.RUN_USER_INITIATED_JOBS
android.permission.ACCEPT_HANDOVER
android.permission.ANSWER_PHONE_CALLS
android.permission.BODY_SENSORS_BACKGROUND
android.permission.UWB_RANGING
android.permission.ACTIVITY_RECOGNITION
android.permission.DETECT_SCREEN_CAPTURE
android.permission.ACCESS_BACKGROUND_LOCATION
ohos.permission.GET_BUNDLE_INFO
android.permission.MANAGE_OWN_CALLS
android.permission.BLUETOOTH_ADVERTISE
android.permission.BLUETOOTH_SCAN
android.permission.BLUETOOTH_CONNECT
android.permission.ACCESS_MEDIA_LOCATION
android.permission.RECEIVE_SMS
android.permission.CALL_PHONE
android.permission.RUN_USER_INITIATED_JOBS
android.permission.CAMERA
android.permission.FLASHLIGHT
android.permission.USE_EXACT_ALARM
android.permission.WRITE_SOCIAL_STREAM
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.WRITE_PROFILE
android.permission.READ_USER_DICTIONARY
android.permission.READ_CALL_LOG
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.SUBSCRIBED_FEEDS_READ
android.permission.READ_MEDIA_IMAGES
android.permission.READ_MEDIA_AUDIO
android.permission.VIBRATE
android.permission.SUBSCRIBED_FEEDS_WRITE
android.permission.ACCESS_FINE_LOCATION
android.permission.WRITE_CALENDAR
android.permission.READ_SOCIAL_STREAM
android.permission.MANAGE_ACCOUNTS
android.permission.BODY_SENSORS
android.permission.BROADCAST_STICKY
android.permission.WRITE_USER_DICTIONARY
android.permission.AUTHENTICATE_ACCOUNTS
android.permission.USE_CREDENTIALS
android.permission.CHANGE_WIFI_MULTICAST_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.TRANSMIT_IR
android.permission.SYSTEM_ALERT_WINDOW
android.permission.RECORD_AUDIO
android.permission.EXPAND_STATUS_BAR
android.permission.GET_ACCOUNTS
android.permission.READ_PROFILE
android.permission.READ_MEDIA_VIDEO
android.permission.RECEIVE_WAP_PUSH
android.permission.GET_PACKAGE_SIZE
android.permission.RECEIVE_MMS
android.permission.SET_WALLPAPER_HINTS
android.permission.WRITE_SYNC_SETTINGS
android.permission.READ_PHONE_STATE
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.NFC
android.permission.DISABLE_KEYGUARD
android.permission.FOREGROUND_SERVICE
android.permission.READ_CONTACTS
android.permission.WAKE_LOCK
android.permission.REQUEST_DELETE_PACKAGES
android.permission.WRITE_CONTACTS
android.permission.READ_SYNC_STATS
android.permission.READ_SYNC_SETTINGS
android.permission.USE_FINGERPRINT
android.permission.WRITE_CALL_LOG
android.permission.BLUETOOTH
android.permission.BLUETOOTH_ADMIN
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.REORDER_TASKS
android.permission.READ_CALENDAR
android.permission.SET_WALLPAPER
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.GET_TASKS
android.permission.POST_NOTIFICATIONS
android.permission.NEARBY_WIFI_DEVICES
android.permission.SEND_SMS
android.permission.READ_SMS
android.permission.READ_PHONE_NUMBERS
android.permission.USE_SIP
android.permission.DOWNLOAD_WITHOUT_NOTIFICATION
com.lethal.visionx.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION
Receivers
top.bienvenido.mundo.manifest.MundoReceiver
com.lethal.visionx.mundo.receiver.stub
androidx.profileinstaller.ProfileInstallReceiver
androidx.profileinstaller.action.INSTALL_PROFILE
androidx.profileinstaller.action.SKIP_FILE
androidx.profileinstaller.action.SAVE_PROFILE
androidx.profileinstaller.action.BENCHMARK_OPERATION
Services