antidot | NetMirror_APK[.]apk

General

Target

NetMirror_APK.apk
Size

15.5MB
MD5

99c49604074e7fd413cfb360021e66fa
SHA1

b72bb967967fa4ceca0f5a47699e24946382b0af
SHA256

e921622a745d25e24a9e84363a5c1f3f7878d7897bb391688996116711e6d6eb
SHA512

16ba534d793476f3727bee3f596717b211d4132cf08d409b6fe98dd49bcd16b88c0044c65a42d318a0343479141580f4f9f774705d9b35790c2031ee38f8170c
SSDEEP

196608:hDHiOsWkDXS8dzPiTKkOdhkOzc3IlMYLIzDT/MNSIOssB+B/7Ks4xfIlr1:S8GPiT+vw3IlmzDLojrs2LZR

Score

10^/10

antidot

Malware Config

Signatures

Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
sample	family_antidot

Requests dangerous framework permissions 22 IoCs

description	ioc
Allows an application to access any geographic locations persisted in the user's shared collection.	android.permission.ACCESS_MEDIA_LOCATION
Allows the app to answer an incoming phone call.	android.permission.ANSWER_PHONE_CALLS
Required to be able to advertise to nearby Bluetooth devices.	android.permission.BLUETOOTH_ADVERTISE
Required to be able to connect to paired Bluetooth devices.	android.permission.BLUETOOTH_CONNECT
Required to be able to discover and pair nearby Bluetooth devices.	android.permission.BLUETOOTH_SCAN
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Required to be able to access the camera device.	android.permission.CAMERA
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Required to be able to advertise and connect to nearby devices via Wi-Fi.	android.permission.NEARBY_WIFI_DEVICES
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows an application to read the user's call log.	android.permission.READ_CALL_LOG
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to read audio files from external storage.	android.permission.READ_MEDIA_AUDIO
Allows an application to read image files from external storage.	android.permission.READ_MEDIA_IMAGES
Allows an application to read video files from external storage.	android.permission.READ_MEDIA_VIDEO
Allows an application to read image or video files from external storage that a user has selected via the permission prompt photo picker.	android.permission.READ_MEDIA_VISUAL_USER_SELECTED
Allows read access to the device's phone number(s).	android.permission.READ_PHONE_NUMBERS
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows applications to use exact alarm APIs.	android.permission.SCHEDULE_EXACT_ALARM
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE

Files

NetMirror_APK.apk
.apk android arch:arm arch:arm64

netmirrror.play

com.normandy.activity.MainActivity

Activities

com.normandy.activity.MainActivity

android.intent.action.MAIN

qlk.adp

netmirrror.play.virtual.action.shortcut

Permissions

android.permission.ACCESS_MEDIA_LOCATION
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.ANSWER_PHONE_CALLS
android.permission.AUTHENTICATE_ACCOUNTS
android.permission.BLUETOOTH
android.permission.BLUETOOTH_ADMIN
android.permission.BLUETOOTH_ADVERTISE
android.permission.BLUETOOTH_CONNECT
android.permission.BLUETOOTH_SCAN
android.permission.BROADCAST_STICKY
android.permission.CALL_PHONE
android.permission.CAMERA
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.DETECT_SCREEN_CAPTURE
android.permission.FOREGROUND_SERVICE
android.permission.FOREGROUND_SERVICE_CAMERA
android.permission.FOREGROUND_SERVICE_DATA_SYNC
android.permission.FOREGROUND_SERVICE_LOCATION
android.permission.FOREGROUND_SERVICE_MEDIA_PROJECTION
android.permission.FOREGROUND_SERVICE_MICROPHONE
android.permission.FOREGROUND_SERVICE_PHONE_CALL
android.permission.GET_ACCOUNTS
android.permission.GET_TASKS
android.permission.INSTALL_SHORTCUT
android.permission.INTERNET
android.permission.MANAGE_ACCOUNTS
android.permission.MANAGE_OWN_CALLS
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.NEARBY_WIFI_DEVICES
android.permission.NFC
android.permission.POST_NOTIFICATIONS
android.permission.READ_CALL_LOG
android.permission.READ_CONTACTS
android.permission.READ_EXTERNAL_STORAGE
android.permission.READ_MEDIA_AUDIO
android.permission.READ_MEDIA_IMAGES
android.permission.READ_MEDIA_VIDEO
android.permission.READ_MEDIA_VISUAL_USER_SELECTED
android.permission.READ_PHONE_NUMBERS
android.permission.READ_PROFILE
android.permission.READ_SYNC_SETTINGS
android.permission.READ_SYNC_STATS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.RECORD_AUDIO
android.permission.REORDER_TASKS
android.permission.RUN_USER_INITIATED_JOBS
android.permission.SCHEDULE_EXACT_ALARM
android.permission.USE_BIOMETRIC
android.permission.USE_CREDENTIALS
android.permission.USE_EXACT_ALARM
android.permission.USE_FINGERPRINT
android.permission.USE_FULL_SCREEN_INTENT
android.permission.VIBRATE
android.permission.WAKE_LOCK
android.permission.WRITE_CONTACTS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WRITE_SYNC_SETTINGS
app.netmirror.netmirror.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.UNINSTALL_SHORTCUT
com.facebook.services.identity.FEO2
com.google.android.c2dm.permission.RECEIVE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
com.google.android.gms.permission.AD_ID
com.google.android.providers.gsf.permission.READ_GSERVICES
com.htc.launcher.permission.READ_SETTINGS
com.htc.launcher.permission.UPDATE_SHORTCUT
com.huawei.android.launcher.permission.CHANGE_BADGE
com.huawei.android.launcher.permission.READ_SETTINGS
com.huawei.android.launcher.permission.WRITE_SETTINGS
com.sec.android.provider.badge.permission.READ
com.sec.android.provider.badge.permission.WRITE
com.sonyericsson.home.permission.BROADCAST_BADGE
com.sonymobile.home.permission.PROVIDER_INSERT_BADGE
netmirrror.play.permission.wabox
netmirrror.play.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

Receivers

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

androidx.work.impl.diagnostics.DiagnosticsReceiver

androidx.work.diagnostics.REQUEST_DIAGNOSTICS

androidx.profileinstaller.ProfileInstallReceiver

androidx.profileinstaller.action.INSTALL_PROFILE
androidx.profileinstaller.action.SKIP_FILE
androidx.profileinstaller.action.SAVE_PROFILE
androidx.profileinstaller.action.BENCHMARK_OPERATION

com.kochava.tracker.legacyreferrer.LegacyReferrerReceiver

com.android.vending.INSTALL_REFERRER

Services

Android Permissions

NetMirror_APK.apk

Permissions

android.permission.ACCESS_MEDIA_LOCATION

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.ANSWER_PHONE_CALLS

android.permission.AUTHENTICATE_ACCOUNTS

android.permission.BLUETOOTH

android.permission.BLUETOOTH_ADMIN

android.permission.BLUETOOTH_ADVERTISE

android.permission.BLUETOOTH_CONNECT

android.permission.BLUETOOTH_SCAN

android.permission.BROADCAST_STICKY

android.permission.CALL_PHONE

android.permission.CAMERA

android.permission.CHANGE_NETWORK_STATE

android.permission.CHANGE_WIFI_STATE

android.permission.DETECT_SCREEN_CAPTURE

android.permission.FOREGROUND_SERVICE

android.permission.FOREGROUND_SERVICE_CAMERA

android.permission.FOREGROUND_SERVICE_DATA_SYNC

android.permission.FOREGROUND_SERVICE_LOCATION

android.permission.FOREGROUND_SERVICE_MEDIA_PROJECTION

android.permission.FOREGROUND_SERVICE_MICROPHONE

android.permission.FOREGROUND_SERVICE_PHONE_CALL

android.permission.GET_ACCOUNTS

android.permission.GET_TASKS

android.permission.INSTALL_SHORTCUT

android.permission.INTERNET

android.permission.MANAGE_ACCOUNTS

android.permission.MANAGE_OWN_CALLS

android.permission.MODIFY_AUDIO_SETTINGS

android.permission.NEARBY_WIFI_DEVICES

android.permission.NFC

android.permission.POST_NOTIFICATIONS

android.permission.READ_CALL_LOG

android.permission.READ_CONTACTS

android.permission.READ_EXTERNAL_STORAGE

android.permission.READ_MEDIA_AUDIO

android.permission.READ_MEDIA_IMAGES

android.permission.READ_MEDIA_VIDEO

android.permission.READ_MEDIA_VISUAL_USER_SELECTED

android.permission.READ_PHONE_NUMBERS

android.permission.READ_PROFILE

android.permission.READ_SYNC_SETTINGS

android.permission.READ_SYNC_STATS

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.RECORD_AUDIO

android.permission.REORDER_TASKS

android.permission.RUN_USER_INITIATED_JOBS

android.permission.SCHEDULE_EXACT_ALARM

android.permission.USE_BIOMETRIC

Sharing

General

Malware Config

Signatures

Files

netmirrror.play

com.normandy.activity.MainActivity

Activities

com.normandy.activity.MainActivity

qlk.adp

Permissions

Receivers

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.diagnostics.DiagnosticsReceiver

androidx.profileinstaller.ProfileInstallReceiver

com.kochava.tracker.legacyreferrer.LegacyReferrerReceiver

Services

Android Permissions

NetMirror_APK.apk