EBD0A34D04D7B9C180063AC4731542A2A805C10CC6B4020BADBAB72B3313F886[.]apk

General

Target

EBD0A34D04D7B9C180063AC4731542A2A805C10CC6B4020BADBAB72B3313F886.apk
Size

52.8MB
MD5

8e1ec427e04043c9d1fcdd4b5d8b9d0b
SHA1

874cf8527fadfc0412696e2b328092012b09f8a7
SHA256

ebd0a34d04d7b9c180063ac4731542a2a805c10cc6b4020badbab72b3313f886
SHA512

21474f3a573adb055ae6540b065a461b0d2a17fc46ec243f9bb5e837a0d39524f5bacf40f8aaa7d58f99e933abba2eec86ab0addcec05b1a24651fe5f5b78566
SSDEEP

1572864:m7MNwmeO10tu+jP+m4U9c4U9O8E+wQ6CUoSE7PKrwW:2kEBjz4U9c4U9OBgLR7PKx

Score

8^/10

upx

Malware Config

Signatures

Patched UPX-packed file 5 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx

Requests dangerous framework permissions 9 IoCs

description	ioc
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to read image files from external storage.	android.permission.READ_MEDIA_IMAGES
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx

Files

EBD0A34D04D7B9C180063AC4731542A2A805C10CC6B4020BADBAB72B3313F886.apk
.apk android arch:arm64 arch:arm arch:x86 arch:x64

com.ultrapower.roamwifi.changitravel

com.ultrapower.roamwifi.login.activity.LauncherActivity

Activities

cn.jpush.android.ui.PopWinActivity

cn.jpush.android.ui.PopWinActivity

cn.jpush.android.ui.PushActivity

cn.jpush.android.ui.PushActivity

cn.jpush.android.service.JNotifyActivity

cn.jpush.android.intent.JNotifyActivity

com.facebook.CustomTabActivity

android.intent.action.VIEW
android.intent.action.VIEW

com.ultrapower.roamwifi.login.activity.LauncherActivity

android.intent.action.MAIN

com.ultrapower.roamwifi.mvno.ui.activity.MvnoBusinessProcessingActivity

android.intent.action.VIEW

com.ultrapower.roamwifi.common.base.activity.RedirectUriActivity

android.intent.action.VIEW

net.openid.appauth.RedirectUriReceiverActivity

android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW

Permissions

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.READ_EXTERNAL_STORAGE
android.permission.CHANGE_WIFI_STATE
android.permission.INTERACT_ACROSS_USERS_FULL
android.permission.READ_MEDIA_IMAGES
com.ultrapower.roamwifi.changitravel.permission.JPUSH_MESSAGE
android.permission.RECEIVE_USER_PRESENT
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.CAMERA
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.RECORD_AUDIO
android.permission.CALL_PHONE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WAKE_LOCK
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
android.permission.POST_NOTIFICATIONS
com.google.android.c2dm.permission.RECEIVE
com.google.android.gms.permission.AD_ID

Receivers

com.ultrapower.roamwifi.common.receiver.MyJPushReceiver

cn.jpush.android.intent.RECEIVE_MESSAGE

cn.jpush.android.service.PushReceiver

cn.jpush.android.intent.NOTIFICATION_RECEIVED_PROXY
android.intent.action.USER_PRESENT
android.net.conn.CONNECTIVITY_CHANGE

com.appsflyer.SingleInstallBroadcastReceiver

com.android.vending.INSTALL_REFERRER

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.facebook.sdk.ACTION_CURRENT_ACCESS_TOKEN_CHANGED

com.facebook.AuthenticationTokenManager$CurrentAuthenticationTokenChangedBroadcastReceiver

com.facebook.sdk.ACTION_CURRENT_AUTHENTICATION_TOKEN_CHANGED

Services

com.ultrapower.roamwifi.common.receiver.MyService

cn.jiguang.user.service.action

cn.jpush.android.service.PushService

cn.jpush.android.intent.REGISTER
cn.jpush.android.intent.REPORT
cn.jpush.android.intent.PushService
cn.jpush.android.intent.PUSH_TIME

com.appsflyer.FirebaseMessagingServiceListener

com.google.firebase.MESSAGING_EVENT

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.blankj.utilcode.util.MessengerUtils$ServerService

com.ultrapower.roamwifi.changitravel.messenger

Android Permissions

EBD0A34D04D7B9C180063AC4731542A2A805C10CC6B4020BADBAB72B3313F886.apk

Permissions

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_FINE_LOCATION

android.permission.READ_EXTERNAL_STORAGE

android.permission.CHANGE_WIFI_STATE

android.permission.INTERACT_ACROSS_USERS_FULL

android.permission.READ_MEDIA_IMAGES

com.ultrapower.roamwifi.changitravel.permission.JPUSH_MESSAGE

android.permission.RECEIVE_USER_PRESENT

android.permission.MOUNT_UNMOUNT_FILESYSTEMS

android.permission.CAMERA

android.permission.MODIFY_AUDIO_SETTINGS

android.permission.RECORD_AUDIO

android.permission.CALL_PHONE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.WAKE_LOCK

com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

android.permission.POST_NOTIFICATIONS

com.google.android.c2dm.permission.RECEIVE

com.google.android.gms.permission.AD_ID

Sharing

General

Malware Config

Signatures

Files

com.ultrapower.roamwifi.changitravel

com.ultrapower.roamwifi.login.activity.LauncherActivity

Activities

cn.jpush.android.ui.PopWinActivity

cn.jpush.android.ui.PushActivity

cn.jpush.android.service.JNotifyActivity

com.facebook.CustomTabActivity

com.ultrapower.roamwifi.login.activity.LauncherActivity

com.ultrapower.roamwifi.mvno.ui.activity.MvnoBusinessProcessingActivity

com.ultrapower.roamwifi.common.base.activity.RedirectUriActivity

net.openid.appauth.RedirectUriReceiverActivity

Permissions

Receivers

com.ultrapower.roamwifi.common.receiver.MyJPushReceiver

cn.jpush.android.service.PushReceiver

com.appsflyer.SingleInstallBroadcastReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.facebook.AuthenticationTokenManager$CurrentAuthenticationTokenChangedBroadcastReceiver

Services

com.ultrapower.roamwifi.common.receiver.MyService

cn.jpush.android.service.PushService

com.appsflyer.FirebaseMessagingServiceListener

com.google.firebase.messaging.FirebaseMessagingService

com.blankj.utilcode.util.MessengerUtils$ServerService

Android Permissions

EBD0A34D04D7B9C180063AC4731542A2A805C10CC6B4020BADBAB72B3313F886.apk