Research: Securelist Fabio Assolini Brazilian Trojan Bankers – now on your Android Play Store!
Sample credit: Fabio Assolini
appinventor.ai_funayamajogos.BancodoBrasil_5.72.apkSize: 1802104
MD5: A18AC7C62C5EFD161039DB29BFDAA8EF
File: appinventor.ai_funayamajogos.Caixa_1.3.2.apkSize: 1410959
MD5: 00C79B15E024D1B32075E0114475F1E2
https://www.virustotal.com/en/file/a4dfb883171e81888373ab89c4110a9287a7835c17dabf77cc6e30e93a415990/analysis/
A18AC7C62C5EFD161039DB29BFDAA8EF
SHA256: a4dfb883171e81888373ab89c4110a9287a7835c17dabf77cc6e30e93a415990
File name: vti-rescan
Detection ratio: 0 / 54
Analysis date: 2014-11-19 18:24:15 UTC
The file being studied is Android related! APK Android file more specifically. The application's main package name is appinventor.ai_funayamajogos.BancodoBrasil. The internal version number of the application is 5. The displayed version string of the application is 5.72. The minimum Android API level for the application to run (MinSDKVersion) is 3.
Risk summary
The studied DEX file makes use of API reflection
Permissions that allow the application to access Internet
Other permissions that could be considered as dangerous in certain scenarios
Required permissions
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.INTERNET (full Internet access)
android.permission.ACCESS_WIFI_STATE (view Wi-Fi status)
android.permission.ACCESS_NETWORK_STATE (view network status)
Permission-related API calls
FACTORY_TEST
https://www.virustotal.com/en/file/5689900016bfa4f790c5b2ca790f214b526f06a4a3087153a9650379dea532e9/analysis/
SHA256: 5689900016bfa4f790c5b2ca790f214b526f06a4a3087153a9650379dea532e9
File name: vti-rescan
Detection ratio: 3 / 55
Analysis date: 2014-11-19 18:13:48 UTC
Avira SPR/ANDR.Appinventor.1298 20141119
Kaspersky HEUR:Trojan-Banker.AndroidOS.Binv.a 20141119
TrendMicro-HouseCall Suspicious_GEN.F47V1115 20141119
No comments:
Post a Comment