Research: ZScaler. Android Banker malware goes social
MD5
14F582EB7DBB6BF38FCE331C5D1042EA
19E36E76B58CD49025455AC23CE1461B
1B319EBE6083D273EE14154A1FD89742
21501127972BFBD1C4A89EC39E0AA084
39A5BB63F946F2AF6489456A1281B06D
835576FB19E60F6186F86706CF03AC45
86BF3FAE93B0AE555584860AB4311BB0
C237CF028E46FD07460C289C3FA46025
Sample credit: Shivang Desai and others14F582EB7DBB6BF38FCE331C5D1042EA
19E36E76B58CD49025455AC23CE1461B
1B319EBE6083D273EE14154A1FD89742
21501127972BFBD1C4A89EC39E0AA084
39A5BB63F946F2AF6489456A1281B06D
835576FB19E60F6186F86706CF03AC45
86BF3FAE93B0AE555584860AB4311BB0
C237CF028E46FD07460C289C3FA46025
Download. Email me if you need the password
MD5 02e231f85558f37da6802142440736f6
SHA1 f79d044fc0530484ddd092a961d58146049ed368
SHA256 9d767c41599325ccd0643d6f432b9075775a85c60df176a845605715be230263
ssdeep12288:1ZhvlM2/04y+2vtiqvtisvti9vtiYvtivvtiacIoIeyQ0OqnV9xJKcQaVGbnAh/W:vhdwXzcIoIdrrKZAh/R8S8
File size 805.4 KB ( 824755 bytes )
File type Android
Magic literalZip archive data, at least v2.0 to extract
TrID Android Package (73.9%)
Java Archive (20.4%)
ZIP compressed archive (5.6%)
Tagsapk android
VirusTotal metadata
First submission 2016-05-23 22:55:36 UTC ( 1 month, 1 week ago )
Last submission 2016-06-24 14:51:20 UTC ( 1 week, 1 day ago )
File names Sberbank_Online.apk
where.exe
krep.itmtd.ywtjexf-1.apk
https://www.virustotal.com/en/file/9d767c41599325ccd0643d6f432b9075775a85c60df176a845605715be230263/analysis/
android.permission.READ_SYNC_SETTINGS (read sync settings)
android.permission.READ_CALENDAR (read calendar events)
android.permission.READ_LOGS (read sensitive log data)
android.permission.INTERNET (full Internet access)
android.permission.SEND_SMS (send SMS messages)
android.permission.WRITE_SMS (edit SMS or MMS)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.GET_TASKS (retrieve running applications)
android.permission.READ_CALL_LOG (read the user's call log.)
com.android.browser.permission.READ_HISTORY_BOOKMARKS (read Browser's history and bookmarks)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.READ_EXTERNAL_STORAGE (read from external storage)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
com.android.alarm.permission.SET_ALARM (set alarm in alarm clock)
android.permission.CALL_PHONE (directly call phone numbers)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.READ_SMS (read SMS or MMS)
android.permission.VIBRATE (control vibrator)
android.permission.SYSTEM_ALERT_WINDOW (display system-level alerts)
android.permission.KILL_BACKGROUND_PROCESSES (kill background processes)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.READ_CONTACTS (read contact data)
android.permission.RESTART_PACKAGES (kill background processes)
android.permission.READ_PROFILE (read the user's personal profile data)
Activities
krep.itmtd.ywtjexf.SampleOverlayHideActivity
krep.itmtd.ywtjexf.MasterPage
krep.itmtd.ywtjexf.MasterPage2
krep.itmtd.ywtjexf.MasterNewTask
krep.itmtd.ywtjexf.UampleUverlayUhowUctivity
Services
krep.itmtd.ywtjexf.OverlayService
krep.itmtd.ywtjexf.MasterInterceptor
krep.itmtd.ywtjexf.GlobalCode
Receivers
krep.itmtd.ywtjexf.MasterBoot
krep.itmtd.ywtjexf.NetworkChangeReceiver
krep.itmtd.ywtjexf.IncomingSms
krep.itmtd.ywtjexf.IncomingCall
krep.itmtd.ywtjexf.PowerConnectionReceiver
krep.itmtd.ywtjexf.MasterTimer
krep.itmtd.ywtjexf.UampleUverlayUhowUctivity$MyAdmin
Activity-related intent filters
krep.itmtd.ywtjexf.UampleUverlayUhowUctivity
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Receiver-related intent filters
krep.itmtd.ywtjexf.IncomingSms
actions: android.provider.Telephony.SMS_RECEIVED
krep.itmtd.ywtjexf.MasterBoot
actions: android.intent.action.QUICKBOOT_POWERON, android.intent.action.BOOT_COMPLETED
categories: android.intent.category.DEFAULT
krep.itmtd.ywtjexf.UampleUverlayUhowUctivity$MyAdmin
actions: android.app.action.DEVICE_ADMIN_ENABLED, android.app.action.DEVICE_ADMIN_DISABLE_REQUESTED, android.app.action.DEVICE_ADMIN_DISABLED
krep.itmtd.ywtjexf.NetworkChangeReceiver
actions: android.net.wifi.WIFI_STATE_CHANGED
krep.itmtd.ywtjexf.PowerConnectionReceiver
actions: android.intent.action.ACTION_POWER_CONNECTED, android.intent.action.ACTION_POWER_DISCONNECTED
krep.itmtd.ywtjexf.IncomingCall
actions: android.intent.action.PHONE_STATE
No comments:
Post a Comment