At least one step of the analysis has failed, we have been notified. Don't worry, the devil is in the details.
Something seems to be broken? Contact us!
0/62
Threat
com.att.csoiam.mobilekey
ATT Security Services
Analyzed on 2022-06-24T02:15:02.696098
4
permissions
0
activities
1
services
0
receivers
0
domains
File sums
| MD5 | 59b145b17b9d7c5a8a66a39033c53d99 | |
| SHA1 | 148189268bb4e4a7e1be6e116f6349a44a59f21c | |
| SHA256 | 736950a6fb058a1488303761fba903ec130c317f9666a0e5835075ce7d626d48 | |
| Size | 0.91MB |
APKiD
Information computed with APKiD.
| /tmp/tmpzt3hpfh3!classes.dex | |
| anti_vm |
|
| compiler |
|
SSdeep
Information computed with ssdeep.
| APK file | 12288:Qzh3wOOemz00t/2hJtyca8QDC7lqfWMhWZK9jXAXQXUXQ5bnOwuEChLCJYz5KH:+zmz00y1qvBXAXQXUXhXhLKYzIH | |
| Manifest | 96:95cJSUebpaGb5yRG9uBSFY5D0MBmpsyZP3BM/:Gqb5yRUISmX0BM/ | |
| classes.dex | 12288:+emz00t/2hJtyca8QDC7lqfWMhWZK9jXAXQXUXQ5bnOwuEChLCJYJ:7mz00y1qv… |
Dexofuzzy
Information computed with Dexofuzzy.
| APK file | 768:FyLje6Dycivt35kluPk7WgI7UUkL/JgC7PyxIPpKJSOj6RJk5OCTYU:FyLy6D3i13… | |
| classes.dex | 768:FyLje6Dycivt35kluPk7WgI7UUkL/JgC7PyxIPpKJSOj6RJk5OCTYU:FyLy6D3i13… |
APK details
Information computed with AndroGuard and Pithus.
Certificate details
Information computed with AndroGuard.
Manifest analysis
Information computed with MobSF.
| Low | Service (com.att.csoiam.mobilekey.EapService.MyEapService) is Protected by a permission.Permission: com.att.csoiam.mobilekey.permission.ICCAprotectionLevel: signature[android:exported=true] A Service is found to be exported, but is protected by permission. |
Services
Information computed with AndroGuard.
|
Sample timeline
| Oldest file found in APK | Jan. 1, 1981, 1:01 a.m. |
| Latest file found in APK | Jan. 1, 1981, 1:01 a.m. |
| Certificate valid not before | April 23, 2010, 3:20 a.m. |
| First submission on VT | Nov. 25, 2021, 12:29 a.m. |
| Last submission on VT | May 31, 2022, 5:24 a.m. |
| Upload on Pithus | June 24, 2022, 2:15 a.m. |
| Certificate valid not after | Sept. 8, 2037, 3:20 a.m. |
VirusTotal
| Score | 0/62 |
| Report | https://www.virustotal.com/gui/file/736950a6fb058a1488303761fba903ec130c317f9666a0e5835075ce7d626d48/detection |
NIAP analysis
Information computed with MobSF.
| FCS_STO_EXT.1.1 | The application does not store any credentials to non-volatile memory. Storage of Credentials |
| FCS_CKM_EXT.1.1 | The application generate no asymmetric cryptographic keys. Cryptographic Key Generation Services |
| FDP_DEC_EXT.1.1 | The application has access to ['network connectivity']. Access to Platform Resources |
| FDP_DEC_EXT.1.2 | The application has access to no sensitive information repositories. Access to Platform Resources |
| FDP_NET_EXT.1.1 | The application has user/application initiated network communications. Network Communications |
| FDP_DAR_EXT.1.1 | The application implement functionality to encrypt sensitive data in non-volatile memory. Encryption Of Sensitive Application Data |
| FMT_MEC_EXT.1.1 | The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options. Supported Configuration Mechanism |
| FTP_DIT_EXT.1.1 | The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product. Protection of Data in Transit |
Code analysis
Information computed with MobSF.
Permissions analysis
Information computed with MobSF.
Threat analysis
Information computed with Quark-Engine.
| Confidence:
|
Find a method from given class name, usually for reflection |
| Confidence:
|
Method reflection |
| Confidence:
|
Retrieve data from broadcast |
| Confidence:
|
Read sensitive data(SMS, CALLLOG, etc) |
| Confidence:
|
Monitor the broadcast action events (BOOT_COMPLETED) |
| Confidence:
|
Method reflection |
| Confidence:
|
Read file and put it into a stream |
| Confidence:
|
Get declared method from given method name |
| Confidence:
|
Initialize class object dynamically |
Behavior analysis
Information computed with MobSF.
Control flow graphs analysis
Information computed by Pithus.
The application probably gets the IMEI of the phone
The application probably gets the subscriber ID associated to the SIM card/ Should never be collected
The application probably gets the network connections information
The application probably makes OS calls
The application probably creates an accessibility service
- androidx/core/accessibilityservice/AccessibilityServiceInfoCompat
- androidx/core/accessibilityservice/AccessibilityServiceInfoCompat
- androidx/core/accessibilityservice/AccessibilityServiceInfoCompat
- androidx/core/accessibilityservice/AccessibilityServiceInfoCompat
- androidx/core/view/ViewCompat
- androidx/core/view/accessibility/AccessibilityManagerCompat
- androidx/core/view/accessibility/AccessibilityManagerCompat
- androidx/core/view/accessibility/AccessibilityManagerCompat
- androidx/core/view/accessibility/AccessibilityManagerCompat
- androidx/core/view/accessibility/AccessibilityManagerCompat
- androidx/core/view/accessibility/AccessibilityManagerCompat
- androidx/core/view/accessibility/AccessibilityManagerCompat
The application probably listens accessibility events
- androidx/core/view/ViewCompat
- androidx/core/view/ViewCompat
- androidx/core/view/ViewCompat
- androidx/core/view/accessibility/AccessibilityEventCompat
- androidx/core/view/accessibility/AccessibilityEventCompat
- androidx/core/view/accessibility/AccessibilityEventCompat
- androidx/core/view/accessibility/AccessibilityEventCompat
- androidx/core/view/accessibility/AccessibilityEventCompat
- androidx/core/view/accessibility/AccessibilityEventCompat
- androidx/core/view/accessibility/AccessibilityEventCompat
- androidx/core/view/accessibility/AccessibilityEventCompat
- androidx/core/view/accessibility/AccessibilityEventCompat
- androidx/core/widget/NestedScrollView$AccessibilityDelegate
- androidx/core/widget/NestedScrollView$AccessibilityDelegate
- androidx/core/widget/NestedScrollView$AccessibilityDelegate
- androidx/core/widget/NestedScrollView$AccessibilityDelegate
