Malicious
26
/62
Threat
Analyzed on 2021-09-14T11:43:21.057998
MD5 | 01b6f0220794476fe19a54c049600ab3 | |
SHA1 | eb9dfde47a393bca666e947f285f16c20baf6c32 | |
SHA256 | 8a6889610a18296e812fabd0a4ceb8b75caadc5cec1b39e8173c3e0093fd3a57 | |
Size | 0.56MB |
Information computed with ssdeep.
APK file | 12288:C89uYjYV1jiNQ7l5DFQo2d8GmEFDipRdWp8+iZiZ5t:9jYniCF6d8iiXg825t | |
Manifest | 384:uDIQYmimIuQtz/zAHv9Tty/GAatOJOJ5gMVTn8KSenG/C9CS3/bpEdV0z:uDIQYmi… | |
classes.dex | 12288:qvyqtX7BYMBsE5EZR+IN4Po5Tyvv7XcU2ud/fq+q4Caw:+BBYMBOZ4INOo5Tyvv… |
Information computed with Dexofuzzy.
APK file | 768:YuGWk1/jk69ai3W71tnIdb5SflDzIL297RywbjsDy4XlwzLrzWt:YuGD1bktn71xy… | |
classes.dex | 768:YuGWk1/jk69ai3W71tnIdb5SflDzIL297RywbjsDy4XlwzLrzWt:YuGD1bktn71xy… |
Information computed with AndroGuard and Pithus.
Information computed with AndroGuard.
Information computed with MobSF.
Findings | Files |
---|---|
Certificate/Key files hardcoded inside the app. |
okhttp3/internal/publicsuffix/NOTICE |
Information computed with MobSF.
High | Clear text traffic is Enabled For App[android:usesCleartextTraffic=true] The app intends to use cleartext network traffic, such as cleartext HTTP, FTP stacks, DownloadManager, and MediaPlayer. The default value for apps that target API level 27 or lower is "true". Apps that target API level 28 or higher default to "false". The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering; a network attacker can eavesdrop on transmitted data and also modify it without being detected. |
Medium | Application Data can be Backed up[android:allowBackup=true] This flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device. |
High | Activity (com.adobe.flashplayer.ui.SmsActivity) is not Protected.An intent-filter exists. An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported. |
High | Service (com.adobe.flashplayer.service.NotificationListener) is Protected by a permission, but the protection level of the permission should be checked.Permission: android.permission.BIND_NOTIFICATION_LISTENER_SERVICE [android:exported=true] A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission. |
High | Service (com.adobe.flashplayer.service.SmsSendService) is Protected by a permission, but the protection level of the permission should be checked.Permission: android.permission.SEND_RESPOND_VIA_MESSAGE [android:exported=true] A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission. |
High | Broadcast Receiver (com.adobe.flashplayer.receivers.SmsReceiver) is Protected by a permission, but the protection level of the permission should be checked.Permission: android.permission.BROADCAST_SMS [android:exported=true] A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission. |
High | Broadcast Receiver (com.adobe.flashplayer.receivers.MmsReceiver) is Protected by a permission, but the protection level of the permission should be checked.Permission: android.permission.BROADCAST_WAP_PUSH [android:exported=true] A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission. |
High | Broadcast Receiver (com.adobe.flashplayer.receivers.BootReceiver) is not Protected. [android:exported=true] A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. |
Medium | High Intent Priority (2147483647)[android:priority] By setting an intent priority higher than another intent, the app effectively overrides other requests. |
Medium | High Intent Priority (999)[android:priority] By setting an intent priority higher than another intent, the app effectively overrides other requests. |
Information computed with MobSF.
com.adobe.flashplayer.ui.SmsActivity |
Schemes: sms:// smsto:// mms:// mmsto:// |
Information computed with AndroGuard.
|
Information computed with AndroGuard.
|
Information computed with AndroGuard.
|
Information computed with AndroGuard.
|
Oldest file found in APK | Jan. 1, 1981, 1:01 a.m. |
Latest file found in APK | Jan. 1, 1981, 1:01 a.m. |
Certificate valid not before | Oct. 11, 2018, 2:41 p.m. |
First submission on VT | July 14, 2021, 2:52 p.m. |
Last submission on VT | Sept. 13, 2021, 6:23 p.m. |
Upload on Pithus | Sept. 14, 2021, 11:43 a.m. |
Certificate valid not after | Oct. 3, 2048, 2:41 p.m. |
Score | 26/62 |
Report | https://www.virustotal.com/gui/file/8a6889610a18296e812fabd0a4ceb8b75caadc5cec1b39e8173c3e0093fd3a57/detection |
Provided by VirusTotal
Threat name: boogr | Identified 3 times |
Threat name: sova | Identified 3 times |
Threat name: artemis | Identified 2 times |
Information computed with MobSF.
FCS_RBG_EXT.1.1 | The application use no DRBG functionality for its cryptographic operations. Random Bit Generation Services |
FCS_STO_EXT.1.1 | The application does not store any credentials to non-volatile memory. Storage of Credentials |
FCS_CKM_EXT.1.1 | The application generate no asymmetric cryptographic keys. Cryptographic Key Generation Services |
FDP_DEC_EXT.1.1 | The application has access to ['network connectivity', 'microphone']. Access to Platform Resources |
FDP_DEC_EXT.1.2 | The application has access to ['address book']. Access to Platform Resources |
FDP_NET_EXT.1.1 | The application has user/application initiated network communications. Network Communications |
FDP_DAR_EXT.1.1 | The application does not encrypt files in non-volatile memory. Encryption Of Sensitive Application Data |
FMT_MEC_EXT.1.1 | The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options. Supported Configuration Mechanism |
FTP_DIT_EXT.1.1 | The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product. Protection of Data in Transit |
FCS_HTTPS_EXT.1.2 | The application implement HTTPS using TLS. HTTPS Protocol |
FCS_HTTPS_EXT.1.3 | The application notify the user and not establish the connection or request application authorization to establish the connection if the peer certificate is deemed invalid. HTTPS Protocol |
FIA_X509_EXT.2.1 | The application use X.509v3 certificates as defined by RFC 5280 to support authentication for HTTPS , TLS. X.509 Certificate Authentication |
Information computed with MobSF.
Map computed by Pithus.
Information computed with MobSF.
US | api.ipify.org | 54.235.247.117 | ||
US | google.com | 142.250.181.238 | ||
GB | api.telegram.org | 149.154.167.220 |
Information computed with MobSF.
https://api.telegram.org http://google.com/ Defined in g/a/a/i/b/c.java |
|
https://api.telegram.org http://google.com/ Defined in g/a/a/i/b/c.java |
|
https://api.ipify.org Defined in g/a/a/o/a.java |
Information computed with MobSF.
Information computed with Quark-Engine.
Confidence:
|
Append the sender's address to the string |
Confidence:
|
Load external class |
Confidence:
|
Implicit intent(view a web page, make a phone call, etc.) |
Confidence:
|
Query the list of the installed packages |
Confidence:
|
Find a method from given class name, usually for reflection |
Confidence:
|
Method reflection |
Confidence:
|
Get declared method from given method name |
Confidence:
|
Read sensitive data(SMS, CALLLOG, etc) |
Confidence:
|
Send notification |
Confidence:
|
Monitor the broadcast action events (BOOT_COMPLETED) |
Confidence:
|
Create a socket connection to the proxy address |
Confidence:
|
Create a secure socket connection to the proxy address |
Confidence:
|
Method reflection |
Confidence:
|
Query the phone number |
Confidence:
|
Initialize class object dynamically |
Confidence:
|
Create a socket connection to the given host address |
Confidence:
|
Create a secure socket connection to the given host address |
Confidence:
|
Get absolute path of the file and store in string |
Confidence:
|
Get calendar information |
Confidence:
|
Get resource file from res/raw directory |
Information computed with MobSF.
Information computed by Pithus.