Clicky

Sunday, January 19, 2014

Android FakeMarket - Google Play


Research: TGSoft 13/01/2014 18.49.39 - How safe is really Google Play Store?
Research: Android FakeMarket analysis by AndroTotal

Still available on Google Play
https://play.google.com/store/apps/details?id=com.bktballelite.com

Sample credit: Paolo Rovelli




Download. Email me if you need the password





Mobile Sandbox report

Sample SHA256:4bde46accfeb2c85fe75c6dd57bba898fbb3316f7c4be788bc18676451b54561
Sample MD5:5124795a3537f2f06abb021d14a74402
Sample ssdeep:24576:ZBPPLQSltmJScer9kSF1m+0eFySOqjh94OEhjjzsryuTr0t+Ze:jLQSltmJSck9fFfOqdOjvsxr0t+Ze
Start of Analysis:Jan. 19, 2014, 7:16 p.m.
End of Analysis:Jan. 19, 2014, 7:16 p.m.
Used Features:android.hardware.touchscreen
Requested Permissions from Android Manifest:android.permission.INTERNET
android.permission.WAKE_LOCK
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_NETWORK_STATE
android.permission.RECEIVE_BOOT_COMPLETED
Used Permissions:android.permission.READ_CONTACTS
android.permission.ACCESS_NETWORK_STATE
android.permission.INTERNET
android.permission.WAKE_LOCK
Responsible API calls for used Permissions:android/content/Context;->startActivity
android/content/ContentResolver;->openInputStream
android/net/ConnectivityManager;->getActiveNetworkInfo
android/webkit/WebView
android/os/PowerManager$WakeLock;->acquire
Used Intents:android.intent.action.BOOT_COMPLETED
android.intent.action.MAIN
android.intent.category.LAUNCHER
Used Activities:.girisislemleri
com.bktballelite.com.girisislemleri
Potentially dangerous Calls:getSystemService
Read/Write External Storage
HttpPost
printStackTrace
getPackageInfo
Obfuscation(Base64)
Used Services and Receiver:ZamanServisi
com.bktballelite.com.BootCompleted
Used Providers:
Used Networks:
Found URLs:http://www.fethullahhocam.com/advertising.php
http://www.mobilefilmizle.com/ipzaman.php
http://www.google.it/intl/it
http://www.google.com/bot.html)
http://www.google.it/?hl=it
http://unknown/
http://www.w3.org/2005/Atom
http://www.google-analytics.com/collect
https://ssl.google-analytics.com/collect

Virustotal
https://www.virustotal.com/en-gb/file/4bde46accfeb2c85fe75c6dd57bba898fbb3316f7c4be788bc18676451b54561/analysis/1390155532/

SHA256: 4bde46accfeb2c85fe75c6dd57bba898fbb3316f7c4be788bc18676451b54561
File name: vti-rescan
Detection ratio: 5 / 42
Analysis date: 2014-01-19 18:18:52 UTC ( 1 minute ago )

Antivirus Result Update
Ikarus Trojan.AndroidOS.FakeGooglePlay 20140119
McAfee Artemis!5124795A3537 20140119
McAfee-GW-Edition Artemis!5124795A3537 20140119
Sophos Andr/Axent-V 20140119
TrendMicro-HouseCall TROJ_GEN.F47V0115

No comments:

Post a Comment