No Permissions Requested 1 INTERNET Allows applications to open networ 2 READ_PHONE_STATE Allows read only access to phone s 3 ACCESS_NETWORK_STATE Allows applications to access inform 4 WRITE_EXTERNAL_STORAGE Allows an application to write to ex 5 ACCESS_WIFI_STATE Allows applications to access inform 6 READ_SMS Allows an application to read SMS m 7 RECEIVE_BOOT_COMPLETED Allows an application to receive the 8 SEND_SMS Allows an application to send SMS 9 RECEIVE_SMS Allows an application to receive SM 10 ACCESS_COARSE_LOCATION Allows an app to access approxima 11 READ_CONTACTS Allows an application to read the u 12 ACCESS_FINE_LOCATION Allows an app to access precise loc 13 WAKE_LOCK Allows using PowerManager WakeL 14 CALL_PHONE Allows an application to initiate a p 15 CHANGE_WIFI_STATE Allows applications to change Wi-F 16 WRITE_CONTACTS Allows an application to write the u 17 WRITE_APN_SETTING Allows applications to write the apn No API Calls 1 getSimSerialNumber() P 2 getSubscriberId() P 3 getLine1Number() P 4 getCellLocation() P 5 getNetworkOperator() P 6 httpclient.execute() N 7 getOutputStream() N 8 getInputStream() N 9 getNetworkInfo() N 10 HttpURLConnection.connect() N 11 openStream() N 12 setDataAndType() N 13 setRequestMethod() N 14 sendTextMessage() SMS 15 sendDataMessage() SMS 16 getWifiState() Wifi 17 getWifiEnabled() Wifi 18 startService() O 19 Runtime.exec() Command 20 getInstance() Cipher No Behaviour / System Call 1 clone 2 execve
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
No Permissions Requested1 INTERNET Allows applications to open network sockets2 READ_PHONE_STATE Allows read only access to phone state3 ACCESS_NETWORK_STATE Allows applications to access information about networks4 WRITE_EXTERNAL_STORAGE Allows an application to write to external storage5 ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi networks6 READ_SMS Allows an application to read SMS messages7 RECEIVE_BOOT_COMPLETED Allows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting8 SEND_SMS Allows an application to send SMS messages9 RECEIVE_SMS Allows an application to receive SMS messages
10 ACCESS_COARSE_LOCATION Allows an app to access approximate location11 READ_CONTACTS Allows an application to read the user's contacts data12 ACCESS_FINE_LOCATION Allows an app to access precise location13 WAKE_LOCK Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming14 CALL_PHONE Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call15 CHANGE_WIFI_STATE Allows applications to change Wi-Fi connectivity state16 WRITE_CONTACTS Allows an application to write the user's contacts data17 WRITE_APN_SETTING Allows applications to write the apn settings
No API Calls1 getSimSerialNumber() P2 getSubscriberId() P3 getLine1Number() P4 getCellLocation() P5 getNetworkOperator() P6 httpclient.execute() N7 getOutputStream() N8 getInputStream() N9 getNetworkInfo() N
Allows applications to open network socketsAllows read only access to phone stateAllows applications to access information about networksAllows an application to write to external storageAllows applications to access information about Wi-Fi networksAllows an application to read SMS messagesAllows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the system finishes bootingAllows an application to send SMS messagesAllows an application to receive SMS messagesAllows an app to access approximate locationAllows an application to read the user's contacts dataAllows an app to access precise locationAllows using PowerManager WakeLocks to keep processor from sleeping or screen from dimmingAllows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the callAllows applications to change Wi-Fi connectivity stateAllows an application to write the user's contacts dataAllows applications to write the apn settings
Allows applications to open network socketsAllows read only access to phone stateAllows applications to access information about networksAllows an application to write to external storageAllows applications to access information about Wi-Fi networksAllows an application to read SMS messagesAllows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the system finishes bootingAllows an application to send SMS messagesAllows an application to receive SMS messagesAllows an app to access approximate locationAllows an application to read the user's contacts dataAllows an app to access precise locationAllows using PowerManager WakeLocks to keep processor from sleeping or screen from dimmingAllows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the callAllows applications to change Wi-Fi connectivity stateAllows an application to write the user's contacts dataAllows applications to write the apn settings
Payload is defined as a destructive mechanism which is carry by the malware in it designed source code. As for this botnet research, payload is defined as a destructive mechanism, which can be done via four destructive mechanisms and caused loss of confidential information and caused damage to the victim’s. There are unauthorized SMS, command and control (C & C), confidential and private information leakage and backdoor installation. The payload was gathered from source code of malware file during static analysis.