General

  • Target

    Sing-travel-1.3.apk

  • Size

    12.3MB

  • Sample

    230403-m7jansfg2y

  • MD5

    8000776495377ad73a91c5c0b7bbe800

  • SHA1

    d46b37b660a1793e4a9c6900b41f3fe0846a3268

  • SHA256

    a4f2f6be49e54d824af882b3c20d81a878db0527e09f697adca4d33d145e7ef9

  • SHA512

    92191a04ebb2cd40f8a9f74f241e1b64edf74263c7eb17b755e7cc56f39940bba77fc8ee4029b44766a29e75e2468c75fc39acbbf85a24eba8c00557a873ebf0

  • SSDEEP

    24576:rleAaqt/J2fCZnAJdJynXltf63Ues77gxP6BkNyEyft391/3ra:Z5/6YuyTf6E46yNxyft3T3+

Malware Config

Extracted

Family

spynote

C2

134.122.166.235:6677

Targets

    • Target

      Sing-travel-1.3.apk

    • Size

      12.3MB

    • MD5

      8000776495377ad73a91c5c0b7bbe800

    • SHA1

      d46b37b660a1793e4a9c6900b41f3fe0846a3268

    • SHA256

      a4f2f6be49e54d824af882b3c20d81a878db0527e09f697adca4d33d145e7ef9

    • SHA512

      92191a04ebb2cd40f8a9f74f241e1b64edf74263c7eb17b755e7cc56f39940bba77fc8ee4029b44766a29e75e2468c75fc39acbbf85a24eba8c00557a873ebf0

    • SSDEEP

      24576:rleAaqt/J2fCZnAJdJynXltf63Ues77gxP6BkNyEyft391/3ra:Z5/6YuyTf6E46yNxyft3T3+

    Score
    8/10
    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Removes a system notification.

MITRE ATT&CK Matrix

Tasks