General

  • Target

    10079668763.zip

  • Size

    944KB

  • Sample

    230414-nkhw3ahf38

  • MD5

    5e3e0219a76a288424991b20da919ff5

  • SHA1

    119cb57c398a43587c39ed498f8a45a4318d168d

  • SHA256

    70e9346a295aad242f4b09620883c18289fe9c4253a3da7bdefe75b581bc6a42

  • SHA512

    733d64fab91a09d7924ffa109c0682f90642ecbb365aa35b8fc3344c5817b233b65d68df400335bb927af46ddfbc2172d7a3ef7aeba17900d7d462c5e73b7cdc

  • SSDEEP

    24576:qtlaRg1T6imp+1DGMhiTsi5OwD366+dIXO5:xWYQ1iai5Zfxi

Malware Config

Extracted

Family

spynote

C2

134.122.166.235:6677

Targets

    • Target

      877271571d91114dcbdf58633fb852ea6ad7f030a662298dea0cf7d5b576206b

    • Size

      12.2MB

    • MD5

      6f4800dcb7ed26ebbe5d25e56451ad6d

    • SHA1

      8d966aa833aed1e1d68078910a0aa9bf9d3bc89c

    • SHA256

      877271571d91114dcbdf58633fb852ea6ad7f030a662298dea0cf7d5b576206b

    • SHA512

      1c6ee38518ca906e511fff433ae2ad87819d3340536f5daaa3ae415079a5bcd6aa519beaa4775ca6197f9d33fc082f8a0f3733812b7026ea06c7650048d8ac5a

    • SSDEEP

      24576:1us+dGTAUuuV5sjtdaOMdRwTPQKrzfgb4ZhplPrnZ:1us+dGzRVOCIQKPs4LrZ

    Score
    8/10
    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Removes a system notification.

MITRE ATT&CK Matrix

Tasks