Overview

overview

10

Static

static

10

841271e95e...a8.apk

android-9-x86

8

841271e95e...a8.apk

android-10-x64

7

841271e95e...a8.apk

android-11-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    f01ab033ea66ca873eac16a16209758b.bin

  • Size

    1.0MB

  • Sample

    230419-cvasnahe71

  • MD5

    94d180bf2c3f2caa6a925abc4b3994d3

  • SHA1

    a8fc6be6cb28efa3882895cf773a02d45f94dbd7

  • SHA256

    2359d378e55c247bd921b8711e6d9db3caa5446e2e199afc73d8383b8ae61ead

  • SHA512

    7f792e4c01700673df752ed451a47350f1333dfccb6600b3d50b62cec7c44e0407bb65fa6495c6d41db88d28364a7352929e36ceab87111fa4017451a5070514

  • SSDEEP

    24576:Hmi+ll6rGfPVD4fEEYcuSR0jIn8nIMHFQqJO9JO4d7VIC6tqlkh:GJ6KVWVnuHISqquw4dRI14kh

Score
10/10
spynoteandroidevasion

Malware Config

Extracted

Family

spynote

C2

45.76.52.179:7771

Targets

    • Target

      841271e95e9ac8e2f246043a55d3b4470e8c54f652a6a92e2cc962db5716fca8.apk

    • Size

      1.2MB

    • MD5

      f01ab033ea66ca873eac16a16209758b

    • SHA1

      c540a01133931ad7d46f8832d3993ccfa309969e

    • SHA256

      841271e95e9ac8e2f246043a55d3b4470e8c54f652a6a92e2cc962db5716fca8

    • SHA512

      893d703ee66e7b5f11601f90ccf3d972220ae94f9f6f9296aeb5c3a2abc746cc73dbfecadac27a6cb856f9d9d1f444da3870518607ab825ee0e056422ffdc94e

    • SSDEEP

      24576:49OFQ/ZDkvoyOf3VhTtrg21hqTYSwd1EbCZHIHfWBiU:496Q/ZQh6VhTtn7qcQcRBiU

    Score
    8/10
    evasion

    • Makes use of the framework's Accessibility service.

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Removes a system notification.

      evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks