spynote | f01ab033ea66ca873eac16a16209758b[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

f01ab033ea66ca873eac16a16209758b.bin
Size

1.0MB
MD5

94d180bf2c3f2caa6a925abc4b3994d3
SHA1

a8fc6be6cb28efa3882895cf773a02d45f94dbd7
SHA256

2359d378e55c247bd921b8711e6d9db3caa5446e2e199afc73d8383b8ae61ead
SHA512

7f792e4c01700673df752ed451a47350f1333dfccb6600b3d50b62cec7c44e0407bb65fa6495c6d41db88d28364a7352929e36ceab87111fa4017451a5070514
SSDEEP

24576:Hmi+ll6rGfPVD4fEEYcuSR0jIn8nIMHFQqJO9JO4d7VIC6tqlkh:GJ6KVWVnuHISqquw4dRI14kh

Score

10^/10

spynote

Malware Config

Extracted

Family

spynote

45.76.52.179:7771

Signatures

Spynote family
spynote

Requests dangerous framework permissions 14 IoCs

description	ioc
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether.	android.permission.PROCESS_OUTGOING_CALLS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to read the user's call log.	android.permission.READ_CALL_LOG
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE

Files

f01ab033ea66ca873eac16a16209758b.bin
.zip

Password: infected
841271e95e9ac8e2f246043a55d3b4470e8c54f652a6a92e2cc962db5716fca8.apk
.apk android

steering.ru.gps

steering.ru.乃سᵢיˏᴵغᵎ杰ʾٴˈᵔٴلˏﹶᴵ弗ʾᵎˏ西ىˎـיˋفˋ工ٴˋˎˋʾʾᵎʼ丹ˏ匕ᵢち诶ˏ艾ʾʼق2.ᴵムˈʼ吉نˎˈىف丹匕ʾʾ尺ع工ˎʾˆˑᵢᵢʿ下ˏ西تٴʿلיᐧ西ᵔـㄥᴵˋיˏⁱﹳلˑﹶسיㄚ杰20

Activities

steering.ru.乃سᵢיˏᴵغᵎ杰ʾٴˈᵔٴلˏﹶᴵ弗ʾᵎˏ西ىˎـיˋفˋ工ٴˋˎˋʾʾᵎʼ丹ˏ匕ᵢち诶ˏ艾ʾʼق2.ᴵムˈʼ吉نˎˈىف丹匕ʾʾ尺ع工ˎʾˆˑᵢᵢʿ下ˏ西تٴʿلיᐧ西ᵔـㄥᴵˋיˏⁱﹳلˑﹶسיㄚ杰20

android.intent.action.VIEW

steering.ru.乃سᵢיˏᴵغᵎ杰ʾٴˈᵔٴلˏﹶᴵ弗ʾᵎˏ西ىˎـיˋفˋ工ٴˋˎˋʾʾᵎʼ丹ˏ匕ᵢち诶ˏ艾ʾʼق2.娜诶ｊاˏˎˆʿᵎᵢʿ乃ᐧـخʿˋちاˏا娜尺吉ﹶ工ㄚ卄ˑᵢˑس匕ـ尺下诶سˈʾلᵎﹳٴعˏᵢا下ᐧ14_CA

xyz

Permissions

android.permission.SEND_SMS
android.permission.PROCESS_OUTGOING_CALLS
android.permission.SET_WALLPAPER
android.permission.READ_SMS
android.permission.READ_CALL_LOG
android.permission.READ_CONTACTS
android.permission.GET_ACCOUNTS
android.permission.CAMERA
android.permission.RECORD_AUDIO
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.CALL_PHONE
android.permission.DISABLE_KEYGUARD
android.permission.FOREGROUND_SERVICE
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.INTERNET
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_PHONE_STATE
android.permission.WAKE_LOCK
com.android.alarm.permission.SET_ALARM
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
com.android.launcher.permission.INSTALL_SHORTCUT
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.REQUEST_DELETE_PACKAGES
android.permission.USE_FULL_SCREEN_INTENT

Receivers

steering.ru.ـ丹ـʼˋ尺ˈיᵔˏˎᵢʾモᵎʾˏˊᵔʻـʼ匕ʾ哦ٴʽ诶ʽسʼˈᵎˈʾـ尺عﾞᴵˑʽ∪ˎʼيᴵعㄥˋ5.SensorRestarterBroadcastReceiver

RestartSensor

steering.ru.ـ丹ـʼˋ尺ˈיᵔˏˎᵢʾモᵎʾˏˊᵔʻـʼ匕ʾ哦ٴʽ诶ʽسʼˈᵎˈʾـ尺عﾞᴵˑʽ∪ˎʼيᴵعㄥˋ5.∪ʾ吉丹ˎ乃قᴵˎˎ杰ᵎ丹ʾ尺下ىʻٴﾞʼع下لﹶˈʻﹶˉיʻʾⁱᵔ艾匕ᵎىʾغٴ工ᵢسˏˎיʿれل7

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
android.intent.action.USER_PRESENT
android.intent.action.LOCKED_BOOT_COMPLETED

steering.ru.ـ丹ـʼˋ尺ˈיᵔˏˎᵢʾモᵎʾˏˊᵔʻـʼ匕ʾ哦ٴʽ诶ʽسʼˈᵎˈʾـ尺عﾞᴵˑʽ∪ˎʼيᴵعㄥˋ5.娜诶ｊاˏˎˆʿᵎᵢʿ乃ᐧـخʿˋちاˏا娜尺吉ﹶ工ㄚ卄ˑᵢˑس匕ـ尺下诶سˈʾلᵎﹳٴعˏᵢا下ᐧ14_RC

android.intent.action.PACKAGE_INSTALL
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED
android.intent.action.PACKAGE_CHANGED

steering.ru.ـ丹ـʼˋ尺ˈיᵔˏˎᵢʾモᵎʾˏˊᵔʻـʼ匕ʾ哦ٴʽ诶ʽسʼˈᵎˈʾـ尺عﾞᴵˑʽ∪ˎʼيᴵعㄥˋ5.∪ʾ吉丹ˎ乃قᴵˎˎ杰ᵎ丹ʾ尺下ىʻٴﾞʼع下لﹶˈʻﹶˉיʻʾⁱᵔ艾匕ᵎىʾغٴ工ᵢسˏˎיʿれل74

android.intent.action.SCREEN_ON
android.intent.action.SCREEN_OFF
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.Intent.ACTION_USER_PRESENT
android.intent.action.USER_PRESENT

steering.ru.乃سᵢיˏᴵغᵎ杰ʾٴˈᵔٴلˏﹶᴵ弗ʾᵎˏ西ىˎـיˋفˋ工ٴˋˎˋʾʾᵎʼ丹ˏ匕ᵢち诶ˏ艾ʾʼق2.ٴちʿיٴنسᵔムʾムقʻ匕尺艾ʻʻʾ娜لᵢــˈﹳʽⁱᵎʼˎᴵˎᵎˎﹶˎᵢˎˏᵎٴىʿ下ˈˋٴﹶٴ33

android.intent.action.PHONE_STATE
android.intent.action.NEW_OUTGOING_CALL

steering.ru.ـ丹ـʼˋ尺ˈיᵔˏˎᵢʾモᵎʾˏˊᵔʻـʼ匕ʾ哦ٴʽ诶ʽسʼˈᵎˈʾـ尺عﾞᴵˑʽ∪ˎʼيᴵعㄥˋ5.∪ʾ吉丹ˎ乃قᴵˎˎ杰ᵎ丹ʾ尺下ىʻٴﾞʼع下لﹶˈʻﹶˉיʻʾⁱᵔ艾匕ᵎىʾغٴ工ᵢسˏˎיʿれل7_AR

android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.ACTION_PASSWORD_CHANGED
android.app.action.ACTION_PASSWORD_FAILED
android.app.action.ACTION_PASSWORD_SUCCEEDED

Services

steering.ru.ʿٴﾞˎعʽ娜ᵎʻ工ʿˈﹳᵢʼىʿʼ∪ʿʽا哦れٴᐧʻ哦ق匕ʾ西י伊ᵢᵢ艾ᵢتـﹶﹶفᵢˎ西ˑˈʾف3.∪ʾ吉丹ˎ乃قᴵˎˎ杰ᵎ丹ʾ尺下ىʻٴﾞʼع下لﹶˈʻﹶˉיʻʾⁱᵔ艾匕ᵎىʾغٴ工ᵢسˏˎיʿれل72

android.accessibilityservice.AccessibilityService

steering.ru.ʿٴﾞˎعʽ娜ᵎʻ工ʿˈﹳᵢʼىʿʼ∪ʿʽا哦れٴᐧʻ哦ق匕ʾ西י伊ᵢᵢ艾ᵢتـﹶﹶفᵢˎ西ˑˈʾف3.SimpleIME

android.view.InputMethod

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

steering.ru.gps

steering.ru.乃سᵢיˏᴵغᵎ杰ʾٴˈᵔٴلˏﹶᴵ弗ʾᵎˏ西ىˎـיˋفˋ工ٴˋˎˋʾʾᵎʼ丹ˏ匕ᵢち诶ˏ艾ʾʼق2.ᴵムˈʼ吉نˎˈىف丹匕ʾʾ尺ع工ˎʾˆˑᵢᵢʿ下ˏ西تٴʿلיᐧ西ᵔـㄥᴵˋיˏⁱﹳلˑﹶسיㄚ杰20

Activities

steering.ru.乃سᵢיˏᴵغᵎ杰ʾٴˈᵔٴلˏﹶᴵ弗ʾᵎˏ西ىˎـיˋفˋ工ٴˋˎˋʾʾᵎʼ丹ˏ匕ᵢち诶ˏ艾ʾʼق2.ᴵムˈʼ吉نˎˈىف丹匕ʾʾ尺ع工ˎʾˆˑᵢᵢʿ下ˏ西تٴʿلיᐧ西ᵔـㄥᴵˋיˏⁱﹳلˑﹶسיㄚ杰20

steering.ru.乃سᵢיˏᴵغᵎ杰ʾٴˈᵔٴلˏﹶᴵ弗ʾᵎˏ西ىˎـיˋفˋ工ٴˋˎˋʾʾᵎʼ丹ˏ匕ᵢち诶ˏ艾ʾʼق2.娜诶ｊاˏˎˆʿᵎᵢʿ乃ᐧـخʿˋちاˏا娜尺吉ﹶ工ㄚ卄ˑᵢˑس匕ـ尺下诶سˈʾلᵎﹳٴعˏᵢا下ᐧ14_CA

Permissions

Receivers

steering.ru.ـ丹ـʼˋ尺ˈיᵔˏˎᵢʾモᵎʾˏˊᵔʻـʼ匕ʾ哦ٴʽ诶ʽسʼˈᵎˈʾـ尺عﾞᴵˑʽ∪ˎʼيᴵعㄥˋ5.SensorRestarterBroadcastReceiver

steering.ru.ـ丹ـʼˋ尺ˈיᵔˏˎᵢʾモᵎʾˏˊᵔʻـʼ匕ʾ哦ٴʽ诶ʽسʼˈᵎˈʾـ尺عﾞᴵˑʽ∪ˎʼيᴵعㄥˋ5.∪ʾ吉丹ˎ乃قᴵˎˎ杰ᵎ丹ʾ尺下ىʻٴﾞʼع下لﹶˈʻﹶˉיʻʾⁱᵔ艾匕ᵎىʾغٴ工ᵢسˏˎיʿれل7

steering.ru.ـ丹ـʼˋ尺ˈיᵔˏˎᵢʾモᵎʾˏˊᵔʻـʼ匕ʾ哦ٴʽ诶ʽسʼˈᵎˈʾـ尺عﾞᴵˑʽ∪ˎʼيᴵعㄥˋ5.娜诶ｊاˏˎˆʿᵎᵢʿ乃ᐧـخʿˋちاˏا娜尺吉ﹶ工ㄚ卄ˑᵢˑس匕ـ尺下诶سˈʾلᵎﹳٴعˏᵢا下ᐧ14_RC

steering.ru.ـ丹ـʼˋ尺ˈיᵔˏˎᵢʾモᵎʾˏˊᵔʻـʼ匕ʾ哦ٴʽ诶ʽسʼˈᵎˈʾـ尺عﾞᴵˑʽ∪ˎʼيᴵعㄥˋ5.∪ʾ吉丹ˎ乃قᴵˎˎ杰ᵎ丹ʾ尺下ىʻٴﾞʼع下لﹶˈʻﹶˉיʻʾⁱᵔ艾匕ᵎىʾغٴ工ᵢسˏˎיʿれل74

steering.ru.乃سᵢיˏᴵغᵎ杰ʾٴˈᵔٴلˏﹶᴵ弗ʾᵎˏ西ىˎـיˋفˋ工ٴˋˎˋʾʾᵎʼ丹ˏ匕ᵢち诶ˏ艾ʾʼق2.ٴちʿיٴنسᵔムʾムقʻ匕尺艾ʻʻʾ娜لᵢــˈﹳʽⁱᵎʼˎᴵˎᵎˎﹶˎᵢˎˏᵎٴىʿ下ˈˋٴﹶٴ33

steering.ru.ـ丹ـʼˋ尺ˈיᵔˏˎᵢʾモᵎʾˏˊᵔʻـʼ匕ʾ哦ٴʽ诶ʽسʼˈᵎˈʾـ尺عﾞᴵˑʽ∪ˎʼيᴵعㄥˋ5.∪ʾ吉丹ˎ乃قᴵˎˎ杰ᵎ丹ʾ尺下ىʻٴﾞʼع下لﹶˈʻﹶˉיʻʾⁱᵔ艾匕ᵎىʾغٴ工ᵢسˏˎיʿれل7_AR

Services

steering.ru.ʿٴﾞˎعʽ娜ᵎʻ工ʿˈﹳᵢʼىʿʼ∪ʿʽا哦れٴᐧʻ哦ق匕ʾ西י伊ᵢᵢ艾ᵢتـﹶﹶفᵢˎ西ˑˈʾف3.∪ʾ吉丹ˎ乃قᴵˎˎ杰ᵎ丹ʾ尺下ىʻٴﾞʼع下لﹶˈʻﹶˉיʻʾⁱᵔ艾匕ᵎىʾغٴ工ᵢسˏˎיʿれل72

steering.ru.ʿٴﾞˎعʽ娜ᵎʻ工ʿˈﹳᵢʼىʿʼ∪ʿʽا哦れٴᐧʻ哦ق匕ʾ西י伊ᵢᵢ艾ᵢتـﹶﹶفᵢˎ西ˑˈʾف3.SimpleIME