Analysis

  • max time kernel
    3639476s
  • max time network
    13s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220823-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
  • submitted
    01-05-2023 20:06

General

  • Target

    1.apk

  • Size

    1.6MB

  • MD5

    ed9755072b50a930ed10c4b38509ab37

  • SHA1

    a8a244dd01e61b50c6c1d7242ac0410cc6bcf8d0

  • SHA256

    e10ea8a16251b4aa3d0cb471470450b856897bc064e49932d7bb5bc17fe6007b

  • SHA512

    f74e6c32f7c77df6f930eba9812c23f8a0ff249d515e106719dbf043c5f7190e2d57d15b2995b5f3391d66f5ce80c43d58b76d655ddcb4cdc746d9731de1949e

  • SSDEEP

    24576:TCqcDFysHAfjUIertXlgCZbphIkF49LzynEkmTDMWqIKYGaDnG5ZS9:TVcDFgSVZbLIy4pzyneeDgn4Za

Malware Config

Signatures

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

  • Spynote payload 1 IoCs
  • Requests dangerous framework permissions 18 IoCs

Processes

  • com.eset.ems2.gp
    1⤵
      PID:4254

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /storage/emulated/0/Calculadora/base.apk

      Filesize

      789KB

      MD5

      185ca9f19122c0e354f04a05cecfec1d

      SHA1

      64b5a8f14c771ad5ca98338ab415ffb210813f80

      SHA256

      204cfed93f23188a17306e98ca7fabcf1a0be6139328a524c7fa53bf57469708

      SHA512

      54227e2fb8b9739c76c521cd2196d71ce8deff08b7ded324c553cbe413377925c0a5aeb2b800062da38a73f3b0569c4655e778ee9a6ca499aad32348da991c3c