Resubmissions

02-05-2023 13:12

230502-qfls9sda5t 10

02-05-2023 13:09

230502-qdy1tada4x 10

02-05-2023 02:30

230502-czbwhsbc8s 10

Analysis

  • max time kernel
    3700910s
  • max time network
    158s
  • platform
    android_x86
  • resource
    android-x86-arm-20220823-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
  • submitted
    02-05-2023 13:09

General

  • Target

    1.apk

  • Size

    1.6MB

  • MD5

    ed9755072b50a930ed10c4b38509ab37

  • SHA1

    a8a244dd01e61b50c6c1d7242ac0410cc6bcf8d0

  • SHA256

    e10ea8a16251b4aa3d0cb471470450b856897bc064e49932d7bb5bc17fe6007b

  • SHA512

    f74e6c32f7c77df6f930eba9812c23f8a0ff249d515e106719dbf043c5f7190e2d57d15b2995b5f3391d66f5ce80c43d58b76d655ddcb4cdc746d9731de1949e

  • SSDEEP

    24576:TCqcDFysHAfjUIertXlgCZbphIkF49LzynEkmTDMWqIKYGaDnG5ZS9:TVcDFgSVZbLIy4pzyneeDgn4Za

Malware Config

Signatures

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

  • Spynote payload 1 IoCs
  • Requests dangerous framework permissions 18 IoCs

Processes

  • com.eset.ems2.gp
    1⤵
      PID:4109
      • su
        2⤵
          PID:4158

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/user/0/com.eset.ems2.gp/files/config2023-05-02.log

        Filesize

        189B

        MD5

        9b6147cb6b3416dbf587a2bdadb4366f

        SHA1

        aee5b41f6d35c77667a1f6ea0db713ccbba5ebe3

        SHA256

        a49230fcc206afcc47e08feca98ad70e220e298ce9ebce315f9b4c496131f2f4

        SHA512

        d468d10191b3ace590358e2426c07b59ab9ca6c31499ae2e7c38171b9b88569a6aecb8427d7471a09a7b600646c4ff8c4170dbcea5bcc8f96490eaf6421c95ad

      • /storage/emulated/0/Calculadora/base.apk

        Filesize

        789KB

        MD5

        185ca9f19122c0e354f04a05cecfec1d

        SHA1

        64b5a8f14c771ad5ca98338ab415ffb210813f80

        SHA256

        204cfed93f23188a17306e98ca7fabcf1a0be6139328a524c7fa53bf57469708

        SHA512

        54227e2fb8b9739c76c521cd2196d71ce8deff08b7ded324c553cbe413377925c0a5aeb2b800062da38a73f3b0569c4655e778ee9a6ca499aad32348da991c3c