General

  • Target

    10289161936.zip

  • Size

    1.5MB

  • Sample

    230503-c5mvzadd84

  • MD5

    be73cf0b98812556cf38d9a6db19d729

  • SHA1

    9c4d71dd7c8999d1c1df8e5dcae8303030fb18e6

  • SHA256

    9183a0a6ef26af59f213ae5383b5b0381627199ec327d9492197a01defefcd7b

  • SHA512

    3ae47cfc51a2ac5559ea31e404718790c018cbe0a7bf6c28f079fb02c6732ca109c7d7a7129795a8b27210cb1c893032c686100a3db995359cbbde82771359ad

  • SSDEEP

    24576:w3KJaD2ff5dIR3u72Xy5bIcWROtgIJk8hZ5y1Z1n05wdZKqRSK+UsF:pJaD25V72AGE+Ok8mZ1NKMiF

Malware Config

Extracted

Family

spynote

C2

134.122.166.235:6677

Targets

    • Target

      2a6c38a7d59a153679b9d66a9eb92a64b0d93dea6ab2b6a84c6aeeead8a7e35d

    • Size

      12.8MB

    • MD5

      fa0b01bd3c1762869964af9254796b6e

    • SHA1

      e3b3159d13a5c8b3035d0b1f2cb6ab6128b29080

    • SHA256

      2a6c38a7d59a153679b9d66a9eb92a64b0d93dea6ab2b6a84c6aeeead8a7e35d

    • SHA512

      8bc97e43bcd753339c534aed8484b28713056ccea02bcd45c02d3281eaf00ef1a1ebeadcbb87a646db21173b5d9886d56c040af8200d2391be8f409896d5ee3a

    • SSDEEP

      24576:1Y/LFV3ovkaeziHonAZqA+Msr3NH4U8Vt3rDQvVAsL9bXTSC8WC+AcK:1Y/pV4vkaeGHowEMANHqV92VxBXTSaAr

    Score
    8/10
    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Removes a system notification.

MITRE ATT&CK Matrix

Tasks