General

  • Target

    facebook One Security (1).apk

  • Size

    32.1MB

  • Sample

    230504-2abxnahc8s

  • MD5

    7546e1ec5521c73d9109dc9dc7911b17

  • SHA1

    af66e41a54e84cd62ae9e736c090c142aca6e643

  • SHA256

    790e7d071d96fbe841cd85ae1e57cc82271ccb4e62533d8cd922631dec7788b6

  • SHA512

    27a68a42babbdd95a1f150c73ba265aeeaee9e3471c0677f6a4143e859884c38c4a6aeec24ba3af2d032cc5bdcb71ac2d9267581613bb558e6e73d4773499d54

  • SSDEEP

    786432:VjWdJK3l7uNH7OoimOEzoqaSL8JWI+PSveHPT:V6dJXOoTOU+SMWI+PSqT

Malware Config

Extracted

Family

spynote

C2

microsoft2020.ddns.net:8080

Targets

    • Target

      facebook One Security (1).apk

    • Size

      32.1MB

    • MD5

      7546e1ec5521c73d9109dc9dc7911b17

    • SHA1

      af66e41a54e84cd62ae9e736c090c142aca6e643

    • SHA256

      790e7d071d96fbe841cd85ae1e57cc82271ccb4e62533d8cd922631dec7788b6

    • SHA512

      27a68a42babbdd95a1f150c73ba265aeeaee9e3471c0677f6a4143e859884c38c4a6aeec24ba3af2d032cc5bdcb71ac2d9267581613bb558e6e73d4773499d54

    • SSDEEP

      786432:VjWdJK3l7uNH7OoimOEzoqaSL8JWI+PSveHPT:V6dJXOoTOU+SMWI+PSqT

    Score
    7/10
    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks