Malware Analysis Report

2025-01-23 12:34

Sample ID 230512-gezt3aec4s
Target 2nr premium signed.apk
SHA256 4b218d945ca4da4a2501a5eb99ab925f668df060cdcd45a9fbe419c799a5d789
Tags
spynote
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4b218d945ca4da4a2501a5eb99ab925f668df060cdcd45a9fbe419c799a5d789

Threat Level: Known bad

The file 2nr premium signed.apk was found to be: Known bad.

Malicious Activity Summary

spynote

Spynote family

Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-05-12 05:43

Signatures

Spynote family

spynote

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-05-12 05:43

Reported

2023-05-12 05:44

Platform

android-x64-arm64-20220823-en

Max time kernel

243071s

Max time network

16s

Command Line

pl.rs.sip.softphone.newapp

Signatures

N/A

Processes

pl.rs.sip.softphone.newapp

Network

Country Destination Domain Proto
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 growth-pa.googleapis.com udp
NL 142.251.39.106:443 growth-pa.googleapis.com tcp
NL 172.217.168.234:443 growth-pa.googleapis.com tcp
NL 142.251.36.10:443 growth-pa.googleapis.com tcp
NL 142.250.179.202:443 growth-pa.googleapis.com tcp
DE 172.217.23.202:443 growth-pa.googleapis.com tcp
NL 142.250.179.138:443 growth-pa.googleapis.com tcp
NL 172.217.168.202:443 growth-pa.googleapis.com tcp
GB 216.58.208.106:443 growth-pa.googleapis.com tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
DE 172.217.23.202:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
NL 142.250.179.163:443 firebase-settings.crashlytics.com tcp
US 1.1.1.1:53 graph.facebook.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.251.39.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 crashlyticsreports-pa.googleapis.com udp
NL 142.250.179.195:443 crashlyticsreports-pa.googleapis.com tcp

Files

/data/user/0/pl.rs.sip.softphone.newapp/no_backup/com.google.android.gms.appid-no-backup

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/pl.rs.sip.softphone.newapp/databases/com.google.android.datatransport.events

MD5 11901db780ddf949aef807ab9506a672
SHA1 429a5f7235181d631d45e8bcda6b34216827d90d
SHA256 25d888e345c630de84303047c931312ae74d7568d1fc7b8da94eeea8f4a7e67b
SHA512 32ca4ae2364f7a6c7e39b954814f57e65116761b42808abd33acebd1d47a02d4b01adcfb148173e55602c6a6349548a2a5fcda4fcefc5886a0e16e0cadac43e8

/data/user/0/pl.rs.sip.softphone.newapp/databases/com.google.android.datatransport.events-journal

MD5 2d114e662c258addfdbf48a001db665e
SHA1 31d6294381c3b5682781299e275f56a0ab407f74
SHA256 b99fbcb652d945428b775cc154857a02e8fe19135989b45820ea1ea87ad2eee6
SHA512 a5d99cad0e6e8be2c066da7814a2c2b8898afc3e9a0596930c1948f824b472f036ba405463b77e6ff2bae39fe4ea9babbf173d325b9e16e6da0495efa7e72c4f

/data/user/0/pl.rs.sip.softphone.newapp/shared_prefs/com.google.firebase.messaging.xml

MD5 d6b32b6f7842c43a69d96e6bbc0f951e
SHA1 f09a77cc001d93e3386c5cd436a79ee29a46da6f
SHA256 5d262a249d4523aa6285643f3e7d110697e3aa653bf68909d3a56f4fad151a75
SHA512 e15f4e2d36a163ee62904a7d8e07ff792adde9992607f82b663df8047483283334eb2d7d6643aaca4395e11e9c1ffc51f8b3cad45b19922f31bdccdcd898ee56

/data/user/0/pl.rs.sip.softphone.newapp/files/generatefid.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/pl.rs.sip.softphone.newapp/files/PersistedInstallation4287622918362060932tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/pl.rs.sip.softphone.newapp/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MToxMDY2ODY4MzI1OTk4OmFuZHJvaWQ6MzVmZDdiYTFhMmExNDIyN2IzMzA3Zg.xml

MD5 2172aeb49c135816356fd9eeda34249a
SHA1 8b9809af0cb61b0efdaf3a6137c6919a28c8fa57
SHA256 82c0e9859bd163f761224d3ac2f33bc6aa11fc3fc83adb13dc54cdccf726be32
SHA512 573545a07a807cd29ddf81c90bb3236e3eccdabcd11792881eba439e0e53cff67c3a6862c73c59270aae4ac2b7ca390a7d802dd62f2f9544b5750f74904c8d28

/data/user/0/pl.rs.sip.softphone.newapp/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MToxMDY2ODY4MzI1OTk4OmFuZHJvaWQ6MzVmZDdiYTFhMmExNDIyN2IzMzA3Zg.xml

MD5 76125b2c68b52a3c0e1ccfea9217e494
SHA1 2904ba17d34a3d221a6ed1d522266d98808e4f67
SHA256 f8d862366f22a1d2bad67d92e0482717953d2bf60d6f1df4279856dc6fa52ad0
SHA512 6abe0b9c2cbd2caa0d7bdec66a4870f1d371eff38044d63015075de6898132377e44884c639df75b00d37812facd736c3cea89dc0ee6deb852b9a807989bf347

/data/user/0/pl.rs.sip.softphone.newapp/shared_prefs/com.google.firebase.crashlytics.xml

MD5 7e3b35bc5cd5a0e3e69be85a5755afb7
SHA1 27bdce7abfdb7030cb6cd3173d19d999306a771e
SHA256 651a28ab141e95cc6df2863041463d9d8de509bad479635d153ae6f04bc12834
SHA512 1a5eeaa96bd5f3af6ef0601a9848849cabf5b183df2cf90229055126deea20503d865ed0490d20636daa02d5367754aadf916d8d72af939a19948b57df0a11ab

/data/user/0/pl.rs.sip.softphone.newapp/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 250b4caeba60ddf53228405750ba66ca
SHA1 422ab714feb34e9f3b4f1cbe669887bcd581ddb1
SHA256 2478c97a377db9ce6a44977b4864a40af8b4f5e5c8f81892c424a608ddec911e
SHA512 373750c29942fef90281109b6025c398d0f4ac62b58a984a3651d09f8c016440bc40f6bd84fb6d40acf8e48a553d4c1d22e01a95c40a41567c079ba9a338afdb

/data/user/0/pl.rs.sip.softphone.newapp/files/.com.google.firebase.crashlytics.files.v2:pl.rs.sip.softphone.newapp/open-sessions/645DD22702BE00011139F81DF9466318/report

MD5 c9f3a7f5c0a2253da7c1d0834966910a
SHA1 0f796d5da09c3f1445d316923648851d1f085081
SHA256 22b0cfb9be0e345d694fa2615e0150010dc88830bb3840dca13c7341bf89dc95
SHA512 dae31aaf2ce62f829a9a0ef9ce3e822ed6d87d041509d388997ed1a00b8f96b373f759cc4527cd6c473cb1f212ff41e46013a0fa42d35f82e85d0137bcab560c

/data/user/0/pl.rs.sip.softphone.newapp/files/.com.google.firebase.crashlytics.files.v2:pl.rs.sip.softphone.newapp/open-sessions/645DD22702BE00011139F81DF9466318/start-time

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/pl.rs.sip.softphone.newapp/databases/google_app_measurement_local.db

MD5 8dfcfdcef5a9793fb83bda404ec3f42b
SHA1 dd02caf5757e9fdaf184ab299c45e4c92ab3ae4b
SHA256 a59674cc863d7e977b030c7047072dc4c6d5ada1257917574fe184d886042cd2
SHA512 e04d1892c052fc3766881d3f21e26961714e575766cb316bcada34cce49cf6e17eb26c3fbdee0038ed2c75da0a9cab99e0e3e78374be20ce2790cc0d0d9cd807

/data/user/0/pl.rs.sip.softphone.newapp/databases/google_app_measurement_local.db-journal

MD5 e54e06fb91f871a694236584eb11c934
SHA1 fc0c74d6ad30522b7670125dad4d2a917b734bd8
SHA256 de7d511ae6794d52c0431b34ffb9e9eea2cf7e439f5a2ff930a9783d915d7a20
SHA512 5cd618b737307f004eab197a4d1643feaa290bd0a344ff742967d775dda4e443b9829bdf7a37f286965e36f3f503245b5a899fcc812bf51ec57bf3e8eac3d734

/data/user/0/pl.rs.sip.softphone.newapp/files/.com.google.firebase.crashlytics.files.v2:pl.rs.sip.softphone.newapp/com.crashlytics.settings.json

MD5 79d61053d9054a2c721b58937d5a3d20
SHA1 28e21730159ad54948f584947a6bcd581be8d058
SHA256 3b8e9745fad3e154c2c4ed8d3295b043e6756e5c84deb29d80d1798fbda1b66b
SHA512 9ee0711a7f85fd20cef61090a8bc55c9a301ac77dca96fbf578c6ff22e749de3ef6ba6b134a1fdbac96b994f43cab18034df381f90ca2ca2fb8ae904baf392f5

/data/user/0/pl.rs.sip.softphone.newapp/files/.com.google.firebase.crashlytics.files.v2:pl.rs.sip.softphone.newapp/initialization_marker

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/pl.rs.sip.softphone.newapp/shared_prefs/com.facebook.sdk.appEventPreferences.xml

MD5 1784b05a4df03317869f17cdf848004f
SHA1 5f90134fd390275690577d62ff89bdd50b250967
SHA256 19c8ff69eb30aed3de72ffc53d6867572236371cc66f812fb3571da7c8ed129c
SHA512 350e8d46f3f424e065bfdf43e8f74bc92abdc18501a6e36c80b21f399c79c767c2b483d81444814defd17b11e2bf591b992aea770462cfad6584418f4dc4d3a4

/data/user/0/pl.rs.sip.softphone.newapp/shared_prefs/com.facebook.sdk.USER_SETTINGS.xml

MD5 34d145a1f9d7290f517f621b0e5635bd
SHA1 89108d6cae8d351c53efb5b70991fea2deaa8e64
SHA256 777b4dbcab9944d8855218bf93d3dad6bdb25c3666702a3f5ba8953f7752504e
SHA512 ac5ed49d296110fac3ab4ff1fe5ec3c2ed13fd15452a86ea95a3132e7625c63342703dcc29b9a84fe4c49617cd647b48efa51f0a43267eebf1f996da88ebbfcb

/data/user/0/pl.rs.sip.softphone.newapp/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 bd7417535555a65834f100edccc3e965
SHA1 4b38a6b62d3cbb8779cd86938bfb90f2ee810e2a
SHA256 e4393353e1e17bc1f05c62a068bfa04c29be330ac0411b58d81f2ee182fd60e5
SHA512 b1ae7005c3eef53cc6aee8480814d9357a604b7404537a39905964d7d3ce7b34c83e1c557a91345e37b79e825c4822d2c862c3127f73caab5122129381959deb

/data/user/0/pl.rs.sip.softphone.newapp/shared_prefs/com.facebook.sdk.appEventPreferences.xml

MD5 1e7cd00a950990cb115941bb1adf6f27
SHA1 7392a9c273f93898840a3d01300cca79012a321f
SHA256 36cc62208b9ebc696b64f64fbf3c816ed6997b1cd32841b7f6923311faaaa4f6
SHA512 9431a6e4b025886100794ba81bb6b1fc69539399a831f64fb10ee6684cf62580032d40610eef2f23fb21e78eb738d1b5ab3cee4122e4ecd64f8eaa87ece64a54

/data/user/0/pl.rs.sip.softphone.newapp/shared_prefs/com.google.firebase.crashlytics.xml

MD5 1e23c5a86e3ef2d917a2af8a725f8c5f
SHA1 a2e2a058198ebd35a1cd6cc571a4d63965953754
SHA256 df925a53cd02a3bfaaa02b83be4f010e2242d26d70a1373098c4bf0063560ab1
SHA512 506cec4a24ba11263af24f517e064d36084ae4ef7d77598ba2b0436e6101b6a6643925fc344d0a1d176b9140960191a4a2de073648e8160e7d5fea6bd35f5590

/data/user/0/pl.rs.sip.softphone.newapp/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 0671224103e96b18648a9575e3e37343
SHA1 2f1735ced8793a3ed03b9060fe72410e333af405
SHA256 580a57bb73fa6b7f09288b8d7a2fe0688c29e9f187770210ed821981c4e5a461
SHA512 bd29a7c3e7e8c212379d079bd73cd92091be759772bc1c20a63c8b7647c68a514baedf9d5ae028e7dd168032cc061807309302b14061e96d5f52325a42fd4b2d

/data/user/0/pl.rs.sip.softphone.newapp/files/.com.google.firebase.crashlytics.files.v2:pl.rs.sip.softphone.newapp/open-sessions/645DD22702BE00011139F81DF9466318/userlog.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/user/0/pl.rs.sip.softphone.newapp/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 217d4dea00e055e8159e5f1a1af31ab6
SHA1 e750585d68506e95b32f3ad51eef8fb8e52a8318
SHA256 3d140f2613bb31d1f440baafd197e51e4506c32d6566ab99842aa5f595d290db
SHA512 f0d76de22001dac5f1ea7b8c4bf22d5afcc69cd9be13170c76efc3e4163d94c3c2a3e14eb6a134b6e4f8b8f59b22c2d644d83d6176c7027bf8107f5ed5b3a361

/data/user/0/pl.rs.sip.softphone.newapp/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 b5d8488624861af0e041902f7df5cc3e
SHA1 7a4e7c030095892653f0660d2d7d276227d9fd12
SHA256 796ee238d0e237d763d7ae4108a9de1d57dc500c5cc7a60e6e231f9ded4431cf
SHA512 26ef5af265186de609c8cc4ca4fae98cefd77a9e223429fa2f10f6b652bd27d240e10baa7ec568404c35eaa5133072e5010bfd7583a6fdfea6dd4d9f70a1cc37

/data/user/0/pl.rs.sip.softphone.newapp/files/.com.google.firebase.crashlytics.files.v2:pl.rs.sip.softphone.newapp/crash_marker

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/pl.rs.sip.softphone.newapp/files/.com.google.firebase.crashlytics.files.v2:pl.rs.sip.softphone.newapp/open-sessions/645DD22702BE00011139F81DF9466318/event0000000000_

MD5 5244390d4afd9412465edb9aabdf26af
SHA1 0e67b346f7c07aff576796ec041a5a3b0210ee35
SHA256 059b7765baaa61683a49522ec035198b2ba819fff017a725e0909501b2879615
SHA512 59d25e625c2bb32d7e3086f6ee2d85f1d6d577b7b7a53aa3bfbdaacd222cdfaabc3bd01402da5d9f0b06948fca5df7a4e94d161564ea99800d77a7cced4c9ae7

/data/user/0/pl.rs.sip.softphone.newapp/files/.com.google.firebase.crashlytics.files.v2:pl.rs.sip.softphone.newapp/.ae1683870249445

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/pl.rs.sip.softphone.newapp/files/.com.google.firebase.crashlytics.files.v2:pl.rs.sip.softphone.newapp/priority-reports/645DD22702BE00011139F81DF9466318

MD5 55a62b23e266c4b9334cc2360c495563
SHA1 4f8c20c42c56c68b78eb19db170291ce3462c08f
SHA256 1a13c40ac4e9ab8391fed38f46a0923a02b8cbcc2816915a21736a13ab1cdb13
SHA512 6789842bde0d5697c0c4351b6575dcd4a8b9efb3def7261d97720dedbd07b160129a9f25a31904219dfec2c2f5a072789c09d5e462205b3c4692cadaf4803ff8

/data/user/0/pl.rs.sip.softphone.newapp/files/.com.google.firebase.crashlytics.files.v2:pl.rs.sip.softphone.newapp/open-sessions/645DD229023600021139F81DF9466318/report

MD5 da90613a308df73b2ce6df5dad174a2e
SHA1 7aeb1979cac3ee51fc61e2079458d81dcbbbf5dd
SHA256 57a19af58287400472265116ffca8edbc44b06553b757e0b0efd8103546ba826
SHA512 765c8653585155409132c20e406039950d0f608916ac6bed896a7a6ee38a4f6c40d4f4638efac1b81754fd0340b0bdda99aac858f8c32df7e94b775a0dcac870

/data/user/0/pl.rs.sip.softphone.newapp/files/.com.google.firebase.crashlytics.files.v2:pl.rs.sip.softphone.newapp/open-sessions/645DD229023600021139F81DF9466318/start-time

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e