General

  • Target

    oSiNT_1.3 signed.apk

  • Size

    11.4MB

  • Sample

    230518-wf16vacb6v

  • MD5

    2e234cdb8364e3a521954e9655c21162

  • SHA1

    c40fa14eb0725c289213ad5fb1c3bb56ccce42d5

  • SHA256

    0e23d0b10e030a34b2c3549d63cb485abe5e8d3f5c12a435b7e74dd3d47902aa

  • SHA512

    5173516fbdf12056c6c6a7e468fea3ff6298340b2430133f0119cdecc42c32f797b242cd36705f1459ee03574a3b377f636ce01149147de5477f8055c214d767

  • SSDEEP

    196608:Z7Vr4+Q5M5RSsaUWu+vhQJ1ZmcoGYmE4HZK6AWEkMDQSAS90aAlbn0SBeND:ZJr4t5ywo+pQJHKmI6ujDHF90JlbDYD

Malware Config

Extracted

Family

spynote

C2

soon-lp.at.ply.gg:17209

Targets

    • Target

      oSiNT_1.3 signed.apk

    • Size

      11.4MB

    • MD5

      2e234cdb8364e3a521954e9655c21162

    • SHA1

      c40fa14eb0725c289213ad5fb1c3bb56ccce42d5

    • SHA256

      0e23d0b10e030a34b2c3549d63cb485abe5e8d3f5c12a435b7e74dd3d47902aa

    • SHA512

      5173516fbdf12056c6c6a7e468fea3ff6298340b2430133f0119cdecc42c32f797b242cd36705f1459ee03574a3b377f636ce01149147de5477f8055c214d767

    • SSDEEP

      196608:Z7Vr4+Q5M5RSsaUWu+vhQJ1ZmcoGYmE4HZK6AWEkMDQSAS90aAlbn0SBeND:ZJr4t5ywo+pQJHKmI6ujDHF90JlbDYD

    Score
    8/10
    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Matrix

Tasks