General
-
Target
oSiNT_1.3 signed.apk
-
Size
11.4MB
-
Sample
230518-wf16vacb6v
-
MD5
2e234cdb8364e3a521954e9655c21162
-
SHA1
c40fa14eb0725c289213ad5fb1c3bb56ccce42d5
-
SHA256
0e23d0b10e030a34b2c3549d63cb485abe5e8d3f5c12a435b7e74dd3d47902aa
-
SHA512
5173516fbdf12056c6c6a7e468fea3ff6298340b2430133f0119cdecc42c32f797b242cd36705f1459ee03574a3b377f636ce01149147de5477f8055c214d767
-
SSDEEP
196608:Z7Vr4+Q5M5RSsaUWu+vhQJ1ZmcoGYmE4HZK6AWEkMDQSAS90aAlbn0SBeND:ZJr4t5ywo+pQJHKmI6ujDHF90JlbDYD
Malware Config
Extracted
spynote
soon-lp.at.ply.gg:17209
Targets
-
-
Target
oSiNT_1.3 signed.apk
-
Size
11.4MB
-
MD5
2e234cdb8364e3a521954e9655c21162
-
SHA1
c40fa14eb0725c289213ad5fb1c3bb56ccce42d5
-
SHA256
0e23d0b10e030a34b2c3549d63cb485abe5e8d3f5c12a435b7e74dd3d47902aa
-
SHA512
5173516fbdf12056c6c6a7e468fea3ff6298340b2430133f0119cdecc42c32f797b242cd36705f1459ee03574a3b377f636ce01149147de5477f8055c214d767
-
SSDEEP
196608:Z7Vr4+Q5M5RSsaUWu+vhQJ1ZmcoGYmE4HZK6AWEkMDQSAS90aAlbn0SBeND:ZJr4t5ywo+pQJHKmI6ujDHF90JlbDYD
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Requests enabling of the accessibility settings.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-