General

  • Target

    oSiNT_1.3 signed.apk

  • Size

    11.4MB

  • Sample

    230518-wtmklscc2w

  • MD5

    ac19aa7cac59a97b05c01bf12a377ada

  • SHA1

    5448c10862f4282d6e2bfb0b0c8b9333fc6164b8

  • SHA256

    a1037af0665526dc314ef08cb1bdfe409d5b9a31b733173469bb1990283ba573

  • SHA512

    bab471776660dd49e3d36ab73e6d6de24118110fa63940bc90880094db247c43427c14b5f48e2294bfaf7a19a569ee7fafbc46ec2c1edda3b9df536fff3eb949

  • SSDEEP

    196608:97Vr4+Q5M5RSsaUWupvcpWKCLy2LdVFp43ZN6dWEzMB54AS90NNPbnDIT2YZ:9Jr4t5ywopGRgrFM6rQBGF903PbgBZ

Malware Config

Extracted

Family

spynote

C2

soon-lp.at.ply.gg:17209

Targets

    • Target

      oSiNT_1.3 signed.apk

    • Size

      11.4MB

    • MD5

      ac19aa7cac59a97b05c01bf12a377ada

    • SHA1

      5448c10862f4282d6e2bfb0b0c8b9333fc6164b8

    • SHA256

      a1037af0665526dc314ef08cb1bdfe409d5b9a31b733173469bb1990283ba573

    • SHA512

      bab471776660dd49e3d36ab73e6d6de24118110fa63940bc90880094db247c43427c14b5f48e2294bfaf7a19a569ee7fafbc46ec2c1edda3b9df536fff3eb949

    • SSDEEP

      196608:97Vr4+Q5M5RSsaUWupvcpWKCLy2LdVFp43ZN6dWEzMB54AS90NNPbnDIT2YZ:9Jr4t5ywopGRgrFM6rQBGF903PbgBZ

    Score
    8/10
    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Matrix

Tasks