General
-
Target
oSiNT_1.3 signed.apk
-
Size
11.4MB
-
Sample
230518-wtmklscc2w
-
MD5
ac19aa7cac59a97b05c01bf12a377ada
-
SHA1
5448c10862f4282d6e2bfb0b0c8b9333fc6164b8
-
SHA256
a1037af0665526dc314ef08cb1bdfe409d5b9a31b733173469bb1990283ba573
-
SHA512
bab471776660dd49e3d36ab73e6d6de24118110fa63940bc90880094db247c43427c14b5f48e2294bfaf7a19a569ee7fafbc46ec2c1edda3b9df536fff3eb949
-
SSDEEP
196608:97Vr4+Q5M5RSsaUWupvcpWKCLy2LdVFp43ZN6dWEzMB54AS90NNPbnDIT2YZ:9Jr4t5ywopGRgrFM6rQBGF903PbgBZ
Malware Config
Extracted
spynote
soon-lp.at.ply.gg:17209
Targets
-
-
Target
oSiNT_1.3 signed.apk
-
Size
11.4MB
-
MD5
ac19aa7cac59a97b05c01bf12a377ada
-
SHA1
5448c10862f4282d6e2bfb0b0c8b9333fc6164b8
-
SHA256
a1037af0665526dc314ef08cb1bdfe409d5b9a31b733173469bb1990283ba573
-
SHA512
bab471776660dd49e3d36ab73e6d6de24118110fa63940bc90880094db247c43427c14b5f48e2294bfaf7a19a569ee7fafbc46ec2c1edda3b9df536fff3eb949
-
SSDEEP
196608:97Vr4+Q5M5RSsaUWupvcpWKCLy2LdVFp43ZN6dWEzMB54AS90NNPbnDIT2YZ:9Jr4t5ywopGRgrFM6rQBGF903PbgBZ
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Requests enabling of the accessibility settings.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-