General
-
Target
oSiNT_1.3 signed.apk
-
Size
11.4MB
-
Sample
230520-res2macf46
-
MD5
6b641687a6d13667b22e868bf1095c05
-
SHA1
b5342af3428bdb05c76a7f29a9d85ad45e767368
-
SHA256
64f7b8fa6330d77d94b0bb0d147305e5a70fa6464c42c92c5e8cc8d67d16793c
-
SHA512
8bb9ef1afb6a66f5bb4c357a254b310c25b7b5f3260086d48d2de31ed403823c011737e756b8a64c69ccd22aa412cc980593bd9f71b1cfa38728b09f86f64e18
-
SSDEEP
196608:M7Vr4+Q5M5RSsaUWuCv7UBO6IZgMekWvX7b4fZH6LWExMVr8AS90zPTbnBA/CWx:MJr4t5ywoCjUBXGY7c6paV4F90bTbqbx
Malware Config
Extracted
spynote
soon-lp.at.ply.gg:17209
Targets
-
-
Target
oSiNT_1.3 signed.apk
-
Size
11.4MB
-
MD5
6b641687a6d13667b22e868bf1095c05
-
SHA1
b5342af3428bdb05c76a7f29a9d85ad45e767368
-
SHA256
64f7b8fa6330d77d94b0bb0d147305e5a70fa6464c42c92c5e8cc8d67d16793c
-
SHA512
8bb9ef1afb6a66f5bb4c357a254b310c25b7b5f3260086d48d2de31ed403823c011737e756b8a64c69ccd22aa412cc980593bd9f71b1cfa38728b09f86f64e18
-
SSDEEP
196608:M7Vr4+Q5M5RSsaUWuCv7UBO6IZgMekWvX7b4fZH6LWExMVr8AS90zPTbnBA/CWx:MJr4t5ywoCjUBXGY7c6paV4F90bTbqbx
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Requests enabling of the accessibility settings.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-