General

  • Target

    oSiNT_1.3 signed.apk

  • Size

    11.4MB

  • Sample

    230520-res2macf46

  • MD5

    6b641687a6d13667b22e868bf1095c05

  • SHA1

    b5342af3428bdb05c76a7f29a9d85ad45e767368

  • SHA256

    64f7b8fa6330d77d94b0bb0d147305e5a70fa6464c42c92c5e8cc8d67d16793c

  • SHA512

    8bb9ef1afb6a66f5bb4c357a254b310c25b7b5f3260086d48d2de31ed403823c011737e756b8a64c69ccd22aa412cc980593bd9f71b1cfa38728b09f86f64e18

  • SSDEEP

    196608:M7Vr4+Q5M5RSsaUWuCv7UBO6IZgMekWvX7b4fZH6LWExMVr8AS90zPTbnBA/CWx:MJr4t5ywoCjUBXGY7c6paV4F90bTbqbx

Malware Config

Extracted

Family

spynote

C2

soon-lp.at.ply.gg:17209

Targets

    • Target

      oSiNT_1.3 signed.apk

    • Size

      11.4MB

    • MD5

      6b641687a6d13667b22e868bf1095c05

    • SHA1

      b5342af3428bdb05c76a7f29a9d85ad45e767368

    • SHA256

      64f7b8fa6330d77d94b0bb0d147305e5a70fa6464c42c92c5e8cc8d67d16793c

    • SHA512

      8bb9ef1afb6a66f5bb4c357a254b310c25b7b5f3260086d48d2de31ed403823c011737e756b8a64c69ccd22aa412cc980593bd9f71b1cfa38728b09f86f64e18

    • SSDEEP

      196608:M7Vr4+Q5M5RSsaUWuCv7UBO6IZgMekWvX7b4fZH6LWExMVr8AS90zPTbnBA/CWx:MJr4t5ywoCjUBXGY7c6paV4F90bTbqbx

    Score
    8/10
    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Matrix

Tasks