General

  • Target

    fae7061424f86c78e0f45a910e1c5968e344d2c3df26a95e4d3f0ed3528347f2.apk

  • Size

    1.9MB

  • Sample

    230530-qyr31aab7x

  • MD5

    8a442c4e69a0d3f5f0a065dd00f9cb97

  • SHA1

    f6c564d29972ae916bfa56a974a938539425eee6

  • SHA256

    fae7061424f86c78e0f45a910e1c5968e344d2c3df26a95e4d3f0ed3528347f2

  • SHA512

    ce61826140cf5183b2460daa7a4743c50e711aa5d4b45541bcd09bc73c0913e96b1ae224d0a4673ccfbefd8f2acc20fb5b7bd388786d04e0fb8e41782f9d742a

  • SSDEEP

    12288:3p7DbzP7n++WrRAiwQn0MEoRbtd/iWfDuJ+OSgxind:3pjzDzWrRANnYP/in+OS1d

Malware Config

Extracted

Family

spynote

C2

45.88.67.207:7771

Targets

    • Target

      fae7061424f86c78e0f45a910e1c5968e344d2c3df26a95e4d3f0ed3528347f2.apk

    • Size

      1.9MB

    • MD5

      8a442c4e69a0d3f5f0a065dd00f9cb97

    • SHA1

      f6c564d29972ae916bfa56a974a938539425eee6

    • SHA256

      fae7061424f86c78e0f45a910e1c5968e344d2c3df26a95e4d3f0ed3528347f2

    • SHA512

      ce61826140cf5183b2460daa7a4743c50e711aa5d4b45541bcd09bc73c0913e96b1ae224d0a4673ccfbefd8f2acc20fb5b7bd388786d04e0fb8e41782f9d742a

    • SSDEEP

      12288:3p7DbzP7n++WrRAiwQn0MEoRbtd/iWfDuJ+OSgxind:3pjzDzWrRANnYP/in+OS1d

    Score
    8/10
    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Removes a system notification.

MITRE ATT&CK Matrix

Tasks