Overview

overview

10

Static

static

10

apkmody_3....ed.apk

android-10-x64

apkmody_3....ed.apk

android-11-x64

6

apkmody_3....ed.apk

android-9-x86

5

no_sleep.js

android-10-x64

no_sleep.js

android-11-x64

no_sleep.js

android-9-x86

speed_icon.xml

android-10-x64

speed_icon.xml

android-11-x64

speed_icon.xml

android-9-x86

t-rex.html

android-10-x64

t-rex.html

android-11-x64

t-rex.html

android-9-x86

time_icon.xml

android-10-x64

time_icon.xml

android-11-x64

time_icon.xml

android-9-x86

toastify.js

android-10-x64

toastify.js

android-11-x64

toastify.js

android-9-x86

tt_nd

android-10-x64

tt_nd

android-11-x64

tt_nd

android-9-x86

Resubmissions

18/07/2023, 14:15

230718-rkm3kabh5s 10

18/07/2023, 13:14

230718-qg4qgaaf32 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    apkmody_3.2.26_1 signed.apk

  • Size

    28.2MB

  • Sample

    230718-rkm3kabh5s

  • MD5

    1be49ddc38bffcaf1587d8277fe9175e

  • SHA1

    21ee5e95b2622c79e97ea39dca9f905a8c483377

  • SHA256

    a358a658fbd4d019138de774e4eba614694bfc7b76f2996a49527b562f48dd00

  • SHA512

    63f3d8e4e600dc84a863eb2b89fa8cc942891f8a5818409a83ae2c10bdebf643fc91a94a992cdf5b583597c38c8a0a666ce57c8712d21e4c0a1b1c1d31513d52

  • SSDEEP

    786432:e8rkwAq8gJV86D7tgy2J9ES8pidcPljCblObNB5+:eqk6K6D5gZJ9EfiSPxCbl8D5+

Score
10/10
spynoteandroidransomware

Malware Config

Extracted

Family

spynote

C2

soon-lp.at.ply.gg:17209

Targets

    • Target

      apkmody_3.2.26_1 signed.apk

    • Size

      28.2MB

    • MD5

      1be49ddc38bffcaf1587d8277fe9175e

    • SHA1

      21ee5e95b2622c79e97ea39dca9f905a8c483377

    • SHA256

      a358a658fbd4d019138de774e4eba614694bfc7b76f2996a49527b562f48dd00

    • SHA512

      63f3d8e4e600dc84a863eb2b89fa8cc942891f8a5818409a83ae2c10bdebf643fc91a94a992cdf5b583597c38c8a0a666ce57c8712d21e4c0a1b1c1d31513d52

    • SSDEEP

      786432:e8rkwAq8gJV86D7tgy2J9ES8pidcPljCblObNB5+:eqk6K6D5gZJ9EfiSPxCbl8D5+

    Score
    6/10
    ransomware

    • Reads information about phone network operator.

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2behavioral3

    • Target

      no_sleep.js

    • Size

      13KB

    • MD5

      7748a45cd593f33280669b29c2c8919a

    • SHA1

      e17ecf67de61920504d79194dbee5cd552a01cfd

    • SHA256

      dce4eef0b197b640ad6aaab2228ee1ee7dccf8bd6d6b5de5484dd1bd16430a78

    • SHA512

      49b3225a5994b724b16b1890e41697c71096402f48c338fe193cb538ac8f88b7d013c0b70e81786d476be3eaf3170049df1ced6cd8957098fffecf11c13b5586

    • SSDEEP

      192:nRG+Fgkw+wi+FrZJqbzr+5rA7wbUCzebIkuHeIabmEWUSiaNRGApaFnoNhCaTLIf:n/gzi+FrZJqbzrarAyUX5uHej27W

    Score
    1/10
    behavioral4behavioral5behavioral6

    • Target

      speed_icon.svg

    • Size

      1KB

    • MD5

      a73e34cffbbe3634894042f199fee0c1

    • SHA1

      d42046e2208585ed88fb3a05f2529a37b11fc1fa

    • SHA256

      5abb9c790a8548fdf7669ea70e1efd094f764d9e3c905494e9070d7029b37420

    • SHA512

      c0edaa841313a78a8a9225246b02f6316096c98d415fcac3d186b3425138f8d1f2a1075f5b11150880157b8c779f9d875fd990386ba5e4c203b92c55d8753c31

    Score
    1/10
    behavioral7behavioral8behavioral9

    • Target

      t-rex.html

    • Size

      80KB

    • MD5

      16911fcc170c8af1c5457940bd0bf055

    • SHA1

      eb44540186285271130b056fa6099b1988319fc4

    • SHA256

      dc72cfc1f1d2a5013bb9de34f8cacf5e26e542d7d713fcbe09b865b4aaca6ddf

    • SHA512

      131a00b7895a40ea0fb355ecc5292b3cbbcd23b45dd59b07da1b8eb86501ff0ec698ab5446687cd7ff5fba03d97b7a0b6e47196dc284a51c677cf04dbe13e393

    • SSDEEP

      1536:V5OdudTTa8udsB7g1BuqHkFT5VgYzMGgbJsMPz:Vq0y80I7OuikXm3bJsMPz

    Score
    1/10
    behavioral10behavioral11behavioral12

    • Target

      time_icon.svg

    • Size

      1KB

    • MD5

      ccaee8a49e241e598f77b07742e4cdc6

    • SHA1

      a18d7758142d546ac9b5e5d2ade2cd2ba6017fe8

    • SHA256

      a059758a7c063c2b7d1dd1d3c4dd7903f7ac283d813ca861cd85b8499e1394c8

    • SHA512

      2579145dc5d83df356c10a882eacf75d048d33a5c532d2cec887d16fa8bf4621e9ab1a5cb9bd28110cecb2352ec880060ec75e156fdff3e9e2b64ca18d8cab5f

    Score
    1/10
    behavioral13behavioral14behavioral15

    • Target

      toastify.js

    • Size

      5KB

    • MD5

      e7006a0a033d834ef9414d48db3be6fc

    • SHA1

      43462bf4955f4818911f6d93904e3a2d3f8a2c4f

    • SHA256

      99fa91fad6dcf4497f838937b8fc57105eef131d5adbd4cbe3936ce6d4248ec1

    • SHA512

      82e1b67e75f61ca0cb3a5861fc8a669f7bf2c7a6b3dadb0871a038412ab4ce83c4b98f3061b39f93c2ef910351ac2a5c2e7c6e34317a1c2ba31816cb313fede0

    • SSDEEP

      96:TSr4NkSo+hVCsGwnVE8y2d7QC3305q5uUy:GrGPChSV33Kq5ul

    Score
    1/10
    behavioral16behavioral17behavioral18

    • Target

      tt_nd

    • Size

      5KB

    • MD5

      cfb58d5a778a4da98783db9388bacfc5

    • SHA1

      4e826b8e65f7a81ee0c30836f132632054f338e7

    • SHA256

      64f11eb5134f29bcff547988289baff229b05faf93adac63d3a3bfe97c7f810a

    • SHA512

      1cac2288c9d222dbd195e3b929aebb887e5ff8d13c46675bcc879c762d09311b97a1e331389df520165cb994f1717ee5debf1a97a7563c474130943d5cd4267c

    • SSDEEP

      96:PWuzrX8H2mrqoAuRJff9SgbhWFllXU+9z:PlrXWRJ9Sgbh0l5

    Score
    1/10
    behavioral19behavioral20behavioral21

MITRE ATT&CK Matrix

Tasks