spynote | 11329014819[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

11329014819.zip
Size

2.4MB
MD5

15079f1695793fc547eacfdbe13ebb85
SHA1

7a9a78d65f99c2ec1571c6668f5583d7ae9bf37a
SHA256

11ed2e1155a8fea1857c7e6429506ab81dc5228650a895f473a3a8b97f7e5b1a
SHA512

bacd9ce776127ded627d22a7243a5ffce1afde576fda22dc936ad9cf8fe78c457b8635b5297679beb2ffa13f616c427b334b9c511099d677528fe6a460496964
SSDEEP

49152:zFlsO/AfhGY+rkJ1QlVaZLBMzXujIlo03VfuVV9ym:pCOIfhGZ2rYusjVfQV9l

Score

10^/10

spynote

Malware Config

Extracted

Family

spynote

androman111.ddns.net:7356

Signatures

Spynote family
spynote

Requests dangerous framework permissions 14 IoCs

description	ioc
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether.	android.permission.PROCESS_OUTGOING_CALLS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to read the user's call log.	android.permission.READ_CALL_LOG
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE

Files

11329014819.zip
.zip

Password: infected
afd63551c61809eeebf20a680c29d691af70c63839b6b96f074cb642f8347dee
.apk android

Password: infected

persian.specification.opinion

persian.specification.ˎ哦ﹶ艾خ丹فﹳʾˎˏʾᵎᵎٴ下ʾᵎʾˋʿʿᵢ艾ᴵˏﾞ∪ʼـᵢˉʾʾˈˏسﹶلʿʽ下哦ˎˎちٴⁱᵎ哦2.ᵢنٴل诶ٴˏˉ诶ʾʾˋ尺ᵎٴˑˏٴʾˑᐧ卄ʾفٴشـᵔ娜ˆتﹶ诶لʾˑˎىʿﹳちˎちبˈˉ∪ﹳʿˎ20

Activities

persian.specification.ˎ哦ﹶ艾خ丹فﹳʾˎˏʾᵎᵎٴ下ʾᵎʾˋʿʿᵢ艾ᴵˏﾞ∪ʼـᵢˉʾʾˈˏسﹶلʿʽ下哦ˎˎちٴⁱᵎ哦2.ᵢنٴل诶ٴˏˉ诶ʾʾˋ尺ᵎٴˑˏٴʾˑᐧ卄ʾفٴشـᵔ娜ˆتﹶ诶لʾˑˎىʿﹳちˎちبˈˉ∪ﹳʿˎ20

android.intent.action.VIEW

persian.specification.ˎ哦ﹶ艾خ丹فﹳʾˎˏʾᵎᵎٴ下ʾᵎʾˋʿʿᵢ艾ᴵˏﾞ∪ʼـᵢˉʾʾˈˏسﹶلʿʽ下哦ˎˎちٴⁱᵎ哦2.比ـᴵˎ娜ˏᵔﹳムᐧسق娜ˈˏʻﹳʼسᵔʿ工伊ᵎﹶˉʻٴʾᵢـ比قʻʾﾞᵎיٴـﹳىʾיʽٴـﹶʾᵔ14_CA

xyz

Permissions

android.permission.SEND_SMS
android.permission.PROCESS_OUTGOING_CALLS
android.permission.SET_WALLPAPER
android.permission.READ_SMS
android.permission.READ_CALL_LOG
android.permission.READ_CONTACTS
android.permission.GET_ACCOUNTS
android.permission.CAMERA
android.permission.RECORD_AUDIO
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.CALL_PHONE
android.permission.DISABLE_KEYGUARD
android.permission.FOREGROUND_SERVICE
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.INTERNET
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_PHONE_STATE
android.permission.WAKE_LOCK
com.android.alarm.permission.SET_ALARM
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
com.android.launcher.permission.INSTALL_SHORTCUT
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.REQUEST_DELETE_PACKAGES
android.permission.USE_FULL_SCREEN_INTENT

Receivers

persian.specification.ˉˏ西الˈ艾ﹶˏشᵎˎىʼﾞᵔﹶʻˑᵎᵢᐧٴˎﹳˋتᐧنʾˉ匕ˋˈـᵢᵔˎ丹ʽˏ下ٴ丹ᵔʾعˈᵔｊ5.SensorRestarterBroadcastReceiver

RestartSensor

persian.specification.ˉˏ西الˈ艾ﹶˏشᵎˎىʼﾞᵔﹶʻˑᵎᵢᐧٴˎﹳˋتᐧنʾˉ匕ˋˈـᵢᵔˎ丹ʽˏ下ٴ丹ᵔʾعˈᵔｊ5.ٴˏיʾ∪ﾞى艾ᴵﹶلיʾᵎᴵʿ匕יٴ匕ـˎ匕ᵎ尺ˎיムˆ尺ʽיᵢˑﾞᴵ卄ⁱ尺ٴ匕الﹶʾʻنﾞ比ﹳ7

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
android.intent.action.USER_PRESENT
android.intent.action.LOCKED_BOOT_COMPLETED

persian.specification.ˉˏ西الˈ艾ﹶˏشᵎˎىʼﾞᵔﹶʻˑᵎᵢᐧٴˎﹳˋتᐧنʾˉ匕ˋˈـᵢᵔˎ丹ʽˏ下ٴ丹ᵔʾعˈᵔｊ5.比ـᴵˎ娜ˏᵔﹳムᐧسق娜ˈˏʻﹳʼسᵔʿ工伊ᵎﹶˉʻٴʾᵢـ比قʻʾﾞᵎיٴـﹳىʾיʽٴـﹶʾᵔ14_RC

android.intent.action.PACKAGE_INSTALL
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED
android.intent.action.PACKAGE_CHANGED

persian.specification.ˉˏ西الˈ艾ﹶˏشᵎˎىʼﾞᵔﹶʻˑᵎᵢᐧٴˎﹳˋتᐧنʾˉ匕ˋˈـᵢᵔˎ丹ʽˏ下ٴ丹ᵔʾعˈᵔｊ5.ٴˏיʾ∪ﾞى艾ᴵﹶلיʾᵎᴵʿ匕יٴ匕ـˎ匕ᵎ尺ˎיムˆ尺ʽיᵢˑﾞᴵ卄ⁱ尺ٴ匕الﹶʾʻنﾞ比ﹳ74

android.intent.action.SCREEN_ON
android.intent.action.SCREEN_OFF
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.Intent.ACTION_USER_PRESENT
android.intent.action.USER_PRESENT

persian.specification.ˎ哦ﹶ艾خ丹فﹳʾˎˏʾᵎᵎٴ下ʾᵎʾˋʿʿᵢ艾ᴵˏﾞ∪ʼـᵢˉʾʾˈˏسﹶلʿʽ下哦ˎˎちٴⁱᵎ哦2.ᴵ下下ちغلʿغنʿㄥˋٴᴵᴵعقʾⁱᐧˊ丹غʿᵢقᵢ∪ʿיʻـلᵢᴵˎˉٴˎᵢʿᵢちˉسˈʽᵢᵔム33

android.intent.action.PHONE_STATE
android.intent.action.NEW_OUTGOING_CALL

persian.specification.ˉˏ西الˈ艾ﹶˏشᵎˎىʼﾞᵔﹶʻˑᵎᵢᐧٴˎﹳˋتᐧنʾˉ匕ˋˈـᵢᵔˎ丹ʽˏ下ٴ丹ᵔʾعˈᵔｊ5.ٴˏיʾ∪ﾞى艾ᴵﹶلיʾᵎᴵʿ匕יٴ匕ـˎ匕ᵎ尺ˎיムˆ尺ʽיᵢˑﾞᴵ卄ⁱ尺ٴ匕الﹶʾʻنﾞ比ﹳ7_AR

android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.ACTION_PASSWORD_CHANGED
android.app.action.ACTION_PASSWORD_FAILED
android.app.action.ACTION_PASSWORD_SUCCEEDED

Services

persian.specification.ʻʿةᵔخ尺ᐧʻˎشᵢ弗下ﹳᵢˎˋ尺ⁱلᵔٴˋˎᵔʻיلᐧʻلי匕ˊʾʿﹶتᵢˎسᴵٴ艾尺ʿ诶ʾᵔᵔ3.ٴˏיʾ∪ﾞى艾ᴵﹶلיʾᵎᴵʿ匕יٴ匕ـˎ匕ᵎ尺ˎיムˆ尺ʽיᵢˑﾞᴵ卄ⁱ尺ٴ匕الﹶʾʻنﾞ比ﹳ72

android.accessibilityservice.AccessibilityService

persian.specification.ʻʿةᵔخ尺ᐧʻˎشᵢ弗下ﹳᵢˎˋ尺ⁱلᵔٴˋˎᵔʻיلᐧʻلי匕ˊʾʿﹶتᵢˎسᴵٴ艾尺ʿ诶ʾᵔᵔ3.SimpleIME

android.view.InputMethod

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

persian.specification.opinion

persian.specification.ˎ哦ﹶ艾خ丹فﹳʾˎˏʾᵎᵎٴ下ʾᵎʾˋʿʿᵢ艾ᴵˏﾞ∪ʼـᵢˉʾʾˈˏسﹶلʿʽ下哦ˎˎちٴⁱᵎ哦2.ᵢنٴل诶ٴˏˉ诶ʾʾˋ尺ᵎٴˑˏٴʾˑᐧ卄ʾفٴشـᵔ娜ˆتﹶ诶لʾˑˎىʿﹳちˎちبˈˉ∪ﹳʿˎ20

Activities

persian.specification.ˎ哦ﹶ艾خ丹فﹳʾˎˏʾᵎᵎٴ下ʾᵎʾˋʿʿᵢ艾ᴵˏﾞ∪ʼـᵢˉʾʾˈˏسﹶلʿʽ下哦ˎˎちٴⁱᵎ哦2.ᵢنٴل诶ٴˏˉ诶ʾʾˋ尺ᵎٴˑˏٴʾˑᐧ卄ʾفٴشـᵔ娜ˆتﹶ诶لʾˑˎىʿﹳちˎちبˈˉ∪ﹳʿˎ20

persian.specification.ˎ哦ﹶ艾خ丹فﹳʾˎˏʾᵎᵎٴ下ʾᵎʾˋʿʿᵢ艾ᴵˏﾞ∪ʼـᵢˉʾʾˈˏسﹶلʿʽ下哦ˎˎちٴⁱᵎ哦2.比ـᴵˎ娜ˏᵔﹳムᐧسق娜ˈˏʻﹳʼسᵔʿ工伊ᵎﹶˉʻٴʾᵢـ比قʻʾﾞᵎיٴـﹳىʾיʽٴـﹶʾᵔ14_CA

Permissions

Receivers

persian.specification.ˉˏ西الˈ艾ﹶˏشᵎˎىʼﾞᵔﹶʻˑᵎᵢᐧٴˎﹳˋتᐧنʾˉ匕ˋˈـᵢᵔˎ丹ʽˏ下ٴ丹ᵔʾعˈᵔｊ5.SensorRestarterBroadcastReceiver

persian.specification.ˉˏ西الˈ艾ﹶˏشᵎˎىʼﾞᵔﹶʻˑᵎᵢᐧٴˎﹳˋتᐧنʾˉ匕ˋˈـᵢᵔˎ丹ʽˏ下ٴ丹ᵔʾعˈᵔｊ5.ٴˏיʾ∪ﾞى艾ᴵﹶلיʾᵎᴵʿ匕יٴ匕ـˎ匕ᵎ尺ˎיムˆ尺ʽיᵢˑﾞᴵ卄ⁱ尺ٴ匕الﹶʾʻنﾞ比ﹳ7

persian.specification.ˉˏ西الˈ艾ﹶˏشᵎˎىʼﾞᵔﹶʻˑᵎᵢᐧٴˎﹳˋتᐧنʾˉ匕ˋˈـᵢᵔˎ丹ʽˏ下ٴ丹ᵔʾعˈᵔｊ5.比ـᴵˎ娜ˏᵔﹳムᐧسق娜ˈˏʻﹳʼسᵔʿ工伊ᵎﹶˉʻٴʾᵢـ比قʻʾﾞᵎיٴـﹳىʾיʽٴـﹶʾᵔ14_RC

persian.specification.ˉˏ西الˈ艾ﹶˏشᵎˎىʼﾞᵔﹶʻˑᵎᵢᐧٴˎﹳˋتᐧنʾˉ匕ˋˈـᵢᵔˎ丹ʽˏ下ٴ丹ᵔʾعˈᵔｊ5.ٴˏיʾ∪ﾞى艾ᴵﹶلיʾᵎᴵʿ匕יٴ匕ـˎ匕ᵎ尺ˎיムˆ尺ʽיᵢˑﾞᴵ卄ⁱ尺ٴ匕الﹶʾʻنﾞ比ﹳ74

persian.specification.ˎ哦ﹶ艾خ丹فﹳʾˎˏʾᵎᵎٴ下ʾᵎʾˋʿʿᵢ艾ᴵˏﾞ∪ʼـᵢˉʾʾˈˏسﹶلʿʽ下哦ˎˎちٴⁱᵎ哦2.ᴵ下下ちغلʿغنʿㄥˋٴᴵᴵعقʾⁱᐧˊ丹غʿᵢقᵢ∪ʿיʻـلᵢᴵˎˉٴˎᵢʿᵢちˉسˈʽᵢᵔム33

persian.specification.ˉˏ西الˈ艾ﹶˏشᵎˎىʼﾞᵔﹶʻˑᵎᵢᐧٴˎﹳˋتᐧنʾˉ匕ˋˈـᵢᵔˎ丹ʽˏ下ٴ丹ᵔʾعˈᵔｊ5.ٴˏיʾ∪ﾞى艾ᴵﹶلיʾᵎᴵʿ匕יٴ匕ـˎ匕ᵎ尺ˎיムˆ尺ʽיᵢˑﾞᴵ卄ⁱ尺ٴ匕الﹶʾʻنﾞ比ﹳ7_AR

Services

persian.specification.ʻʿةᵔخ尺ᐧʻˎشᵢ弗下ﹳᵢˎˋ尺ⁱلᵔٴˋˎᵔʻיلᐧʻلי匕ˊʾʿﹶتᵢˎسᴵٴ艾尺ʿ诶ʾᵔᵔ3.ٴˏיʾ∪ﾞى艾ᴵﹶلיʾᵎᴵʿ匕יٴ匕ـˎ匕ᵎ尺ˎיムˆ尺ʽיᵢˑﾞᴵ卄ⁱ尺ٴ匕الﹶʾʻنﾞ比ﹳ72

persian.specification.ʻʿةᵔخ尺ᐧʻˎشᵢ弗下ﹳᵢˎˋ尺ⁱلᵔٴˋˎᵔʻיلᐧʻلי匕ˊʾʿﹶتᵢˎسᴵٴ艾尺ʿ诶ʾᵔᵔ3.SimpleIME