spynote | d8469412b6ca3bc82e472962ad9adf1640ffeb20f5819ec9f738ef29863d7060[.]zip

General

Target

d8469412b6ca3bc82e472962ad9adf1640ffeb20f5819ec9f738ef29863d7060.zip
Size

517KB
MD5

843136aa9c81dd49f1fdf6965b3bbfc0
SHA1

05ec85b9ea428f3e7cc26036f378a4a1b3c2a560
SHA256

9d992c87bfbb954ea4d98bde0e87da9baeba8b405f3ccef582ecd6ddf408008c
SHA512

e9a7b628722f3c6dc4bc62599a5294c68e6e31f98bdb46ffff6c923874562a63ef3fce223988438eeec0b77823b1b8e700edc241b9cf6609f224db538d51b870
SSDEEP

12288:iyiG1AX9AWf2B+HChCvZoU2AxaFCJ8vk50uIVGGKD2izs:Zqy42Gr9JJ+u0G3RA

Score

10^/10

spynote

Malware Config

Signatures

Spynote family
spynote

Spynote payload 1 IoCs

resource	yara_rule
sample	family_spynote

Requests dangerous framework permissions 17 IoCs

description	ioc
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write (but not read) the user's call log data.	android.permission.WRITE_CALL_LOG
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Required to be able to access the camera device.	android.permission.CAMERA
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to read the user's call log.	android.permission.READ_CALL_LOG
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether.	android.permission.PROCESS_OUTGOING_CALLS

Files

d8469412b6ca3bc82e472962ad9adf1640ffeb20f5819ec9f738ef29863d7060.zip
.zip

Password: infected
d8469412b6ca3bc82e472962ad9adf1640ffeb20f5819ec9f738ef29863d7060
.apk android

Password: infected

po.icrc2yemen

po.icrc2yemen.C7

Activities

po.icrc2yemen.C7

android.intent.action.MAIN

Permissions

android.permission.FLASHLIGHT
android.permission.CAMERA
android.permission.BLUETOOTH
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_CALL_LOG
com.android.browser.permission.READ_HISTORY_BOOKMARKS
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.SET_WALLPAPER
android.permission.SET_WALLPAPER_HINTS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.VIBRATE
android.permission.CAMERA
android.permission.GET_ACCOUNTS
android.permission.WAKE_LOCK
android.permission.ACCESS_NETWORK_STATE
android.permission.WRITE_CONTACTS
android.permission.READ_CONTACTS
android.permission.RECORD_AUDIO
android.permission.READ_SMS
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.READ_CALL_LOG
android.permission.INTERNET
android.permission.READ_PHONE_STATE
android.permission.CALL_PHONE
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.RECEIVE_SMS
android.permission.GET_TASKS
android.permission.PROCESS_OUTGOING_CALLS
android.permission.BROADCAST_PACKAGE_ADDED
android.permission.BROADCAST_PACKAGE_CHANGED
android.permission.BROADCAST_PACKAGE_INSTALL
android.permission.BROADCAST_PACKAGE_REPLACED
com.sec.android.provider.badge.permission.READ
com.sec.android.provider.badge.permission.WRITE
com.htc.launcher.permission.READ_SETTINGS
com.htc.launcher.permission.UPDATE_SHORTCUT
com.sonyericsson.home.permission.BROADCAST_BADGE
com.sonymobile.home.permission.PROVIDER_INSERT_BADGE
com.anddoes.launcher.permission.UPDATE_COUNT
com.majeur.launcher.permission.UPDATE_BADGE
com.huawei.android.launcher.permission.CHANGE_BADGE
com.huawei.android.launcher.permission.READ_SETTINGS
com.huawei.android.launcher.permission.WRITE_SETTINGS
android.permission.READ_APP_BADGE
com.oppo.launcher.permission.READ_SETTINGS
com.oppo.launcher.permission.WRITE_SETTINGS
me.everything.badger.permission.BADGE_COUNT_READ
me.everything.badger.permission.BADGE_COUNT_WRITE

Receivers

po.icrc2yemen.C10

android.provider.Telephony.SMS_RECEIVED

po.icrc2yemen.C9

android.intent.action.PHONE_STATE
android.intent.action.NEW_OUTGOING_CALL

po.icrc2yemen.C13

android.intent.action.BOOT_COMPLETED

po.icrc2yemen.C4

android.intent.action.BOOT_COMPLETED

po.icrc2yemen.C2

android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.DEVICE_ADMIN_DISABLE_REQUESTED
android.app.action.DEVICE_ADMIN_DISABLED

po.icrc2yemen.C3

android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_CHANGED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_INSTALL

po.icrc2yemen.C8

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

Services

po.icrc2yemen.C1

android.accessibilityservice.AccessibilityService

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

po.icrc2yemen

po.icrc2yemen.C7

Activities

po.icrc2yemen.C7

Permissions

Receivers

po.icrc2yemen.C10

po.icrc2yemen.C9

po.icrc2yemen.C13

po.icrc2yemen.C4

po.icrc2yemen.C2

po.icrc2yemen.C3

po.icrc2yemen.C8

Services

po.icrc2yemen.C1