spymax | e408bb099256fd7a9ef1eed492b4eae2ada326a5a604b81894aa4cab76d191bc | Triage

Sharing

General

Target

njRATLimeEdition0.8.0_JC.apk
Size

38KB
Sample

230901-vd2h6agb3v
MD5

1e418a62ec9e744f13ecdb6b476317e2
SHA1

10e7ad4d7ba1fa6785c481428e33d9cbc8e9381e
SHA256

e408bb099256fd7a9ef1eed492b4eae2ada326a5a604b81894aa4cab76d191bc
SHA512

f29e4555911007e3ce5371b65942d0bd1a1eb2d61f6dd12a30705bc98f3e6fd62726e4e9d75dacf68f4cb7027c276b0790e5662bb46ad83dc168bd1f097abab9
SSDEEP

768:EqBgi6rnRd3NF30C38lHw05BPWYFcfuYDO7cyFiw84uullnf:EqBgvn73NFdmx/PRbYCUw84uylf

Score

10^/10

spymax android stealth trojan

Malware Config

Extracted

Family

spymax

C2

5.tcp.eu.ngrok.io:10227

Targets

- Target
  
  njRATLimeEdition0.8.0_JC.apk
- Size
  
  38KB
- MD5
  
  1e418a62ec9e744f13ecdb6b476317e2
- SHA1
  
  10e7ad4d7ba1fa6785c481428e33d9cbc8e9381e
- SHA256
  
  e408bb099256fd7a9ef1eed492b4eae2ada326a5a604b81894aa4cab76d191bc
- SHA512
  
  f29e4555911007e3ce5371b65942d0bd1a1eb2d61f6dd12a30705bc98f3e6fd62726e4e9d75dacf68f4cb7027c276b0790e5662bb46ad83dc168bd1f097abab9
- SSDEEP
  
  768:EqBgi6rnRd3NF30C38lHw05BPWYFcfuYDO7cyFiw84uullnf:EqBgvn73NFdmx/PRbYCUw84uylf
Score

8^/10

stealth trojan
- Removes its main activity from the application launcher
  stealth trojan
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3