General
-
Target
ready.apk
-
Size
11.5MB
-
Sample
230905-1lcgwsbe82
-
MD5
2436d1e4dc60044a245ea39224e8e8c8
-
SHA1
99cedf39ee63d7c9979259292825b9de1b171de8
-
SHA256
5df569eea5cdf6829f72c63f2b58a62f9e984c8ff82046ba645d3f8751454707
-
SHA512
d30551feb9e936e632c31e91628fd30ca3bb3fbc1aac4f0ab6bd041f2762cd37694549321fb0d90256cab75c5dab69ec783e1678d9fd4596799cf9e48b7b921b
-
SSDEEP
196608:1PyO4l7g1Fk2m63esNSotDKiMar17BVp+qx7W/Ct9vg4JM9PpXrZnm8Y8xZp:BKNg1FkuHDRMa7VoMsQvg8cxrRm8PxZp
Malware Config
Extracted
spymax
0.tcp.sa.ngrok.io:10649
Targets
-
-
Target
ready.apk
-
Size
11.5MB
-
MD5
2436d1e4dc60044a245ea39224e8e8c8
-
SHA1
99cedf39ee63d7c9979259292825b9de1b171de8
-
SHA256
5df569eea5cdf6829f72c63f2b58a62f9e984c8ff82046ba645d3f8751454707
-
SHA512
d30551feb9e936e632c31e91628fd30ca3bb3fbc1aac4f0ab6bd041f2762cd37694549321fb0d90256cab75c5dab69ec783e1678d9fd4596799cf9e48b7b921b
-
SSDEEP
196608:1PyO4l7g1Fk2m63esNSotDKiMar17BVp+qx7W/Ct9vg4JM9PpXrZnm8Y8xZp:BKNg1FkuHDRMa7VoMsQvg8cxrRm8PxZp
Score8/10-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Removes its main activity from the application launcher
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Requests dangerous framework permissions
-
Legitimate hosting services abused for malware hosting/C2
-