spymax | 4741a9c72551f2ad1eb0dd3d7b8f624137808d302ea78d8e0d9b924b9d79835a | Triage

Sharing

General

Target

962f63e9a636b8823b9844483f708d52.bin
Size

29KB
Sample

230907-b8pcjadf3w
MD5

962f63e9a636b8823b9844483f708d52
SHA1

fa026e27245c7c39840cf9c62955c44b67aca7e9
SHA256

4741a9c72551f2ad1eb0dd3d7b8f624137808d302ea78d8e0d9b924b9d79835a
SHA512

ace0b42e3297226159abcd854aa781867160f656f93db72893d3f8b9e7476083b88b7ca562aa12ee0c79937be09ca2ab6f20d9bc3aa4f9edd4fd7d33ebcbb168
SSDEEP

768:k8HA6juqnCGQ37oHMJmUcyFn69clXGj7UYRKgwS:k6AUC5EHMJJWcG4YRRF

Score

10^/10

spymax android stealth trojan

Malware Config

Extracted

Family

spymax

C2

0.tcp.sa.ngrok.io:10649

Targets

- Target
  
  962f63e9a636b8823b9844483f708d52.bin
- Size
  
  29KB
- MD5
  
  962f63e9a636b8823b9844483f708d52
- SHA1
  
  fa026e27245c7c39840cf9c62955c44b67aca7e9
- SHA256
  
  4741a9c72551f2ad1eb0dd3d7b8f624137808d302ea78d8e0d9b924b9d79835a
- SHA512
  
  ace0b42e3297226159abcd854aa781867160f656f93db72893d3f8b9e7476083b88b7ca562aa12ee0c79937be09ca2ab6f20d9bc3aa4f9edd4fd7d33ebcbb168
- SSDEEP
  
  768:k8HA6juqnCGQ37oHMJmUcyFn69clXGj7UYRKgwS:k6AUC5EHMJJWcG4YRRF
Score

8^/10

stealth trojan
- Removes its main activity from the application launcher
  stealth trojan
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3