Overview

overview

10

Static

static

10

2436d1e4dc...c8.apk

android-9-x86

8

2436d1e4dc...c8.apk

android-10-x64

8

2436d1e4dc...c8.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2436d1e4dc60044a245ea39224e8e8c8.bin

  • Size

    11.5MB

  • Sample

    230907-bmfhhadd5t

  • MD5

    2436d1e4dc60044a245ea39224e8e8c8

  • SHA1

    99cedf39ee63d7c9979259292825b9de1b171de8

  • SHA256

    5df569eea5cdf6829f72c63f2b58a62f9e984c8ff82046ba645d3f8751454707

  • SHA512

    d30551feb9e936e632c31e91628fd30ca3bb3fbc1aac4f0ab6bd041f2762cd37694549321fb0d90256cab75c5dab69ec783e1678d9fd4596799cf9e48b7b921b

  • SSDEEP

    196608:1PyO4l7g1Fk2m63esNSotDKiMar17BVp+qx7W/Ct9vg4JM9PpXrZnm8Y8xZp:BKNg1FkuHDRMa7VoMsQvg8cxrRm8PxZp

Score
10/10
spymaxandroidstealthtrojan

Malware Config

Extracted

Family

spymax

C2

0.tcp.sa.ngrok.io:10649

Targets

    • Target

      2436d1e4dc60044a245ea39224e8e8c8.bin

    • Size

      11.5MB

    • MD5

      2436d1e4dc60044a245ea39224e8e8c8

    • SHA1

      99cedf39ee63d7c9979259292825b9de1b171de8

    • SHA256

      5df569eea5cdf6829f72c63f2b58a62f9e984c8ff82046ba645d3f8751454707

    • SHA512

      d30551feb9e936e632c31e91628fd30ca3bb3fbc1aac4f0ab6bd041f2762cd37694549321fb0d90256cab75c5dab69ec783e1678d9fd4596799cf9e48b7b921b

    • SSDEEP

      196608:1PyO4l7g1Fk2m63esNSotDKiMar17BVp+qx7W/Ct9vg4JM9PpXrZnm8Y8xZp:BKNg1FkuHDRMa7VoMsQvg8cxrRm8PxZp

    Score
    8/10
    stealthtrojan

    • Removes its main activity from the application launcher

      stealthtrojan

    • Requests dangerous framework permissions

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks